Compare commits

...

243 Commits

Author SHA1 Message Date
Federico Builes a89dd96450 adding dist 2023-11-08 08:49:49 +01:00
Federico Builes 76891836b1 revert octokit changes 2023-11-08 08:47:43 +01:00
Federico Builes fc5e2db757 go back to Node 16 to skip using fetch API 2023-11-08 08:36:27 +01:00
Federico Builes ded987cb3b Downgrade usage of retries.
This commit reverts:

f7363549ac
76b050a607
8dc52cdbed
2023-11-08 08:35:44 +01:00
Federico Builes 9f45b2463b bumping to 3.1.1 2023-11-06 08:03:41 +01:00
Federico Builes 559513a56c Merge pull request #606 from actions/dependabot/npm_and_yarn/actions/github-6.0.0
Bump @actions/github from 5.1.1 to 6.0.0
2023-11-06 07:55:54 +01:00
Federico Builes 8edc431d7d Merge branch 'main' into dependabot/npm_and_yarn/actions/github-6.0.0 2023-11-06 07:52:53 +01:00
Federico Builes 3e8322e4bb Merge pull request #605 from actions/dependabot/npm_and_yarn/yaml-2.3.4
Bump yaml from 2.3.3 to 2.3.4
2023-11-06 07:51:31 +01:00
Federico Builes 5a55885447 adding dist 2023-11-06 07:50:51 +01:00
Federico Builes f952b5a2c5 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.3.4 2023-11-06 07:48:24 +01:00
Federico Builes 8678cfac42 Merge pull request #607 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.9.1
Bump @typescript-eslint/eslint-plugin from 6.9.0 to 6.9.1
2023-11-06 07:47:08 +01:00
Federico Builes aa8e70d588 adding dist 2023-11-06 07:46:52 +01:00
Federico Builes 3331d25f9d adding dist 2023-11-06 07:42:40 +01:00
dependabot[bot] 2af83f55fa Bump @actions/github from 5.1.1 to 6.0.0
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.1.1 to 6.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 06:42:18 +00:00
dependabot[bot] 0d3cf5ba9e Bump @typescript-eslint/eslint-plugin from 6.9.0 to 6.9.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.9.0 to 6.9.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 06:42:16 +00:00
Federico Builes b2a5ead1f7 Merge pull request #604 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.9.1
Bump @typescript-eslint/parser from 6.8.0 to 6.9.1
2023-11-06 07:41:16 +01:00
Federico Builes 79f0a0b62b Merge pull request #603 from actions/dependabot/npm_and_yarn/actions/core-1.10.1
Bump @actions/core from 1.10.0 to 1.10.1
2023-11-06 07:40:58 +01:00
Federico Builes fc44602899 adding dist 2023-11-06 07:40:46 +01:00
dependabot[bot] 7177991451 Bump yaml from 2.3.3 to 2.3.4
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.3...v2.3.4)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:54 +00:00
dependabot[bot] 90fe789d91 Bump @typescript-eslint/parser from 6.8.0 to 6.9.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.8.0 to 6.9.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:45 +00:00
dependabot[bot] 5cbf74f675 Bump @actions/core from 1.10.0 to 1.10.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.10.0 to 1.10.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:31 +00:00
Federico Builes 11e0dead9a Merge pull request #598 from actions/dependabot/npm_and_yarn/packageurl-js-1.2.0
Bump packageurl-js from 1.0.2 to 1.2.0
2023-10-30 09:43:41 +01:00
Federico Builes 3c1cb72dcd updating dist 2023-10-30 09:31:26 +01:00
Federico Builes 570a2b5dcd Merge pull request #597 from actions/dependabot/npm_and_yarn/eslint-8.52.0
Bump eslint from 8.51.0 to 8.52.0
2023-10-30 09:28:21 +01:00
Federico Builes a7e01b8d9c Merge pull request #599 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.9.0
Bump @typescript-eslint/eslint-plugin from 6.8.0 to 6.9.0
2023-10-30 09:28:05 +01:00
dependabot[bot] 168567cd17 Bump eslint from 8.51.0 to 8.52.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.51.0 to 8.52.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.51.0...v8.52.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 08:25:08 +00:00
dependabot[bot] 1d86ff759b Bump @typescript-eslint/eslint-plugin from 6.8.0 to 6.9.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 08:25:07 +00:00
Federico Builes 0631089c32 Merge pull request #596 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.6.0
Bump eslint-plugin-jest from 27.4.2 to 27.6.0
2023-10-30 09:24:44 +01:00
Federico Builes 0b8ffde994 Merge pull request #600 from actions/dependabot/npm_and_yarn/types/spdx-satisfies-0.1.1
Bump @types/spdx-satisfies from 0.1.0 to 0.1.1
2023-10-30 09:23:36 +01:00
Federico Builes 68d57cd360 Merge pull request #601 from actions/dependabot/github_actions/actions/setup-node-4
Bump actions/setup-node from 3 to 4
2023-10-30 09:22:44 +01:00
dependabot[bot] 7314a0c1f5 Bump actions/setup-node from 3 to 4
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:40:15 +00:00
dependabot[bot] cfeea91bf4 Bump @types/spdx-satisfies from 0.1.0 to 0.1.1
Bumps [@types/spdx-satisfies](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-satisfies) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-satisfies)

