Compare commits

...

39 Commits

Author SHA1 Message Date
github-actions[bot] 21213e825c Empty commit to open PR 2026-03-09 00:45:24 +00:00
github-actions[bot] 5b46420b3f Merge upstream:main 2026-03-09 00:45:24 +00:00
dependabot[bot] 48ae13709e Bump minimatch in /test in the npm_and_yarn group across 1 directory (#171)
Bumps the npm_and_yarn group with 1 update in the /test directory: [minimatch](https://github.com/isaacs/minimatch).


Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:33:10 -05:00
dependabot[bot] 7efb859132 Bump minimatch from 3.1.2 to 3.1.5 (#170)
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:31:58 -05:00
dependabot[bot] 50b9449a2f Bump eslint from 10.0.0 to 10.0.2 in the npm-dependencies group (#173)
Bumps the npm-dependencies group with 1 update: [eslint](https://github.com/eslint/eslint).


Updates `eslint` from 10.0.0 to 10.0.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.0...v10.0.2)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:30:22 -05:00
dependabot[bot] 56ef6dcc04 Bump actions/upload-artifact in the actions-dependencies group (#172)
Bumps the actions-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
2026-03-06 13:28:40 -05:00
dependabot[bot] 6531c188bd Bump tar from 7.5.9 to 7.5.10 (#174)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.10)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 13:26:22 -05:00
Adrien Pessu 0797d4eff6 Merge pull request #167 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-1db22e1e02
Bump tar from 7.5.7 to 7.5.8 in /test in the npm_and_yarn group across 1 directory
2026-02-25 12:51:18 +01:00
dependabot[bot] 7ba820f614 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.7 to 7.5.8
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.8)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-24 16:17:55 +00:00
dependabot[bot] bd71948983 Bump the npm-dependencies group across 1 directory with 4 updates (#165)
* Bump the npm-dependencies group across 1 directory with 4 updates

Bumps the npm-dependencies group with 4 updates in the / directory: [dotenv](https://github.com/motdotla/dotenv), [tar](https://github.com/isaacs/node-tar), [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [eslint](https://github.com/eslint/eslint).


Updates `dotenv` from 17.2.3 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v17.2.3...v17.3.1)

Updates `tar` from 7.5.7 to 7.5.9
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.9)

Updates `@eslint/js` from 9.39.2 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/HEAD/packages/js)

Updates `eslint` from 9.39.2 to 10.0.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.2...v10.0.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Initial plan

* Rebuild dist/ after dependency updates

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-24 11:14:33 -05:00
Chad Bentz 630165e704 Merge pull request #161 from advanced-security/document-EnableIfDefaultOff-detectorArgs
Revise README for workflows and detector options
2026-02-02 13:53:01 -05:00
Chad Bentz 332c61add4 Merge pull request #159 from advanced-security/dependabot/npm_and_yarn/test/npm_and_yarn-c2faeb1381
Bump tar from 7.5.4 to 7.5.7 in /test in the npm_and_yarn group across 1 directory
2026-02-02 10:56:59 -05:00
Chad Bentz 933761652d Merge pull request #162 from advanced-security/dependabot/npm_and_yarn/npm-dependencies-304c371dc4
Bump the npm-dependencies group with 4 updates
2026-02-02 10:52:42 -05:00
Chad Bentz 9aece0e09c Merge pull request #163 from advanced-security/copilot/sub-pr-162
Fix ESM compatibility for @actions/core v3 and @actions/github v9
2026-02-02 10:41:47 -05:00
copilot-swe-agent[bot] 41bb53a1db Update TypeScript config comments to be more concise
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-02 15:15:27 +00:00
copilot-swe-agent[bot] 4f00d77f0c Fix ESM compatibility for @actions packages v3/v9
- Remove unused deep import of Context from @actions/github/lib/context
- Update TypeScript config to compile to ES2022 modules instead of CommonJS
- This fixes build failures with @actions/core v3 and @actions/github v9

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
2026-02-02 15:14:37 +00:00
copilot-swe-agent[bot] 1a454445fe Initial plan 2026-02-02 15:10:06 +00:00
dependabot[bot] cf04b7bb63 Bump the npm-dependencies group with 4 updates
Bumps the npm-dependencies group with 4 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github), [tar](https://github.com/isaacs/node-tar) and [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 7.0.0 to 9.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `tar` from 7.5.6 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.6...v7.5.7)

