Compare commits

...

115 Commits

Author SHA1 Message Date
github-actions[bot] 21213e825c Empty commit to open PR 2026-03-09 00:45:24 +00:00
github-actions[bot] 5b46420b3f Merge upstream:main 2026-03-09 00:45:24 +00:00
dependabot[bot] 48ae13709e Bump minimatch in /test in the npm_and_yarn group across 1 directory (#171)
Bumps the npm_and_yarn group with 1 update in the /test directory: [minimatch](https://github.com/isaacs/minimatch).


Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:33:10 -05:00
dependabot[bot] 7efb859132 Bump minimatch from 3.1.2 to 3.1.5 (#170)
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:31:58 -05:00
dependabot[bot] 50b9449a2f Bump eslint from 10.0.0 to 10.0.2 in the npm-dependencies group (#173)
Bumps the npm-dependencies group with 1 update: [eslint](https://github.com/eslint/eslint).


Updates `eslint` from 10.0.0 to 10.0.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.0...v10.0.2)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:30:22 -05:00
dependabot[bot] 56ef6dcc04 Bump actions/upload-artifact in the actions-dependencies group (#172)
Bumps the actions-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:28:40 -05:00
dependabot[bot] 6531c188bd Bump tar from 7.5.9 to 7.5.10 (#174)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.10)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 13:26:22 -05:00
Adrien Pessu 0797d4eff6 Merge pull request #167 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-1db22e1e02
Bump tar from 7.5.7 to 7.5.8 in /test in the npm_and_yarn group across 1 directory
2026-02-25 12:51:18 +01:00
dependabot[bot] 7ba820f614 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.7 to 7.5.8
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.8)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-24 16:17:55 +00:00
dependabot[bot] bd71948983 Bump the npm-dependencies group across 1 directory with 4 updates (#165)
* Bump the npm-dependencies group across 1 directory with 4 updates

Bumps the npm-dependencies group with 4 updates in the / directory: [dotenv](https://github.com/motdotla/dotenv), [tar](https://github.com/isaacs/node-tar), [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [eslint](https://github.com/eslint/eslint).


Updates `dotenv` from 17.2.3 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v17.2.3...v17.3.1)

Updates `tar` from 7.5.7 to 7.5.9
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.9)

Updates `@eslint/js` from 9.39.2 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/HEAD/packages/js)

Updates `eslint` from 9.39.2 to 10.0.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.2...v10.0.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Initial plan

* Rebuild dist/ after dependency updates

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-24 11:14:33 -05:00
Chad Bentz 630165e704 Merge pull request #161 from advanced-security/document-EnableIfDefaultOff-detectorArgs
Revise README for workflows and detector options
2026-02-02 13:53:01 -05:00
Chad Bentz 332c61add4 Merge pull request #159 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-c2faeb1381
Bump tar from 7.5.4 to 7.5.7 in /test in the npm_and_yarn group across 1 directory
2026-02-02 10:56:59 -05:00
Chad Bentz 933761652d Merge pull request #162 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-304c371dc4
Bump the npm-dependencies group with 4 updates
2026-02-02 10:52:42 -05:00
Chad Bentz 9aece0e09c Merge pull request #163 from advanced-security/copilot/sub-pr-162
Fix ESM compatibility for @actions/core v3 and @actions/github v9
2026-02-02 10:41:47 -05:00
copilot-swe-agent[bot] 41bb53a1db Update TypeScript config comments to be more concise
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-02 15:15:27 +00:00
copilot-swe-agent[bot] 4f00d77f0c Fix ESM compatibility for @actions packages v3/v9
- Remove unused deep import of Context from @actions/github/lib/context
- Update TypeScript config to compile to ES2022 modules instead of CommonJS
- This fixes build failures with @actions/core v3 and @actions/github v9

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-02 15:14:37 +00:00
copilot-swe-agent[bot] 1a454445fe Initial plan 2026-02-02 15:10:06 +00:00
dependabot[bot] cf04b7bb63 Bump the npm-dependencies group with 4 updates
Bumps the npm-dependencies group with 4 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github), [tar](https://github.com/isaacs/node-tar) and [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 7.0.0 to 9.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `tar` from 7.5.6 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.6...v7.5.7)

Updates `@babel/preset-env` from 7.28.6 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@actions/github"
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-02 14:44:35 +00:00
Chad Bentz d177d7847a Update README to remove duplication and version change
fix formatting and typo
2026-01-29 15:20:14 -05:00
Chad Bentz d041cfd4c5 Revise README for workflows and detector options
Updated example workflow section and added details about experimental and default-off detectors that are passed into detectorArgs as EnableIfDefaultOff
2026-01-29 15:17:59 -05:00
dependabot[bot] f7f30e1366 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.4 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.4...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-29 14:01:38 +00:00
Chad Bentz 8270e9ad5f Merge pull request #158 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-1c5b4d3897
Bump tar from 7.5.4 to 7.5.6 in the npm-dependencies group
2026-01-26 09:45:44 -05:00
dependabot[bot] fe72234f00 Bump tar from 7.5.4 to 7.5.6 in the npm-dependencies group
Bumps the npm-dependencies group with 1 update: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.4 to 7.5.6
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.4...v7.5.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-26 14:23:35 +00:00
Chad Bentz 65d132c09c Merge pull request #157 from advanced-security/dependabot/npm_and_yarn/test/nested/npm_and_yarn-f3562b46b9
Bump lodash from 4.17.21 to 4.17.23 in /test/nested in the npm_and_yarn group across 1 directory
2026-01-23 16:52:45 -05:00
dependabot[bot] 4407dda41e Bump lodash in /test/nested in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test/nested directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-22 08:00:22 +00:00
Chad Bentz 79573619af Merge pull request #156 from advanced-security/latest-version-readme
Update component detection action version to 0.1.1
2026-01-21 16:27:54 -05:00
Chad Bentz 32fc958bc4 Update component detection action version to 0.1.1 2026-01-21 16:27:04 -05:00
Chad Bentz 9c110eb34d Merge pull request #155 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-a17bed1a3b
Bump tar from 7.5.3 to 7.5.4 in /test in the npm_and_yarn group across 1 directory
2026-01-21 16:20:23 -05:00
Chad Bentz fe416ae93b Merge pull request #154 from advanced-security/dependabot/npm_and_yarn/tar-7.5.4
Bump tar from 7.5.3 to 7.5.4
2026-01-21 16:20:12 -05:00
dependabot[bot] 1a936f4a73 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.3 to 7.5.4
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.3...v7.5.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-21 21:19:00 +00:00
dependabot[bot] 602785199a Bump tar from 7.5.3 to 7.5.4
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.3 to 7.5.4.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.3...v7.5.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-21 21:18:44 +00:00
Chad Bentz 386aa5c154 Merge pull request #152 from advanced-security/dependabot/github_actions/actions-dependencies-b584cbb28a
Bump the actions-dependencies group with 2 updates
2026-01-19 12:15:31 -05:00
Chad Bentz 7422d90ed9 Merge pull request #153 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-37dcccbec2
Bump @babel/preset-env from 7.28.5 to 7.28.6 in the npm-dependencies group
2026-01-19 12:13:28 -05:00
dependabot[bot] 026ce8b4fe Bump @babel/preset-env in the npm-dependencies group
Bumps the npm-dependencies group with 1 update: [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@babel/preset-env` from 7.28.5 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-version: 7.28.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 15:04:29 +00:00
dependabot[bot] 516a3ad139 Bump the actions-dependencies group with 2 updates
Bumps the actions-dependencies group with 2 updates: [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/setup-node` from 6.0.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.0.0...v6.2.0)

