Compare commits

...

30 Commits

Author SHA1 Message Date
dependabot[bot] 15ef63bbb1 Bump qs from 6.14.0 to 6.14.2
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.0...v6.14.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-14 11:38:01 +00:00
Lewis Jones 374343effe Merge pull request #6 from actions/weekly-sync-branch-16171136386
Test / test (push) Has been cancelled
Sync Fork with Upstream
2025-07-09 14:49:18 +01:00
github-actions[bot] 5a79ab0fa4 Empty commit to open PR 2025-07-09 13:48:25 +00:00
github-actions[bot] 0c3e582042 Merge upstream:main 2025-07-09 13:48:25 +00:00
Lewis Jones d433c2f467 Merge pull request #126 from advanced-security/ljones140/prep-0.1.0-release
Prepare for release
2025-07-09 14:46:20 +01:00
Lewis Jones 96c59aebfe Bump minor version 2025-07-09 14:42:42 +01:00
Lewis Jones 6dd7b2dc55 Merge pull request #125 from advanced-security/ljones140/remove-manifest-leading-slash
Remove Leading Slash From Root Manifests
2025-07-09 14:40:04 +01:00
Lewis Jones 496691092b remove environment.yml 2025-07-09 13:49:12 +01:00
Lewis Jones e6ad22924a Refactor: improve full scan manifest test 2025-07-09 13:46:43 +01:00
Lewis Jones 0b0b651777 Refactor test. Download latest release 2025-07-09 13:41:17 +01:00
Lewis Jones 914cb6dc5e Remove debug logging 2025-07-09 13:35:28 +01:00
Lewis Jones 28905c6bc0 manifest test 2025-07-09 13:28:41 +01:00
Lewis Jones f89d41905d Add manifest level test 2025-07-09 12:36:47 +01:00
Lewis Jones 4e2fbd91ff Transpiled JS 2025-07-09 12:16:42 +01:00
Lewis Jones 6d25ae13f5 Remove leading slashes from top manifests 2025-07-09 12:16:21 +01:00
Lewis Jones 7d147e8b5f Add nested dirs to test 2025-07-09 11:56:34 +01:00
Lewis Jones 5789c204e4 update test 2025-07-09 11:46:15 +01:00
Lewis Jones 98b7e66125 Transpiled JS 2025-07-09 11:41:22 +01:00
Lewis Jones b2779b0030 Remove leading slash from root manifests
This causes issues with GitHub dependency Graph
2025-07-09 11:39:47 +01:00
Justin Holguín 876b304ec0 Merge pull request #5 from actions/weekly-sync-branch-16062172741
Sync Fork with Upstream
2025-07-03 16:09:54 -07:00
github-actions[bot] 3104f6d51c Empty commit to open PR 2025-07-03 23:08:17 +00:00
github-actions[bot] 5d8c040f29 Merge upstream:main 2025-07-03 23:08:17 +00:00
Justin Holguín 64db6d9d15 Merge pull request #123 from advanced-security/juxtin/prep-007
Prepare for v0.0.7 release
2025-07-02 12:54:29 -07:00
Justin Holguín a44e08867f Prepare for v0.0.7 release 2025-07-02 19:39:44 +00:00
Justin Holguín fc216b239a Merge pull request #121 from advanced-security/juxtin/direct-vs-transitive
Use explicitlyReferencedComponentIds to determine which packages are direct
2025-07-02 12:32:40 -07:00
Justin Holguín 5b2736e4f4 Update dist 2025-07-02 18:40:35 +00:00
Justin Holguín bbe83e8988 Skip self-referrers 2025-07-02 18:40:04 +00:00
Justin Holguín c936885d12 Update dist 2025-06-27 20:28:38 +00:00
Justin Holguín 5f4db12f7b Use explicitlyReferencedComponentIds to mark directs 2025-06-27 20:28:38 +00:00
Lewis Jones 466989c808 Merge pull request #4 from actions/weekly-sync-branch-15774881579
Sync Fork with Upstream
2025-06-20 09:40:55 +01:00
9 changed files with 332 additions and 84 deletions
+107 -42
View File
@@ -1,4 +1,4 @@
import ComponentDetection from "./componentDetection";
import ComponentDetection, { DependencyGraphs } from "./componentDetection";
import fs from "fs";
test("Downloads CLI", async () => {
@@ -70,7 +70,7 @@ describe("ComponentDetection.makePackageUrl", () => {
});
describe("ComponentDetection.processComponentsToManifests", () => {
test("adds package as direct dependency when no top level referrers", () => {
test("adds package as direct dependency when it is listed as an explicitlyReferencedComponentIds", () => {
const componentsFound = [
{
component: {
@@ -90,7 +90,16 @@ describe("ComponentDetection.processComponentsToManifests", () => {
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
const dependencyGraphs: DependencyGraphs = {
"package.json": {
graph: { "test-package": null },
explicitlyReferencedComponentIds: ["test-package 1.0.0 - npm"],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
@@ -99,7 +108,7 @@ describe("ComponentDetection.processComponentsToManifests", () => {
expect(manifests[0].countDependencies()).toBe(1);
});
