Commit Graph

294 Commits

Author SHA1 Message Date
github-actions[bot] 3f420ae88d Merge upstream:main 2025-06-20 08:36:52 +00:00
Lewis Jones b242ddf67a Merge pull request #120 from advanced-security/ljones140/fix-direct-when-self-referring
Fix Direct Dependencies Marked as Indirect
2025-06-20 09:26:51 +01:00
Lewis Jones 3349f8c032 Generated dist 2025-06-19 15:22:04 +01:00
Lewis Jones 2517c7a607 Add types 2025-06-19 15:21:52 +01:00
Lewis Jones 2efc7af7df Refactor: Extract another method and test with real data 2025-06-19 15:13:55 +01:00
Lewis Jones 6d56d2b42c Don't make self refential referrer as indirect 2025-06-19 12:55:00 +01:00
Lewis Jones 0de0af1352 Remove unnesessary test package incrementation 2025-06-19 12:35:41 +01:00
Lewis Jones 4daccf7142 Ensure tests are testing properly
Don't use mocks
2025-06-19 12:33:31 +01:00
Lewis Jones caa69e181f Extract addPackagesToManifests to unit test
There is a but here we would like to test
2025-06-19 12:14:02 +01:00
Lewis Jones ef571d5a84 Merge pull request #3 from actions/weekly-sync-branch-15680274825
Sync Fork with Upstream
2025-06-16 13:05:03 +01:00
github-actions[bot] 0eb73668fa Empty commit to open PR 2025-06-16 12:04:03 +00:00
github-actions[bot] 7a168cbdc4 Merge upstream:main 2025-06-16 12:04:03 +00:00
Lewis Jones 04aaaf6193 Merge pull request #118 from advanced-security/ljones140/add-snapshot-inputs
Add Snapshot inputs
2025-06-16 13:03:18 +01:00
Lewis Jones 0f3b6aecc6 Generate dist 2025-06-16 11:17:06 +01:00
Lewis Jones 348257c874 Add sha and ref snapshot inputs 2025-06-16 11:15:10 +01:00
Lewis Jones 779e8387fd Add detector inputs
Optional but if any are provided, then all are required
2025-06-16 11:03:28 +01:00
Lewis Jones d5fd67e101 Merge pull request #2 from actions/weekly-sync-branch-15612676798
Sync Fork with Upstream
2025-06-12 15:02:36 +01:00
github-actions[bot] 27e6d82755 Empty commit to open PR 2025-06-12 14:01:47 +00:00
github-actions[bot] 3d11e5a0f7 Merge upstream:main 2025-06-12 14:01:47 +00:00
Lewis Jones e0dcc85667 Merge pull request #117 from actions/ljones140/clean-detector-categories-pr
Add DetectorCategories input So we can run by ecosystem
2025-06-12 13:26:39 +01:00
Lewis Jones 4f5a06217d Remove examples
As not confirmed they are correct.

For example PIp doesn't work but Python does
2025-06-12 12:23:38 +01:00
Lewis Jones 81fde650c2 Add new input to readme 2025-06-12 12:10:17 +01:00
Lewis Jones 786fb5fe93 dist generated code 2025-06-12 12:10:06 +01:00
Lewis Jones 550b6f27ed Pass detectorCategories
As we want to use for specific ecosystems.
2025-06-12 12:09:54 +01:00
Lewis Jones 51ef6b3995 Merge pull request #1 from actions/ljones140/setup-fork
Setup fork Codeowners and sync
2025-06-10 15:35:24 +01:00
Lewis Jones cfe815dd6d Add fork sync mechanism 2025-06-10 14:51:08 +01:00
Lewis Jones 9db31129a3 update codeowners 2025-06-10 14:50:54 +01:00
Mathew Payne 07208f2876 Merge pull request #116 from advanced-security/dist_update
Update binary files for index.js and index.js.map
2025-05-27 13:27:12 +01:00
Adrien Pessu 67d05b822a Update binary files for index.js and index.js.map 2025-05-27 11:17:44 +00:00
Adrien Pessu 2aa140be93 Merge pull request #113 from advanced-security/dependabot/npm_and_yarn/npm_and_yarn-87115a91ec
Bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn group
2025-05-27 12:55:59 +02:00
dependabot[bot] e4fe0062c4 Bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn group
Bumps the npm_and_yarn group with 1 update: [undici](https://github.com/nodejs/undici).


Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-15 16:35:16 +00:00
Chad Bentz 1874d0f72d Merge pull request #109 from advanced-security/feature/handle-null-purls
Improve missing package URL handling
2025-05-14 14:14:21 -04:00
Chad Bentz 4a59086e33 Merge branch 'main' into feature/handle-null-purls 2025-05-13 14:27:43 -04:00
Mathew Payne 3805c51da5 Merge pull request #105 from advanced-security/dependabot/github_actions/actions-dependencies-37cd5763f6
Bump actions/setup-node from 4.2.0 to 4.4.0 in the actions-dependencies group
2025-05-13 09:18:05 +01:00
Mathew Payne 1a821e1ee2 Merge branch 'main' into dependabot/github_actions/actions-dependencies-37cd5763f6 2025-05-13 09:12:58 +01:00
Mathew Payne 67962323ba Merge pull request #112 from advanced-security/alert-autofix-workflow-permissions
Potential fix for alerts: Workflow does not contain permissions
2025-05-13 09:12:03 +01:00
Chad Bentz 73e1388139 Validate packageUrlJson structure in makePackageUrl method 2025-05-12 22:25:29 +00:00
Chad Bentz 47ec470b21 Refactor tests 2025-05-12 22:05:43 +00:00
Chad Bentz 203f6e5c2e Update componentDetection.test.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-05-12 17:39:26 -04:00
Chad Bentz 3f82ca7921 Update componentDetection.test.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-05-12 17:39:18 -04:00
Chad Bentz fcd2c805ee Update componentDetection.test.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-05-12 17:35:43 -04:00
Chad Bentz 7cfdb92164 Potential fix for code scanning alert no. 11: Workflow does not contain permissions
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-05-12 17:30:29 -04:00
Chad Bentz 7eebd4d574 Potential fix for code scanning alert no. 12: Workflow does not contain permissions
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-05-12 17:29:23 -04:00
Chad Bentz b69d2d201b Add tests 2025-05-12 21:08:26 +00:00
Chad Bentz 5840bc427c Update index.js.map with new build output 2025-05-12 20:05:44 +00:00
Chad Bentz 0b3ad66ec5 Merge remote-tracking branch 'origin/main' into feature/handle-null-purls 2025-05-12 20:03:12 +00:00
Chad Bentz 6a1035d837 Merge pull request #111 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-e202d7757e
Bump the npm-dependencies group across 1 directory with 9 updates
2025-05-12 15:49:21 -04:00
Chad Bentz 2c2e919e21 Fix eslint ... v9 upgrade broke! 2025-05-12 17:14:48 +00:00
Chad Bentz 31789e4b4b Enable full ESM support for Node 20+ and modern dependencies, update Jest and build output configuration
- Set "type": "module" in package.json to enable ESM throughout the project.
- Changed "main" in package.json to "dist/index.js" to point to the bundled output generated by ncc.
- Updated Jest configuration (jest.config.js) to ESM format and to use babel-jest for TypeScript transformation.
- Added/updated babel.config.js in ESM format to support TypeScript and ESM for Jest.
- Ensured test scripts use NODE_OPTIONS=--experimental-vm-modules for Jest ESM compatibility.
2025-05-12 17:09:08 +00:00
dependabot[bot] 9d2bd043b0 Bump the npm-dependencies group across 1 directory with 9 updates
Bumps the npm-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `6.0.0` | `6.0.1` |
| [@github/dependency-submission-toolkit](https://github.com/github/dependency-submission-toolkit) | `2.0.4` | `2.0.5` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.4.7` | `16.5.0` |
| [octokit](https://github.com/octokit/octokit.js) | `4.1.2` | `4.1.3` |
| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.7.1` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.26.9` | `7.27.2` |
| [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) | `7.26.0` | `7.27.1` |
| [eslint](https://github.com/eslint/eslint) | `9.21.0` | `9.26.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.2.6` | `29.3.2` |



Updates `@actions/github` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `@github/dependency-submission-toolkit` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/github/dependency-submission-toolkit/releases)
- [Commits](https://github.com/github/dependency-submission-toolkit/compare/v2.0.4...v2.0.5)

Updates `dotenv` from 16.4.7 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0)

Updates `octokit` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v4.1.2...v4.1.3)

Updates `yaml` from 2.7.0 to 2.7.1
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.7.0...v2.7.1)

Updates `@babel/preset-env` from 7.26.9 to 7.27.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.2/packages/babel-preset-env)

Updates `@babel/preset-typescript` from 7.26.0 to 7.27.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-preset-typescript)

Updates `eslint` from 9.21.0 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.21.0...v9.26.0)

Updates `ts-jest` from 29.2.6 to 29.3.2
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.6...v29.3.2)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@github/dependency-submission-toolkit"
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: dotenv
  dependency-version: 16.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: octokit
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.27.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-typescript"
  dependency-version: 7.27.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-version: 29.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-12 13:14:27 +00:00