fix(github workflows): fixed to always rely on latest node version number (nodejs/npm vuln)

Author: KaiSchwarz-cnic

.github/workflows/release.yml

@@ -1,28 +1,28 @@
 name: Release
-on: 
+on:
   # will run for every branch, except tags. See RSRMID-206.
   push:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "**"
+      - '**'
     # Sequence of patterns matched against refs/tags
-    tags-ignore: 
-      - "**"
+    tags-ignore:
+      - '**'
   pull_request:
     branches:
-      - "**"
-    tags-ignore: 
-      - "**"
+      - '**'
+    tags-ignore:
+      - '**'
 
 jobs:
   test:
     name: Test Job
     if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.actor != 'dependabot[bot]')
     runs-on: ubuntu-latest
-    
+
     strategy:
       matrix:
-        node-version: ['18', '16', '14']
+        node-version: ['18', '16']
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
@@ -37,12 +37,12 @@ jobs:
           pip -V
           pip install -r requirements.txt
       - name: Validate & Coverage Report
-        run: "./scripts/pep8check.sh"
+        run: './scripts/pep8check.sh'
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: 'npm'
+          check-latest: true
       - name: Install dependencies
         run: npm ci
       - name: Run test/validation
@@ -66,7 +66,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: lts/*
-          cache: 'npm'
+          check-latest: true
       - name: Install dependencies
         run: npm ci
       - name: Release

.github/workflows/unicode.yml

@@ -1,40 +1,40 @@
 name: Unicode Version Check
 on:
   schedule:
-    - cron: "0 0 * * *"
-      
+    - cron: '0 0 * * *'
+
 jobs:
   check:
     name: Version Check
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-node@v3
-      with:
-        node-version: 18
-        cache: "npm"
-    - name: Install dependencies
-      run: npm ci
-    - run: gulp checkUnicodeVersion
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: lts/*
+          check-latest: true
+      - name: Install dependencies
+        run: npm ci
+      - run: gulp checkUnicodeVersion
   upgrade:
     name: Upgrade Version
     runs-on: ubuntu-latest
     needs:
       - check
     if: failure()
     steps:
-      - uses: actions/checkout@v3       
+      - uses: actions/checkout@v3
         with:
           persist-credentials: false
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
       - uses: actions/setup-node@v3
         with:
-          node-version: 18
-          cache: "npm"
+          node-version: lts/*
+          check-latest: true
       - uses: actions/setup-python@v3
         with:
-          python-version: "3.x"
+          python-version: '3.x'
       - name: Install dependencies
         run: |
           pip install --upgrade pip
@@ -46,13 +46,10 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:
-          commit-message: "feat(unicode): upgraded version"
+          commit-message: 'feat(unicode): upgraded version'
           committer: Kai Schwarz <kschwarz@hexonet.net>
           branch: upgradeUnicode
           base: master
-          title: "Upgrade Unicode to latest Version"
+          title: 'Upgrade Unicode to latest Version'
           assignees: papakai
           reviewers: papakai
-
-
-