test("adds package as indirect dependency when has top level referrers", () => {
test("adds package as indirect dependency when it is not in explicitlyReferencedComponentIds", () => {
const componentsFound = [
{
component: {
@@ -130,7 +139,16 @@ describe("ComponentDetection.processComponentsToManifests", () => {
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
const dependencyGraphs: DependencyGraphs = {
"package.json": {
graph: { "parent-package": null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
@@ -138,44 +156,91 @@ describe("ComponentDetection.processComponentsToManifests", () => {
expect(manifests[0].indirectDependencies()).toHaveLength(1);
expect(manifests[0].countDependencies()).toBe(1);
});
});
test("adds package as direct dependency when top level referrer is itself", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [
{
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
}
}
],
locationsFoundAt: ["package.json"]
describe('normalizeDependencyGraphPaths', () => {
test('converts absolute paths to relative paths based on filePath input', () => {
// Simulate a repo at /repo and a scan root at /repo/packages
const fakeCwd = '/workspaces';
const filePathInput = 'my-super-cool-repo';
const absBase = '/workspaces/my-super-cool-repo';
const dependencyGraphs: DependencyGraphs = {
'/workspaces/my-super-cool-repo/a/package.json': {
graph: { 'foo': null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
},
'/workspaces/my-super-cool-repo/b/package.json': {
graph: { 'bar': null },
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
};
// Patch process.cwd for this test
const originalCwd = process.cwd;
(process as any).cwd = () => fakeCwd;
const normalized = ComponentDetection.normalizeDependencyGraphPaths(dependencyGraphs, filePathInput);
// Restore process.cwd
(process as any).cwd = originalCwd;
expect(Object.keys(normalized)).toContain('a/package.json');
expect(Object.keys(normalized)).toContain('b/package.json');
expect(normalized['a/package.json'].graph).toEqual({ 'foo': null });
expect(normalized['b/package.json'].graph).toEqual({ 'bar': null });
});
});
describe('normalizeDependencyGraphPaths with real output.json', () => {
test('converts absolute paths in output.json to relative paths using current cwd and filePath', () => {
const output = JSON.parse(fs.readFileSync('./output.json', 'utf8'));
const dependencyGraphs = output.dependencyGraphs;
// Use the same filePath as the action default (".")
const normalized = ComponentDetection.normalizeDependencyGraphPaths(dependencyGraphs, 'test');
// Should contain root level manifests without leading slashes
expect(Object.keys(normalized)).toContain('package.json');
expect(Object.keys(normalized)).toContain('package-lock.json');
// Should contain nested manifests with relative paths (no leading slashes)
expect(Object.keys(normalized)).toContain('nested/package.json');
expect(Object.keys(normalized)).toContain('nested/package-lock.json');
// All keys should be relative paths without leading slashes
for (const key of Object.keys(normalized)) {
expect(key.startsWith('/')).toBe(false); // No leading slashes
expect(key).not.toMatch(/^\w:\\|^\/\/|^\.{1,2}\//); // Not windows absolute, not network, not relative
}
});
});
test('full action scan creates manifests with correct names and file source locations', async () => {
await ComponentDetection.downloadLatestRelease();
const manifests = await ComponentDetection.scanAndGetManifests('./test');
expect(manifests).toBeDefined();
expect(manifests!.length).toBeGreaterThan(0);
for (const manifest of manifests!) {
expect(manifest.name.startsWith('/')).toBe(false);
}
const expectedManifestNames = [
'package.json',
'package-lock.json',
'nested/package.json',
'nested/package-lock.json',
];
const manifestsByName = manifests!.reduce((acc, manifest) => {
acc[manifest.name] = manifest;
return acc;
}, {} as Record<string, any>);
for (const expectedName of expectedManifestNames) {
const manifest = manifestsByName[expectedName];
expect(manifest).toBeDefined();
expect(manifest.name).toBe(expectedName);
expect(manifest.file?.source_location).toBe(expectedName);
}
}, 15000);
+83 -15
View File
@@ -7,7 +7,7 @@ import {
Package,
Snapshot,
Manifest,
submitSnapshot
submitSnapshot,
} from '@github/dependency-submission-toolkit'