Updates `actions/upload-artifact` from 5 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-19 15:04:00 +00:00
Chad Bentz 12d34de864 Merge pull request #151 from advanced-security/dependabot/npm_and_yarn/tar-7.5.3
Bump tar from 7.5.2 to 7.5.3
2026-01-16 16:50:29 -05:00
dependabot[bot] 489141f5b6 Bump tar from 7.5.2 to 7.5.3
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.3)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-16 21:49:38 +00:00
Chad Bentz ea95fe51c8 Merge pull request #150 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-bb754c2437
Bump tar from 6.2.1 to 7.5.3 in /test in the npm_and_yarn group across 1 directory
2026-01-16 16:48:32 -05:00
dependabot[bot] c2b8a66dd5 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 6.2.1 to 7.5.3
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.3)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-16 21:46:36 +00:00
Chad Bentz bbaabfd2f9 Merge pull request #148 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-a0793ff638
Bump the npm-dependencies group across 1 directory with 6 updates
2026-01-12 22:47:35 -05:00
Chad Bentz 130f5c0c4b Merge pull request #149 from advanced-security/copilot/sub-pr-148
Fix build failure from deprecated @types/glob package
2026-01-12 14:00:24 -05:00
copilot-swe-agent[bot] 0307c61e06 Remove deprecated @types/glob and rebuild dist
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-01-12 17:34:22 +00:00
copilot-swe-agent[bot] b73d1f638b Initial plan 2026-01-12 17:31:08 +00:00
dependabot[bot] c4dbaddd5a Bump the npm-dependencies group across 1 directory with 6 updates
Bumps the npm-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.11.1` | `2.0.2` |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `6.0.1` | `7.0.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.2` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.1` | `9.39.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `9.39.2` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.5` | `29.4.6` |



Updates `@actions/core` from 1.11.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 6.0.1 to 7.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `yaml` from 2.8.1 to 2.8.2
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.2)

Updates `@eslint/js` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js)

Updates `eslint` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.1...v9.39.2)

Updates `ts-jest` from 29.4.5 to 29.4.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.5...v29.4.6)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@actions/github"
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-12 16:28:09 +00:00
Paul Hodgkinson 51ff88ad10 Merge pull request #139 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-f22493f90b
Bump the npm-dependencies group across 1 directory with 13 updates
2025-11-26 15:44:05 +00:00
Paul Hodgkinson d93866d127 Merge pull request #138 from advanced-security/dependabot/github_actions/actions-dependencies-aff0d92867
Bump the actions-dependencies group across 1 directory with 3 updates
2025-11-26 15:43:10 +00:00
Paul Hodgkinson 7dde1e29d3 Merge pull request #137 from lxop/unescape-locationsfoundat
Unescape the locationsFoundAt paths
2025-11-26 15:42:29 +00:00
dependabot[bot] 98ddec4efe Bump the actions-dependencies group across 1 directory with 3 updates
Bumps the actions-dependencies group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/setup-node` from 4.4.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4.4.0...v6.0.0)

Updates `actions/upload-artifact` from 4 to 5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-24 13:47:09 +00:00
dependabot[bot] 6ca39f38ce Bump the npm-dependencies group across 1 directory with 13 updates
Bumps the npm-dependencies group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dotenv](https://github.com/motdotla/dotenv) | `16.5.0` | `17.2.3` |
| [octokit](https://github.com/octokit/octokit.js) | `4.1.3` | `5.0.4` |
| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.1` |
| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.1` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.27.2` | `7.28.5` |
| [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) | `7.27.1` | `7.28.5` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.26.0` | `9.38.0` |
| [@types/glob](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/glob) | `8.1.0` | `9.0.0` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.38.3` | `0.38.4` |
| [eslint](https://github.com/eslint/eslint) | `9.26.0` | `9.38.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.2.0` |
| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.14` | `30.0.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.3.2` | `29.4.5` |



Updates `dotenv` from 16.5.0 to 17.2.3
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.5.0...v17.2.3)

Updates `octokit` from 4.1.3 to 5.0.4
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v4.1.3...v5.0.4)

Updates `tar` from 7.4.3 to 7.5.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.1)

Updates `yaml` from 2.7.1 to 2.8.1
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.7.1...v2.8.1)

Updates `@babel/preset-env` from 7.27.2 to 7.28.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-env)

Updates `@babel/preset-typescript` from 7.27.1 to 7.28.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-typescript)

Updates `@eslint/js` from 9.26.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.38.0/packages/js)

Updates `@types/glob` from 8.1.0 to 9.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/glob)

Updates `@vercel/ncc` from 0.38.3 to 0.38.4
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.3...0.38.4)

Updates `eslint` from 9.26.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.26.0...v9.38.0)

Updates `jest` from 29.7.0 to 30.2.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `ts-jest` from 29.3.2 to 29.4.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.3.2...v29.4.5)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.2.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: octokit
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.28.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-typescript"
  dependency-version: 7.28.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/glob"
  dependency-version: 9.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@vercel/ncc"
  dependency-version: 0.38.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: jest
  dependency-version: 30.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-20 13:59:59 +00:00
Paul Hodgkinson 333866abe4 Merge pull request #140 from advanced-security/dependabot/npm_and_yarn/brace-expansion-1.1.12 2025-11-20 13:57:39 +00:00
Paul Hodgkinson f59e294eca Merge pull request #142 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-4265e88a4c 2025-11-20 13:54:47 +00:00
Paul Hodgkinson 376d6250d1 Merge pull request #141 from advanced-security/dependabot/npm_and_yarn/js-yaml-3.14.2 2025-11-20 13:52:51 +00:00
dependabot[bot] caf2b08649 Bump js-yaml in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [js-yaml](https://github.com/nodeca/js-yaml).


Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-17 23:54:05 +00:00
dependabot[bot] eb91e65da4 Bump js-yaml from 3.14.1 to 3.14.2
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-17 22:51:56 +00:00
dependabot[bot] 3517f8f1f0 Bump brace-expansion from 1.1.11 to 1.1.12
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-14 19:38:37 +00:00
Alex Opie 9b429e3d82 Add test 2025-10-28 11:27:43 +13:00
Alex Opie d434719693 Update dist 2025-10-24 21:28:27 +13:00
Alex Opie ec00348b72 Unescape the locationsFoundAt paths 2025-10-24 12:26:41 +13:00
Mathew Payne c7cb2bbc93 Merge pull request #131 from advanced-security/GeekMasher-patch-1
Update README to have latest version
2025-08-25 13:42:32 +01:00
Mathew Payne 601c613aa3 Update README to have latest version 2025-08-15 10:53:17 +01:00
Lewis Jones 374343effe Merge pull request #6 from actions/weekly-sync-branch-16171136386
Test / test (push) Has been cancelled
Sync Fork with Upstream
2025-07-09 14:49:18 +01:00
github-actions[bot] 5a79ab0fa4 Empty commit to open PR 2025-07-09 13:48:25 +00:00
github-actions[bot] 0c3e582042 Merge upstream:main 2025-07-09 13:48:25 +00:00
Lewis Jones d433c2f467 Merge pull request #126 from advanced-security/ljones140/prep-0.1.0-release
Prepare for release
2025-07-09 14:46:20 +01:00
Lewis Jones 96c59aebfe Bump minor version 2025-07-09 14:42:42 +01:00
Lewis Jones 6dd7b2dc55 Merge pull request #125 from advanced-security/ljones140/remove-manifest-leading-slash
Remove Leading Slash From Root Manifests
2025-07-09 14:40:04 +01:00
Lewis Jones 496691092b remove environment.yml 2025-07-09 13:49:12 +01:00
Lewis Jones e6ad22924a Refactor: improve full scan manifest test 2025-07-09 13:46:43 +01:00
Lewis Jones 0b0b651777 Refactor test. Download latest release 2025-07-09 13:41:17 +01:00
Lewis Jones 914cb6dc5e Remove debug logging 2025-07-09 13:35:28 +01:00
Lewis Jones 28905c6bc0 manifest test 2025-07-09 13:28:41 +01:00
Lewis Jones f89d41905d Add manifest level test 2025-07-09 12:36:47 +01:00
Lewis Jones 4e2fbd91ff Transpiled JS 2025-07-09 12:16:42 +01:00
Lewis Jones 6d25ae13f5 Remove leading slashes from top manifests 2025-07-09 12:16:21 +01:00
Lewis Jones 7d147e8b5f Add nested dirs to test 2025-07-09 11:56:34 +01:00
Lewis Jones 5789c204e4 update test 2025-07-09 11:46:15 +01:00
Lewis Jones 98b7e66125 Transpiled JS 2025-07-09 11:41:22 +01:00
Lewis Jones b2779b0030 Remove leading slash from root manifests
This causes issues with GitHub dependency Graph
2025-07-09 11:39:47 +01:00
Justin Holguín 876b304ec0 Merge pull request #5 from actions/weekly-sync-branch-16062172741
Sync Fork with Upstream
2025-07-03 16:09:54 -07:00
github-actions[bot] 3104f6d51c Empty commit to open PR 2025-07-03 23:08:17 +00:00
github-actions[bot] 5d8c040f29 Merge upstream:main 2025-07-03 23:08:17 +00:00
Justin Holguín 64db6d9d15 Merge pull request #123 from advanced-security/juxtin/prep-007
Prepare for v0.0.7 release
2025-07-02 12:54:29 -07:00
Justin Holguín a44e08867f Prepare for v0.0.7 release 2025-07-02 19:39:44 +00:00
Justin Holguín fc216b239a Merge pull request #121 from advanced-security/juxtin/direct-vs-transitive
Use explicitlyReferencedComponentIds to determine which packages are direct
2025-07-02 12:32:40 -07:00
Justin Holguín 5b2736e4f4 Update dist 2025-07-02 18:40:35 +00:00
Justin Holguín bbe83e8988 Skip self-referrers 2025-07-02 18:40:04 +00:00
Justin Holguín c936885d12 Update dist 2025-06-27 20:28:38 +00:00
Justin Holguín 5f4db12f7b Use explicitlyReferencedComponentIds to mark directs 2025-06-27 20:28:38 +00:00
Lewis Jones 466989c808 Merge pull request #4 from actions/weekly-sync-branch-15774881579
Sync Fork with Upstream
2025-06-20 09:40:55 +01:00
github-actions[bot] 67f3292117 Empty commit to open PR 2025-06-20 08:36:52 +00:00
github-actions[bot] 3f420ae88d Merge upstream:main 2025-06-20 08:36:52 +00:00
Lewis Jones b242ddf67a Merge pull request #120 from advanced-security/ljones140/fix-direct-when-self-referring
Fix Direct Dependencies Marked as Indirect
2025-06-20 09:26:51 +01:00
Lewis Jones 3349f8c032 Generated dist 2025-06-19 15:22:04 +01:00
Lewis Jones 2517c7a607 Add types 2025-06-19 15:21:52 +01:00
Lewis Jones 2efc7af7df Refactor: Extract another method and test with real data 2025-06-19 15:13:55 +01:00
Lewis Jones 6d56d2b42c Don't make self refential referrer as indirect 2025-06-19 12:55:00 +01:00
Lewis Jones 0de0af1352 Remove unnesessary test package incrementation 2025-06-19 12:35:41 +01:00
Lewis Jones 4daccf7142 Ensure tests are testing properly
Don't use mocks
2025-06-19 12:33:31 +01:00
Lewis Jones caa69e181f Extract addPackagesToManifests to unit test
There is a but here we would like to test
2025-06-19 12:14:02 +01:00
Lewis Jones ef571d5a84 Merge pull request #3 from actions/weekly-sync-branch-15680274825
Sync Fork with Upstream
2025-06-16 13:05:03 +01:00
github-actions[bot] 0eb73668fa Empty commit to open PR 2025-06-16 12:04:03 +00:00
github-actions[bot] 7a168cbdc4 Merge upstream:main 2025-06-16 12:04:03 +00:00
Lewis Jones 04aaaf6193 Merge pull request #118 from advanced-security/ljones140/add-snapshot-inputs
Add Snapshot inputs
2025-06-16 13:03:18 +01:00
Lewis Jones 0f3b6aecc6 Generate dist 2025-06-16 11:17:06 +01:00
Lewis Jones 348257c874 Add sha and ref snapshot inputs 2025-06-16 11:15:10 +01:00
Lewis Jones 779e8387fd Add detector inputs
Optional but if any are provided, then all are required
2025-06-16 11:03:28 +01:00
Lewis Jones d5fd67e101 Merge pull request #2 from actions/weekly-sync-branch-15612676798
Sync Fork with Upstream
2025-06-12 15:02:36 +01:00
github-actions[bot] 27e6d82755 Empty commit to open PR 2025-06-12 14:01:47 +00:00
github-actions[bot] 3d11e5a0f7 Merge upstream:main 2025-06-12 14:01:47 +00:00
Lewis Jones e0dcc85667 Merge pull request #117 from actions/ljones140/clean-detector-categories-pr
Add DetectorCategories input So we can run by ecosystem
2025-06-12 13:26:39 +01:00
Lewis Jones 4f5a06217d Remove examples
As not confirmed they are correct.

