From 00a2869ef32ff47d30cfbcbda363cc173d09337c Mon Sep 17 00:00:00 2001
From: Tyler Hawthorne <110597351+Hawthorne001@users.noreply.github.com>
Date: Sat, 6 Apr 2024 13:49:56 -0400
Subject: [PATCH 1/2] Create generator-generic-ossf-slsa3-publish.yml

---
 .../generator-generic-ossf-slsa3-publish.yml  | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.yml

diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
new file mode 100644
index 00000000000..a36e782cbf7
--- /dev/null
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:
+  workflow_dispatch:
+  release:
+    types: [created]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      digests: ${{ steps.hash.outputs.digests }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      # ========================================================
+      #
+      # Step 1: Build your artifacts.
+      #
+      # ========================================================
+      - name: Build artifacts
+        run: |
+            # These are some amazing artifacts.
+            echo "artifact1" > artifact1
+            echo "artifact2" > artifact2
+
+      # ========================================================
+      #
+      # Step 2: Add a step to generate the provenance subjects
+      #         as shown below. Update the sha256 sum arguments
+      #         to include all binaries that you generate
+      #         provenance for.
+      #
+      # ========================================================
+      - name: Generate subject for provenance
+        id: hash
+        run: |
+          set -euo pipefail
+
+          # List the artifacts the provenance will refer to.
+          files=$(ls artifact*)
+          # Generate the subjects (base64 encoded).
+          echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read   # To read the workflow path.
+      id-token: write # To sign the provenance.
+      contents: write # To add assets to a release.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.digests }}"
+      upload-assets: true # Optional: Upload to a new release

