Compare commits

..

186 Commits

Author SHA1 Message Date
Federico Builes 5951e7db04 Merge branch 'main' into adjust_summary_format 2023-03-06 09:08:35 +01:00
Federico Builes 4f537bf170 Merge pull request #417 from actions/dependabot/npm_and_yarn/zod-3.21.0
Bump zod from 3.20.6 to 3.21.0
2023-03-06 08:25:25 +01:00
Federico Builes 25f22ad0c7 dist files 2023-03-06 08:25:10 +01:00
Federico Builes 2878425083 Merge pull request #419 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.54.0
Bump @typescript-eslint/eslint-plugin from 5.53.0 to 5.54.0
2023-03-06 05:56:03 +01:00
Federico Builes 862b667fee Merge pull request #421 from actions/dependabot/npm_and_yarn/nodemon-2.0.21
Bump nodemon from 2.0.20 to 2.0.21
2023-03-06 05:55:16 +01:00
dependabot[bot] f7c42c00ca Bump @typescript-eslint/eslint-plugin from 5.53.0 to 5.54.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.53.0 to 5.54.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.54.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 04:48:15 +00:00
dependabot[bot] 00dbe9df8d Bump nodemon from 2.0.20 to 2.0.21
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.20...v2.0.21)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 04:47:54 +00:00
Federico Builes f89a053f16 Merge pull request #420 from actions/dependabot/npm_and_yarn/types/node-16.18.14
Bump @types/node from 16.18.13 to 16.18.14
2023-03-06 05:47:25 +01:00
Federico Builes 700f66ed8f Merge pull request #418 from actions/dependabot/npm_and_yarn/got-12.6.0
Bump got from 12.5.3 to 12.6.0
2023-03-06 05:47:11 +01:00
dependabot[bot] fc5eaef91a Bump @types/node from 16.18.13 to 16.18.14
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.13 to 16.18.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:15:36 +00:00
dependabot[bot] 087d445ca8 Bump got from 12.5.3 to 12.6.0
Bumps [got](https://github.com/sindresorhus/got) from 12.5.3 to 12.6.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.3...v12.6.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:14:13 +00:00
dependabot[bot] 95fa321e74 Bump zod from 3.20.6 to 3.21.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.20.6 to 3.21.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.20.6...v3.21.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:13:53 +00:00
David Losert 429d317ccc Rebuilt dist files 2023-03-02 07:52:41 +00:00
David Losert 6b34d93738 Skips dependency review if no changes detected 2023-03-02 07:47:09 +00:00
David Losert b7a25f4e9b Makes License Issues a single table per manifest 2023-03-02 07:43:23 +00:00
David Losert 9f0792541a Rebuilt dist files 2023-03-02 06:57:41 +00:00
David Losert 5e6910e937 Built the library in it's current state 2023-03-01 07:43:17 +00:00
David Losert 715956774a Adds some explanation on how to use the script 2023-03-01 07:43:08 +00:00
David Losert 94e6fb6deb Fixes build to only include src folder 2023-03-01 07:43:00 +00:00
David Losert 1090cda9d5 Adjusts headlines and formatting for license issues 2023-02-28 12:28:20 +00:00
David Losert 6315b3822f Renames variable to be more speaking 2023-02-28 12:27:55 +00:00
David Losert c5dab80dd4 Adds script to generate test-markdown files 2023-02-28 11:08:48 +00:00
David Losert b089c5b002 Adds conditional license summary 2023-02-28 11:08:39 +00:00
David Losert 6e66d136ec Reformats vulnerability section 2023-02-27 16:05:59 +00:00
David Losert 1b9faef957 Fixes ESLint to also incldue tests and fixes eslint errors in tests 2023-02-27 16:05:03 +00:00
Federico Builes 748b8a5c33 Merge pull request #414 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.53.0
Bump @typescript-eslint/parser from 5.52.0 to 5.53.0
2023-02-27 08:13:40 +01:00
dependabot[bot] 1639aef23d Bump @typescript-eslint/parser from 5.52.0 to 5.53.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.52.0 to 5.53.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.53.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 07:11:29 +00:00
Federico Builes f5f33b0c33 Merge pull request #415 from actions/dependabot/npm_and_yarn/types/node-16.18.13
Bump @types/node from 16.18.12 to 16.18.13
2023-02-27 08:08:52 +01:00
Federico Builes 2d8dd98fa8 Merge pull request #413 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.53.0
Bump @typescript-eslint/eslint-plugin from 5.52.0 to 5.53.0
2023-02-27 08:08:23 +01:00
Federico Builes 182833caa3 Merge pull request #412 from actions/dependabot/npm_and_yarn/eslint-8.35.0
Bump eslint from 8.34.0 to 8.35.0
2023-02-27 08:08:09 +01:00
dependabot[bot] b0bc193e06 Bump @types/node from 16.18.12 to 16.18.13
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.12 to 16.18.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:53:14 +00:00
dependabot[bot] f3146217d6 Bump @typescript-eslint/eslint-plugin from 5.52.0 to 5.53.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.52.0 to 5.53.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.53.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:51:25 +00:00
dependabot[bot] c5b1778acb Bump eslint from 8.34.0 to 8.35.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.34.0 to 8.35.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.34.0...v8.35.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:50:27 +00:00
David Losert 19ee172e7e feat: Adjusts the formatting and content for the status header 2023-02-22 14:05:52 +00:00
Federico Builes 23c92ea3fe Merge pull request #407 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.52.0
Bump @typescript-eslint/eslint-plugin from 5.51.0 to 5.52.0
2023-02-20 09:58:01 +01:00
dependabot[bot] 1af3349db2 Bump @typescript-eslint/eslint-plugin from 5.51.0 to 5.52.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.51.0 to 5.52.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.52.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 06:08:25 +00:00
Federico Builes 2238302e66 Merge pull request #408 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.6.1
Bump eslint-plugin-github from 4.6.0 to 4.6.1
2023-02-20 07:03:23 +01:00
Federico Builes e4158c9844 Merge pull request #405 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.52.0
Bump @typescript-eslint/parser from 5.51.0 to 5.52.0
2023-02-20 07:02:50 +01:00
dependabot[bot] 7f874fd2fb Bump eslint-plugin-github from 4.6.0 to 4.6.1
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 02:27:53 +00:00
dependabot[bot] 9928099802 Bump @typescript-eslint/parser from 5.51.0 to 5.52.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.51.0 to 5.52.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.52.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 02:26:07 +00:00
Federico Builes d9d1c4ba24 adding dist 2023-02-16 14:44:46 +01:00
Federico Builes a3ee6a76df Merge pull request #393 from davelosert/write-summary-to-pr
Add Feature: Write Summary as comment to the pull request
2023-02-16 14:44:03 +01:00
David Losert f69167c9be Build files for current version 2023-02-16 10:04:56 +00:00
David Losert 1c85e9db8d Adds option to write summary into a pr comment 2023-02-16 10:03:16 +00:00
Federico Builes 5c771993de doing npm audit fix 2023-02-13 07:07:59 +01:00
Federico Builes 3f5300728c Merge pull request #403 from actions/dependabot/npm_and_yarn/zod-3.20.6
Bump zod from 3.20.2 to 3.20.6
2023-02-13 07:06:20 +01:00
Federico Builes 221de4a420 add dist 2023-02-13 07:06:09 +01:00
Federico Builes 9aa2640fd4 Merge pull request #401 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.51.0
Bump @typescript-eslint/parser from 5.50.0 to 5.51.0
2023-02-13 07:04:32 +01:00
dependabot[bot] d5ff038b8b Bump @typescript-eslint/parser from 5.50.0 to 5.51.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.50.0 to 5.51.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.51.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 06:02:15 +00:00
Federico Builes 63d79cae5c Merge pull request #402 from actions/dependabot/npm_and_yarn/eslint-8.34.0
Bump eslint from 8.33.0 to 8.34.0
2023-02-13 07:00:32 +01:00
Federico Builes ee7fefc22c Merge pull request #399 from actions/dependabot/npm_and_yarn/prettier-2.8.4
Bump prettier from 2.8.3 to 2.8.4
2023-02-13 06:59:53 +01:00
dependabot[bot] fa8de14daa Bump eslint from 8.33.0 to 8.34.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.33.0 to 8.34.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.33.0...v8.34.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 05:55:49 +00:00
Federico Builes eb8231dc40 Merge pull request #400 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.51.0