For example PIp doesn't work but Python does
2025-06-12 12:23:38 +01:00
Lewis Jones 81fde650c2 Add new input to readme 2025-06-12 12:10:17 +01:00
Lewis Jones 786fb5fe93 dist generated code 2025-06-12 12:10:06 +01:00
Lewis Jones 550b6f27ed Pass detectorCategories
As we want to use for specific ecosystems.
2025-06-12 12:09:54 +01:00
Lewis Jones 51ef6b3995 Merge pull request #1 from actions/ljones140/setup-fork
Setup fork Codeowners and sync
2025-06-10 15:35:24 +01:00
15 changed files with 77277 additions and 9730 deletions
+38 -10
View File
@@ -1,8 +1,8 @@
# Component detection dependency submission action
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
### Example workflow
### Example workflows
```yaml
@@ -12,7 +12,7 @@ on:
workflow_dispatch:
push:
permissions:
permissions:
id-token: write
contents: write
@@ -21,19 +21,47 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.0.3
```
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
```
Additional `Experimental` and `DefaultOff` detectors:
- For a list of experimental and default-off detectors that require explicit enablement, see the [Detectors README](https://github.com/microsoft/component-detection/blob/main/docs/detectors/README.md). See [enable-default-off.md](https://github.com/microsoft/component-detection/blob/main/docs/enable-default-off.md) for more details.
```yaml
name: Component Detection
on:
workflow_dispatch:
push:
permissions:
id-token: write
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
with:
# Experimental detectors: Poetry, UvLock, NpmLockfile3, Ivy
# Default-off detectors: ConanLock, CondaLock, Dockerfile, Pip, SimplePip, Spdx22, SwiftResolved
detectorArgs: Poetry=EnableIfDefaultOff,UvLock=EnableIfDefaultOff,NpmLockfile3=EnableIfDefaultOff,Ivy=EnableIfDefaultOff,ConanLock=EnableIfDefaultOff,CondaLock=EnableIfDefaultOff,Dockerfile=EnableIfDefaultOff,Pip=EnableIfDefaultOff,SimplePip=EnableIfDefaultOff,Spdx22=EnableIfDefaultOff,SwiftResolved=EnableIfDefaultOff
```
### Configuration options
| Parameter | Description | Example |
| --- | --- | --- |
| Parameter | Description | Example |
| --- | --- | --- |
filePath | The path to the directory containing the environment files to upload. Defaults to Actions working directory. | `'.'`
directoryExclusionList | Filters out specific directories following a minimatch pattern. | `test`
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is `Experimental` or `DefaultOff` to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
detectorsCategories | A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. | `NuGet,Npm`
correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the [job_id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id) of the current job | `csharp-backend`
For more information: https://github.com/microsoft/component-detection
+20 -3
View File
@@ -5,7 +5,7 @@ inputs:
description: "GitHub Personal Access Token (PAT). Defaults to PAT provided by Actions runner."
required: false
default: ${{ github.token }}
filePath:
filePath:
description: 'The path to the directory containing the environment files to upload. Defaults to Actions working directory.'
required: false
default: '.'
@@ -18,12 +18,29 @@ inputs:
dockerImagesToScan:
description: 'Comma separated list of docker image names or hashes to execute container scanning on, ex: ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab'
required: false
detectorsFilter:
detectorsFilter:
description: 'A comma separated list with the identifiers of the specific detectors to be used. This is meant to be used for testing purposes only.'
required: false
detectorsCategories:
description: 'A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. The possible values are: Npm, NuGet, Maven, RubyGems, Cargo, Pip, GoMod, CocoaPods, Linux.'
required: false
correlator:
description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.'
type: string
required: false
detector-name:
description: 'The name of the detector. If provided, detector-version and detector-url must also be provided.'
required: false
detector-version:
description: 'The version of the detector. If provided, detector-name and detector-url must also be provided.'
required: false
detector-url:
description: 'The URL of the detector. If provided, detector-name and detector-version must also be provided.'
required: false
snapshot-sha:
description: 'The SHA of the commit to associate with the snapshot. If provided, snapshot-ref must also be provided.'
required: false
snapshot-ref:
description: 'The Git reference to associate with the snapshot. If provided, snapshot-sha must also be provided.'
required: false
runs:
using: 'node20'
+215 -1
View File
@@ -1,4 +1,4 @@
import ComponentDetection from "./componentDetection";
import ComponentDetection, { DependencyGraphs } from "./componentDetection";
import fs from "fs";
test("Downloads CLI", async () => {
@@ -68,3 +68,217 @@ describe("ComponentDetection.makePackageUrl", () => {
expect(packageUrl).toBe("");
});
});
describe("ComponentDetection.processComponentsToManifests", () => {
test("adds package as direct dependency when it is listed as an explicitlyReferencedComponentIds", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [], // Empty = direct dependency
locationsFoundAt: ["package.json"]
}
];
const dependencyGraphs: DependencyGraphs = {
"package.json": {
graph: { "test-package": null },
explicitlyReferencedComponentIds: ["test-package 1.0.0 - npm"],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
});
test("adds package as indirect dependency when it is not in explicitlyReferencedComponentIds", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [
{
name: "parent-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "parent-package",
Version: "1.0.0"
}
}
],
locationsFoundAt: ["package.json"]
}
];
const dependencyGraphs: DependencyGraphs = {
"package.json": {
graph: { "parent-package": null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(0);
expect(manifests[0].indirectDependencies()).toHaveLength(1);
expect(manifests[0].countDependencies()).toBe(1);
});
test("un-escapes URL-encoded locationsFoundAt", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "nuget",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - nuget"
},
isDevelopmentDependency: false,
topLevelReferrers: [], // Empty = direct dependency
locationsFoundAt: ["/my%20project/my%20project.csproj"]
}
];
const dependencyGraphs: DependencyGraphs = {
"my project/my project.csproj": {
graph: { "test-package": null },
explicitlyReferencedComponentIds: ["test-package 1.0.0 - nuget"],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("my project/my project.csproj");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
