freshen up README

Bump y18n from 4.0.0 to 4.0.1

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+    time: '00:00'
+    timezone: UTC
+  open-pull-requests-limit: 10
+  commit-message:
+      prefix: "chore"
+      include: "scope"

.github/workflows/test.yml

@@ -2,23 +2,94 @@ name: "install-nix-action test"
 on:
   pull_request:
   push:
+    branches:
+      - master
+
 jobs:
-  tests:
+  simple-build:
     strategy:
       matrix:
-        os: [ubuntu-18.04, macos-latest]
+        os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2.3.4
     - run: yarn install --frozen-lockfile
     - run: yarn build
-    # TODO: just commit it using github
-    - run: git diff --exit-code
-    - run: yarn test
     - name: Install Nix
       uses: ./
-    - run: nix-env -iA cachix -f https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde
+      with:
+        nix_path: nixpkgs=channel:nixos-20.03
+    - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
     - run: cat /etc/nix/nix.conf
     # cachix should be available and be able to configure a cache
     - run: cachix use cachix
     - run: nix-build test.nix
+
+  custom-nix-path:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - name: Install Nix
+      uses: ./
+      with:
+        nix_path: nixpkgs=channel:nixos-20.03
+    - run: test $NIX_PATH == "nixpkgs=channel:nixos-20.03"
+    - run: nix-build test.nix
+
+  extra-nix-config:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - name: Install Nix
+      uses: ./
+      with: 
+        nix_path: nixpkgs=channel:nixos-20.03
+        extra_nix_config: |
+          sandbox = relaxed
+    - run: cat /etc/nix/nix.conf
+    - run: nix-build test.nix --arg noChroot true
+
+  flakes:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - name: Install Nix
+      uses: ./
+      with:
+        install_url: https://nixos-nix-install-tests.cachix.org/serve/lb41az54kzk6j12p81br4bczary7m145/install
+        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+    - run: nix flake show github:NixOS/nixpkgs
+
+  installer-options:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - name: Install Nix
+      uses: ./
+      with: 
+        nix_path: nixpkgs=channel:nixos-20.03
+        install_url: https://nixos-nix-install-tests.cachix.org/serve/lb41az54kzk6j12p81br4bczary7m145/install
+        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
+    - run: nix-build test.nix

README.md

@@ -4,6 +4,21 @@
 
 Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platforms: Linux and macOS.
 
+By default it has no nixpkgs configured, you have to set `nix_path`
+by [picking a channel](https://status.nixos.org/)
+or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs.html) 
+(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs.html)).
+
+# Features
+
+- Quick installation (~4s on Linux, ~20s on macOS)
+- Multi-User installation (with sandboxing enabled only on Linux)
+- [Self-hosted github runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
+- Allows specifying Nix installation URL via `install_url`
+- Allows specifying extra Nix configration options via `extra_nix_config`
+- Allows specifying `$NIX_PATH` and channels via `nix_path`
+- Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team
+
 ## Usage
 
 Create `.github/workflows/test.yml` in your repo with the following contents:
@@ -17,20 +32,73 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
-    - uses: cachix/install-nix-action@v6
+    - uses: actions/checkout@v2.3.4
+    - uses: cachix/install-nix-action@v12
+      with:
+        nix_path: nixpkgs=channel:nixos-unstable
     - run: nix-build
 ```
 
 
-See [action.yml](action.yml) for all options.
+## Usage with Flakes
 
-See also [cachix-action](https://github.com/cachix/cachix-action) for
-simple binary cache setup to speed up your builds and share binaries
-with developers.
+```yaml
+name: "Test"
+on:
+  pull_request:
+  push:
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://nixos-nix-install-tests.cachix.org/serve/lb41az54kzk6j12p81br4bczary7m145/install
+        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+    - run: nix-build
+```
+
+To install Nix from any commit, go to [the corresponding installer_test action](https://github.com/NixOS/nix/runs/2219534360) and click on "Run cachix/install-nix-action@XX" step and expand the first line.