Bump @typescript-eslint/eslint-plugin from 5.50.0 to 5.51.0
2023-02-13 06:55:02 +01:00
dependabot[bot] fff46df8ec Bump zod from 3.20.2 to 3.20.6
Bumps [zod](https://github.com/colinhacks/zod) from 3.20.2 to 3.20.6.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.20.2...v3.20.6)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:52:22 +00:00
dependabot[bot] 9613501c27 Bump @typescript-eslint/eslint-plugin from 5.50.0 to 5.51.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.50.0 to 5.51.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.51.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:50:50 +00:00
dependabot[bot] 08d6d26179 Bump prettier from 2.8.3 to 2.8.4
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.3...2.8.4)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:49:57 +00:00
Federico Builes 96d0e9ac03 Merge pull request #396 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.50.0
Bump @typescript-eslint/parser from 5.49.0 to 5.50.0
2023-02-06 06:34:53 +01:00
dependabot[bot] 189bf7bc26 Bump @typescript-eslint/parser from 5.49.0 to 5.50.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 05:32:26 +00:00
Federico Builes a2165983d1 Merge pull request #397 from actions/dependabot/npm_and_yarn/types/node-16.18.12
Bump @types/node from 16.18.11 to 16.18.12
2023-02-06 06:32:08 +01:00
Federico Builes 0a618d4025 Merge pull request #395 from actions/dependabot/npm_and_yarn/typescript-4.9.5
Bump typescript from 4.9.4 to 4.9.5
2023-02-06 06:31:45 +01:00
Federico Builes 71acb8773c Merge pull request #394 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.50.0
Bump @typescript-eslint/eslint-plugin from 5.48.2 to 5.50.0
2023-02-06 06:31:34 +01:00
dependabot[bot] 8ae3c6ccb4 Bump @types/node from 16.18.11 to 16.18.12
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.11 to 16.18.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:04:54 +00:00
dependabot[bot] 2ad07a3006 Bump typescript from 4.9.4 to 4.9.5
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.4...v4.9.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:03:23 +00:00
dependabot[bot] 5d0265a143 Bump @typescript-eslint/eslint-plugin from 5.48.2 to 5.50.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.48.2 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:02:45 +00:00
Federico Builes 9aeec9038b Merge pull request #388 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-4.1.1
Bump @octokit/plugin-retry from 4.0.4 to 4.1.1
2023-01-30 08:36:50 +01:00
Federico Builes 579f2338ab update dist 2023-01-30 08:34:58 +01:00
dependabot[bot] 2cf5e60887 Bump @octokit/plugin-retry from 4.0.4 to 4.1.1
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.0.4 to 4.1.1.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.0.4...v4.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 07:30:33 +00:00
Federico Builes 4e761fd545 Merge pull request #387 from actions/dependabot/npm_and_yarn/octokit-2.0.14
Bump octokit from 2.0.13 to 2.0.14
2023-01-30 08:29:58 +01:00
Federico Builes 51951998f5 really gotta make a script out of this 2023-01-30 08:29:48 +01:00
Federico Builes b87919684c Merge pull request #389 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.49.0
Bump @typescript-eslint/parser from 5.48.2 to 5.49.0
2023-01-30 08:28:46 +01:00
dependabot[bot] 5cc528819d Bump @typescript-eslint/parser from 5.48.2 to 5.49.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.2 to 5.49.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.49.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 05:59:00 +00:00
Federico Builes e8bb60680f Merge pull request #390 from actions/dependabot/npm_and_yarn/eslint-8.33.0
Bump eslint from 8.32.0 to 8.33.0
2023-01-30 06:58:27 +01:00
Federico Builes 916da45422 Merge pull request #391 from actions/dependabot/npm_and_yarn/vercel/ncc-0.36.1
Bump @vercel/ncc from 0.36.0 to 0.36.1
2023-01-30 06:58:12 +01:00
dependabot[bot] 00c58871a0 Bump @vercel/ncc from 0.36.0 to 0.36.1
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.36.0 to 0.36.1.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.36.0...0.36.1)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:49:32 +00:00
dependabot[bot] 5232f0766f Bump eslint from 8.32.0 to 8.33.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:49:16 +00:00
dependabot[bot] 649dad513a Bump octokit from 2.0.13 to 2.0.14
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.13 to 2.0.14.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.13...v2.0.14)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:47:40 +00:00
Federico Builes 1a5397226b Merge pull request #384 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.48.2
Bump @typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2
2023-01-23 06:20:32 +01:00
Federico Builes 83db3fd780 Merge pull request #383 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-4.0.4
Bump @octokit/plugin-retry from 4.0.3 to 4.0.4
2023-01-23 06:20:13 +01:00
Federico Builes 2bdc2cf95f Merge branch 'main' into dependabot/npm_and_yarn/octokit/plugin-retry-4.0.4 2023-01-23 06:19:03 +01:00
dependabot[bot] cebddc8ad2 Bump @typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.48.1 to 5.48.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 05:18:48 +00:00
Federico Builes caa6381bae add dist 2023-01-23 06:17:33 +01:00
Federico Builes 31520dc391 Merge pull request #382 from actions/dependabot/npm_and_yarn/octokit-2.0.13
Bump octokit from 2.0.11 to 2.0.13
2023-01-23 06:16:38 +01:00
Federico Builes 4f412af8fc adding dist 2023-01-23 06:16:21 +01:00
Federico Builes 5703934fec Merge pull request #381 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.2
Bump @typescript-eslint/parser from 5.48.1 to 5.48.2
2023-01-23 06:15:00 +01:00
dependabot[bot] e78e4ce152 Bump @octokit/plugin-retry from 4.0.3 to 4.0.4
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.0.3...v4.0.4)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:23:06 +00:00
dependabot[bot] a4da452f33 Bump octokit from 2.0.11 to 2.0.13
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.11 to 2.0.13.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.11...v2.0.13)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:22:40 +00:00
dependabot[bot] d92ca08767 Bump @typescript-eslint/parser from 5.48.1 to 5.48.2
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.1 to 5.48.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:22:13 +00:00
Federico Builes 0b30e242cd Merge pull request #379 from actions/dependabot/npm_and_yarn/eslint-8.32.0
Bump eslint from 8.31.0 to 8.32.0
2023-01-16 09:19:54 +01:00
Federico Builes f668822520 Merge pull request #378 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.1
Bump @typescript-eslint/parser from 5.48.0 to 5.48.1
2023-01-16 09:19:40 +01:00
Federico Builes 898008ba83 Merge pull request #377 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.48.1
Bump @typescript-eslint/eslint-plugin from 5.47.1 to 5.48.1
2023-01-16 09:19:28 +01:00
Federico Builes 4105edb24b Merge pull request #376 from actions/dependabot/npm_and_yarn/prettier-2.8.3
Bump prettier from 2.8.2 to 2.8.3
2023-01-16 09:19:12 +01:00
dependabot[bot] 2f20ab0305 Bump eslint from 8.31.0 to 8.32.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.31.0 to 8.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.31.0...v8.32.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:05:01 +00:00
dependabot[bot] fa94fed3e7 Bump @typescript-eslint/parser from 5.48.0 to 5.48.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.0 to 5.48.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:04:23 +00:00
dependabot[bot] 65e82f802d Bump @typescript-eslint/eslint-plugin from 5.47.1 to 5.48.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.47.1 to 5.48.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:03:33 +00:00
dependabot[bot] 06d9a244cc Bump prettier from 2.8.2 to 2.8.3
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.2...2.8.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:02:24 +00:00
Federico Builes c090f4e553 release for 3.0.3 2023-01-09 08:21:47 +01:00
Federico Builes 42ee3c8f53 Merge pull request #370 from felickz/fix-request-error-handling
Fix Dependency Review API response error handling
2023-01-09 08:18:23 +01:00
Federico Builes 6855e6ed4e Merge branch 'main' of gh into fix-request-error-handling 2023-01-09 08:16:48 +01:00
Federico Builes efd78809f9 Merge pull request #375 from actions/dependabot/npm_and_yarn/octokit-2.0.11
Bump octokit from 2.0.10 to 2.0.11
2023-01-09 08:02:36 +01:00
