Initial dependabot, codeql scans, npm build, and dependency bumps

[JasonKoopmans]

Hello,

My team, like others benefits from this plugin. Wanting to contribute meaningfully to it, I've put this PR together for some initial automation in actions for dependency bumps and security scanning. Wanted to see if this is something you appreciated and if so, I'd ask some advice on how to approach some addition security advisories. I've got a build running mostly using the stock npm action. I had trouble getting the tests to run successfully, and admittedly node and mocha isn't a strength for me. Looks like you might have had dependabot running before, this PR would resolve the PRs you have right now for minimist.

[qetza]

Hi @JasonKoopmans, Thanks for the contribution, i will take a look at the PR and see for the automatic package update configuration as any version update can have breaking change during the execution of the task. (for example MS is using node 10 as it's execution engine that's why the package is still using node 10).

[JasonKoopmans]

Sounds good, knowing the reliance on node 10 there's definitely a change needed. When I put the build together I favored a newer version of node.

On Sun, Jul 17, 2022 at 4:18 AM Guillaume Rouchon @.***> wrote:

Hi @JasonKoopmans https://github.com/JasonKoopmans, Thanks for the contribution, i will take a look at the PR and see for the automatic package update configuration as any version update can have breaking change during the execution of the task. (for example MS is using node 10 as it's execution engine that's why the package is still using node 10).

— Reply to this email directly, view it on GitHub https://github.com/qetza/vsts-replacetokens-task/pull/273#issuecomment-1186455844, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA46FTRDTXUF3NQ34ZD5R4LVUPFUTANCNFSM53YJHIKQ . You are receiving this because you were mentioned.Message ID: @.***>

[qetza]

I'm archiving the project and moving it to a new repository https://github.com/qetza/replacetokens-task