update dependency after merge from master

Bumps [eslint](https://github.com/eslint/eslint) from 8.11.0 to 8.12.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.11.0...v8.12.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/audit.yml

@@ -17,9 +17,9 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2.4.0
+    - uses: actions/checkout@v3
 
-    - uses: actions/setup-node@v2.5.1
+    - uses: actions/setup-node@v3
       with:
         node-version: '12.x'
 

.github/workflows/auto-approve.yml

@@ -5,30 +5,6 @@ on:
 
 jobs:
   auto-approve:
-    runs-on: ubuntu-latest
+    uses: s4u/.github/.github/workflows/auto-approve.yml@master
-    steps:
+    secrets:
-
+      TECH_TOKEN: ${{ secrets.TECH_TOKEN }}
-      - name: Dependabot metadata
-        if: github.actor == 'dependabot[bot]'
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.TECH_TOKEN }}"
-
-      - name: Enable auto-merge for Dependabot PRs
-        if: >
-          github.actor == 'dependabot[bot]'
-          && steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major'
-        run: gh pr merge --auto --rebase "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{ secrets.TECH_TOKEN }}
-
-      - name: Approve a PR
-        if: >
-          github.actor == 'dependabot[bot]'
-          || github.actor == 'slawekjaranowski'
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{ secrets.TECH_TOKEN }}

.github/workflows/release-drafter.yml

@@ -17,6 +17,6 @@ jobs:
       && !startsWith(github.event.head_commit.message , '[maven-release-plugin]')
 
     steps:
-      - uses: release-drafter/release-drafter@v5.18.0
+      - uses: release-drafter/release-drafter@v5.19.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -17,13 +17,13 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2.4.0
+    - uses: actions/checkout@v3
 
-    - uses: actions/setup-node@v2.5.1
+    - uses: actions/setup-node@v3
       with:
         node-version: '12.x'
 
-    - uses: actions/setup-java@v2.5.0
+    - uses: actions/setup-java@v3
       with:
         distribution: 'adopt'
         java-version: '8'

README.md

@@ -31,14 +31,14 @@ See [action.yml](action.yml)
 ## default ```settings.xml```
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
 ```
 
 ## ```settings.xml``` with servers section
 
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     servers: '[{"id": "serverId", "username": "username", "password": "password"}]'
 ```
@@ -62,7 +62,7 @@ Please refer to the [servers](http://maven.apache.org/settings.html#Servers) doc
 
 ``` yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     servers: |
       [{
@@ -96,7 +96,7 @@ result will be:
 ## ```settings.xml``` with mirrors section
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     mirrors: '[{"id": "mirrorId", "name": "mirrorName", "mirrorOf": "mirrorOf", "url": "mirrorUrl"}]'
 ```
@@ -104,7 +104,7 @@ steps:
 ## ```settings.xml``` with properties
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     properties: '[{"propertyName1": "propertyValue1"}, {"propertyName2": "propertyValue2"}]'
 ```
@@ -113,7 +113,7 @@ steps:
 
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     sonatypeSnapshots: true
 ```
@@ -122,7 +122,7 @@ steps:
 
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     apacheSnapshots: true
 ```
@@ -130,7 +130,7 @@ steps:
 ## Do not override existing ```settings.xml```, from version **2.0** file is override by default :
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     override: false
 ```
@@ -138,7 +138,7 @@ steps:
 ## Do not add github to server in ```settings.xml```, by default is added:
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     githubServer: false
 ```
@@ -147,7 +147,7 @@ steps:
 
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     oracleServers: '[{"id": "serverId", "username": "username", "password": "password"}]'
 ```
@@ -155,7 +155,7 @@ steps:
 ## ```settings.xml``` with [Oracle Maven Repository](https://docs.oracle.com/middleware/1213/core/MAVEN/config_maven_repo.htm#MAVEN9017)
 ```yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     oracleRepo: true
 ```
@@ -166,7 +166,7 @@ It is also possible pass in Github Secrets e.g.
 
 ``` yml
 steps:
-- uses: s4u/maven-settings-action@v2.5.0
+- uses: s4u/maven-settings-action@v2.6.0
   with:
     servers: |
       [{
@@ -196,7 +196,7 @@ steps:
         with:
           java-version: 8
 
-      - uses: s4u/maven-settings-action@v2.5.0
+      - uses: s4u/maven-settings-action@v2.6.0
 
       - run: mvn verify
 ```