Federico Builes e91b527bcb add json5 too 2023-01-09 08:02:24 +01:00
Federico Builes f508195cbc Merge pull request #374 from actions/dependabot/npm_and_yarn/prettier-2.8.2
Bump prettier from 2.8.1 to 2.8.2
2023-01-09 08:00:58 +01:00
Federico Builes ef8bfcec89 linter suggestions 2023-01-09 07:59:55 +01:00
Federico Builes 31cb4e05f7 Merge branch 'main' into dependabot/npm_and_yarn/prettier-2.8.2 2023-01-09 07:57:09 +01:00
Federico Builes 7920884bc8 Merge pull request #373 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.2.1
Bump eslint-plugin-jest from 27.1.7 to 27.2.1
2023-01-09 07:56:01 +01:00
dependabot[bot] aae0422a7f Bump eslint-plugin-jest from 27.1.7 to 27.2.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.7 to 27.2.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.7...v27.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 06:55:47 +00:00
Federico Builes 46d2ba8805 Merge pull request #372 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.0
Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
2023-01-09 07:55:20 +01:00
Federico Builes 7c07c1da42 Merge pull request #371 from actions/dependabot/npm_and_yarn/eslint-8.31.0
Bump eslint from 8.30.0 to 8.31.0
2023-01-09 07:54:56 +01:00
dependabot[bot] 6e3a1cfe9e Bump octokit from 2.0.10 to 2.0.11
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.10 to 2.0.11.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.10...v2.0.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:43:52 +00:00
dependabot[bot] 3190101729 Bump prettier from 2.8.1 to 2.8.2
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.1...2.8.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:42:48 +00:00
dependabot[bot] 3576f26c76 Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.1 to 5.48.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:54 +00:00
dependabot[bot] 97fef8f979 Bump eslint from 8.30.0 to 8.31.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.30.0 to 8.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.30.0...v8.31.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:16 +00:00
Chad Bentz 60e20b95c9 npm run build && npm run package 2023-01-05 17:41:37 +00:00
Chad Bentz e6aba92fb0 Enhance failure message to include GHAS note 2023-01-05 17:26:46 +00:00
Chad Bentz 4b2cf01947 integration test to ensure RequestError catch 2023-01-05 17:22:27 +00:00
Chad Bentz 33b11b63b3 downgrade octokit/request-error to ^2.1.0
- supported by actions/core ^1.10.0
2023-01-04 20:55:58 +00:00
Federico Builes 90014ebf46 Merge pull request #368 from actions/dependabot/npm_and_yarn/yaml-2.2.1
Bump yaml from 2.1.3 to 2.2.1
2023-01-02 05:36:29 -05:00
Federico Builes c0fcb40fb5 dist 2023-01-02 11:35:30 +01:00
Federico Builes 6213daabf8 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.2.1 2023-01-02 11:34:56 +01:00
Federico Builes 6c62d64ea3 Merge pull request #366 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.47.1
Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
2023-01-02 05:32:26 -05:00
Federico Builes 6154af02da updating dist files 2023-01-02 11:23:18 +01:00
Federico Builes df40ce1edc fixing package.json conflict 2023-01-02 11:21:05 +01:00
dependabot[bot] a033837e12 Bump yaml from 2.1.3 to 2.2.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.3...v2.2.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 10:20:01 +00:00
Federico Builes d79457303f adding dist 2023-01-02 11:19:49 +01:00
Federico Builes b2f83f35c7 adding dist 2023-01-02 11:17:39 +01:00
Federico Builes 389b38eb1a Merge pull request #367 from actions/dependabot/npm_and_yarn/zod-3.20.2
Bump zod from 3.19.1 to 3.20.2
2023-01-02 05:17:04 -05:00
Federico Builes e3926a59f5 adding dist 2023-01-02 11:16:52 +01:00
Federico Builes 54656aadd8 Merge pull request #365 from actions/dependabot/npm_and_yarn/esbuild-register-3.4.2
Bump esbuild-register from 3.4.1 to 3.4.2
2023-01-02 05:13:23 -05:00
Federico Builes f02b9fb886 Merge pull request #364 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.1
Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
2023-01-02 05:12:50 -05:00
dependabot[bot] 6587f9feee Bump zod from 3.19.1 to 3.20.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.19.1 to 3.20.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.19.1...v3.20.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:52 +00:00
dependabot[bot] cab2d5f36f Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.45.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:14 +00:00
dependabot[bot] ef411f3a4c Bump esbuild-register from 3.4.1 to 3.4.2
Bumps esbuild-register from 3.4.1 to 3.4.2.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:17:15 +00:00
dependabot[bot] 589f46e5a2 Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:16:48 +00:00
Federico Builes a482eabd84 Merge pull request #362 from actions/dependabot/npm_and_yarn/types/node-16.18.11
Bump @types/node from 16.18.8 to 16.18.11
2022-12-27 09:42:24 -05:00
Federico Builes c63a70f2bb Merge pull request #358 from actions/dependabot/npm_and_yarn/typescript-4.9.4
Bump typescript from 4.9.3 to 4.9.4
2022-12-27 09:41:58 -05:00
Federico Builes ea081cab93 Merge pull request #357 from actions/dependabot/npm_and_yarn/eslint-8.30.0
Bump eslint from 8.29.0 to 8.30.0
2022-12-27 09:41:47 -05:00
dependabot[bot] 78231376d4 Bump typescript from 4.9.3 to 4.9.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.3...v4.9.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:46 +00:00
Federico Builes ea38797bf9 Merge pull request #359 from jongwooo/chore/use-cache-in-check-dist
Use cache in check-dist.yml
2022-12-27 09:40:44 -05:00
dependabot[bot] 383b34b013 Bump eslint from 8.29.0 to 8.30.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.29.0 to 8.30.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.29.0...v8.30.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:20 +00:00
Federico Builes 234f1c3e6b Merge pull request #355 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.7
Bump eslint-plugin-jest from 27.1.6 to 27.1.7
2022-12-27 09:39:34 -05:00
dependabot[bot] 1aca439347 Bump @types/node from 16.18.8 to 16.18.11
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.8 to 16.18.11.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:37:29 +00:00
Federico Builes f5231a7139 Merge pull request #361 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.0
Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
2022-12-27 09:36:32 -05:00
dependabot[bot] 872c5e3689 Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.46.0 to 5.47.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-26 01:43:00 +00:00
Jongwoo Han 86e4c38e88 Use cache in check-dist.yml
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2022-12-20 03:17:46 +09:00
dependabot[bot] 70a13ae7e3 Bump eslint-plugin-jest from 27.1.6 to 27.1.7
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.6 to 27.1.7.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.6...v27.1.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 01:42:28 +00:00
cnagadya 0ff3da6f81 3.0.2 patch release 2022-12-16 13:45:58 +00:00
cnagadya 6d88398316 Merge pull request #350 from actions/dependabot/npm_and_yarn/types/node-16.18.8
Bump @types/node from 16.18.4 to 16.18.8
2022-12-16 14:09:01 +01:00
cnagadya 29022577bf Merge pull request #352 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.6.0
Bump eslint-plugin-github from 4.4.1 to 4.6.0
2022-12-12 11:35:37 +01:00
dependabot[bot] a4bf690c47 Bump eslint-plugin-github from 4.4.1 to 4.6.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.4.1 to 4.6.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.4.1...v4.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 09:22:23 +00:00
cnagadya 3f67248108 Merge pull request #351 from actions/dependabot/npm_and_yarn/vercel/ncc-0.36.0
Bump @vercel/ncc from 0.34.0 to 0.36.0
2022-12-12 10:19:33 +01:00
cnagadya e82e9497cb Fix dist 2022-12-12 09:14:19 +00:00
dependabot[bot] 945cb4d00a Bump @types/node from 16.18.4 to 16.18.8
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.4 to 16.18.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:38 +00:00
dependabot[bot] 459b39211c Bump @vercel/ncc from 0.34.0 to 0.36.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.34.0 to 0.36.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.34.0...0.36.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:37 +00:00
cnagadya c109d3f46d Merge pull request #349 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.46.0
Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