From f39d4341fd8f481d92c565d6278d19337462dfb0 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 23:53:50 +0000
Subject: [PATCH 2/2] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SWAGGERCLIENT-6836803
---
 package-lock.json | 70 +++++++++++++++++++++++++++++++++++++++--------
 package.json      |  2 +-
 2 files changed, 59 insertions(+), 13 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dabd20dc69f..56a4425e4a6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -41,7 +41,7 @@
         "reselect": "^5.1.0",
         "serialize-error": "^8.1.0",
         "sha.js": "^2.4.11",
-        "swagger-client": "^3.26.5",
+        "swagger-client": "^3.27.5",
         "url-parse": "^1.5.10",
         "xml": "=1.0.1",
         "xml-but-prettier": "^1.0.1",
@@ -7245,6 +7245,11 @@
         "node": ">= 8"
       }
     },
+    "node_modules/apg-lite": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/apg-lite/-/apg-lite-1.0.3.tgz",
+      "integrity": "sha512-lOoNkL7vN7PGdyQMFPey1aok2oVVqvs3n7UMFBRvQ9FoELSbKhgPc3rd7JptaGwCmo4125gLX9Cqb8ElvLCFaQ=="
+    },
     "node_modules/arch": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz",
@@ -21131,6 +21136,17 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/openapi-path-templating": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/openapi-path-templating/-/openapi-path-templating-1.5.1.tgz",
+      "integrity": "sha512-kgRHToVP571U1YzUnaZnWaUIygon2itg5g96kwaFIi8bnpsw4oXYOk7k59Ivn+ley1iQnMENe/1HSovpPVZuXA==",
+      "dependencies": {
+        "apg-lite": "^1.0.3"
+      },
+      "engines": {
+        "node": ">=12.20.0"
+      }
+    },
     "node_modules/optionator": {
       "version": "0.9.3",
       "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
@@ -27081,16 +27097,16 @@
       }
     },
     "node_modules/swagger-client": {
-      "version": "3.26.5",
-      "resolved": "https://registry.npmjs.org/swagger-client/-/swagger-client-3.26.5.tgz",
-      "integrity": "sha512-oobAF6PaweGE8gjK/7HKt6b0Bby/ThZ43h0oiXNkWZVbCEsFSHtYxDp7JDU9c8Wntp6Np/DwrP2mbAFdfNgGBQ==",
+      "version": "3.27.5",
+      "resolved": "https://registry.npmjs.org/swagger-client/-/swagger-client-3.27.5.tgz",
+      "integrity": "sha512-R9nA5rJnFTs235J6WxEBiSYE6Y998zFEtEqaEVrCvCKVE3HqkmZuUBWY2qatXvRkrS427PRF5mRkABICG+Gwtg==",
       "dependencies": {
         "@babel/runtime-corejs3": "^7.22.15",
-        "@swagger-api/apidom-core": ">=0.99.0 <1.0.0",
+        "@swagger-api/apidom-core": ">=0.99.1 <1.0.0",
         "@swagger-api/apidom-error": ">=0.99.0 <1.0.0",
-        "@swagger-api/apidom-json-pointer": ">=0.99.0 <1.0.0",
-        "@swagger-api/apidom-ns-openapi-3-1": ">=0.99.0 <1.0.0",
-        "@swagger-api/apidom-reference": ">=0.99.0 <1.0.0",
+        "@swagger-api/apidom-json-pointer": ">=0.99.1 <1.0.0",
+        "@swagger-api/apidom-ns-openapi-3-1": ">=0.99.1 <1.0.0",
+        "@swagger-api/apidom-reference": ">=0.99.1 <1.0.0",
         "cookie": "~0.6.0",
         "deepmerge": "~4.3.0",
         "fast-json-patch": "^3.0.0-1",
@@ -27098,8 +27114,10 @@
         "js-yaml": "^4.1.0",
         "node-abort-controller": "^3.1.1",
         "node-fetch-commonjs": "^3.3.2",
+        "openapi-path-templating": "^1.5.1",
         "qs": "^6.10.2",
-        "traverse": "~0.6.6"
+        "ramda-adjunct": "^5.0.0",
+        "traverse": "=0.6.8"
       }
     },
     "node_modules/swagger-client/node_modules/is-plain-object": {
@@ -27110,6 +27128,31 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/swagger-client/node_modules/ramda": {
+      "version": "0.30.0",
+      "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.30.0.tgz",
+      "integrity": "sha512-13Y0iMhIQuAm/wNGBL/9HEqIfRGmNmjKnTPlKWfA9f7dnDkr8d45wQ+S7+ZLh/Pq9PdcGxkqKUEA7ySu1QSd9Q==",
+      "peer": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/ramda"
+      }
+    },
+    "node_modules/swagger-client/node_modules/ramda-adjunct": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/ramda-adjunct/-/ramda-adjunct-5.0.0.tgz",
+      "integrity": "sha512-iEehjqp/ZGjYZybZByDaDu27c+79SE7rKDcySLdmjAwKWkz6jNhvGgZwzUGaMsij8Llp9+1N1Gy0drpAq8ZSyA==",
+      "engines": {
+        "node": ">=0.10.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/ramda-adjunct"
+      },
+      "peerDependencies": {
+        "ramda": ">= 0.30.0"
+      }
+    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -27456,9 +27499,12 @@
       }
     },
     "node_modules/traverse": {
-      "version": "0.6.7",
-      "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.6.7.tgz",
-      "integrity": "sha512-/y956gpUo9ZNCb99YjxG7OaslxZWHfCHAUUfshwqOXmxUIvqLjVO581BT+gM59+QV9tFe6/CGG53tsA1Y7RSdg==",
+      "version": "0.6.8",
+      "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.6.8.tgz",
+      "integrity": "sha512-aXJDbk6SnumuaZSANd21XAo15ucCDE38H4fkqiGsc3MhCK+wOlZvLP9cB/TvpHT0mOyWgC4Z8EwRlzqYSUzdsA==",
+      "engines": {
+        "node": ">= 0.4"
+      },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
diff --git a/package.json b/package.json
index c9816dd2b6c..5fc05db5da5 100644
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
     "reselect": "^5.1.0",
     "serialize-error": "^8.1.0",
     "sha.js": "^2.4.11",
-    "swagger-client": "^3.26.5",
+    "swagger-client": "^3.27.5",
     "url-parse": "^1.5.10",
     "xml": "=1.0.1",
     "xml-but-prettier": "^1.0.1",