import fetch from 'cross-fetch'
import tar from 'tar'
@@ -16,6 +16,7 @@ import * as exec from '@actions/exec';
import dotenv from 'dotenv'
import { Context } from '@actions/github/lib/context'
import { unmockedModulePathPatterns } from './jest.config'
import path from 'path';
dotenv.config();
export default class ComponentDetection {
@@ -70,10 +71,11 @@ export default class ComponentDetection {
core.info("Getting manifests from results");
const results = await fs.readFileSync(this.outputPath, 'utf8');
var json: any = JSON.parse(results);
return this.processComponentsToManifests(json.componentsFound);
let dependencyGraphs: DependencyGraphs = this.normalizeDependencyGraphPaths(json.dependencyGraphs, core.getInput('filePath'));
return this.processComponentsToManifests(json.componentsFound, dependencyGraphs);
}
public static processComponentsToManifests(componentsFound: any[]): Manifest[] {
public static processComponentsToManifests(componentsFound: any[], dependencyGraphs: DependencyGraphs): Manifest[] {
// Parse the result file and add the packages to the package cache
const packageCache = new PackageCache();
const packages: Array<ComponentDetectionPackage> = [];
@@ -126,6 +128,10 @@ export default class ComponentDetection {
try {
const referrerPackage = packageCache.lookupPackage(referrerUrl);
if (referrerPackage === pkg) {
core.debug(`Skipping self-reference for package: ${pkg.id}`);
return; // Skip self-references
}
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
@@ -139,29 +145,43 @@ export default class ComponentDetection {
const manifests: Array<Manifest> = [];
// Check the locationsFoundAt for every package and add each as a manifest
this.addPackagesToManifests(packages, manifests);
this.addPackagesToManifests(packages, manifests, dependencyGraphs);
return manifests;
}
private static addPackagesToManifests(packages: Array<ComponentDetectionPackage>, manifests: Array<Manifest>): void {
private static addPackagesToManifests(packages: Array<ComponentDetectionPackage>, manifests: Array<Manifest>, dependencyGraphs: DependencyGraphs): void {
packages.forEach((pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach((location: any) => {
if (!manifests.find((manifest: Manifest) => manifest.name == location)) {
const manifest = new Manifest(location, location);
// Use the normalized path (remove leading slash if present)
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
if (!manifests.find((manifest: Manifest) => manifest.name == normalizedLocation)) {
const manifest = new Manifest(normalizedLocation, normalizedLocation);
manifests.push(manifest);
}
// Filter out self-references from topLevelReferrers
const nonSelfReferrers = pkg.topLevelReferrers.filter((referrer: any) => {
if (!referrer.packageUrlString) return false;
return referrer.packageUrlString !== pkg.packageUrlString;
});
const depGraphEntry = dependencyGraphs[normalizedLocation];
if (!depGraphEntry) {
core.warning(`No dependency graph entry found for manifest location: ${normalizedLocation}`);
return; // Skip this location if not found in dependencyGraphs
}
if (nonSelfReferrers.length == 0) {
manifests.find((manifest: Manifest) => manifest.name == location)?.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
const directDependencies = depGraphEntry.explicitlyReferencedComponentIds;
if (directDependencies.includes(pkg.id)) {
manifests
.find((manifest: Manifest) => manifest.name == normalizedLocation)
?.addDirectDependency(
pkg,
ComponentDetection.getDependencyScope(pkg)
);
} else {
manifests.find((manifest: Manifest) => manifest.name == location)?.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
manifests
.find((manifest: Manifest) => manifest.name == normalizedLocation)
?.addIndirectDependency(
pkg,
ComponentDetection.getDependencyScope(pkg)
);
}
});
});
@@ -249,6 +269,27 @@ export default class ComponentDetection {
throw new Error("Failed to download latest release");
}
}
/**
* Normalizes the keys of a DependencyGraphs object to be relative paths from the resolved filePath input.
* @param dependencyGraphs The DependencyGraphs object to normalize.
* @param filePathInput The filePath input (relative or absolute) from the action configuration.
* @returns A new DependencyGraphs object with relative path keys.