2022-12-12 09:34:54 +01:00
cnagadya 706aa54d76 Merge pull request #353 from actions/dependabot/npm_and_yarn/prettier-2.8.1
Bump prettier from 2.8.0 to 2.8.1
2022-12-12 09:34:29 +01:00
dependabot[bot] 12cfe866a8 Bump prettier from 2.8.0 to 2.8.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:24:53 +00:00
dependabot[bot] 0caa632377 Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.45.0 to 5.46.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.46.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:23:08 +00:00
Eli Reisman df02ee7d42 Merge pull request #348 from jsoref/spelling
Spelling
2022-12-09 13:23:18 -08:00
Josh Soref 38e9237630 Update dist/ 2022-12-08 20:03:56 -05:00
Josh Soref 03c7962be5 spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref cff3674e25 spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref a184554be2 spelling: minimum
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref 660812709b spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
cnagadya d8b4cd80d5 Merge pull request #345 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.45.0
Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
2022-12-05 11:01:36 +01:00
dependabot[bot] 8e5d487bb8 Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:58:32 +00:00
cnagadya 3e6e055a26 Merge pull request #344 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.45.0
Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
2022-12-05 10:57:43 +01:00
dependabot[bot] 1f8d096c90 Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:56:10 +00:00
cnagadya 0247f51a25 Merge pull request #346 from actions/dependabot/npm_and_yarn/types/node-16.18.4
Bump @types/node from 16.18.3 to 16.18.4
2022-12-05 10:55:16 +01:00
cnagadya f599dc7887 Merge pull request #347 from actions/dependabot/npm_and_yarn/eslint-8.29.0
Bump eslint from 8.28.0 to 8.29.0
2022-12-05 10:54:24 +01:00
dependabot[bot] 6919a4885f Bump eslint from 8.28.0 to 8.29.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.28.0 to 8.29.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.28.0...v8.29.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:27 +00:00
dependabot[bot] 8f97494d2e Bump @types/node from 16.18.3 to 16.18.4
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.3 to 16.18.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:05 +00:00
Federico Builes 08ec176670 Merge pull request #341 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.6
Bump eslint-plugin-jest from 27.1.5 to 27.1.6
2022-11-28 17:40:48 +01:00
dependabot[bot] 40a9da4614 Bump eslint-plugin-jest from 27.1.5 to 27.1.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.5 to 27.1.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.5...v27.1.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 01:45:07 +00:00
Federico Builes 9ad1f84ed2 Dependabot Updates should only happen once a week. 2022-11-24 10:57:01 +01:00
Federico Builes 464e6ac735 Merge pull request #337 from actions/dependabot/npm_and_yarn/prettier-2.8.0
Bump prettier from 2.7.1 to 2.8.0
2022-11-24 06:57:46 +01:00
dependabot[bot] 141e2dae22 Bump prettier from 2.7.1 to 2.8.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.1...2.8.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-24 01:05:35 +00:00
Federico Builes 37bb7a46dd Merge pull request #336 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.44.0
Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
2022-11-23 08:13:04 +01:00
dependabot[bot] 5abb42a215 Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 07:08:38 +00:00
Federico Builes 5aafbe4a32 Merge pull request #335 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.44.0
Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
2022-11-23 08:07:40 +01:00
dependabot[bot] d623612924 Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 01:36:15 +00:00
Federico Builes 08fe899167 Merge pull request #334 from actions/dependabot/npm_and_yarn/eslint-8.28.0
Bump eslint from 8.27.0 to 8.28.0
2022-11-21 07:16:29 +01:00
dependabot[bot] 067e030d27 Bump eslint from 8.27.0 to 8.28.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.27.0 to 8.28.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.27.0...v8.28.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-21 01:51:38 +00:00
Federico Builes 6b47d2662b Merge pull request #333 from actions/dependabot/npm_and_yarn/got-12.5.3
Bump got from 12.5.2 to 12.5.3
2022-11-17 07:17:03 +01:00
dependabot[bot] 290634fe98 Bump got from 12.5.2 to 12.5.3
Bumps [got](https://github.com/sindresorhus/got) from 12.5.2 to 12.5.3.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.2...v12.5.3)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 01:14:38 +00:00
Federico Builes 352f50a80e Update contribution instructions with v3 for easier copy/pasting. 2022-11-16 11:36:08 +01:00
Federico Builes 11310527b4 bumping version 2022-11-16 11:31:19 +01:00
Federico Builes ea0f46928b Merge pull request #330 from actions/errors-for-external-configs
Improve error messages for external config files
2022-11-16 11:26:15 +01:00
27 changed files with 23845 additions and 4950 deletions
+2 -2
View File
@@ -3,12 +3,12 @@ updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
interval: weekly
- package-ecosystem: npm
directory: /
schedule:
interval: daily
interval: weekly
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+1
View File
@@ -27,6 +27,7 @@ jobs:
uses: actions/setup-node@v3
with:
node-version: 18.x
cache: npm
- name: Install dependencies
run: npm ci
+2
View File
@@ -100,3 +100,5 @@ Thumbs.db
# Ignore built ts files
__tests__/runner/*
lib/**/*
tmp
+2 -2
View File
@@ -112,8 +112,8 @@ minor/patch updates.
To do this just checkout `main`, force-create a new annotated tag, and push it:
```
git tag -fa v2 -m "Updating v2 to 2.3.4"
git push origin v2 --force
git tag -fa v3 -m "Updating v3 to 3.0.1"
git push origin v3 --force
```
## Resources
+18 -18
View File
@@ -66,25 +66,25 @@ jobs:
Configure this action by either inlining these options in your workflow file, or by using an external configuration file. All configuration options are optional.
| Option | Usage | Possible values | Default value |
|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|---------------|
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
| `allow-licenses`* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `deny-licenses`* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. |`runtime`, `development`, `unknown` | `runtime` |
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| Option | Usage | Possible values | Default value |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | ------------- |
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
| `allow-licenses`* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `deny-licenses`* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `fail-on-scopes` | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` |
*not supported for use with GitHub Enterprise Server
†will be supported with GitHub Enterprise Server 3.8
†will be supported with GitHub Enterprise Server 3.8
### Inline Configuration
You can pass options to the Dependency Review GitHub Action using your workflow file.
You can pass options to the Dependency Review GitHub Action using your workflow file.
#### Example
@@ -112,10 +112,10 @@ jobs:
You can use an external configuration file to specify the settings for this action. It can be a local file or a file in an external repository. Refer to the following options for the specification.
| Option | Usage | Possible values |
|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
| Option | Usage | Possible values |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
#### Example
@@ -128,7 +128,7 @@ Start by specifying that you will be using an external configuration file:
config-file: './.github/dependency-review-config.yml'
```
And then create the file in the path you just specified:
And then create the file in the path you just specified:
```yaml
fail-on-severity: 'critical'
+7 -5
View File
@@ -5,13 +5,13 @@ import * as Utils from '../src/utils'
// GitHub Action inputs come in the form of environment variables
// with an INPUT prefix (e.g. INPUT_FAIL-ON-SEVERITY)
function setInput(input: string, value: string) {
function setInput(input: string, value: string): void {
process.env[`INPUT_${input.toUpperCase()}`] = value
}
// We want a clean ENV before each test. We use `delete`
// since we want `undefined` values and not empty strings.