});
});
describe('normalizeDependencyGraphPaths', () => {
test('converts absolute paths to relative paths based on filePath input', () => {
// Simulate a repo at /repo and a scan root at /repo/packages
const fakeCwd = '/workspaces';
const filePathInput = 'my-super-cool-repo';
const absBase = '/workspaces/my-super-cool-repo';
const dependencyGraphs: DependencyGraphs = {
'/workspaces/my-super-cool-repo/a/package.json': {
graph: { 'foo': null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
},
'/workspaces/my-super-cool-repo/b/package.json': {
graph: { 'bar': null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
}
};
// Patch process.cwd for this test
const originalCwd = process.cwd;
(process as any).cwd = () => fakeCwd;
const normalized = ComponentDetection.normalizeDependencyGraphPaths(dependencyGraphs, filePathInput);
// Restore process.cwd
(process as any).cwd = originalCwd;
expect(Object.keys(normalized)).toContain('a/package.json');
expect(Object.keys(normalized)).toContain('b/package.json');
expect(normalized['a/package.json'].graph).toEqual({ 'foo': null });
expect(normalized['b/package.json'].graph).toEqual({ 'bar': null });
});
});
describe('normalizeDependencyGraphPaths with real output.json', () => {
test('converts absolute paths in output.json to relative paths using current cwd and filePath', () => {
const output = JSON.parse(fs.readFileSync('./output.json', 'utf8'));
const dependencyGraphs = output.dependencyGraphs;
// Use the same filePath as the action default (".")
const normalized = ComponentDetection.normalizeDependencyGraphPaths(dependencyGraphs, 'test');
// Should contain root level manifests without leading slashes
expect(Object.keys(normalized)).toContain('package.json');
expect(Object.keys(normalized)).toContain('package-lock.json');
// Should contain nested manifests with relative paths (no leading slashes)
expect(Object.keys(normalized)).toContain('nested/package.json');
expect(Object.keys(normalized)).toContain('nested/package-lock.json');
// All keys should be relative paths without leading slashes
for (const key of Object.keys(normalized)) {
expect(key.startsWith('/')).toBe(false); // No leading slashes
expect(key).not.toMatch(/^\w:\\|^\/\/|^\.{1,2}\//); // Not windows absolute, not network, not relative
}
});
});
test('full action scan creates manifests with correct names and file source locations', async () => {
await ComponentDetection.downloadLatestRelease();
const manifests = await ComponentDetection.scanAndGetManifests('./test');
expect(manifests).toBeDefined();
expect(manifests!.length).toBeGreaterThan(0);
for (const manifest of manifests!) {
expect(manifest.name.startsWith('/')).toBe(false);
}
const expectedManifestNames = [
'package.json',
'package-lock.json',
'nested/package.json',
'nested/package-lock.json',
];
const manifestsByName = manifests!.reduce((acc, manifest) => {
acc[manifest.name] = manifest;
return acc;
}, {} as Record<string, any>);
for (const expectedName of expectedManifestNames) {
const manifest = manifestsByName[expectedName];
expect(manifest).toBeDefined();
expect(manifest.name).toBe(expectedName);
expect(manifest.file?.source_location).toBe(expectedName);
}
}, 15000);
+111 -23
View File
@@ -7,22 +7,22 @@ import {
Package,
Snapshot,
Manifest,
submitSnapshot
submitSnapshot,
} from '@github/dependency-submission-toolkit'
import fetch from 'cross-fetch'
import tar from 'tar'
import fs from 'fs'
import * as exec from '@actions/exec';
import dotenv from 'dotenv'
import { Context } from '@actions/github/lib/context'
import { unmockedModulePathPatterns } from './jest.config'
import path from 'path';
dotenv.config();
export default class ComponentDetection {
public static componentDetectionPath = process.platform === "win32" ? './component-detection.exe' : './component-detection';
public static outputPath = './output.json';
// This is the default entry point for this class.
// This is the default entry point for this class.
static async scanAndGetManifests(path: string): Promise<Manifest[] | undefined> {
await this.downloadLatestRelease();
await this.runComponentDetection(path);
@@ -61,20 +61,25 @@ export default class ComponentDetection {
parameters += (core.getInput('directoryExclusionList')) ? ` --DirectoryExclusionList ${core.getInput('directoryExclusionList')}` : "";
parameters += (core.getInput('detectorArgs')) ? ` --DetectorArgs ${core.getInput('detectorArgs')}` : "";
parameters += (core.getInput('detectorsFilter')) ? ` --DetectorsFilter ${core.getInput('detectorsFilter')}` : "";
parameters += (core.getInput('detectorsCategories')) ? ` --DetectorCategories ${core.getInput('detectorsCategories')}` : "";
parameters += (core.getInput('dockerImagesToScan')) ? ` --DockerImagesToScan ${core.getInput('dockerImagesToScan')}` : "";
return parameters;
}
public static async getManifestsFromResults(): Promise<Manifest[] | undefined> {
core.info("Getting manifests from results");
const results = await fs.readFileSync(this.outputPath, 'utf8');
var json: any = JSON.parse(results);
let dependencyGraphs: DependencyGraphs = this.normalizeDependencyGraphPaths(json.dependencyGraphs, core.getInput('filePath'));
return this.processComponentsToManifests(json.componentsFound, dependencyGraphs);
}
public static processComponentsToManifests(componentsFound: any[], dependencyGraphs: DependencyGraphs): Manifest[] {
// Parse the result file and add the packages to the package cache
const packageCache = new PackageCache();
const packages: Array<ComponentDetectionPackage> = [];
const results = await fs.readFileSync(this.outputPath, 'utf8');
var json: any = JSON.parse(results);
json.componentsFound.forEach(async (component: any) => {
componentsFound.forEach(async (component: any) => {
// Skip components without packageUrl
if (!component.component.packageUrl) {
core.debug(`Skipping component detected without packageUrl: ${JSON.stringify({
@@ -86,7 +91,7 @@ export default class ComponentDetection {
}
const packageUrl = ComponentDetection.makePackageUrl(component.component.packageUrl);
// Skip if the packageUrl is empty (indicates an invalid or missing packageUrl)
if (!packageUrl) {
core.debug(`Skipping component with invalid packageUrl: ${component.component.id}`);
@@ -110,17 +115,22 @@ export default class ComponentDetection {
core.debug(`Skipping referrer without packageUrl for component: ${pkg.id}`);
return;
}
const referrerUrl = ComponentDetection.makePackageUrl(referrer.packageUrl);
referrer.packageUrlString = referrerUrl
// Skip if the generated packageUrl is empty
if (!referrerUrl) {
core.debug(`Skipping referrer with invalid packageUrl for component: ${pkg.id}`);
