Justin Holguín
|
5f0808ffb1
|
Validate that deny-packages purls are complete
|
2024-04-29 16:46:21 +00:00 |
|
Justin Holguín
|
fcc66c23b3
|
Refine purl parsing and tests
|
2024-04-28 20:33:37 +00:00 |
|
Justin Holguín
|
1dd418bcb3
|
Basic tests for PURL validation in config
|
2024-04-27 22:16:46 +00:00 |
|
Justin Holguín
|
640617990f
|
Replace packageurl-js with our own implementation
|
2024-04-27 21:26:06 +00:00 |
|
Justin Holguín
|
2034babb6b
|
Bypass purls (mostly) for deny checks
|
2024-04-26 23:17:11 +00:00 |
|
Justin Holguín
|
7e773b1e98
|
Log offending purl
|
2024-04-26 21:50:12 +00:00 |
|
Justin Holguín
|
a3460920cc
|
Parse purls cautiously in getDeniedChanges
|
2024-04-26 21:28:24 +00:00 |
|
Justin Holguín
|
0659a74c94
|
Merge pull request #751 from actions/juxtin/release
Update version to 4.3.0 in preparation for release
V4.3.0
|
2024-04-26 10:26:45 -07:00 |
|
Justin Holguín
|
28facf5722
|
Update release instructions
|
2024-04-26 17:11:57 +00:00 |
|
Justin Holguín
|
5ab7b74146
|
Update package-lock.json
|
2024-04-26 17:11:46 +00:00 |
|
Justin Holguín
|
95b6fa4e6b
|
Update version to 4.3.0
|
2024-04-25 22:41:44 +00:00 |
|
Brandon Teng
|
2dba7fdde1
|
Merge pull request #733 from actions/deny-list-version
deny-packages configuration option can deny specified version or all packages
|
2024-04-24 20:38:16 -05:00 |
|
Brandon Teng
|
7d44c7c392
|
building package with latest typescript version
|
2024-04-24 20:36:47 -05:00 |
|
Brandon Teng
|
ce31ee8325
|
Merge branch 'main' into deny-list-version
|
2024-04-24 18:16:35 -05:00 |
|
Justin Holguín
|
df1b3661fd
|
Merge pull request #750 from actions/juxtin/fix-deny-icon
Show denied packages with red X
|
2024-04-24 15:37:25 -07:00 |
|
Brandon Teng
|
71c57a6108
|
Merge branch 'main' into deny-list-version
|
2024-04-24 17:19:53 -05:00 |
|
Justin Holguín
|
7e2c3c347b
|
Show denied packages with red X
|
2024-04-24 22:11:24 +00:00 |
|
Justin Holguín
|
f456418f6a
|
Merge pull request #737 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.10.2
Bump eslint-plugin-github from 4.10.1 to 4.10.2
|
2024-04-24 14:59:31 -07:00 |
|
Justin Holguín
|
19bd35e07b
|
Merge pull request #744 from actions/dependabot/npm_and_yarn/typescript-5.4.5
Bump typescript from 5.3.3 to 5.4.5
|
2024-04-24 14:57:23 -07:00 |
|
Justin Holguín
|
ff97293707
|
Update dist
|
2024-04-24 21:55:26 +00:00 |
|
dependabot[bot]
|
5498b6c4c3
|
Bump typescript from 5.3.3 to 5.4.5
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.3.3 to 5.4.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.3.3...v5.4.5)
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2024-04-24 21:39:33 +00:00 |
|
Brandon Teng
|
80116a4564
|
Merge branch 'main' into deny-list-version
|
2024-04-24 16:35:05 -05:00 |
|
Justin Holguín
|
68488bcecb
|
Merge pull request #748 from actions/issue-738
Fix extra https:// in summary
|
2024-04-24 13:54:40 -07:00 |
|
Justin Hutchings
|
16a0212a77
|
Build source
|
2024-04-23 17:31:55 +00:00 |
|
Justin Hutchings
|
6d3fba9bf2
|
Remove extra https://
|
2024-04-23 17:26:55 +00:00 |
|
Brandon Teng
|
c6cc8585a0
|
building and packaging action
|
2024-04-16 16:25:58 -05:00 |
|
Brandon Teng
|
c32a0148b3
|
throwing parsing error up instead of swallowing it
