From 2e88402d192b9006a3a789aae20956c88945adba Mon Sep 17 00:00:00 2001
From: Bryan MacFarlane <bryanmacfarlane@github.com>
Date: Fri, 10 Jan 2020 16:37:48 -0500
Subject: [PATCH] audit fix and update http-client (#298)

---
 package-lock.json                     | 12 ++++++--
 package.json                          |  1 +
 packages/core/package-lock.json       |  2 +-
 packages/exec/package-lock.json       |  5 +--
 packages/github/package-lock.json     |  2 +-
 packages/glob/package-lock.json       |  5 +++
 packages/io/package-lock.json         |  2 +-
 packages/tool-cache/RELEASES.md       |  4 +++
 packages/tool-cache/package-lock.json | 44 +++++++++++++++------------
 packages/tool-cache/package.json      |  4 +--
 packages/tool-cache/src/tool-cache.ts |  2 +-
 11 files changed, 52 insertions(+), 31 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1eb3292436..188df73360 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5444,6 +5444,12 @@
       "integrity": "sha512-R+H8IZclI8AAkSBRQJLVOsxwAoHd6WC40b4QTNWIjzAa6BXOBfQcM587MXDTVPeYaopFNWHUFLx7eNmHDSxMWg==",
       "dev": true
     },
+    "flow-bin": {
+      "version": "0.115.0",
+      "resolved": "https://registry.npmjs.org/flow-bin/-/flow-bin-0.115.0.tgz",
+      "integrity": "sha512-xW+U2SrBaAr0EeLvKmXAmsdnrH6x0Io17P6yRJTNgrrV42G8KXhBAD00s6oGbTTqRyHD0nP47kyuU34zljZpaQ==",
+      "dev": true
+    },
     "flush-write-stream": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/flush-write-stream/-/flush-write-stream-1.1.1.tgz",
@@ -13025,9 +13031,9 @@
       }
     },
     "tree-kill": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.1.tgz",
-      "integrity": "sha512-4hjqbObwlh2dLyW4tcz0Ymw0ggoaVDMveUB9w8kFSQScdRLo0gxO9J7WFcUBo+W3C1TLdFIEwNOWebgZZ0RH9Q==",
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz",
+      "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==",
       "dev": true
     },
     "trim-newlines": {
diff --git a/package.json b/package.json
index 73f653240b..d5cb14b248 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
     "eslint": "^5.16.0",
     "eslint-plugin-github": "^2.0.0",
     "eslint-plugin-jest": "^22.5.1",
+    "flow-bin": "^0.115.0",
     "jest": "^24.9.0",
     "jest-circus": "^24.7.1",
     "lerna": "^3.18.4",
diff --git a/packages/core/package-lock.json b/packages/core/package-lock.json
index fc47b0cbdf..a25fa4ae2e 100644
--- a/packages/core/package-lock.json
+++ b/packages/core/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "@actions/core",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/packages/exec/package-lock.json b/packages/exec/package-lock.json
index 250508c749..b8b91bcd70 100644
--- a/packages/exec/package-lock.json
+++ b/packages/exec/package-lock.json
@@ -1,12 +1,13 @@
 {
   "name": "@actions/exec",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
     "@actions/io": {
       "version": "1.0.1",
-      "dev": true
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.0.1.tgz",
+      "integrity": "sha512-rhq+tfZukbtaus7xyUtwKfuiCRXd1hWSfmJNEpFgBQJ4woqPEpsBw04awicjwz9tyG2/MVhAEMfVn664Cri5zA=="
     }
   }
 }
diff --git a/packages/github/package-lock.json b/packages/github/package-lock.json
index 6dcc35ef9f..c2ac4ab059 100644
--- a/packages/github/package-lock.json
+++ b/packages/github/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "@actions/github",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/packages/glob/package-lock.json b/packages/glob/package-lock.json
index 3eb24c1b1a..043765ec54 100644
--- a/packages/glob/package-lock.json
+++ b/packages/glob/package-lock.json
@@ -4,6 +4,11 @@
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
+		"@actions/core": {
+			"version": "1.2.1",
+			"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.1.tgz",
+			"integrity": "sha512-xD+CQd9p4lU7ZfRqmUcbJpqR+Ss51rJRVeXMyOLrZQImN9/8Sy/BEUBnHO/UKD3z03R686PVTLfEPmkropGuLw=="
+		},
 		"balanced-match": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
diff --git a/packages/io/package-lock.json b/packages/io/package-lock.json
index 4d44892f21..c115e2de6f 100644
--- a/packages/io/package-lock.json
+++ b/packages/io/package-lock.json
@@ -1,5 +1,5 @@
 {
   "name": "@actions/io",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "lockfileVersion": 1
 }
diff --git a/packages/tool-cache/RELEASES.md b/packages/tool-cache/RELEASES.md
index 907dad2c65..a921d85a22 100644
--- a/packages/tool-cache/RELEASES.md
+++ b/packages/tool-cache/RELEASES.md
@@ -1,5 +1,9 @@
 # @actions/tool-cache Releases
 