*/
public static normalizeDependencyGraphPaths(
dependencyGraphs: DependencyGraphs,
filePathInput: string
): DependencyGraphs {
// Resolve the base directory from filePathInput (relative to cwd if not absolute)
const baseDir = path.resolve(process.cwd(), filePathInput);
const normalized: DependencyGraphs = {};
for (const absPath in dependencyGraphs) {
// Make the path relative to the baseDir
let relPath = path.relative(baseDir, absPath).replace(/\\/g, '/');
normalized[relPath] = dependencyGraphs[absPath];
}
return normalized;
}
}
class ComponentDetectionPackage extends Package {
@@ -261,6 +302,33 @@ class ComponentDetectionPackage extends Package {
}
}
/**
* Types for the dependencyGraphs section of output.json
*/
export type DependencyGraph = {
/**
* The dependency graph: keys are component IDs, values are either null (no dependencies) or an array of component IDs (dependencies)
*/
graph: Record<string, string[] | null>;
/**
* Explicitly referenced component IDs
*/
explicitlyReferencedComponentIds: string[];
/**
* Development dependencies
*/
developmentDependencies: string[];
/**
* Regular dependencies
*/
dependencies: string[];
};
/**
* The top-level dependencyGraphs object: keys are manifest file paths, values are DependencyGraph objects
*/
export type DependencyGraphs = Record<string, DependencyGraph>;
+33 -1
View File
@@ -7,9 +7,41 @@ export default class ComponentDetection {
static runComponentDetection(path: string): Promise<void>;
private static getComponentDetectionParameters;
static getManifestsFromResults(): Promise<Manifest[] | undefined>;
static processComponentsToManifests(componentsFound: any[]): Manifest[];
static processComponentsToManifests(componentsFound: any[], dependencyGraphs: DependencyGraphs): Manifest[];
private static addPackagesToManifests;
private static getDependencyScope;
static makePackageUrl(packageUrlJson: any): string;
private static getLatestReleaseURL;
/**
* Normalizes the keys of a DependencyGraphs object to be relative paths from the resolved filePath input.
* @param dependencyGraphs The DependencyGraphs object to normalize.
* @param filePathInput The filePath input (relative or absolute) from the action configuration.
* @returns A new DependencyGraphs object with relative path keys.
*/
static normalizeDependencyGraphPaths(dependencyGraphs: DependencyGraphs, filePathInput: string): DependencyGraphs;
}
/**
* Types for the dependencyGraphs section of output.json
*/
export type DependencyGraph = {
/**
* The dependency graph: keys are component IDs, values are either null (no dependencies) or an array of component IDs (dependencies)
*/
graph: Record<string, string[] | null>;
/**
* Explicitly referenced component IDs
*/
explicitlyReferencedComponentIds: string[];
/**
* Development dependencies
*/
developmentDependencies: string[];
/**
* Regular dependencies
*/
dependencies: string[];
};
/**
* The top-level dependencyGraphs object: keys are manifest file paths, values are DependencyGraph objects
*/
export type DependencyGraphs = Record<string, DependencyGraph>;
Generated Vendored
+42 -15
View File
@@ -36002,6 +36002,7 @@ const cross_fetch_1 = __importDefault(__nccwpck_require__(3304));
const fs_1 = __importDefault(__nccwpck_require__(9896));
const exec = __importStar(__nccwpck_require__(5236));
const dotenv_1 = __importDefault(__nccwpck_require__(8889));
const path_1 = __importDefault(__nccwpck_require__(6928));
dotenv_1.default.config();
class ComponentDetection {
// This is the default entry point for this class.