index.test.js

@@ -137,6 +137,16 @@ test('run with all feature', () => {
                 <enabled>true</enabled>
             </snapshots>
         </repository>
+        <repository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>
@@ -149,6 +159,16 @@ test('run with all feature', () => {
                 <enabled>true</enabled>
             </snapshots>
         </pluginRepository>
+        <pluginRepository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </pluginRepository>
     </pluginRepositories>
 </profile>
 <profile>

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "maven-settings-action",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
@@ -21,9 +21,9 @@
       }
     },
     "node_modules/@xmldom/xmldom": {
-      "version": "0.8.0",
+      "version": "0.8.1",
-      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.0.tgz",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.1.tgz",
-      "integrity": "sha512-7wVnF+rKrVDEo1xjzkkidTG0grclaVnX0vKa0z9JSXcEdtftUJjvU33jLGg6SHyvs3eeqEsI7jZ6NxYfRypEEg==",
+      "integrity": "sha512-4wOae+5N2RZ+CZXd9ZKwkaDi55IxrSTOjHpxTvQQ4fomtOJmqVxbmICA9jE1jvnqNhpfgz8cnfFagG86wV/xLQ==",
       "engines": {
         "node": ">=10.0.0"
       }

node_modules/@xmldom/xmldom/CHANGELOG.md

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.1](https://github.com/xmldom/xmldom/compare/0.8.0...0.8.1)
+
+### Fixes
+- Only use own properties in entityMap [`#374`](https://github.com/xmldom/xmldom/pull/374)
+
+### Docs
+- Add security policy [`#365`](https://github.com/xmldom/xmldom/pull/365)
+- changelog: Correct contributor name and link [`#366`](https://github.com/xmldom/xmldom/pull/366)
+- Describe release/publish steps [`#358`](https://github.com/xmldom/xmldom/pull/358), [`#376`](https://github.com/xmldom/xmldom/pull/376)
+- Add snyk package health badge [`#360`](https://github.com/xmldom/xmldom/pull/360)
+
+
 ## [0.8.0](https://github.com/xmldom/xmldom/compare/0.7.5...0.8.0)
 
 ### Fixed
@@ -41,7 +53,7 @@ Thank you [@marrus-sh](https://github.com/marrus-sh), [@victorandree](https://gi
 ### Fixes:
 
 - Restore ability to parse `__prototype__` attributes [`#315`](https://github.com/xmldom/xmldom/pull/315)
-  Thank you [@dsimsonOMF](https://github.com/dsimsonOMF)
+  Thank you [@dsimpsonOMF](https://github.com/dsimpsonOMF)
 