return;
}
try {
const referrerPackage = packageCache.lookupPackage(referrerUrl);
if (referrerPackage === pkg) {
core.debug(`Skipping self-reference for package: ${pkg.id}`);
return; // Skip self-references
}
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
@@ -134,20 +144,48 @@ export default class ComponentDetection {
const manifests: Array<Manifest> = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach(async (location: any) => {
if (!manifests.find((manifest: Manifest) => manifest.name == location)) {
const manifest = new Manifest(location, location);
this.addPackagesToManifests(packages, manifests, dependencyGraphs);
return manifests;
}
private static addPackagesToManifests(packages: Array<ComponentDetectionPackage>, manifests: Array<Manifest>, dependencyGraphs: DependencyGraphs): void {
packages.forEach((pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach((location: any) => {
// Use the normalized path (remove leading slash if present)
let normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
// Unescape the path, as upstream ComponentDetection emits locationsFoundAt in URL-encoded form
normalizedLocation = decodeURIComponent(normalizedLocation);
if (!manifests.find((manifest: Manifest) => manifest.name == normalizedLocation)) {
const manifest = new Manifest(normalizedLocation, normalizedLocation);
manifests.push(manifest);
}
if (pkg.topLevelReferrers.length == 0) {
manifests.find((manifest: Manifest) => manifest.name == location)?.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
const depGraphEntry = dependencyGraphs[normalizedLocation];
if (!depGraphEntry) {
core.warning(`No dependency graph entry found for manifest location: ${normalizedLocation}`);
return; // Skip this location if not found in dependencyGraphs
}
const directDependencies = depGraphEntry.explicitlyReferencedComponentIds;
if (directDependencies.includes(pkg.id)) {
manifests
.find((manifest: Manifest) => manifest.name == normalizedLocation)
?.addDirectDependency(
pkg,
ComponentDetection.getDependencyScope(pkg)
);
} else {
manifests.find((manifest: Manifest) => manifest.name == location)?.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
manifests
.find((manifest: Manifest) => manifest.name == normalizedLocation)
?.addIndirectDependency(
pkg,
ComponentDetection.getDependencyScope(pkg)
);
}
});
});
return manifests;
}
private static getDependencyScope(pkg: ComponentDetectionPackage) {
@@ -195,10 +233,10 @@ export default class ComponentDetection {
private static async getLatestReleaseURL(): Promise<string> {
let githubToken = core.getInput('token') || process.env.GITHUB_TOKEN || "";
const githubAPIURL = 'https://api.github.com'
const githubAPIURL = 'https://api.github.com'
let ghesMode = github.context.apiUrl != githubAPIURL;
// If the we're running in GHES, then use an empty string as the token
// If the we're running in GHES, then use an empty string as the token
if (ghesMode) {
githubToken = "";
}
@@ -213,7 +251,7 @@ export default class ComponentDetection {
const repo = "component-detection";
core.debug("Attempting to download latest release from " + githubAPIURL);
try {
try {
const latestRelease = await octokit.request("GET /repos/{owner}/{repo}/releases/latest", {owner, repo});
var downloadURL: string = "";
@@ -229,19 +267,69 @@ export default class ComponentDetection {
core.error(error);
core.debug(error.message);
core.debug(error.stack);
throw new Error("Failed to download latest release");
throw new Error("Failed to download latest release");
}
}
/**
* Normalizes the keys of a DependencyGraphs object to be relative paths from the resolved filePath input.
* @param dependencyGraphs The DependencyGraphs object to normalize.
* @param filePathInput The filePath input (relative or absolute) from the action configuration.
* @returns A new DependencyGraphs object with relative path keys.
*/
public static normalizeDependencyGraphPaths(
dependencyGraphs: DependencyGraphs,
filePathInput: string
): DependencyGraphs {
// Resolve the base directory from filePathInput (relative to cwd if not absolute)
const baseDir = path.resolve(process.cwd(), filePathInput);
const normalized: DependencyGraphs = {};
for (const absPath in dependencyGraphs) {
// Make the path relative to the baseDir
let relPath = path.relative(baseDir, absPath).replace(/\\/g, '/');
normalized[relPath] = dependencyGraphs[absPath];
}
return normalized;
}
}
class ComponentDetectionPackage extends Package {
public packageUrlString: string;
constructor(packageUrl: string, public id: string, public isDevelopmentDependency: boolean, public topLevelReferrers: [],
public locationsFoundAt: [], public containerDetailIds: [], public containerLayerIds: []) {
super(packageUrl);
this.packageUrlString = packageUrl;
}
}
/**
* Types for the dependencyGraphs section of output.json
*/
export type DependencyGraph = {
/**
* The dependency graph: keys are component IDs, values are either null (no dependencies) or an array of component IDs (dependencies)
*/
graph: Record<string, string[] | null>;
/**
* Explicitly referenced component IDs
*/
explicitlyReferencedComponentIds: string[];
/**
* Development dependencies
*/
developmentDependencies: string[];
/**
* Regular dependencies
*/
dependencies: string[];
};
/**
* The top-level dependencyGraphs object: keys are manifest file paths, values are DependencyGraph objects
*/
export type DependencyGraphs = Record<string, DependencyGraph>;
+34
View File
@@ -7,7 +7,41 @@ export default class ComponentDetection {
static runComponentDetection(path: string): Promise<void>;
private static getComponentDetectionParameters;
static getManifestsFromResults(): Promise<Manifest[] | undefined>;
static processComponentsToManifests(componentsFound: any[], dependencyGraphs: DependencyGraphs): Manifest[];
private static addPackagesToManifests;
private static getDependencyScope;
static makePackageUrl(packageUrlJson: any): string;
private static getLatestReleaseURL;
/**
* Normalizes the keys of a DependencyGraphs object to be relative paths from the resolved filePath input.
* @param dependencyGraphs The DependencyGraphs object to normalize.
* @param filePathInput The filePath input (relative or absolute) from the action configuration.
* @returns A new DependencyGraphs object with relative path keys.
*/
static normalizeDependencyGraphPaths(dependencyGraphs: DependencyGraphs, filePathInput: string): DependencyGraphs;
}
/**
* Types for the dependencyGraphs section of output.json
*/
export type DependencyGraph = {
/**
* The dependency graph: keys are component IDs, values are either null (no dependencies) or an array of component IDs (dependencies)
*/