@@ -36056,10 +36057,11 @@ class ComponentDetection {
core.info("Getting manifests from results");
const results = yield fs_1.default.readFileSync(this.outputPath, 'utf8');
var json = JSON.parse(results);
return this.processComponentsToManifests(json.componentsFound);
let dependencyGraphs = this.normalizeDependencyGraphPaths(json.dependencyGraphs, core.getInput('filePath'));
return this.processComponentsToManifests(json.componentsFound, dependencyGraphs);
});
}
static processComponentsToManifests(componentsFound) {
static processComponentsToManifests(componentsFound, dependencyGraphs) {
// Parse the result file and add the packages to the package cache
const packageCache = new dependency_submission_toolkit_1.PackageCache();
const packages = [];
@@ -36103,6 +36105,10 @@ class ComponentDetection {
}
try {
const referrerPackage = packageCache.lookupPackage(referrerUrl);
if (referrerPackage === pkg) {
core.debug(`Skipping self-reference for package: ${pkg.id}`);
return; // Skip self-references
}
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
@@ -36115,28 +36121,32 @@ class ComponentDetection {
// Create manifests
const manifests = [];
// Check the locationsFoundAt for every package and add each as a manifest
this.addPackagesToManifests(packages, manifests);
this.addPackagesToManifests(packages, manifests, dependencyGraphs);
return manifests;
}
static addPackagesToManifests(packages, manifests) {
static addPackagesToManifests(packages, manifests, dependencyGraphs) {
packages.forEach((pkg) => {
pkg.locationsFoundAt.forEach((location) => {
var _a, _b;
if (!manifests.find((manifest) => manifest.name == location)) {
const manifest = new dependency_submission_toolkit_1.Manifest(location, location);
// Use the normalized path (remove leading slash if present)
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
if (!manifests.find((manifest) => manifest.name == normalizedLocation)) {
const manifest = new dependency_submission_toolkit_1.Manifest(normalizedLocation, normalizedLocation);
manifests.push(manifest);
}
// Filter out self-references from topLevelReferrers
const nonSelfReferrers = pkg.topLevelReferrers.filter((referrer) => {
if (!referrer.packageUrlString)
return false;
return referrer.packageUrlString !== pkg.packageUrlString;
});
if (nonSelfReferrers.length == 0) {
(_a = manifests.find((manifest) => manifest.name == location)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
const depGraphEntry = dependencyGraphs[normalizedLocation];
if (!depGraphEntry) {
core.warning(`No dependency graph entry found for manifest location: ${normalizedLocation}`);
return; // Skip this location if not found in dependencyGraphs
}
const directDependencies = depGraphEntry.explicitlyReferencedComponentIds;
if (directDependencies.includes(pkg.id)) {
(_a = manifests
.find((manifest) => manifest.name == normalizedLocation)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
else {
(_b = manifests.find((manifest) => manifest.name == location)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
(_b = manifests
.find((manifest) => manifest.name == normalizedLocation)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
});
});
@@ -36216,6 +36226,23 @@ class ComponentDetection {
}
});
}
/**
* Normalizes the keys of a DependencyGraphs object to be relative paths from the resolved filePath input.
* @param dependencyGraphs The DependencyGraphs object to normalize.
* @param filePathInput The filePath input (relative or absolute) from the action configuration.
* @returns A new DependencyGraphs object with relative path keys.
*/
static normalizeDependencyGraphPaths(dependencyGraphs, filePathInput) {
// Resolve the base directory from filePathInput (relative to cwd if not absolute)
const baseDir = path_1.default.resolve(process.cwd(), filePathInput);
const normalized = {};
for (const absPath in dependencyGraphs) {
// Make the path relative to the baseDir
let relPath = path_1.default.relative(baseDir, absPath).replace(/\\/g, '/');
normalized[relPath] = dependencyGraphs[absPath];
}
return normalized;
}
}
exports["default"] = ComponentDetection;
ComponentDetection.componentDetectionPath = process.platform === "win32" ? './component-detection.exe' : './component-detection';
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+8 -9
View File
@@ -1,12 +1,12 @@
{
"name": "component-detection-action",
"version": "1.0.0",
"version": "0.1.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "component-detection-action",
"version": "1.0.0",
"version": "0.1.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
@@ -7546,11 +7546,10 @@
"license": "MIT"
},
"node_modules/qs": {
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
"integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
"version": "6.14.2",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
"integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.1.0"
},
@@ -13942,9 +13941,9 @@
"dev": true
},
"qs": {
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
"integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
"version": "6.14.2",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
"integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"requires": {
"side-channel": "^1.1.0"
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "component-detection-action",
"version": "1.0.0",
"version": "0.1.0",
"description": "Component detection action",
"main": "dist/index.js",
"type": "module",
+45
View File
@@ -0,0 +1,45 @@
{
"name": "nested-test-package",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "nested-test-package",
"version": "1.0.0",
"dependencies": {
"lodash": "^4.17.21"
},
"devDependencies": {
"jest": "^29.0.0"
}
},
"node_modules/lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
"node_modules/jest": {
"version": "29.7.0",
"resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz",
"integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
"dev": true,
"bin": {
"jest": "bin/jest.js"
}
}
},
"dependencies": {
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
"jest": {
"version": "29.7.0",
"resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz",
"integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
"dev": true
}
}
}
+12
View File
@@ -0,0 +1,12 @@
{
"name": "nested-test-package",
"version": "1.0.0",
"description": "A nested test package for component detection testing",
"main": "index.js",
"dependencies": {
"lodash": "^4.17.21"
},
"devDependencies": {
"jest": "^29.0.0"
}
}