 ## 0.7.3
 

node_modules/@xmldom/xmldom/SECURITY.md

@@ -0,0 +1,50 @@
+# Security Policy
+
+The most up-to-date version of this document can be found at <https://github.com/xmldom/xmldom/security/policy>.
+
+## Supported Versions
+
+This repository contains the code for the libraries `xmldom` and `@xmldom/xmldom` on npm.
+
+As long as we didn't publish v1, we aim to maintain the last two minor versions with security fixes. If it is possible we provide security fixes as path versions.
+If you think there is a good reason to also patch an earlier version let us know in a github issue or the release discussion once the fix has been provided. 
+The maintainers will consider it and if we agree and have/find the required resources, a patch for that version will be provided.
+
+Please notice that [we are no longer able to publish the (unscoped) `xmldom` package](https://github.com/xmldom/xmldom/issues/271), 
+and that all existing versions of `xmldom` are affected by at least one security vulnerability and should be considered deprecated.
+You can still report issues regarding `xmldom` as described below.
+
+If you need help with migrating from `xmldom` to `@xmldom/xmldom`, file a github issue or PR in the affected repository and mention @karfau.
+
+## Reporting vulnerabilities
+
+Please email reports about any security related issues you find to `security@xmldom.org`, which will forward it to the list of maintainers. 
+The maintainers will try to respond within 7 calendar days. (If nobody peplies after 7 days, please us send a reminder!)
+As part of you communication please make sure to always hit "Reply all", so all maintainers are kept in the loop.
+
+In addition, please include the following information along with your report:
+
+- Your name and affiliation (if any).
+- A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
+- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
+- Whether this vulnerability public or known to third parties. If it is, please provide details.
+
+If you believe that an existing (public) issue is security-related, please send an email to `security@xmldom.org`. 
+The email should include the issue URL and a short description of why it should be handled according to this security policy.
+
+Once an issue is reported, the maintainers use the following disclosure process:
+
+- When a report is received, we confirm the issue, determine its severity and the affected versions.
+- If we know of specific third-party services or software based on xmldom that require mitigation before publication, those projects will be notified.
+- A [github security advisory](https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories) is [created](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory) (but not published) which details the problem and steps for mitigation.
+- If the reporter provides a github account and agrees to it, we (add that github account as a collaborator on the advisuory)[https://docs.github.com/en/code-security/security-advisories/adding-a-collaborator-to-a-security-advisory].
+- The vulnerability is fixed in a [private fork](https://docs.github.com/en/code-security/security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-security-vulnerability) and potential workarounds are identified.
+- The maintainers audit the existing code to find any potential similar problems.
+- The release for the current minor version and the [security advisory are published](https://docs.github.com/en/code-security/security-advisories/publishing-a-security-advisory).
+- The release(s) for previous minor version(s) are published.
+
+We credit reporters for identifying security issues, if they confirm that they want to.
+
+## Known vulnerabilities
+
+See https://github.com/xmldom/xmldom/security/advisories?state=published

node_modules/@xmldom/xmldom/lib/sax.js

@@ -65,7 +65,7 @@ function parse(source,defaultNSMapCopy,entityMap,domBuilder,errorHandler){
 	}
 	function entityReplacer(a){
 		var k = a.slice(1,-1);
-		if(k in entityMap){
+		if (Object.hasOwnProperty.call(entityMap, k)) {
 			return entityMap[k];
 		}else if(k.charAt(0) === '#'){
 			return fixedFromCharCode(parseInt(k.substr(1).replace('x','0x')))

node_modules/@xmldom/xmldom/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xmldom/xmldom",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.",
   "keywords": [
     "w3c",
@@ -23,29 +23,35 @@
     "CHANGELOG.md",
     "LICENSE",
     "readme.md",
+    "SECURITY.md",
     "index.d.ts",
     "lib"
   ],
   "scripts": {
     "lint": "eslint lib test",
+    "changelog": "auto-changelog --unreleased-only",
     "start": "nodemon --watch package.json --watch lib --watch test --exec 'npm --silent run test && npm --silent run lint'",
     "stryker": "stryker run",
     "stryker:dry-run": "stryker run -m '' --reporters progress",
-    "test": "jest"
+    "test": "jest",
+    "version": "./changelog-has-version.sh",
+    "release": "np --no-yarn"
   },
   "engines": {
     "node": ">=10.0.0"
   },
   "dependencies": {},
   "devDependencies": {
-    "@stryker-mutator/core": "5.5.1",
+    "@stryker-mutator/core": "5.6.1",
-    "eslint": "8.5.0",
+    "auto-changelog": "2.4.0",
+    "eslint": "8.9.0",
     "eslint-config-prettier": "8.3.0",
     "eslint-plugin-es5": "1.5.0",
     "eslint-plugin-prettier": "4.0.0",
     "get-stream": "6.0.1",
-    "jest": "27.4.5",
+    "jest": "27.5.1",
     "nodemon": "2.0.15",
+    "np": "7.6.0",
     "prettier": "2.5.1",
     "xmltest": "1.5.0",
     "yauzl": "2.10.0"
@@ -53,5 +59,11 @@
   "bugs": {
     "url": "https://github.com/xmldom/xmldom/issues"
   },
-  "license": "MIT"
+  "license": "MIT",
+  "auto-changelog": {
+    "prepend": true,
+    "remote": "upstream",
+    "tagPrefix": "",
+    "template": "./auto-changelog.hbs"
+  }
 }