graph: Record<string, string[] | null>;
/**
* Explicitly referenced component IDs
*/
explicitlyReferencedComponentIds: string[];
/**
* Development dependencies
*/
developmentDependencies: string[];
/**
* Regular dependencies
*/
dependencies: string[];
};
/**
* The top-level dependencyGraphs object: keys are manifest file paths, values are DependencyGraph objects
*/
export type DependencyGraphs = Record<string, DependencyGraph>;
Generated Vendored
+66885 -3888
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+50 -12
View File
@@ -13,27 +13,65 @@ import {
import ComponentDetection from './componentDetection';
async function run() {
let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
const correlatorInput = core.getInput('correlator')?.trim() || github.context.job;
let snapshot = new Snapshot({
name: "Component Detection",
version: "0.0.1",
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
},
github.context,
{
let manifests = await ComponentDetection.scanAndGetManifests(
core.getInput("filePath")
);
const correlatorInput =
core.getInput("correlator")?.trim() || github.context.job;
// Get detector configuration inputs
const detectorName = core.getInput("detector-name")?.trim();
const detectorVersion = core.getInput("detector-version")?.trim();
const detectorUrl = core.getInput("detector-url")?.trim();
// Validate that if any detector config is provided, all must be provided
const hasAnyDetectorInput = detectorName || detectorVersion || detectorUrl;
const hasAllDetectorInputs = detectorName && detectorVersion && detectorUrl;
if (hasAnyDetectorInput && !hasAllDetectorInputs) {
core.setFailed(
"If any detector configuration is provided (detector-name, detector-version, detector-url), all three must be provided."
);
return;
}
// Use provided detector config or defaults
const detector = hasAllDetectorInputs
? {
name: detectorName,
version: detectorVersion,
url: detectorUrl,
}
: {
name: "Component Detection",
version: "0.0.1",
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
};
let snapshot = new Snapshot(detector, github.context, {
correlator: correlatorInput,
id: github.context.runId.toString()
id: github.context.runId.toString(),
});
core.debug(`Manifests: ${manifests?.length}`);
manifests?.forEach(manifest => {
manifests?.forEach((manifest) => {
core.debug(`Manifest: ${JSON.stringify(manifest)}`);
snapshot.addManifest(manifest);
});
// Override snapshot ref and sha if provided
const snapshotSha = core.getInput("snapshot-sha")?.trim();
const snapshotRef = core.getInput("snapshot-ref")?.trim();
if (snapshotSha) {
snapshot.sha = snapshotSha;
}
if (snapshotRef) {
snapshot.ref = snapshotRef;
}
submitSnapshot(snapshot);
}
+9756 -5625
View File
File diff suppressed because it is too large Load Diff
+15 -16
View File
@@ -1,6 +1,6 @@
{
"name": "component-detection-action",
"version": "1.0.0",
"version": "0.1.0",
"description": "Component detection action",
"main": "dist/index.js",
"type": "module",
@@ -26,26 +26,25 @@
},
"homepage": "https://github.com/advanced-security/component-detection-dependency-submission-action#readme",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^6.0.1",
"@actions/core": "^3.0.0",
"@actions/github": "^9.0.0",
"@github/dependency-submission-toolkit": "^2.0.5",
"cross-fetch": "^4.1.0",
"dotenv": "^16.5.0",
"dotenv": "^17.3.1",
"fs": "^0.0.1-security",
"octokit": "^4.1.3",
"tar": "^7.4.3",
"yaml": "^2.7.1"
"octokit": "^5.0.5",
"tar": "^7.5.10",
"yaml": "^2.8.2"
},
"devDependencies": {
"@babel/preset-env": "^7.27.2",
"@babel/preset-typescript": "^7.27.1",
"@eslint/js": "^9.26.0",
"@types/glob": "^8.1.0",
"@types/jest": "^29.5.14",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.26.0",
"jest": "^29.7.0",
"@babel/preset-env": "^7.29.0",
"@babel/preset-typescript": "^7.28.5",
"@eslint/js": "^10.0.1",
"@types/jest": "^30.0.0",
"@vercel/ncc": "^0.38.4",
"eslint": "^10.0.2",
"jest": "^30.2.0",
"jest-transform-stub": "^2.0.0",
"ts-jest": "^29.3.2"
"ts-jest": "^29.4.6"
}
}
+33
View File
@@ -0,0 +1,33 @@
{
"name": "nested-test-package",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "nested-test-package",
"version": "1.0.0",
"dependencies": {
"lodash": "^4.17.23"
},
"devDependencies": {
"jest": "^29.0.0"
}
},
"node_modules/jest": {
"version": "29.7.0",
"resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz",
"integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
"dev": true,
"bin": {
"jest": "bin/jest.js"
}
},
"node_modules/lodash": {
"version": "4.17.23",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
"license": "MIT"
}
}
}
+12
View File
@@ -0,0 +1,12 @@
{
"name": "nested-test-package",
"version": "1.0.0",
"description": "A nested test package for component detection testing",
"main": "index.js",
"dependencies": {
"lodash": "^4.17.23"
},
"devDependencies": {
"jest": "^29.0.0"
}
}
+103 -148
View File
@@ -15,7 +15,7 @@
"cross-fetch": "^3.1.5",
"dotenv": "^16.0.3",
"fs": "^0.0.1-security",
"tar": "^6.2.1",
"tar": "^7.5.8",
"yaml": "^2.2.2"
},
"devDependencies": {
@@ -685,9 +685,9 @@
"dev": true
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -754,6 +754,17 @@
"integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==",
"dev": true
},
"node_modules/@isaacs/fs-minipass": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
"integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==",
"dependencies": {
"minipass": "^7.0.4"
},
"engines": {
"node": ">=18.0.0"
}
},
"node_modules/@istanbuljs/load-nyc-config": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
@@ -1880,11 +1891,11 @@
}
},
"node_modules/chownr": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
"integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
"integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==",
"engines": {
"node": ">=10"
"node": ">=18"
}
},
"node_modules/ci-info": {
@@ -2273,9 +2284,9 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -2532,28 +2543,6 @@
"resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz",
"integrity": "sha512-3XY9e1pP0CVEUCdj5BmfIZxRBTSDycnbqhIOGec9QYtmVH2fbLpj86CFWkrNOkt/Fvty4KZG5lTglL9j/gJ87w=="
},
"node_modules/fs-minipass": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
"integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
"dependencies": {
"minipass": "^3.0.0"
},
"engines": {
"node": ">= 8"
}
},
"node_modules/fs-minipass/node_modules/minipass": {
"version": "3.3.6",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
"integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
"dependencies": {
"yallist": "^4.0.0"
},
"engines": {
"node": ">=8"
}
},
"node_modules/fs.realpath": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -3541,9 +3530,9 @@