function clearInputs() {
function clearInputs(): void {
const allowedOptions = [
'FAIL-ON-SEVERITY',
'FAIL-ON-SCOPES',
@@ -22,9 +22,11 @@ function clearInputs() {
'VULNERABILITY-CHECK',
'CONFIG-FILE',
'BASE-REF',
'HEAD-REF'
'HEAD-REF',
'COMMENT-SUMMARY-IN-PR'
]
// eslint-disable-next-line github/array-foreach
allowedOptions.forEach(option => {
delete process.env[`INPUT_${option.toUpperCase()}`]
})
@@ -111,7 +113,7 @@ test('it reads an external config file', async () => {
expect(config.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('raises an error when the the config file was not found', async () => {
test('raises an error when the config file was not found', async () => {
setInput('config-file', 'fixtures/i-dont-exist')
await expect(readConfig()).rejects.toThrow(/Unable to fetch/)
})
@@ -237,7 +239,7 @@ test('it supports comma-separated lists', async () => {
'config-file',
'./__tests__/fixtures/inline-license-config-sample.yml'
)
let config = await readConfig()
const config = await readConfig()
expect(config.allow_licenses).toEqual(['MIT', 'GPL-2.0-only'])
})
+29
View File
@@ -0,0 +1,29 @@
import {RequestError} from '@octokit/request-error'
import * as dependencyGraph from '../src/dependency-graph'
import * as core from '@actions/core'
// mock call to core.getInput('repo-token'.. to avoid environment setup - Input required and not supplied: repo-token
jest.mock('@actions/core', () => ({
getInput: (input: string) => {
if (input === 'repo-token') {
return 'gh_testtoken'
}
}
}))
test('it properly catches RequestError type', async () => {
const token = core.getInput('repo-token', {required: true})
expect(token).toBe('gh_testtoken')
//Integration test to make an API request using current dependencies and ensure response can parse into RequestError
try {
await dependencyGraph.compare({
owner: 'actions',
repo: 'dependency-review-action',
baseRef: 'refs/heads/master',
headRef: 'refs/heads/master'
})
} catch (error) {
expect(error).toBeInstanceOf(RequestError)
}
})
+5 -5
View File
@@ -1,12 +1,12 @@
import {expect, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
import {Change} from '../src/schemas'
import {
filterChangesBySeverity,
filterChangesByScopes,
filterAllowedAdvisories
} from '../src/filter'
let npmChange: Change = {
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
@@ -26,7 +26,7 @@ let npmChange: Change = {
]
}
let rubyChange: Change = {
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
@@ -52,7 +52,7 @@ let rubyChange: Change = {
]
}
let noVulnNpmChange: Change = {
const noVulnNpmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
@@ -92,7 +92,7 @@ test('it properly filters changes by scope', async () => {
test('it properly handles undefined advisory IDs', async () => {
const changes = [npmChange, rubyChange, noVulnNpmChange]
let result = filterAllowedAdvisories(undefined, changes)
const result = filterAllowedAdvisories(undefined, changes)
expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
})
+36
View File
@@ -0,0 +1,36 @@
import {Change} from '../../src/schemas'
import {createTestVulnerability} from './create-test-vulnerability'
const defaultChange: Change = {
change_type: 'added',
manifest: 'package.json',
ecosystem: 'npm',
name: 'lodash',
version: '4.17.20',
package_url: 'pkg:npm/lodash@4.17.20',
license: 'MIT',
source_repository_url: 'https://github.com/lodash/lodash',
scope: 'runtime',
vulnerabilities: [
createTestVulnerability({
severity: 'high',
advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
advisory_summary: 'Command Injection in lodash',
advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
}),
createTestVulnerability({
severity: 'moderate',
advisory_ghsa_id: 'GHSA-29mw-wpgm-hmr9',
advisory_summary:
'Regular Expression Denial of Service (ReDoS) in lodash',
advisory_url: 'https://github.com/advisories/GHSA-29mw-wpgm-hmr9'
})
]
}
const createTestChange = (overwrites: Partial<Change> = {}): Change => ({
...defaultChange,
...overwrites
})
export {createTestChange}
@@ -0,0 +1,19 @@
import {Change} from '../../src/schemas'
type Vulnerability = Change['vulnerabilities'][0]
const defaultTestVulnerability: Vulnerability = {
severity: 'high',
advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
advisory_summary: 'Command Injection in lodash',
advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
}
const createTestVulnerability = (
overwrites: Partial<Vulnerability> = {}
): Vulnerability => ({
...defaultTestVulnerability,
...overwrites
})
export {createTestVulnerability}
+5 -2
View File
@@ -3,7 +3,7 @@ import {Change, Changes} from '../src/schemas'
let getInvalidLicenseChanges: Function
let npmChange: Change = {
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
@@ -23,7 +23,7 @@ let npmChange: Change = {
]
}
let rubyChange: Change = {
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
@@ -63,6 +63,7 @@ const mockOctokit = {
jest.mock('octokit', () => {
return {
// eslint-disable-next-line @typescript-eslint/no-extraneous-class
Octokit: class {
constructor() {
return mockOctokit
@@ -78,6 +79,7 @@ beforeEach(async () => {
// true for BSD, false for all others
return jest.fn((license: string, _: string): boolean => license === 'BSD')
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getInvalidLicenseChanges} = require('../src/licenses'))
})
@@ -140,6 +142,7 @@ test('it adds all licenses to unresolved if it is unable to determine the validi
throw new Error('Some Error')
})
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getInvalidLicenseChanges} = require('../src/licenses'))
const changes: Changes = [npmChange, rubyChange]
const invalidLicenses = await getInvalidLicenseChanges(changes, {
+305
View File
@@ -0,0 +1,305 @@
import {expect, jest, test} from '@jest/globals'
import {Changes, ConfigurationOptions} from '../src/schemas'
import * as summary from '../src/summary'
import * as core from '@actions/core'
import {createTestChange} from './fixtures/create-test-change'
import {createTestVulnerability} from './fixtures/create-test-vulnerability'
afterEach(() => {
jest.clearAllMocks()
core.summary.emptyBuffer()
})
const emptyChanges: Changes = []
const emptyInvalidLicenseChanges = {
forbidden: [],
unresolved: [],
unlicensed: []
}
const defaultConfig: ConfigurationOptions = {
vulnerability_check: true,
license_check: true,
fail_on_severity: 'high',
fail_on_scopes: ['runtime'],
allow_ghsas: [],
allow_licenses: [],
deny_licenses: [],
comment_summary_in_pr: true
}
test('prints headline as h1', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('<h1>Dependency Review</h1>')
})
test('only includes "No vulnerabilities or license issues found"-message if both are configured and nothing was found', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('✅ No vulnerabilities or license issues found.')
})
test('only includes "No vulnerabilities found"-message if "license_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, license_check: false}
summary.addSummaryToSummary(emptyChanges, emptyInvalidLicenseChanges, config)
const text = core.summary.stringify()
expect(text).toContain('✅ No vulnerabilities found.')
})
test('only includes "No license issues found"-message if "vulnerability_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, vulnerability_check: false}
summary.addSummaryToSummary(emptyChanges, emptyInvalidLicenseChanges, config)
const text = core.summary.stringify()
expect(text).toContain('✅ No license issues found.')
})
test('does not include status section if nothing was found', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).not.toContain('The following issues were found:')
})
test('includes count and status icons for all findings', () => {
const vulnerabilities = [
createTestChange({name: 'lodash'}),
createTestChange({name: 'underscore', package_url: 'test-url'})
]
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [createTestChange(), createTestChange()],
unlicensed: [createTestChange(), createTestChange(), createTestChange()]
}
summary.addSummaryToSummary(vulnerabilities, licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('❌ 2 vulnerable package(s)')
expect(text).toContain(
'❌ 2 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('❌ 1 package(s) with incompatible licenses')
expect(text).toContain('⚠️ 3 package(s) with unknown licenses')
})
test('uses checkmarks for license issues if only vulnerabilities were found', () => {
const vulnerabilities = [createTestChange()]
summary.addSummaryToSummary(
vulnerabilities,
emptyInvalidLicenseChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('❌ 1 vulnerable package(s)')
expect(text).toContain(
'✅ 0 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('✅ 0 package(s) with incompatible licenses')
expect(text).toContain('✅ 0 package(s) with unknown licenses')
})
test('uses checkmarks for vulnerabilities if only license issues were found', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
summary.addSummaryToSummary(emptyChanges, licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('✅ 0 vulnerable package(s)')
expect(text).toContain(
'✅ 0 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('❌ 1 package(s) with incompatible licenses')
expect(text).toContain('✅ 0 package(s) with unknown licenses')
})
test('addChangeVulnerabilitiesToSummary() - only includes section if any vulnerabilites found', () => {
summary.addChangeVulnerabilitiesToSummary(emptyChanges, 'low')
const text = core.summary.stringify()
expect(text).toEqual('')
})
test('addChangeVulnerabilitiesToSummary() - includes all vulnerabilities', () => {
const changes = [
createTestChange({name: 'lodash'}),
createTestChange({name: 'underscore', package_url: 'test-url'})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).toContain('<h2>Vulnerabilities</h2>')
expect(text).toContain('lodash')
expect(text).toContain('underscore')
})
test('addChangeVulnerabilitiesToSummary() - includes advisory url if available', () => {
const changes = [
createTestChange({
name: 'underscore',
vulnerabilities: [
createTestVulnerability({
advisory_summary: 'test-summary',
advisory_url: 'test-url'
})
]
})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).toContain('lodash')
expect(text).toContain('<a href="test-url">test-summary</a>')
})
test('addChangeVulnerabilitiesToSummary() - groups vulnerabilities of a single package', () => {
const changes = [
createTestChange({
name: 'package-with-multiple-vulnerabilities',
vulnerabilities: [
createTestVulnerability({advisory_summary: 'test-summary-1'}),
createTestVulnerability({advisory_summary: 'test-summary-2'})
]
})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text.match('package-with-multiple-vulnerabilities')).toHaveLength(1)
expect(text).toContain('test-summary-1')
expect(text).toContain('test-summary-2')
})
test('addChangeVulnerabilitiesToSummary() - prints severity statement if above low', () => {
const changes = [createTestChange()]
summary.addChangeVulnerabilitiesToSummary(changes, 'medium')
const text = core.summary.stringify()
expect(text).toContain(
'Only included vulnerabilities with severity <strong>medium</strong> or higher.'
