Justin Holguín
a44e08867f
Prepare for v0.0.7 release
2025-07-02 19:39:44 +00:00
Justin Holguín
fc216b239a
Merge pull request #121 from advanced-security/juxtin/direct-vs-transitive
...
Use explicitlyReferencedComponentIds to determine which packages are direct
2025-07-02 12:32:40 -07:00
Justin Holguín
5b2736e4f4
Update dist
2025-07-02 18:40:35 +00:00
Justin Holguín
bbe83e8988
Skip self-referrers
2025-07-02 18:40:04 +00:00
Justin Holguín
c936885d12
Update dist
2025-06-27 20:28:38 +00:00
Justin Holguín
5f4db12f7b
Use explicitlyReferencedComponentIds to mark directs
2025-06-27 20:28:38 +00:00
Lewis Jones
b242ddf67a
Merge pull request #120 from advanced-security/ljones140/fix-direct-when-self-referring
...
Fix Direct Dependencies Marked as Indirect
2025-06-20 09:26:51 +01:00
Lewis Jones
3349f8c032
Generated dist
2025-06-19 15:22:04 +01:00
Lewis Jones
2517c7a607
Add types
2025-06-19 15:21:52 +01:00
Lewis Jones
2efc7af7df
Refactor: Extract another method and test with real data
2025-06-19 15:13:55 +01:00
Lewis Jones
6d56d2b42c
Don't make self refential referrer as indirect
2025-06-19 12:55:00 +01:00
Lewis Jones
0de0af1352
Remove unnesessary test package incrementation
2025-06-19 12:35:41 +01:00
Lewis Jones
4daccf7142
Ensure tests are testing properly
...
Don't use mocks
2025-06-19 12:33:31 +01:00
Lewis Jones
caa69e181f
Extract addPackagesToManifests to unit test
...
There is a but here we would like to test
2025-06-19 12:14:02 +01:00
Lewis Jones
04aaaf6193
Merge pull request #118 from advanced-security/ljones140/add-snapshot-inputs
...
Add Snapshot inputs
2025-06-16 13:03:18 +01:00
Lewis Jones
0f3b6aecc6
Generate dist
2025-06-16 11:17:06 +01:00
Lewis Jones
348257c874
Add sha and ref snapshot inputs
2025-06-16 11:15:10 +01:00
Lewis Jones
779e8387fd
Add detector inputs
...
Optional but if any are provided, then all are required
2025-06-16 11:03:28 +01:00
Lewis Jones
e0dcc85667
Merge pull request #117 from actions/ljones140/clean-detector-categories-pr
...
Add DetectorCategories input So we can run by ecosystem
2025-06-12 13:26:39 +01:00
Lewis Jones
4f5a06217d
Remove examples
...
As not confirmed they are correct.
For example PIp doesn't work but Python does
2025-06-12 12:23:38 +01:00
Lewis Jones
81fde650c2
Add new input to readme
2025-06-12 12:10:17 +01:00
Lewis Jones
786fb5fe93
dist generated code
2025-06-12 12:10:06 +01:00
Lewis Jones
550b6f27ed
Pass detectorCategories
...
As we want to use for specific ecosystems.
2025-06-12 12:09:54 +01:00
Mathew Payne
07208f2876
Merge pull request #116 from advanced-security/dist_update
...
Update binary files for index.js and index.js.map
2025-05-27 13:27:12 +01:00
Adrien Pessu
67d05b822a
Update binary files for index.js and index.js.map
2025-05-27 11:17:44 +00:00
Adrien Pessu
2aa140be93
Merge pull request #113 from advanced-security/dependabot/npm_and_yarn/npm_and_yarn-87115a91ec
...
Bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn group
2025-05-27 12:55:59 +02:00
dependabot[bot]
e4fe0062c4
Bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn group
...
Bumps the npm_and_yarn group with 1 update: [undici](https://github.com/nodejs/undici ).
Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-15 16:35:16 +00:00
Chad Bentz
1874d0f72d
Merge pull request #109 from advanced-security/feature/handle-null-purls
...
Improve missing package URL handling
2025-05-14 14:14:21 -04:00
Chad Bentz
4a59086e33
Merge branch 'main' into feature/handle-null-purls
2025-05-13 14:27:43 -04:00
Mathew Payne
3805c51da5
Merge pull request #105 from advanced-security/dependabot/github_actions/actions-dependencies-37cd5763f6
...
Bump actions/setup-node from 4.2.0 to 4.4.0 in the actions-dependencies group
2025-05-13 09:18:05 +01:00
Mathew Payne
1a821e1ee2
Merge branch 'main' into dependabot/github_actions/actions-dependencies-37cd5763f6
2025-05-13 09:12:58 +01:00
Mathew Payne
67962323ba
Merge pull request #112 from advanced-security/alert-autofix-workflow-permissions
...