"dev": true
},
"node_modules/js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
@@ -3727,9 +3716,9 @@
}
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -3739,45 +3728,22 @@
}
},
"node_modules/minipass": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
"integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==",
"version": "7.1.2",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
"integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
"engines": {
"node": ">=8"
"node": ">=16 || 14 >=14.17"
}
},
"node_modules/minizlib": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
"integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
"integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
"dependencies": {
"minipass": "^3.0.0",
"yallist": "^4.0.0"
"minipass": "^7.1.2"
},
"engines": {
"node": ">= 8"
}
},
"node_modules/minizlib/node_modules/minipass": {
"version": "3.3.6",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
"integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
"dependencies": {
"yallist": "^4.0.0"
},
"engines": {
"node": ">=8"
}
},
"node_modules/mkdirp": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
"integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
"bin": {
"mkdirp": "bin/cmd.js"
},
"engines": {
"node": ">=10"
"node": ">= 18"
}
},
"node_modules/ms": {
@@ -4402,19 +4368,26 @@
}
},
"node_modules/tar": {
"version": "6.2.1",
"resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
"integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
"version": "7.5.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.8.tgz",
"integrity": "sha512-SYkBtK99u0yXa+IWL0JRzzcl7RxNpvX/U08Z+8DKnysfno7M+uExnTZH8K+VGgShf2qFPKtbNr9QBl8n7WBP6Q==",
"dependencies": {
"chownr": "^2.0.0",
"fs-minipass": "^2.0.0",
"minipass": "^5.0.0",
"minizlib": "^2.1.1",
"mkdirp": "^1.0.3",
"yallist": "^4.0.0"
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
"minipass": "^7.1.2",
"minizlib": "^3.1.0",
"yallist": "^5.0.0"
},
"engines": {
"node": ">=10"
"node": ">=18"
}
},
"node_modules/tar/node_modules/yallist": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
"integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==",
"engines": {
"node": ">=18"
}
},
"node_modules/test-exclude": {
@@ -4783,7 +4756,8 @@
"node_modules/yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
"dev": true
},
"node_modules/yaml": {
"version": "2.2.2",
@@ -5338,9 +5312,9 @@
"dev": true
},
"js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -5388,6 +5362,14 @@
"integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==",
"dev": true
},
"@isaacs/fs-minipass": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
"integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==",
"requires": {
"minipass": "^7.0.4"
}
},
"@istanbuljs/load-nyc-config": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
@@ -6276,9 +6258,9 @@
"dev": true
},
"chownr": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
"integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ=="
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
"integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g=="
},
"ci-info": {
"version": "3.7.0",
@@ -6538,9 +6520,9 @@
}
},
"js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -6767,24 +6749,6 @@
"resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz",
"integrity": "sha512-3XY9e1pP0CVEUCdj5BmfIZxRBTSDycnbqhIOGec9QYtmVH2fbLpj86CFWkrNOkt/Fvty4KZG5lTglL9j/gJ87w=="
},
"fs-minipass": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
"integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
"requires": {
"minipass": "^3.0.0"
},
"dependencies": {
"minipass": {
"version": "3.3.6",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
"integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
"requires": {
"yallist": "^4.0.0"
}
}
}
},
"fs.realpath": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -7525,9 +7489,9 @@
"dev": true
},
"js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
@@ -7669,43 +7633,27 @@
"dev": true
},
"minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
}
},
"minipass": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
"integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ=="
"version": "7.1.2",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
"integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="
},
"minizlib": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
"integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
"integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
"requires": {
"minipass": "^3.0.0",
"yallist": "^4.0.0"
},
"dependencies": {
"minipass": {
"version": "3.3.6",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
"integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
"requires": {
"yallist": "^4.0.0"
}
}
"minipass": "^7.1.2"
}
},
"mkdirp": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
"integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
},
"ms": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -8143,16 +8091,22 @@
"dev": true
},
"tar": {
"version": "6.2.1",
"resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
"integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
"version": "7.5.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.8.tgz",
"integrity": "sha512-SYkBtK99u0yXa+IWL0JRzzcl7RxNpvX/U08Z+8DKnysfno7M+uExnTZH8K+VGgShf2qFPKtbNr9QBl8n7WBP6Q==",
"requires": {
"chownr": "^2.0.0",
"fs-minipass": "^2.0.0",
"minipass": "^5.0.0",
"minizlib": "^2.1.1",
"mkdirp": "^1.0.3",
"yallist": "^4.0.0"
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
"minipass": "^7.1.2",
"minizlib": "^3.1.0",
"yallist": "^5.0.0"
},
"dependencies": {
"yallist": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
"integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw=="
}
}
},
"test-exclude": {
@@ -8408,7 +8362,8 @@
"yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
"dev": true
},
"yaml": {
"version": "2.2.2",
+1 -1
View File
@@ -31,7 +31,7 @@
"cross-fetch": "^3.1.5",
"dotenv": "^16.0.3",
"fs": "^0.0.1-security",
"tar": "^6.2.1",
"tar": "^7.5.8",
"yaml": "^2.2.2"
},
"devDependencies": {
+3 -2
View File
@@ -1,7 +1,8 @@
{
"compilerOptions": {
"target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
"target": "ES2022", /* Specify ECMAScript target version */
"module": "ES2022", /* Specify module code generation */
"moduleResolution": "node", /* Specify module resolution strategy: 'node' or 'classic'. */
"outDir": "./dist", /* Redirect output structure to the directory. */
"rootDir": "./", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
"strict": true, /* Enable all strict type-checking options. */