|
2024-04-16 16:25:28 -05:00 |
|
Brandon Teng
|
67d0214607
|
simplifying tests
|
2024-04-16 16:04:25 -05:00 |
|
Brandon Teng
|
3ca15314ff
|
transforming package URLs during zod parsing
|
2024-04-16 16:04:11 -05:00 |
|
Brandon Teng
|
a318e62c6c
|
using packageurl-js to parse packages and groups from config
|
2024-04-16 12:44:51 -05:00 |
|
Brandon Teng
|
061f471b83
|
updating docs
|
2024-04-04 15:48:24 -05:00 |
|
Brandon Teng
|
012eca3d4d
|
building and packaging action
|
2024-04-04 15:35:28 -05:00 |
|
Brandon Teng
|
8739aa4bb3
|
Merge branch 'main' into deny-list-version
|
2024-04-04 15:26:19 -05:00 |
|
Brandon Teng
|
a323510dae
|
more refactoring for getDeniedChanges
|
2024-04-04 15:18:51 -05:00 |
|
Brandon Teng
|
7cebd9d64d
|
refactoring getDeniedChanges
|
2024-04-04 15:04:45 -05:00 |
|
Brandon Teng
|
f8ca44e2de
|
updating README
|
2024-04-04 13:26:08 -05:00 |
|
Brandon Teng
|
411e5ec44f
|
updating deny-packages config option to deny exact version or wildcard
|
2024-04-04 13:25:54 -05:00 |
|
dependabot[bot]
|
72aedfc147
|
Bump eslint-plugin-github from 4.10.1 to 4.10.2
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.10.1 to 4.10.2.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.10.1...v4.10.2)
---
updated-dependencies:
- dependency-name: eslint-plugin-github
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2024-04-01 01:25:22 +00:00 |
|
Federico Builes
|
2ce029c676
|
Fix another incidence of the OpenSSF config name.
|
2024-03-28 06:54:16 +01:00 |
|
Federico Builes
|
1c949fbe77
|
Merge pull request #735 from StacklokLabs/rename-openssf-scorecard
Readme action variable name for scorecard is wrong
|
2024-03-28 06:52:47 +01:00 |
|
Luke Hinds
|
bddd13d857
|
Readme action variable name for scorecard is wrong
The actual name from action.yaml is `show-openssf-scorecard`
and not `show-openssf-scorecard-levels`
Signed-off-by: Luke Hinds <luke@stacklok.com>
|
2024-03-27 17:18:17 -07:00 |
|
Federico Builes
|
0e665bf3ac
|
Adding a failing test.
Co-authored-by: Brandon Teng <bteng22@github.com>
|
2024-03-27 15:05:17 +01:00 |
|
Federico Builes
|
5bbc3ba658
|
bumping version
v4.2.5
|
2024-03-26 08:04:16 +01:00 |
|
Federico Builes
|
c59184aa7f
|
Merge pull request #722 from actions/remove-warn-default
Revert default values in action.yml to fix external configs
|
2024-03-26 07:55:00 +01:00 |
|
Federico Builes
|
54c06574f4
|
Merge pull request #728 from actions/dependabot/npm_and_yarn/eslint-8.57.0
Bump eslint from 8.56.0 to 8.57.0
|
2024-03-25 06:27:19 +01:00 |
|
dependabot[bot]
|
21941b530b
|
Bump eslint from 8.56.0 to 8.57.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.56.0 to 8.57.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.56.0...v8.57.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2024-03-25 01:27:32 +00:00 |
|
Federico Builes
|
733dd5d4a5
|
bumping to 4.2.4
v4.2.4
|
2024-03-24 14:59:17 +01:00 |
|
Federico Builes
|
9093495859
|
Merge pull request #725 from actions/issue-718
Bug fixes to #718
|
2024-03-24 14:56:57 +01:00 |
|
Justin Hutchings
|
35b83b4207
|
Fix prettier issues
|
2024-03-22 21:59:08 +00:00 |
|
Justin Hutchings
|
e057056594
|
Add packaged code update
|
2024-03-22 21:31:00 +00:00 |
|