Upgrade vulnerable dependencies fixing npm audit reports (#145)

* Upgrade vulnerable dependencies fixing npm audit

Signed-off-by: Sudheesh Singanamalla <[email protected]>

* Return to lockfile v1 for now

* Trigger on push to `main`, PR with any target

* Use `checkout@v4`, `setup-node@v3`

* Use `npm ci` in CI

* Replace `wait-action` with `sleep 10s`

* Run on `ubuntu-20.04`

* Revert to `hapi@20` from `21`

* Update to `[email protected]` from `20.0.3`

---------

Signed-off-by: Sudheesh Singanamalla <[email protected]>
Co-authored-by: Danyal Aytekin <[email protected]>

.github/workflows/tests.yml

@@ -5,15 +5,13 @@ name: Build and lint
 
 on:
   push:
-    branches: # Run actions when code is committed to these branches
-      - master
+    branches:
+      - main
   pull_request:
-    branches: # Run actions when a PR is pushed based on one of these branches
-      - master
 
 jobs:
   checkout_and_test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         include:
@@ -24,27 +22,24 @@ jobs:
 
     steps:
       - name: Checkout code from ${{ github.repository }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Setup node
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
       - name: MongoDB in GitHub Actions
         uses: supercharge/[email protected]
         with:
           mongodb-version: 3.4
       - name: Install dependencies
-        run: npm i
+        run: npm ci
       - name: Run linter
         if: ${{ matrix.lint }}
         run: make lint
       - name: Create test config
         run: cp config/test.sample.json config/test.json
       - name: Start test app
         run: NODE_ENV=test node index.js &
-      - name: Wait / Sleep
-        uses: jakejarvis/[email protected]
-        with:
-          time: '10s'
+      - run: sleep 10s
       - name: Run tests
         run: make test