)
})
test('addChangeVulnerabilitiesToSummary() - does not print severity statment if it is set to "low"', () => {
const changes = [createTestChange()]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).not.toContain('Only included vulnerabilities')
})
test('addLicensesToSummary() - does not include entire section if no license issues found', () => {
summary.addLicensesToSummary(emptyInvalidLicenseChanges, defaultConfig)
const text = core.summary.stringify()
expect(text).toEqual('')
})
test('addLicensesToSummary() - includes all license issues in table', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [createTestChange(), createTestChange()],
unlicensed: [createTestChange(), createTestChange(), createTestChange()]
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('<h2>License Issues</h2>')
expect(text).toContain('<td>Incompatible License</td>')
expect(text).toContain('<td>Invalid SPDX License</td>')
expect(text).toContain('<td>Unknown License</td>')
})
test('addLicenseToSummary() - adds one table per manifest', () => {
const licenseIssues = {
forbidden: [
createTestChange({manifest: 'package.json'}),
createTestChange({manifest: '.github/workflows/test.yml'})
],
unresolved: [],
unlicensed: []
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('<h4><em>package.json</em></h4>')
expect(text).toContain('<h4><em>.github/workflows/test.yml</em></h4>')
})
test('addLicensesToSummary() - does not include specific license type sub-section if nothing is found', () => {
const licenseIssues = {
forbidden: [],
unlicensed: [],
unresolved: [createTestChange()]
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).not.toContain('<td>Incompatible License</td>')
expect(text).not.toContain('<td>Unknown License</td>')
expect(text).toContain('<td>Invalid SPDX License</td>')
})
test('addLicensesToSummary() - includes list of configured allowed licenses', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
const config: ConfigurationOptions = {
...defaultConfig,
allow_licenses: ['MIT', 'Apache-2.0']
}
summary.addLicensesToSummary(licenseIssues, config)
const text = core.summary.stringify()
expect(text).toContain('<strong>Allowed Licenses</strong>: MIT, Apache-2.0')
})
test('addLicensesToSummary() - includes configured denied license', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
const config: ConfigurationOptions = {
...defaultConfig,
deny_licenses: ['MIT']
}
summary.addLicensesToSummary(licenseIssues, config)
const text = core.summary.stringify()
expect(text).toContain('<strong>Denied Licenses</strong>: MIT')
})
+4 -1
View File
@@ -30,7 +30,7 @@ inputs:
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
allow-ghsas:
description: Comma-separated list of allowed Github Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
description: Comma-separated list of allowed GitHub Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
required: false
external-repo-token:
description: A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
@@ -41,6 +41,9 @@ inputs:
vulnerability-check:
description: A boolean to determine if vulnerability checks should be performed
required: false
comment-summary-in-pr:
description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
required: false
runs:
using: 'node16'
main: 'dist/index.js'
Generated Vendored
+21472 -3936
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+3 -234
View File
@@ -1175,240 +1175,9 @@ FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TOR
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.includes
lodash
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isboolean
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isinteger
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isnumber
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isplainobject
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isstring
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.once
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
@@ -1531,7 +1300,7 @@ octokit
MIT
The MIT License
Copyright (c) 2018 Octokit contributors
Copyright (c) 2023 Octokit contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
+1548 -640
View File
File diff suppressed because it is too large Load Diff
+22 -20
View File
@@ -1,11 +1,11 @@
{
"name": "dependency-review-action",
"version": "3.0.0",
"version": "3.0.3",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
"scripts": {
"build": "tsc",
"build": "tsc -p tsconfig.build.json",
"format": "prettier --write '**/*.ts'",
"format-check": "prettier --check '**/*.ts'",
"lint": "eslint src/**/*.ts",
@@ -27,34 +27,36 @@
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^5.1.1",
"@octokit/plugin-retry": "^4.0.3",
"@octokit/request-error": "^3.0.2",
"@octokit/plugin-retry": "^4.1.1",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.2.1",
"got": "^12.5.2",
"nodemon": "^2.0.20",
"octokit": "^2.0.10",
"got": "^12.6.0",
"nodemon": "^2.0.21",
"octokit": "^2.0.14",
"spdx-expression-parse": "^3.0.1",
"spdx-satisfies": "^5.0.1",
"yaml": "^2.1.3",
"zod": "^3.19.1"
"yaml": "^2.2.1",
"zod": "^3.21.0"
},
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.3",
"@typescript-eslint/eslint-plugin": "^5.43.0",
"@typescript-eslint/parser": "^5.43.0",
"@types/node": "^16.18.14",
"@typescript-eslint/eslint-plugin": "^5.48.1",
"@typescript-eslint/parser": "^5.48.0",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.4.1",
"eslint": "^8.27.0",
"eslint-plugin-github": "^4.4.1",
"eslint-plugin-jest": "^27.1.5",
"@typescript-eslint/eslint-plugin": "^5.54.0",
"@typescript-eslint/parser": "^5.53.0",
"@vercel/ncc": "^0.36.1",
"esbuild-register": "^3.4.2",
"eslint": "^8.35.0",
"eslint-plugin-github": "^4.6.1",
"eslint-plugin-jest": "^27.2.1",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"nodemon": "^2.0.21",
"prettier": "2.8.4",
"ts-jest": "^27.1.4",
"typescript": "^4.9.3"
"typescript": "^4.9.5"
}
}
+114
View File
@@ -0,0 +1,114 @@
/**
* This scripts creates example markdown files for the summary in the ./tmp folder.
* You can use it to preview changes to the summary.
*
* You can execute it like this:
* npx ts-node scripts/create_summary.ts
*/
import {Changes, ConfigurationOptions} from '../src/schemas'
import {createTestChange} from '../__tests__/fixtures/create-test-change'
import {InvalidLicenseChanges} from '../src/licenses'
import * as fs from 'fs'
import * as core from '@actions/core'
import * as summary from '../src/summary'
import * as path from 'path'
const defaultConfig: ConfigurationOptions = {
vulnerability_check: true,
license_check: true,
fail_on_severity: 'high',
fail_on_scopes: ['runtime'],
allow_ghsas: [],
allow_licenses: ['MIT'],
deny_licenses: [],
comment_summary_in_pr: true
}
const tmpDir = path.resolve(__dirname, '../tmp')
const createExampleSummaries = async (): Promise<void> => {
await fs.promises.mkdir(tmpDir, {recursive: true})
await createNonIssueSummary()
await createFullSummary()
}
const createNonIssueSummary = async (): Promise<void> => {
await createSummary(
[],
{forbidden: [], unresolved: [], unlicensed: []},
defaultConfig,
'non-issue-summary.md'
)
}
const createFullSummary = async (): Promise<void> => {
const changes = [createTestChange()]
const licenses: InvalidLicenseChanges = {
forbidden: [
createTestChange({
name: 'underscore',
version: '1.12.0',
license: 'Apache 2.0'
})
],
unresolved: [
createTestChange({
name: 'octoinvader',
license: 'Non SPDX License'
}),
createTestChange({
name: 'owner/action-1',
license: 'XYZ-License',
version: 'v1.2.2',
manifest: '.github/workflows/action.yml'
})
],
unlicensed: [
createTestChange({
name: 'my-other-dependency',
license: null
}),
createTestChange({
name: 'owner/action-2',
version: 'main',
license: null,
manifest: '.github/workflows/action.yml'
})
]
}
await createSummary(changes, licenses, defaultConfig, 'full-summary.md')
}
async function createSummary(
vulnerabilities: Changes,
licenseIssues: InvalidLicenseChanges,
config: ConfigurationOptions,
fileName: string
): Promise<void> {
summary.addSummaryToSummary(vulnerabilities, licenseIssues, config)
summary.addChangeVulnerabilitiesToSummary(
vulnerabilities,
config.fail_on_severity
)
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const allChanges = [
...vulnerabilities,
...licenseIssues.forbidden,
...licenseIssues.unresolved,
...licenseIssues.unlicensed
]
summary.addScannedDependencies(allChanges)
const text = core.summary.stringify()
await fs.promises.writeFile(path.resolve(tmpDir, fileName), text, {
flag: 'w'
})
core.summary.emptyBuffer()
}
createExampleSummaries()
+84
View File
@@ -0,0 +1,84 @@
import * as github from '@actions/github'
import * as core from '@actions/core'
import * as githubUtils from '@actions/github/lib/utils'
import * as retry from '@octokit/plugin-retry'
import {RequestError} from '@octokit/request-error'
const retryingOctokit = githubUtils.GitHub.plugin(retry.retry)
const octo = new retryingOctokit(
githubUtils.getOctokitOptions(core.getInput('repo-token', {required: true}))
)
// Comment Marker to identify an existing comment to update, so we don't spam the PR with comments
const COMMENT_MARKER = '<!-- dependency-review-pr-comment-marker -->'
export async function commentPr(summary: typeof core.summary): Promise<void> {
if (!github.context.payload.pull_request) {
core.warning(
'Not in the context of a pull request. Skipping comment creation.'