node_modules/@xmldom/xmldom/readme.md

@@ -3,8 +3,9 @@
 ***Since version 0.7.0 this package is published to npm as [`@xmldom/xmldom`](https://www.npmjs.com/package/@xmldom/xmldom) and no longer as [`xmldom`](https://www.npmjs.com/package/xmldom), because [we are no longer able to publish `xmldom`](https://github.com/xmldom/xmldom/issues/271).***  
 *For better readability in the docs we will continue to talk about this library as "xmldom".*
 
-[![license](https://img.shields.io/npm/l/@xmldom/xmldom?color=blue&style=flat-square)](LICENSE)
+[![license(MIT)](https://img.shields.io/npm/l/@xmldom/xmldom?color=blue&style=flat-square)](https://github.com/xmldom/xmldom/blob/master/LICENSE)
 [![npm](https://img.shields.io/npm/v/@xmldom/xmldom?style=flat-square)](https://www.npmjs.com/package/@xmldom/xmldom)
+[![snyk.io package health](https://snyk.io/advisor/npm-package/@xmldom/xmldom/badge.svg)](https://snyk.io/advisor/npm-package/@xmldom/xmldom)
 [![bug issues](https://img.shields.io/github/issues/xmldom/xmldom/bug?color=red&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Abug)
 [![help-wanted issues](https://img.shields.io/github/issues/xmldom/xmldom/help-wanted?color=darkgreen&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Ahelp-wanted)
 [![Mutation report](https://img.shields.io/endpoint?style=flat-square&url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2Fxmldom%2Fxmldom%2Fmaster)](https://dashboard.stryker-mutator.io/reports/github.com/xmldom/xmldom/master)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "maven-settings-action",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Prepare maven settings",
   "main": "index.js",
   "scripts": {
@@ -27,10 +27,10 @@
   "homepage": "https://github.com/s4u/maven-settings-action#readme",
   "dependencies": {
     "@actions/core": "^1.6.0",
-    "@xmldom/xmldom": "^0.8.0"
+    "@xmldom/xmldom": "^0.8.1"
   },
   "devDependencies": {
-    "eslint": "^8.8.0",
+    "eslint": "^8.12.0",
-    "jest": "^27.4.7"
+    "jest": "^27.5.1"
   }
 }

settings.test.js

@@ -504,6 +504,16 @@ test('addSonatypeSnapshots', () => {
                 <enabled>true</enabled>
             </snapshots>
         </repository>
+        <repository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>
@@ -516,6 +526,16 @@ test('addSonatypeSnapshots', () => {
                 <enabled>true</enabled>
             </snapshots>
         </pluginRepository>
+        <pluginRepository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </pluginRepository>
     </pluginRepositories>
 </profile></profiles>`);
 });

templates/sonatype-snapshot.xml

@@ -15,6 +15,16 @@
                 <enabled>true</enabled>
             </snapshots>
         </repository>
+        <repository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>
@@ -27,5 +37,15 @@
                 <enabled>true</enabled>
             </snapshots>
         </pluginRepository>
+        <pluginRepository>
+            <id>ossrh</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </pluginRepository>
     </pluginRepositories>
 </profile>