Updates `@babel/preset-env` from 7.28.6 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@actions/github"
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-02 14:44:35 +00:00
Chad Bentz d177d7847a Update README to remove duplication and version change
fix formatting and typo
2026-01-29 15:20:14 -05:00
Chad Bentz d041cfd4c5 Revise README for workflows and detector options
Updated example workflow section and added details about experimental and default-off detectors that are passed into detectorArgs as EnableIfDefaultOff
2026-01-29 15:17:59 -05:00
dependabot[bot] f7f30e1366 Bump tar in /test in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.4 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.4...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-29 14:01:38 +00:00
Lewis Jones 374343effe Merge pull request #6 from actions/weekly-sync-branch-16171136386
Test / test (push) Has been cancelled
Sync Fork with Upstream
2025-07-09 14:49:18 +01:00
github-actions[bot] 5a79ab0fa4 Empty commit to open PR 2025-07-09 13:48:25 +00:00
github-actions[bot] 0c3e582042 Merge upstream:main 2025-07-09 13:48:25 +00:00
Justin Holguín 876b304ec0 Merge pull request #5 from actions/weekly-sync-branch-16062172741
Sync Fork with Upstream
2025-07-03 16:09:54 -07:00
github-actions[bot] 3104f6d51c Empty commit to open PR 2025-07-03 23:08:17 +00:00
github-actions[bot] 5d8c040f29 Merge upstream:main 2025-07-03 23:08:17 +00:00
Lewis Jones 466989c808 Merge pull request #4 from actions/weekly-sync-branch-15774881579
Sync Fork with Upstream
2025-06-20 09:40:55 +01:00
github-actions[bot] 67f3292117 Empty commit to open PR 2025-06-20 08:36:52 +00:00
github-actions[bot] 3f420ae88d Merge upstream:main 2025-06-20 08:36:52 +00:00
Lewis Jones ef571d5a84 Merge pull request #3 from actions/weekly-sync-branch-15680274825
Sync Fork with Upstream
2025-06-16 13:05:03 +01:00
github-actions[bot] 0eb73668fa Empty commit to open PR 2025-06-16 12:04:03 +00:00
github-actions[bot] 7a168cbdc4 Merge upstream:main 2025-06-16 12:04:03 +00:00
Lewis Jones d5fd67e101 Merge pull request #2 from actions/weekly-sync-branch-15612676798
Sync Fork with Upstream
2025-06-12 15:02:36 +01:00
github-actions[bot] 27e6d82755 Empty commit to open PR 2025-06-12 14:01:47 +00:00
github-actions[bot] 3d11e5a0f7 Merge upstream:main 2025-06-12 14:01:47 +00:00
Lewis Jones 51ef6b3995 Merge pull request #1 from actions/ljones140/setup-fork
Setup fork Codeowners and sync
2025-06-10 15:35:24 +01:00
Lewis Jones cfe815dd6d Add fork sync mechanism 2025-06-10 14:51:08 +01:00
Lewis Jones 9db31129a3 update codeowners 2025-06-10 14:50:54 +01:00
13 changed files with 64103 additions and 5999 deletions
+3 -3
View File
@@ -23,10 +23,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v4
- name: Set Node.js 16.x
uses: actions/setup-node@v6.2.0
uses: actions/setup-node@v4.4.0
with:
node-version: 16.x
@@ -46,7 +46,7 @@ jobs:
id: diff
# If index.js was different than expected, upload the expected version as an artifact
- uses: actions/upload-artifact@v6
- uses: actions/upload-artifact@v4
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist
+42
View File
@@ -0,0 +1,42 @@
name: Sync Fork with Upstream
on:
schedule:
- cron: '0 0 * * 1' # Runs at midnight UTC every Monday
workflow_dispatch:
permissions:
contents: write
pull-requests: write
jobs:
sync:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Fetch Upstream Remote
run: |
git remote add upstream https://github.com/advanced-security/component-detection-dependency-submission-action.git
git fetch upstream
- name: Set Git Config
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Create and Push Branch
run: |
git checkout -b weekly-sync-branch-${{ github.run_id }}
git merge upstream/main --no-commit
git reset -- ./.github
git commit -m "Merge upstream:main"
git commit --allow-empty -m "Empty commit to open PR"
git push --set-upstream origin weekly-sync-branch-${{ github.run_id }}
- name: Open Pull Request
run: |
gh repo set-default actions/component-detection-dependency-submission-action
gh pr create -B main -H weekly-sync-branch-${{ github.run_id }} --title 'Sync Fork with Upstream' --body 'Weekly Cron. Created by GitHub Actions.'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v4
- name: Unit test
run: |
npm install
+1 -1
View File
@@ -1 +1 @@
* @advanced-security/advanced-security-dependency-graph @advanced-security/oss-maintainers
* @advanced-security/advanced-security-dependency-graph
+29 -2
View File
@@ -2,7 +2,7 @@
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
### Example workflow
### Example workflows
```yaml
@@ -25,13 +25,40 @@ jobs:
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
```
Additional `Experimental` and `DefaultOff` detectors:
