Fix security issues

.devcontainer/devcontainer.json

@@ -19,7 +19,6 @@
         "christian-kohler.path-intellisense",
         "esbenp.prettier-vscode",
         "davidanson.vscode-markdownlint",
-        "eg2.vscode-npm-script",
         "christian-kohler.npm-intellisense",
         "alexkrechik.cucumberautocomplete",
         "firsttris.vscode-jest-runner",

.github/workflows/check-dist.yml

@@ -35,10 +35,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set Node.js 18.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: "18"
           check-latest: true
@@ -49,6 +49,10 @@ jobs:
       - name: Run linters
         uses: pre-commit/[email protected]
 
+      - name: Perform tests
+        run: |
+          ./test/invoke-test.sh
+
       - name: Rebuild the dist/ directory
         run: npm run build
 
@@ -65,7 +69,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/check-licenses.yml

@@ -32,10 +32,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Clone License Check Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: eclipse-velocitas/license-check
           ref: v1.2.2

NOTICE-3RD-PARTY-CONTENT.md

@@ -3,33 +3,33 @@
 ## JavaScript
 | Dependency | Version | License |
 |:-----------|:-------:|--------:|
-|@actions/core|1.10.0|MIT|
-|@cucumber/cucumber|8.6.0|MIT|
+|@actions/core|1.10.1|MIT|
+|@cucumber/cucumber|10.3.1|ISC<br/>MIT|
 |@cucumber/pretty-formatter|1.0.0|MIT|
-|@types/chai|4.3.3|MIT|
-|@types/chai-string|1.4.2|MIT|
+|@types/chai|4.3.11|MIT|
+|@types/chai-string|1.4.5|MIT|
 |@types/cucumber|7.0.0|MIT|
-|@types/node|18.8.3|MIT|
-|@types/xml2js|0.4.11|MIT|
-|@typescript-eslint/eslint-plugin|5.39.0|MIT|
-|@typescript-eslint/parser|5.39.0|unknown|
+|@types/node|18.19.14|MIT|
+|@types/xml2js|0.4.14|MIT|
+|@typescript-eslint/eslint-plugin|5.62.0|MIT|
+|@typescript-eslint/parser|5.62.0|unknown|
 |@vercel/ncc|0.34.0|ISC<br/>MIT|
-|chai|4.3.6|MIT|
+|chai|4.4.1|MIT|
 |chai-string|1.5.0|MIT|
 |cucumber-console-formatter|1.0.0|MIT|
-|cucumber-tsflow|4.0.0-rc.1|unknown|
-|eslint|8.25.0|MIT|
+|cucumber-tsflow|4.4.1|unknown|
+|eslint|8.56.0|MIT|
 |fs|0.0.1-security|unknown|
 |guid-typescript|1.0.9|unknown|
 |handlebars|4.7.7|MIT|
 |renderer|1.0.0|ISC|
-|ts-node|10.9.1|MIT|
-|typescript|4.8.4|Apache 2.0|
-|xml2js|0.4.23|MIT|
+|ts-node|10.9.2|MIT|
+|typescript|4.9.5|Apache 2.0|
+|xml2js|0.6.2|MIT|
 ## Workflows
 | Dependency | Version | License |
 |:-----------|:-------:|--------:|
-|actions/checkout|v3|MIT License|
-|actions/setup-node|v3|MIT License|
-|actions/upload-artifact|v3|MIT License|
+|actions/checkout|v4|MIT License|
+|actions/setup-node|v4|MIT License|
+|actions/upload-artifact|v4|MIT License|
 |pre-commit/action|v3.0.0|MIT License|

README.md

@@ -2,11 +2,11 @@
 
 The action `documentation/render` reads all input packages from the `inboxPath` and renders it as markdown to `outboxPath`. Available templates are stored in `templatePath`.
 
-Use the `actions/checkout@v2` action to clone the `release-documentation-action` to a dedicated path, Then appropriate action can be used as shown in below example
+Use the `actions/checkout@v4` action to clone the `release-documentation-action` to a dedicated path, Then appropriate action can be used as shown in below example
 
 ```yml
 - name: Clone actions repository
-  uses: actions/checkout@v2
+  uses: actions/checkout@v4
   with:
     repository: eclipse-velocitas/release-documentation-action
     path: "./.github/actions"
@@ -41,7 +41,7 @@ It also adds a metadata file to the folder containing name, type and format of t
 **Location**
 documentation/package
 
-Use the `actions/checkout@v2` action to clone the `release-documentation-action` to a dedicated path, Then appropriate action can be used as shown in below example
+Use the `actions/checkout@v4` action to clone the `release-documentation-action` to a dedicated path, Then appropriate action can be used as shown in below example
 
 ```yml
 - name: Package integration test result files