)
return
}
const commentBody = `${summary.stringify()}\n\n${COMMENT_MARKER}`
try {
const existingCommentId = await findCommentByMarker(COMMENT_MARKER)
if (existingCommentId) {
await octo.rest.issues.updateComment({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
comment_id: existingCommentId,
body: commentBody
})
} else {
await octo.rest.issues.createComment({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
issue_number: github.context.payload.pull_request.number,
body: commentBody
})
}
} catch (error) {
if (error instanceof RequestError && error.status === 403) {
core.warning(
`Unable to write summary to pull-request. Make sure you are giving this workflow the permission 'pull-requests: write'.`
)
} else {
if (error instanceof Error) {
core.warning(
`Unable to comment summary to pull-request, received error: ${error.message}`
)
} else {
core.warning(
'Unable to comment summary to pull-request: Unexpected fatal error'
)
}
}
}
}
async function findCommentByMarker(
commentBodyIncludes: string
): Promise<number | undefined> {
const commentsIterator = octo.paginate.iterator(
octo.rest.issues.listComments,
{
owner: github.context.repo.owner,
repo: github.context.repo.repo,
// We are already checking if we are in the context of a pull request in the caller
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
issue_number: github.context.payload.pull_request!.number
}
)
for await (const {data: comments} of commentsIterator) {
const existingComment = comments.find(comment =>
comment.body?.includes(commentBodyIncludes)
)
if (existingComment) return existingComment.id
}
return undefined
}
+3 -1
View File
@@ -34,6 +34,7 @@ function readInlineConfig(): ConfigurationOptionsPartial {
const vulnerability_check = getOptionalBoolean('vulnerability-check')
const base_ref = getOptionalInput('base-ref')
const head_ref = getOptionalInput('head-ref')
const comment_summary_in_pr = getOptionalBoolean('comment-summary-in-pr')
validateLicenses('allow-licenses', allow_licenses)
validateLicenses('deny-licenses', deny_licenses)
@@ -47,7 +48,8 @@ function readInlineConfig(): ConfigurationOptionsPartial {
license_check,
vulnerability_check,
base_ref,
head_ref
head_ref,
comment_summary_in_pr
}
return Object.fromEntries(
+7 -2
View File
@@ -14,19 +14,24 @@ import {isSPDXValid, octokitClient} from './utils'
* @param { { allow?: string[], deny?: string[]}} licenses An object with `allow`/`deny` keys, each containing a list of licenses.
* @returns {Promise<{Object.<string, Array.<Change>>}} A promise to a Record Object. The keys are strings, unlicensed, unresolved and forbidden. The values are a list of changes
*/
export type InvalidLicenseChangeTypes =
| 'unlicensed'
| 'unresolved'
| 'forbidden'
export type InvalidLicenseChanges = Record<InvalidLicenseChangeTypes, Changes>
export async function getInvalidLicenseChanges(
changes: Change[],
licenses: {
allow?: string[]
deny?: string[]
}
): Promise<Record<string, Changes>> {
): Promise<InvalidLicenseChanges> {
const {allow, deny} = licenses
const groupedChanges = await groupChanges(changes)
const licensedChanges: Changes = groupedChanges.licensed
const invalidLicenseChanges: Record<string, Changes> = {
const invalidLicenseChanges: InvalidLicenseChanges = {
unlicensed: groupedChanges.unlicensed,
unresolved: [],
forbidden: []
+16 -6
View File
@@ -15,6 +15,7 @@ import * as summary from './summary'
import {getRefs} from './git-refs'
import {groupDependenciesByManifest} from './utils'
import {commentPr} from './comment-pr'
async function run(): Promise<void> {
try {
@@ -28,6 +29,11 @@ async function run(): Promise<void> {
headRef: refs.head
})
if (!changes) {
core.info('No Dependency Changes found. Skipping Dependency Review.')
return
}
const minSeverity = config.fail_on_severity
const scopedChanges = filterChangesByScopes(config.fail_on_scopes, changes)
const filteredChanges = filterAllowedAdvisories(
@@ -35,7 +41,7 @@ async function run(): Promise<void> {
scopedChanges
)
const addedChanges = filterChangesBySeverity(
const vulnerableChanges = filterChangesBySeverity(
minSeverity,
filteredChanges
).filter(
@@ -54,13 +60,14 @@ async function run(): Promise<void> {
)
summary.addSummaryToSummary(
config.vulnerability_check ? addedChanges : null,
config.license_check ? invalidLicenseChanges : null
vulnerableChanges,
invalidLicenseChanges,
config
)
if (config.vulnerability_check) {
summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity)
printVulnerabilitiesBlock(addedChanges, minSeverity)
summary.addChangeVulnerabilitiesToSummary(vulnerableChanges, minSeverity)
printVulnerabilitiesBlock(vulnerableChanges, minSeverity)
}
if (config.license_check) {
summary.addLicensesToSummary(invalidLicenseChanges, config)
@@ -69,6 +76,9 @@ async function run(): Promise<void> {
summary.addScannedDependencies(changes)
printScannedDependencies(changes)
if (config.comment_summary_in_pr) {
await commentPr(core.summary)
}
} catch (error) {
if (error instanceof RequestError && error.status === 404) {
core.setFailed(
@@ -76,7 +86,7 @@ async function run(): Promise<void> {
)
} else if (error instanceof RequestError && error.status === 403) {
core.setFailed(
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled along with GitHub Advanced Security on private repositories, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
)
} else {
if (error instanceof Error) {
+3 -2
View File
@@ -45,7 +45,8 @@ export const ConfigurationOptionsSchema = z
vulnerability_check: z.boolean().default(true),
config_file: z.string().optional(),
base_ref: z.string().optional(),
head_ref: z.string().optional()
head_ref: z.string().optional(),
comment_summary_in_pr: z.boolean().default(false)
})
.superRefine((config, context) => {
if (config.allow_licenses && config.deny_licenses) {
@@ -77,4 +78,4 @@ export type Change = z.infer<typeof ChangeSchema>
export type Changes = z.infer<typeof ChangesSchema>
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
export type Severity = z.infer<typeof SeveritySchema>
export type Scope = typeof SCOPES[number]
export type Scope = (typeof SCOPES)[number]
+128 -71
View File
@@ -1,50 +1,82 @@
import * as core from '@actions/core'
import {ConfigurationOptions, Changes} from './schemas'
import {SummaryTableRow} from '@actions/core/lib/summary'
import {InvalidLicenseChanges, InvalidLicenseChangeTypes} from './licenses'
import {groupDependenciesByManifest, getManifestsSet, renderUrl} from './utils'
export function addSummaryToSummary(
addedPackages: Changes | null,
invalidLicenseChanges: Record<string, Changes> | null
): void {
core.summary
.addHeading('Dependency Review')
.addRaw('We found:')
.addList([
...(addedPackages
? [`${addedPackages.length} vulnerable package(s)`]
: []),
...(invalidLicenseChanges
? [
`${invalidLicenseChanges.unresolved.length} package(s) with invalid SPDX license definitions`,
`${invalidLicenseChanges.forbidden.length} package(s) with incompatible licenses`,
`${invalidLicenseChanges.unlicensed.length} package(s) with unknown licenses.`
]
: [])
])
const icons = {
check: '✅',
cross: '❌',
warning: '⚠️'
}
export function addChangeVulnerabilitiesToSummary(
addedPackages: Changes,
severity: string
export function addSummaryToSummary(
vulnerableChanges: Changes,
invalidLicenseChanges: InvalidLicenseChanges,
config: ConfigurationOptions
): void {
const rows: SummaryTableRow[] = []
core.summary.addHeading('Dependency Review', 1)
const manifests = getManifestsSet(addedPackages)
if (
vulnerableChanges.length === 0 &&
countLicenseIssues(invalidLicenseChanges) === 0
) {
if (!config.license_check) {
core.summary.addRaw(`${icons.check} No vulnerabilities found.`)
} else if (!config.vulnerability_check) {
core.summary.addRaw(`${icons.check} No license issues found.`)
} else {
core.summary.addRaw(
`${icons.check} No vulnerabilities or license issues found.`
)
}
core.summary
.addHeading('Vulnerabilities')
.addQuote(
`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`
)
if (addedPackages.length === 0) {
core.summary.addQuote('No vulnerabilities found in added packages.')