- For a list of experimental and default-off detectors that require explicit enablement, see the [Detectors README](https://github.com/microsoft/component-detection/blob/main/docs/detectors/README.md). See [enable-default-off.md](https://github.com/microsoft/component-detection/blob/main/docs/enable-default-off.md) for more details.
```yaml
name: Component Detection
on:
workflow_dispatch:
push:
permissions:
id-token: write
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
with:
# Experimental detectors: Poetry, UvLock, NpmLockfile3, Ivy
# Default-off detectors: ConanLock, CondaLock, Dockerfile, Pip, SimplePip, Spdx22, SwiftResolved
detectorArgs: Poetry=EnableIfDefaultOff,UvLock=EnableIfDefaultOff,NpmLockfile3=EnableIfDefaultOff,Ivy=EnableIfDefaultOff,ConanLock=EnableIfDefaultOff,CondaLock=EnableIfDefaultOff,Dockerfile=EnableIfDefaultOff,Pip=EnableIfDefaultOff,SimplePip=EnableIfDefaultOff,Spdx22=EnableIfDefaultOff,SwiftResolved=EnableIfDefaultOff
```
### Configuration options
| Parameter | Description | Example |
| --- | --- | --- |
filePath | The path to the directory containing the environment files to upload. Defaults to Actions working directory. | `'.'`
directoryExclusionList | Filters out specific directories following a minimatch pattern. | `test`
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is `Experimental` or `DefaultOff` to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
detectorsCategories | A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. | `NuGet,Npm`
-1
View File
@@ -14,7 +14,6 @@ import tar from 'tar'
import fs from 'fs'
import * as exec from '@actions/exec';
import dotenv from 'dotenv'
import { Context } from '@actions/github/lib/context'
import { unmockedModulePathPatterns } from './jest.config'
import path from 'path';
dotenv.config();
Generated Vendored
+63146 -5211
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+856 -756
View File
File diff suppressed because it is too large Load Diff
+7 -7
View File
@@ -26,23 +26,23 @@
},
"homepage": "https://github.com/advanced-security/component-detection-dependency-submission-action#readme",
"dependencies": {
"@actions/core": "^2.0.2",
"@actions/github": "^7.0.0",
"@actions/core": "^3.0.0",
"@actions/github": "^9.0.0",
"@github/dependency-submission-toolkit": "^2.0.5",
"cross-fetch": "^4.1.0",
"dotenv": "^17.2.3",
"dotenv": "^17.3.1",
"fs": "^0.0.1-security",
"octokit": "^5.0.5",
"tar": "^7.5.6",
"tar": "^7.5.10",
"yaml": "^2.8.2"
},
"devDependencies": {
"@babel/preset-env": "^7.28.6",
"@babel/preset-env": "^7.29.0",
"@babel/preset-typescript": "^7.28.5",
"@eslint/js": "^9.39.2",
"@eslint/js": "^10.0.1",
"@types/jest": "^30.0.0",
"@vercel/ncc": "^0.38.4",
"eslint": "^9.39.2",
"eslint": "^10.0.2",
"jest": "^30.2.0",
"jest-transform-stub": "^2.0.0",
"ts-jest": "^29.4.6"
+13 -13
View File
@@ -15,7 +15,7 @@
"cross-fetch": "^3.1.5",
"dotenv": "^16.0.3",
"fs": "^0.0.1-security",
"tar": "^7.5.4",
"tar": "^7.5.8",
"yaml": "^2.2.2"
},
"devDependencies": {
@@ -3716,9 +3716,9 @@
}
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -4368,9 +4368,9 @@
}
},
"node_modules/tar": {
"version": "7.5.4",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.4.tgz",
"integrity": "sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==",
"version": "7.5.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.8.tgz",
"integrity": "sha512-SYkBtK99u0yXa+IWL0JRzzcl7RxNpvX/U08Z+8DKnysfno7M+uExnTZH8K+VGgShf2qFPKtbNr9QBl8n7WBP6Q==",
"dependencies": {
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
@@ -7633,9 +7633,9 @@
"dev": true
},
"minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -8091,9 +8091,9 @@
"dev": true
},
"tar": {
"version": "7.5.4",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.4.tgz",
"integrity": "sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==",
"version": "7.5.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-7.5.8.tgz",
"integrity": "sha512-SYkBtK99u0yXa+IWL0JRzzcl7RxNpvX/U08Z+8DKnysfno7M+uExnTZH8K+VGgShf2qFPKtbNr9QBl8n7WBP6Q==",
"requires": {
"@isaacs/fs-minipass": "^4.0.0",
"chownr": "^3.0.0",
+1 -1
View File
@@ -31,7 +31,7 @@
"cross-fetch": "^3.1.5",
"dotenv": "^16.0.3",
"fs": "^0.0.1-security",
"tar": "^7.5.4",
"tar": "^7.5.8",
"yaml": "^2.2.2"
},
"devDependencies": {
+3 -2
View File
@@ -1,7 +1,8 @@
{
"compilerOptions": {
"target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
"target": "ES2022", /* Specify ECMAScript target version */
"module": "ES2022", /* Specify module code generation */
"moduleResolution": "node", /* Specify module resolution strategy: 'node' or 'classic'. */
"outDir": "./dist", /* Redirect output structure to the directory. */
"rootDir": "./", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
"strict": true, /* Enable all strict type-checking options. */