chore: bump GHA workflow versions (#368)

Author: Strum355

.github/workflows/pr-validation.yml

@@ -27,7 +27,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 24
 

.github/workflows/publish.yml

@@ -30,7 +30,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install node 24
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 24
           cache: npm
@@ -76,7 +76,7 @@ jobs:
     steps:
       - name: Get releasebranch.txt artifact from Release pipeline
         if: github.event_name == 'workflow_run'
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           name: releasebranch.txt
           run-id: ${{ github.event.workflow_run.id }}
@@ -96,7 +96,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install node 24
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 24
           cache: npm

.github/workflows/release.yml

@@ -30,7 +30,7 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install node 24
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 24
           cache: npm
@@ -64,7 +64,7 @@ jobs:
           git push origin "$BRANCH"
           echo "$BRANCH" > releasebranch.txt
 
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: releasebranch.txt
           path: releasebranch.txt

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Install node ${{ matrix.node }}
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node }}
           cache: npm
@@ -66,14 +66,15 @@ jobs:
           go-version: '1.20.1'
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
 
       - name: Setup syft
-        uses: jaxxstorm/action-install-gh-release@v1.10.0
+        uses: jaxxstorm/action-install-gh-release@v2.1.0
         with:
           repo: anchore/syft
           platform: linux
           arch: amd64
+          tag: v1.41.1
 
       - name: Setup skopeo
         run: sudo apt update && sudo apt-get -y install skopeo
@@ -96,7 +97,7 @@ jobs:
 
       - name: Upload coverage reports
         if: ${{ matrix.node == env.MAIN_NODE_VER }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: coverage
           path: ./coverage/coverage-final.json

package-lock.json

@@ -50,7 +50,7 @@
 		"fast-xml-parser": "^5.3.4",
 		"help": "^3.0.2",
 		"https-proxy-agent": "^7.0.6",
-		"node-fetch": "^2.7.0",
+		"node-fetch": "^3.3.2",
 		"packageurl-js": "~1.0.2",
 		"yargs": "^17.7.2"
 	},

package.json

@@ -14,12 +14,12 @@ suite('testing the OCI image data provider', () => {
 	].forEach(imageRef => {
 		test(`verify OCI image sbom provided with scenario ${imageRef}`, () => {
 			let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/image/${imageRef}.json`).toString().trim()
-			expectedSbom = JSON.stringify(JSON.parse(expectedSbom), null, 4)
+			expectedSbom = JSON.parse(expectedSbom)
 
 			let providedSbom = generateImageSBOM(parseImageRef(imageRef))
 			providedSbom['metadata'] = null
 			providedSbom['serialNumber'] = null
-			expect(JSON.stringify(providedSbom, null, 4).trimEnd()).to.deep.equal(expectedSbom)
+			expect(providedSbom, null, 4).to.deep.equal(expectedSbom)
 		}).timeout(40000)
 	});
 
@@ -36,4 +36,4 @@ suite('testing the OCI image data provider', () => {
 		}).timeout(10000)
 	})
 
-}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(()=> clock.restore());
+}).beforeAll(() => clock = useFakeTimers(new Date('2023-08-07T00:00:00.000Z'))).afterAll(() => clock.restore());