.github/workflows/codeql.yml

@@ -3,6 +3,8 @@ name: "Code scanning - action"
 on:
   push:
   pull_request:
+    branches-ignore:
+      - "dependabot/**"
   schedule:
     - cron: '0 19 * * 0'
 
@@ -14,7 +16,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -27,15 +29,15 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -49,4 +51,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2

.github/workflows/release.yml

@@ -1,21 +1,20 @@
 name: Release
-on:
+"on":
   push:
     branches:
       - master
       - next
       - beta
-      - "*.x" # maintenance releases
-
+      - "*.x"
 jobs:
   release:
     name: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
-          node-version: 12
+          node-version: 16
           cache: npm
       - run: npm ci
       - run: npm run build

.github/workflows/test.yml

@@ -13,14 +13,13 @@ jobs:
     strategy:
       matrix:
         node_version:
-          - 10
-          - 12
           - 14
           - 16
+          - 18
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       - name: "Use Node.js ${{ matrix.node_version }}"
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
           node-version: "${{ matrix.node_version }}"
           cache: npm

.github/workflows/update-prettier.yml

@@ -8,17 +8,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
-          node-version: 12
+          node-version: 16
           cache: npm
       - run: npm ci
-      - run: "npm run lint:fix"
+      - run: npm run lint:fix
       - uses: gr2m/create-or-update-pull-request-action@v1.x
         env:
-          GITHUB_TOKEN: "${{ secrets.OCTOKITBOT_PAT }}"
+          GITHUB_TOKEN: ${{ secrets.OCTOKITBOT_PAT }}
         with:
           title: Prettier updated
           body: An update to prettier required updates to your code.
-          branch: "${{ github.ref }}"
+          branch: ${{ github.ref }}
           commit-message: "style: prettier"

README.md

@@ -268,7 +268,7 @@ All errors can be accessed at `error.errors`. `error.request` has the request op
 
 ```js
 let { graphql, GraphqlResponseError } = require("@octokit/graphql");
-graphqlt = graphql.defaults({
+graphql = graphql.defaults({
   headers: {
     authorization: `token secret123`,
   },

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+Thanks for helping make GitHub Open Source Software safe for everyone.
+
+GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [Octokit](https://github.com/octokit).
+
+Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we want to make sure that your finding gets passed along to the maintainers of this project for remediation. 
+
+
+## Reporting a Vulnerability
+
+Since this source is part of [Octokit](https://github.com/octokit) (a GitHub organization) we ask that you follow the guidelines [here](https://github.com/github/.github/blob/master/SECURITY.md#reporting-security-issues) to report anything that you might've found.

package.json

@@ -6,7 +6,7 @@
   },
   "description": "GitHub GraphQL API client for browsers and Node",
   "scripts": {
-    "build": "pika build",
+    "build": "pika-pack build",
     "lint": "prettier --check {src,test}/* README.md package.json",
     "lint:fix": "prettier --write {src,test}/* README.md package.json",
     "pretest": "npm run lint -s",
@@ -22,7 +22,7 @@
   "author": "Gregor Martynus (https://github.com/gr2m)",
   "license": "MIT",
   "dependencies": {
-    "@octokit/request": "^5.6.0",
+    "@octokit/request": "^6.0.0",
     "@octokit/types": "^6.0.3",
     "universal-user-agent": "^6.0.0"
   },
@@ -33,11 +33,10 @@
     "@pika/plugin-ts-standard-pkg": "^0.9.0",
     "@types/fetch-mock": "^7.2.5",
     "@types/jest": "^27.0.0",
-    "@types/node": "^14.0.4",
+    "@types/node": "^16.0.0",
     "fetch-mock": "^9.0.0",
     "jest": "^27.0.0",
-    "prettier": "2.3.2",
-    "semantic-release": "^17.0.0",
+    "prettier": "2.7.1",
     "semantic-release-plugin-update-version-in-files": "^1.0.0",
     "ts-jest": "^27.0.0-next.12",
     "typescript": "^4.0.0"
@@ -59,7 +58,10 @@
         "@pika/plugin-ts-standard-pkg"
       ],
       [
-        "@pika/plugin-build-node"
+        "@pika/plugin-build-node",
+        {
+          "minNodeVersion": "14"
+        }
       ],
       [
         "@pika/plugin-build-web"
@@ -93,5 +95,8 @@
     "extends": [
       "github>octokit/.github"
     ]
+  },
+  "engines": {
+    "node": ">= 14"
   }
 }