return
}
core.summary
.addRaw('The following issues were found:')
.addList([
...(config.vulnerability_check
? [
`${checkOrFailIcon(vulnerableChanges.length)} ${
vulnerableChanges.length
} vulnerable package(s)`
]
: []),
...(config.license_check
? [
`${checkOrFailIcon(invalidLicenseChanges.forbidden.length)} ${
invalidLicenseChanges.forbidden.length
} package(s) with incompatible licenses`,
`${checkOrFailIcon(invalidLicenseChanges.unresolved.length)} ${
invalidLicenseChanges.unresolved.length
} package(s) with invalid SPDX license definitions`,
`${checkOrWarnIcon(invalidLicenseChanges.unlicensed.length)} ${
invalidLicenseChanges.unlicensed.length
} package(s) with unknown licenses.`
]
: [])
])
.addRaw('See the Details below.')
}
export function addChangeVulnerabilitiesToSummary(
vulnerableChanges: Changes,
severity: string
): void {
if (vulnerableChanges.length === 0) {
return
}
const rows: SummaryTableRow[] = []
const manifests = getManifestsSet(vulnerableChanges)
core.summary.addHeading('Vulnerabilities', 2)
for (const manifest of manifests) {
for (const change of addedPackages.filter(
for (const change of vulnerableChanges.filter(
pkg => pkg.manifest === manifest
)) {
let previous_package = ''
@@ -72,7 +104,7 @@ export function addChangeVulnerabilitiesToSummary(
previous_version = change.version
}
}
core.summary.addHeading(`<em>${manifest}</em>`, 3).addTable([
core.summary.addHeading(`<em>${manifest}</em>`, 4).addTable([
[
{data: 'Name', header: true},
{data: 'Version', header: true},
@@ -82,13 +114,24 @@ export function addChangeVulnerabilitiesToSummary(
...rows
])
}
if (severity !== 'low') {
core.summary.addQuote(
`Only included vulnerabilities with severity <strong>${severity}</strong> or higher.`
)
}
}
export function addLicensesToSummary(
invalidLicenseChanges: Record<string, Changes>,
invalidLicenseChanges: InvalidLicenseChanges,
config: ConfigurationOptions
): void {
core.summary.addHeading('Licenses')
if (countLicenseIssues(invalidLicenseChanges) === 0) {
return
}
core.summary.addHeading('License Issues', 2)
printLicenseViolations(invalidLicenseChanges)
if (config.allow_licenses && config.allow_licenses.length > 0) {
core.summary.addQuote(
@@ -101,11 +144,6 @@ export function addLicensesToSummary(
)
}
if (Object.values(invalidLicenseChanges).every(item => item.length === 0)) {
core.summary.addQuote('No license violations detected.')
return
}
core.debug(
`found ${invalidLicenseChanges.unlicensed.length} unknown licenses`
)
@@ -113,39 +151,43 @@ export function addLicensesToSummary(
core.debug(
`${invalidLicenseChanges.unresolved.length} licenses could not be validated`
)
printLicenseViolation(
'Incompatible Licenses',
invalidLicenseChanges.forbidden
)
printLicenseViolation('Unknown Licenses', invalidLicenseChanges.unlicensed)
printLicenseViolation(
'Invalid SPDX License Definitions',
invalidLicenseChanges.unresolved
)
}
function printLicenseViolation(heading: string, changes: Changes): void {
core.summary.addHeading(heading, 5).addSeparator()
if (changes.length > 0) {
const rows: SummaryTableRow[] = []
const manifests = getManifestsSet(changes)
const licenseIssueTypes: InvalidLicenseChangeTypes[] = [
'forbidden',
'unresolved',
'unlicensed'
]
for (const manifest of manifests) {
core.summary.addHeading(`<em>${manifest}</em>`, 4)
const issueTypeNames: Record<InvalidLicenseChangeTypes, string> = {
forbidden: 'Incompatible License',
unresolved: 'Invalid SPDX License',
unlicensed: 'Unknown License'
}
for (const change of changes.filter(pkg => pkg.manifest === manifest)) {
rows.push([
renderUrl(change.source_repository_url, change.name),
change.version,
formatLicense(change.license)
])
function printLicenseViolations(changes: InvalidLicenseChanges): void {
const rowsGroupedByManifest: Record<string, SummaryTableRow[]> = {}
for (const issueType of licenseIssueTypes) {
for (const change of changes[issueType]) {
if (!rowsGroupedByManifest[change.manifest]) {
rowsGroupedByManifest[change.manifest] = []
}
core.summary.addTable([['Package', 'Version', 'License'], ...rows])
rowsGroupedByManifest[change.manifest].push([
renderUrl(change.source_repository_url, change.name),
change.version,
formatLicense(change.license),
issueTypeNames[issueType]
])
}
} else {
core.summary.addQuote(`No ${heading.toLowerCase()} detected.`)
}
for (const [manifest, rows] of Object.entries(rowsGroupedByManifest)) {
core.summary.addHeading(`<em>${manifest}</em>`, 4)
core.summary.addTable([
['Package', 'Version', 'License', 'Issue Type'],
...rows
])
}
}
@@ -160,9 +202,7 @@ export function addScannedDependencies(changes: Changes): void {
const dependencies = groupDependenciesByManifest(changes)
const manifests = dependencies.keys()
const summary = core.summary
.addHeading('Scanned Dependencies')
.addHeading(`We scanned ${dependencies.size} manifest files:`, 5)
const summary = core.summary.addHeading('Scanned Manifest Files', 2)
for (const manifest of manifests) {
const deps = dependencies.get(manifest)
@@ -174,3 +214,20 @@ export function addScannedDependencies(changes: Changes): void {
}
}
}
function countLicenseIssues(
invalidLicenseChanges: InvalidLicenseChanges
): number {
return Object.values(invalidLicenseChanges).reduce(
(acc, val) => acc + val.length,
0
)
}
function checkOrFailIcon(count: number): string {
return count === 0 ? icons.check : icons.cross
}
function checkOrWarnIcon(count: number): string {
return count === 0 ? icons.check : icons.warning
}
+8
View File
@@ -0,0 +1,8 @@
{
"extends": "./tsconfig.json",
"include": ["src"],
"compilerOptions": {
"outDir": "./lib" /* Redirect output structure to the directory. */,
"rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
}
}
+1 -2
View File
@@ -3,10 +3,9 @@
"target": "es6" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
"module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
"outDir": "./lib" /* Redirect output structure to the directory. */,
"rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */,
"strict": true /* Enable all strict type-checking options. */,
"noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
},
"exclude": ["node_modules", "**/*.test.ts"]
"exclude": ["node_modules"]
}