+
+## Inputs (specify using `with:`)
+
+- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix for example https://releases.nixos.org/nix/nix-2.3.7/install)
+
+- `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable`
+
+- `extra_nix_config`: append to `/etc/nix/nix.conf`
 
 ---
 
+## FAQ
+
+### How do I print nixpkgs version I have configured?
+
+
+```nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'```
+
+### How can I run NixOS tests?
+
+With the following inputs:
+
+```yaml
+    - uses: cachix/install-nix-action@vXX
+      with:
+        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
+```
+
+
+[Note that there's no hardware acceleration on GitHub Actions.](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516).
+
+### How can I install packages via nix-env from the specified `nix_path`?
+
+```
+nix-env -i mypackage -f '<nixpkgs>'
+```
+
 ## Hacking
 
 Install the dependencies

action.yml

@@ -1,6 +1,15 @@
 name: 'Install Nix'
 description: 'Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.'
 author: 'Domen Kožar'
+inputs:
+  install_url:
+    description: 'Installation URL that will contain a script to install Nix.'
+  install_options:
+    description: 'Additional installer flags passed to the installer script.'
+  nix_path:
+    description: 'Set NIX_PATH environment variable.'
+  extra_nix_config:
+    description: 'gets appended to `/etc/nix/nix.conf` if passed.'
 branding:
   color: 'blue'
   icon: 'sun'

lib/create-darwin-volume.sh

@@ -1,102 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-root_disks() {
-    diskutil list -plist /
-}
-
-apfs_volumes_for() {
-    disk=$1
-    diskutil apfs list -plist "$disk"
-}
-
-disk_identifier() {
-    xpath "/plist/dict/key[text()='WholeDisks']/following-sibling::array[1]/string/text()" 2>/dev/null
-}
-
-volume_get() {
-    key=$1 i=$2
-    xpath "/plist/dict/array/dict/key[text()='Volumes']/following-sibling::array/dict[$i]/key[text()='$key']/following-sibling::string[1]/text()" 2> /dev/null
-}
-
-find_nix_volume() {
-    disk=$1
-    i=1
-    volumes=$(apfs_volumes_for "$disk")
-    while true; do
-        name=$(echo "$volumes" | volume_get "Name" "$i")
-        if [ -z "$name" ]; then
-            break
-        fi
-        case "$name" in
-            [Nn]ix*)
-                echo "$name"
-                break
-                ;;
-        esac
-        i=$((i+1))
-    done
-}
-
-test_fstab() {
-    grep -q "/nix" /etc/fstab 2>/dev/null
-}
-
-test_synthetic_conf() {
-    grep -q "^nix" /etc/synthetic.conf 2>/dev/null
-}
-
-test_nix() {
-    test -d "/nix"
-}
-
-main() {
-    (
-        echo ""
-        echo "     ------------------------------------------------------------------ "
-        echo "    | This installer will create a volume for the nix store and        |"
-        echo "    | configure it to mount at /nix.  Follow these steps to uninstall. |"
-        echo "     ------------------------------------------------------------------ "
-        echo ""
-        echo "  1. Remove the entry from fstab using 'sudo vifs'"
-        echo "  2. Destroy the data volume using 'diskutil apfs deleteVolume'"
-        echo "  3. Delete /etc/synthetic.conf"
-        echo ""
-    ) >&2
-
-    if [ -L "/nix" ]; then
-        echo "error: /nix is a symlink, please remove it or edit synthetic.conf (requires reboot)" >&2
-        echo "  /nix -> $(readlink "/nix")" >&2
-        exit 2
-    fi
-
-    if ! test_synthetic_conf; then
-        echo "Configuring /etc/synthetic.conf..." >&2
-        echo nix | sudo tee /etc/synthetic.conf
-        /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B
-    fi
-
-    if ! test_nix; then
-        echo "Creating mountpoint for /nix..." >&2
-        sudo mkdir /nix
-    fi
-
-    disk=$(root_disks | disk_identifier)
-    volume=$(find_nix_volume "$disk")
-    if [ -z "$volume" ]; then