+### 1.3.0
+
+- [Uses @actions/http-client](https://github.com/actions/http-client)
+
 ### 1.1.2
 
 - [Use zip and unzip from PATH](https://github.com/actions/toolkit/pull/161)
diff --git a/packages/tool-cache/package-lock.json b/packages/tool-cache/package-lock.json
index 3c3e386267..2ec8bf9079 100644
--- a/packages/tool-cache/package-lock.json
+++ b/packages/tool-cache/package-lock.json
@@ -1,9 +1,32 @@
 {
 	"name": "@actions/tool-cache",
-	"version": "1.1.2",
+	"version": "1.3.0",
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
+		"@actions/core": {
+			"version": "1.2.1",
+			"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.1.tgz",
+			"integrity": "sha512-xD+CQd9p4lU7ZfRqmUcbJpqR+Ss51rJRVeXMyOLrZQImN9/8Sy/BEUBnHO/UKD3z03R686PVTLfEPmkropGuLw=="
+		},
+		"@actions/exec": {
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.0.3.tgz",
+			"integrity": "sha512-TogJGnueOmM7ntCi0ASTUj4LapRRtDfj57Ja4IhPmg2fls28uVOPbAn8N+JifaOumN2UG3oEO/Ixek2A4NcYSA==",
+			"requires": {
+				"@actions/io": "^1.0.1"
+			}
+		},
+		"@actions/http-client": {
+			"version": "1.0.1",
+			"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.1.tgz",
+			"integrity": "sha512-vy5DhqTJ1gtEkpRrD/6BHhUlkeyccrOX0BT9KmtO5TWxe5KSSwVHFE+J15Z0dG+tJwZJ/nHC4slUIyqpkahoMg=="
+		},
+		"@actions/io": {
+			"version": "1.0.2",
+			"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.0.2.tgz",
+			"integrity": "sha512-J8KuFqVPr3p6U8W93DOXlXW6zFvrQAJANdS+vw0YhusLIq+bszW8zmK2Fh1C2kDPX8FMvwIl1OUcFgvJoXLbAg=="
+		},
 		"@types/nock": {
 			"version": "10.0.3",
 			"resolved": "https://registry.npmjs.org/@types/nock/-/nock-10.0.3.tgz",
@@ -171,31 +194,12 @@
 			"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
 			"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw=="
 		},
-		"tunnel": {
-			"version": "0.0.4",
-			"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.4.tgz",
-			"integrity": "sha1-LTeFoVjBdMmhbcLARuxfxfF0IhM="
-		},
 		"type-detect": {
 			"version": "4.0.8",
 			"resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
 			"integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
 			"dev": true
 		},
-		"typed-rest-client": {
-			"version": "1.5.0",
-			"resolved": "https://registry.npmjs.org/typed-rest-client/-/typed-rest-client-1.5.0.tgz",
-			"integrity": "sha512-DVZRlmsfnTjp6ZJaatcdyvvwYwbWvR4YDNFDqb+qdTxpvaVP99YCpBkA8rxsLtAPjBVoDe4fNsnMIdZTiPuKWg==",
-			"requires": {
-				"tunnel": "0.0.4",
-				"underscore": "1.8.3"
-			}
-		},
-		"underscore": {
-			"version": "1.8.3",
-			"resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
-			"integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI="
-		},
 		"uuid": {
 			"version": "3.3.2",
 			"resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz",
diff --git a/packages/tool-cache/package.json b/packages/tool-cache/package.json
index 3ed7edc8cf..990c5d85a3 100644
--- a/packages/tool-cache/package.json
+++ b/packages/tool-cache/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@actions/tool-cache",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Actions tool-cache lib",
   "keywords": [
     "github",
@@ -38,9 +38,9 @@
   "dependencies": {
     "@actions/core": "^1.2.0",
     "@actions/exec": "^1.0.0",
+    "@actions/http-client": "^1.0.1",
     "@actions/io": "^1.0.1",
     "semver": "^6.1.0",
-    "typed-rest-client": "^1.4.0",
     "uuid": "^3.3.2"
   },
   "devDependencies": {
diff --git a/packages/tool-cache/src/tool-cache.ts b/packages/tool-cache/src/tool-cache.ts
index 78cd554137..b91cf1adb7 100644
--- a/packages/tool-cache/src/tool-cache.ts
+++ b/packages/tool-cache/src/tool-cache.ts
@@ -3,7 +3,7 @@ import * as io from '@actions/io'
 import * as fs from 'fs'
 import * as os from 'os'
 import * as path from 'path'
-import * as httpm from 'typed-rest-client/HttpClient'
+import * as httpm from '@actions/http-client'
 import * as semver from 'semver'
 import * as uuidV4 from 'uuid/v4'
 import {exec} from '@actions/exec/lib/exec'