Potential fix for alerts: Workflow does not contain permissions
2025-05-13 09:12:03 +01:00
Chad Bentz
73e1388139
Validate packageUrlJson structure in makePackageUrl method
2025-05-12 22:25:29 +00:00
Chad Bentz
47ec470b21
Refactor tests
2025-05-12 22:05:43 +00:00
Chad Bentz
203f6e5c2e
Update componentDetection.test.ts
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-05-12 17:39:26 -04:00
Chad Bentz
3f82ca7921
Update componentDetection.test.ts
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-05-12 17:39:18 -04:00
Chad Bentz
fcd2c805ee
Update componentDetection.test.ts
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-05-12 17:35:43 -04:00
Chad Bentz
7cfdb92164
Potential fix for code scanning alert no. 11: Workflow does not contain permissions
...
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-05-12 17:30:29 -04:00
Chad Bentz
7eebd4d574
Potential fix for code scanning alert no. 12: Workflow does not contain permissions
...
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-05-12 17:29:23 -04:00
Chad Bentz
b69d2d201b
Add tests
2025-05-12 21:08:26 +00:00
Chad Bentz
5840bc427c
Update index.js.map with new build output
2025-05-12 20:05:44 +00:00
Chad Bentz
0b3ad66ec5
Merge remote-tracking branch 'origin/main' into feature/handle-null-purls
2025-05-12 20:03:12 +00:00
Chad Bentz
6a1035d837
Merge pull request #111 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-e202d7757e
...
Bump the npm-dependencies group across 1 directory with 9 updates
2025-05-12 15:49:21 -04:00
Chad Bentz
2c2e919e21
Fix eslint ... v9 upgrade broke!
2025-05-12 17:14:48 +00:00
Chad Bentz
31789e4b4b
Enable full ESM support for Node 20+ and modern dependencies, update Jest and build output configuration
...
- Set "type": "module" in package.json to enable ESM throughout the project.
- Changed "main" in package.json to "dist/index.js" to point to the bundled output generated by ncc.
- Updated Jest configuration (jest.config.js) to ESM format and to use babel-jest for TypeScript transformation.
- Added/updated babel.config.js in ESM format to support TypeScript and ESM for Jest.
- Ensured test scripts use NODE_OPTIONS=--experimental-vm-modules for Jest ESM compatibility.
2025-05-12 17:09:08 +00:00
dependabot[bot]
9d2bd043b0
Bump the npm-dependencies group across 1 directory with 9 updates
...
Bumps the npm-dependencies group with 9 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github ) | `6.0.0` | `6.0.1` |
| [@github/dependency-submission-toolkit](https://github.com/github/dependency-submission-toolkit ) | `2.0.4` | `2.0.5` |
| [dotenv](https://github.com/motdotla/dotenv ) | `16.4.7` | `16.5.0` |
| [octokit](https://github.com/octokit/octokit.js ) | `4.1.2` | `4.1.3` |
| [yaml](https://github.com/eemeli/yaml ) | `2.7.0` | `2.7.1` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) | `7.26.9` | `7.27.2` |
| [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript ) | `7.26.0` | `7.27.1` |
| [eslint](https://github.com/eslint/eslint ) | `9.21.0` | `9.26.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest ) | `29.2.6` | `29.3.2` |
Updates `@actions/github` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github )
Updates `@github/dependency-submission-toolkit` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/github/dependency-submission-toolkit/releases )
- [Commits](https://github.com/github/dependency-submission-toolkit/compare/v2.0.4...v2.0.5 )
Updates `dotenv` from 16.4.7 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md )
- [Commits](https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0 )
Updates `octokit` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/octokit/octokit.js/releases )
- [Commits](https://github.com/octokit/octokit.js/compare/v4.1.2...v4.1.3 )
Updates `yaml` from 2.7.0 to 2.7.1
- [Release notes](https://github.com/eemeli/yaml/releases )
- [Commits](https://github.com/eemeli/yaml/compare/v2.7.0...v2.7.1 )
Updates `@babel/preset-env` from 7.26.9 to 7.27.2
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.27.2/packages/babel-preset-env )
Updates `@babel/preset-typescript` from 7.26.0 to 7.27.1
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-preset-typescript )
Updates `eslint` from 9.21.0 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.21.0...v9.26.0 )
Updates `ts-jest` from 29.2.6 to 29.3.2
- [Release notes](https://github.com/kulshekhar/ts-jest/releases )
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.6...v29.3.2 )
---
updated-dependencies:
- dependency-name: "@actions/github"
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@github/dependency-submission-toolkit"
dependency-version: 2.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: dotenv
dependency-version: 16.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: octokit
dependency-version: 4.1.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: yaml
dependency-version: 2.7.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
dependency-version: 7.27.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: "@babel/preset-typescript"
dependency-version: 7.27.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: eslint
dependency-version: 9.26.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: ts-jest
dependency-version: 29.3.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-12 13:14:27 +00:00
Chad Bentz
977f836c74
Compile change
2025-05-09 05:39:06 +00:00
Chad Bentz
ce6986e485
comments
2025-05-09 05:34:00 +00:00
Chad Bentz
6cf906749f
Improve package URL validation and skip components with invalid URLs
2025-05-09 05:25:36 +00:00
Chad Bentz
5cef7e77dc
Add debug logging for missing packageUrl and improve package URL handling
2025-05-09 05:15:48 +00:00