-        echo "Creating a Nix Store volume..." >&2
-        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix
-        volume="Nix Store"
-    else
-        echo "Using existing '$volume' volume" >&2
-    fi
-
-    if ! test_fstab; then
-        echo "Configuring /etc/fstab..." >&2
-        label=$(echo "$volume" | sed 's/ /\\040/g')
-        printf "\$a\nLABEL=%s /nix apfs rw\n.\nwq\n" "$label" | EDITOR=ed sudo vifs
-        sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool true
-    fi
-}
-
-main "$@"

lib/install-nix.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if type -p nix &>/dev/null ; then
+  echo "Aborting: Nix is already installed at $(type -p nix)"
+  exit
+fi
+
+# Configure Nix
+add_config() {
+  echo "$1" | sudo tee -a /tmp/nix.conf >/dev/null
+}
+# Set jobs to number of cores
+add_config "max-jobs = auto"
+# Allow binary caches for user
+add_config "trusted-users = root $USER"
+# Append extra nix configuration if provided
+if [[ $INPUT_EXTRA_NIX_CONFIG != "" ]]; then
+  add_config "$INPUT_EXTRA_NIX_CONFIG"
+fi
+
+# Nix installer flags
+installer_options=(
+  --daemon
+  --daemon-user-count 4
+  --no-channel-add
+  --darwin-use-unencrypted-nix-store-volume
+  --nix-extra-conf-file /tmp/nix.conf
+)
+if [[ $INPUT_INSTALL_OPTIONS != "" ]]; then
+  IFS=' ' read -r -a extra_installer_options <<< $INPUT_INSTALL_OPTIONS
+  installer_options=("${extra_installer_options[@]}" "${installer_options[@]}")
+fi
+
+echo "installer options: ${installer_options[@]}"
+# On self-hosted runners we don't need to install more than once
+if [[ ! -d /nix/store ]] 
+then 
+  sh <(curl --retry 5 --retry-connrefused -L "${INPUT_INSTALL_URL:-https://nixos.org/nix/install}") "${installer_options[@]}"
+fi
+
+if [[ $OSTYPE =~ darwin ]]; then
+  # Disable spotlight indexing of /nix to speed up performance
+  sudo mdutil -i off /nix
+
+  # macOS needs certificates hints
+  cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
+  echo "NIX_SSL_CERT_FILE=$cert_file" >> "$GITHUB_ENV"
+  export NIX_SSL_CERT_FILE=$cert_file
+  sudo launchctl setenv NIX_SSL_CERT_FILE "$cert_file"
+fi
+
+# Set paths
+echo "/nix/var/nix/profiles/per-user/$USER/profile/bin" >> "$GITHUB_PATH"
+echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
+
+if [[ $INPUT_NIX_PATH != "" ]]; then
+  echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
+fi

lib/main.js

@@ -1,85 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const tc = __importStar(require("@actions/tool-cache"));
 const child_process_1 = require("child_process");
-const os_1 = require("os");
-const process_1 = require("process");
-const net_1 = require("net");
-function nixConf() {
-    return __awaiter(this, void 0, void 0, function* () {
-        // Workaround a segfault: https://github.com/NixOS/nix/issues/2733
-        yield exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]);
-        yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]);
-        // Set jobs to number of cores
-        yield exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]);
-        // Allow binary caches for runner user
-        yield exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]);
-    });
-}
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            const PATH = process.env.PATH;
-            yield nixConf();
-            // Catalina workaround https://github.com/NixOS/nix/issues/2925
-            if (os_1.type() == "Darwin") {
-                child_process_1.execFileSync(`${__dirname}/create-darwin-volume.sh`, { stdio: 'inherit' });
-                // Disable spotlight indexing of /nix to speed up performance
-                yield exec.exec("sudo", ["mdutil", "-i", "off", "/nix"]);
-            }
-            // Needed due to multi-user being too defensive
-            core.exportVariable('ALLOW_PREEXISTING_INSTALLATION', "1");
-            // TODO: retry due to all the things that can go wrong
-            const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install');
-            yield exec.exec("sh", [nixInstall, "--daemon"]);
-            // write nix.conf again as installation overwrites it, reload the daemon to pick up changes
-            yield nixConf();
-            yield exec.exec("sudo", ["pkill", "-HUP", "nix-daemon"]);
-            // setup env
-            core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`);
-            core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`);
-            if (os_1.type() == "Darwin") {
-                // macOS needs certificates hints
-                core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
-                // TODO: nc doesn't work correctly on macOS :(
-                yield awaitSocket();
-            }
-        }
-        catch (error) {
-            core.setFailed(`Action failed with error: ${error}`);
-            throw (error);
-        }
-    });
-}
-function awaitSocket() {
-    return __awaiter(this, void 0, void 0, function* () {
-        const daemonSocket = net_1.createConnection({ path: '/nix/var/nix/daemon-socket/socket' });
-        daemonSocket.on('error', () => __awaiter(this, void 0, void 0, function* () {
-            console.log('Waiting for daemon socket to be available, reconnecting...');
-            yield new Promise(resolve => setTimeout(resolve, 500));
-            yield awaitSocket();
-        }));
-        daemonSocket.on('connect', () => {
-            process_1.exit(0);
-        });
-    });
-}
-run();
+child_process_1.execFileSync(`${__dirname}/install-nix.sh`, { stdio: 'inherit' });

lib/utils.js

@@ -1,8 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-function extrasperse(elem, array) {
-    const init = [];
-    return array.reduce((r, a) => r.concat(elem, a), init);
-}
-exports.extrasperse = extrasperse;
-;

package.json

@@ -20,7 +20,7 @@
   "author": "Domen Kožar",
   "license": "ASL2",
   "dependencies": {
-    "@actions/core": "^1.1.0",
+    "@actions/core": "^1.2.6",
     "@actions/exec": "^1.0.1",
     "@actions/tool-cache": "^1.1.2"
   },

src/main.ts

@@ -1,74 +1,3 @@
-import * as core from '@actions/core';
-import * as exec from '@actions/exec';
-import * as tc from '@actions/tool-cache';
 import { execFileSync } from 'child_process';
-import {type} from 'os';
-import {exit} from 'process';
-import {createConnection} from 'net';
 
-async function nixConf() {
-    // Workaround a segfault: https://github.com/NixOS/nix/issues/2733
-    await exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]);
-    await exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]);
-
-    // Set jobs to number of cores
-    await exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]);
-
-    // Allow binary caches for runner user
-    await exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]);
-}
-
-async function run() {
-  try {
-    const PATH = process.env.PATH;
- 
-    await nixConf();
-
-    // Catalina workaround https://github.com/NixOS/nix/issues/2925
-    if (type() == "Darwin") {
-      execFileSync(`${__dirname}/create-darwin-volume.sh`, { stdio: 'inherit' });
-
-      // Disable spotlight indexing of /nix to speed up performance
-      await exec.exec("sudo", ["mdutil", "-i", "off", "/nix"]);
-    }
-
-    // Needed due to multi-user being too defensive
-    core.exportVariable('ALLOW_PREEXISTING_INSTALLATION', "1"); 
-
-    // TODO: retry due to all the things that can go wrong
-    const nixInstall = await tc.downloadTool('https://nixos.org/nix/install');
-    await exec.exec("sh", [nixInstall, "--daemon"]);
-
-    // write nix.conf again as installation overwrites it, reload the daemon to pick up changes
-    await nixConf();
-    await exec.exec("sudo", ["pkill", "-HUP", "nix-daemon"]);
-
-    // setup env
-    core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`)
-    core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`)
-    if (type() == "Darwin") {
-      // macOS needs certificates hints
-      core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
-
-      // TODO: nc doesn't work correctly on macOS :(
-      await awaitSocket();
-    }
-  } catch (error) {
-    core.setFailed(`Action failed with error: ${error}`);
-    throw(error);
-  }
-}
-
-async function awaitSocket() {
-  const daemonSocket = createConnection({ path: '/nix/var/nix/daemon-socket/socket' });
-  daemonSocket.on('error', async () => {
-    console.log('Waiting for daemon socket to be available, reconnecting...');
-    await new Promise(resolve => setTimeout(resolve, 500));
-    await awaitSocket();
-  });
-  daemonSocket.on('connect', () => {
-    exit(0);
-  });
-}
-
-run();
+execFileSync(`${__dirname}/install-nix.sh`, { stdio: 'inherit' });

test.nix

@@ -2,12 +2,15 @@
 { size ? 1 # MB
 , num ? 10 # count 
 , currentTime ? builtins.currentTime
+, noChroot ? false
 }:
 
 with import <nixpkgs> {};
 
 let
-  drv = i: runCommand "${toString currentTime}-${toString i}" {} ''
+  drv = i: runCommand "${toString currentTime}-${toString i}" {
+    __noChroot = noChroot;
+  } ''
     dd if=/dev/zero of=$out bs=${toString size}MB count=1
   '';
 in writeText "empty-${toString num}-${toString size}MB" ''

yarn.lock

@@ -2,10 +2,10 @@
 # yarn lockfile v1
 
 
-"@actions/core@^1.1.0":
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.1.1.tgz#e08f3dbfe04721bb3d040f8fca2d6d7e1817b2e1"
-  integrity sha512-O5G6EmlzTVsng7VSpNtszIoQq6kOgMGNTFB/hmwKNNA4V71JyxImCIrL27vVHCt2Cb3ImkaCr6o27C2MV9Ylwg==
+"@actions/core@^1.1.0", "@actions/core@^1.2.6":
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.2.6.tgz#a78d49f41a4def18e88ce47c2cac615d5694bf09"
+  integrity sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==
 
 "@actions/exec@^1.0.1":
   version "1.0.1"
@@ -424,9 +424,9 @@ acorn-walk@^6.0.1:
   integrity sha512-7evsyfH1cLOCdAzZAd43Cic04yKydNx0cF+7tiA19p1XnLLPU4dpCQOqpjqwokFe//vS0QqfqqjCS2JkiIs0cA==
 
 acorn@^5.5.3:
-  version "5.7.3"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.3.tgz#67aa231bf8812974b85235a96771eb6bd07ea279"
-  integrity sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==
+  version "5.7.4"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.4.tgz#3e8d8a9947d0599a1796d10225d7432f4a4acf5e"
+  integrity sha512-1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg==
 
 acorn@^6.0.1:
   version "6.3.0"
@@ -803,11 +803,6 @@ combined-stream@^1.0.6, combined-stream@~1.0.6:
   dependencies:
     delayed-stream "~1.0.0"
 
-commander@~2.20.0:
-  version "2.20.1"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.1.tgz#3863ce3ca92d0831dcf2a102f5fb4b5926afd0f9"
-  integrity sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==
-
 component-emitter@^1.2.1:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
@@ -1318,13 +1313,14 @@ growly@^1.3.0:
   integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=
 
 handlebars@^4.1.2:
-  version "4.4.0"
-  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.4.0.tgz#22e1a897c5d83023d39801f35f6b65cf97ed8b25"
-  integrity sha512-xkRtOt3/3DzTKMOt3xahj2M/EqNhY988T+imYSlMgs5fVhLN2fmKVVj0LtEGmb+3UUYV5Qmm1052Mm3dIQxOvw==
+  version "4.7.6"
+  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.6.tgz#d4c05c1baf90e9945f77aa68a7a219aa4a7df74e"
+  integrity sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==
   dependencies:
+    minimist "^1.2.5"
     neo-async "^2.6.0"
-    optimist "^0.6.1"
     source-map "^0.6.1"
+    wordwrap "^1.0.0"
   optionalDependencies:
     uglify-js "^3.1.4"
 
@@ -1456,9 +1452,9 @@ inherits@2, inherits@~2.0.3:
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
 ini@~1.3.0:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
-  integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 invariant@^2.2.4:
   version "2.2.4"
@@ -2225,9 +2221,9 @@ lodash.sortby@^4.7.0:
   integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
 
 lodash@^4.17.11, lodash@^4.17.13:
-  version "4.17.15"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
-  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
+  version "4.17.19"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
+  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
 
 loose-envify@^1.0.0:
   version "1.4.0"
@@ -2316,15 +2312,10 @@ minimist@0.0.8:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
   integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=
 
-minimist@^1.1.1, minimist@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
-  integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
-
-minimist@~0.0.1:
-  version "0.0.10"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.10.tgz#de3f98543dbf96082be48ad1a0c7cda836301dcf"
-  integrity sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8=
+minimist@^1.1.1, minimist@^1.2.0, minimist@^1.2.5:
+  version "1.2.5"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
+  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
 
 minipass@^2.6.0, minipass@^2.8.6:
   version "2.8.6"
@@ -2411,9 +2402,9 @@ needle@^2.2.1:
     sax "^1.2.4"
 
 neo-async@^2.6.0:
-  version "2.6.1"
-  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.1.tgz#ac27ada66167fa8849a6addd837f6b189ad2081c"
-  integrity sha512-iyam8fBuCUpWeKPGpaNMetEocMt364qkCsfL9JuhjXX6dRnguRVOfk2GZaDpPjcOKiiXCPINZC1GczQ7iTq3Zw==
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
+  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
 
 nice-try@^1.0.4:
   version "1.0.5"
@@ -2580,14 +2571,6 @@ once@^1.3.0, once@^1.3.1, once@^1.4.0:
   dependencies:
     wrappy "1"
 
-optimist@^0.6.1:
-  version "0.6.1"
-  resolved "https://registry.yarnpkg.com/optimist/-/optimist-0.6.1.tgz#da3ea74686fa21a19a111c326e90eb15a0196686"
-  integrity sha1-2j6nRob6IaGaERwybpDrFaAZZoY=
-  dependencies:
-    minimist "~0.0.1"
-    wordwrap "~0.0.2"
-
 optionator@^0.8.1:
   version "0.8.2"
   resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.2.tgz#364c5e409d3f4d6301d6c0b4c05bba50180aeb64"
@@ -3459,12 +3442,9 @@ typescript@^3.5.1:
   integrity sha512-N7bceJL1CtRQ2RiG0AQME13ksR7DiuQh/QehubYcghzv20tnh+MQnQIuJddTmsbqYj+dztchykemz0zFzlvdQw==
 
 uglify-js@^3.1.4:
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.6.0.tgz#704681345c53a8b2079fb6cec294b05ead242ff5"
-  integrity sha512-W+jrUHJr3DXKhrsS7NUVxn3zqMOFn0hL/Ei6v0anCIMoKC93TjcflTagwIHLW7SfMFfiQuktQyFVCFHGUE0+yg==
-  dependencies:
-    commander "~2.20.0"
-    source-map "~0.6.1"
+  version "3.10.4"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.10.4.tgz#dd680f5687bc0d7a93b14a3482d16db6eba2bfbb"
+  integrity sha512-kBFT3U4Dcj4/pJ52vfjCSfyLyvG9VYYuGYPmrPvAxRw/i7xHiT4VvCev+uiEMcEEiu6UNB6KgWmGtSUYIWScbw==
 
 underscore@1.8.3:
   version "1.8.3"
@@ -3609,12 +3589,7 @@ wide-align@^1.1.0:
   dependencies:
     string-width "^1.0.2 || 2"
 
-wordwrap@~0.0.2:
-  version "0.0.3"
-  resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-0.0.3.tgz#a3d5da6cd5c0bc0008d37234bbaf1bed63059107"
-  integrity sha1-o9XabNXAvAAI03I0u68b7WMFkQc=
-
-wordwrap@~1.0.0:
+wordwrap@^1.0.0, wordwrap@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
   integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=
@@ -3655,9 +3630,9 @@ xml-name-validator@^3.0.0:
   integrity sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==
 
 y18n@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b"
-  integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.1.tgz#8db2b83c31c5d75099bb890b23f3094891e247d4"
+  integrity sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==
 
 yallist@^3.0.0, yallist@^3.0.3:
   version "3.1.0"