---
updated-dependencies:
- dependency-name: "@types/spdx-satisfies"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:08:35 +00:00
dependabot[bot] c8515ab391 Bump packageurl-js from 1.0.2 to 1.2.0
Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 1.0.2 to 1.2.0.
- [Changelog](https://github.com/package-url/packageurl-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/package-url/packageurl-js/compare/v1.0.2...v1.2.0)

---
updated-dependencies:
- dependency-name: packageurl-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:07:56 +00:00
dependabot[bot] cff52fd316 Bump eslint-plugin-jest from 27.4.2 to 27.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.4.2 to 27.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:07:31 +00:00
Federico Builes e65eb02ccf Merge pull request #591 from actions/dependabot/npm_and_yarn/typescript-5.2.2
Bump typescript from 4.9.5 to 5.2.2
2023-10-23 12:27:41 +02:00
Federico Builes 88953c2b16 updating dist 2023-10-23 12:26:03 +02:00
Federico Builes d97416955e Merge pull request #594 from actions/dependabot/npm_and_yarn/babel/traverse-7.23.2
Bump @babel/traverse from 7.23.0 to 7.23.2
2023-10-23 06:57:28 +02:00
dependabot[bot] 523c9a28aa Bump @babel/traverse from 7.23.0 to 7.23.2
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.23.0 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 04:56:30 +00:00
dependabot[bot] f85d4d5bc2 Bump typescript from 4.9.5 to 5.2.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.5 to 5.2.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.5...v5.2.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:19:39 +00:00
Federico Builes 89ff65dbf7 Merge pull request #589 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.10.1
Bump eslint-plugin-github from 4.9.2 to 4.10.1
2023-10-23 05:18:52 +02:00
Federico Builes c3c32181a9 Merge pull request #592 from actions/dependabot/npm_and_yarn/types/spdx-expression-parse-3.0.4
Bump @types/spdx-expression-parse from 3.0.3 to 3.0.4
2023-10-23 05:18:42 +02:00
Federico Builes ead6e4616f Merge pull request #593 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.8.0
Bump @typescript-eslint/parser from 6.7.3 to 6.8.0
2023-10-23 05:18:25 +02:00
dependabot[bot] a265e18106 Bump @types/spdx-expression-parse from 3.0.3 to 3.0.4
Bumps [@types/spdx-expression-parse](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-expression-parse) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-expression-parse)

---
updated-dependencies:
- dependency-name: "@types/spdx-expression-parse"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:13:32 +00:00
dependabot[bot] a8759965d7 Bump @typescript-eslint/parser from 6.7.3 to 6.8.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.7.3 to 6.8.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:13:20 +00:00
Federico Builes 954314c2b1 Merge pull request #590 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.8.0
Bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.8.0
2023-10-23 05:11:58 +02:00
dependabot[bot] 5b62f3bc06 Bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.8.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.7.5 to 6.8.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 01:57:41 +00:00
dependabot[bot] fddf4c3474 Bump eslint-plugin-github from 4.9.2 to 4.10.1
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.9.2 to 4.10.1.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.9.2...v4.10.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 01:57:14 +00:00
Federico Builes 04e56a4409 Merge pull request #586 from actions/dependabot/npm_and_yarn/yaml-2.3.3
Bump yaml from 2.3.2 to 2.3.3
2023-10-16 05:39:42 +02:00
Federico Builes af51c4b700 adding dist 2023-10-16 03:44:04 +02:00
dependabot[bot] bd3b04e194 Bump yaml from 2.3.2 to 2.3.3
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:43:15 +00:00
Federico Builes 382d2873a9 Merge pull request #585 from actions/dependabot/npm_and_yarn/types/spdx-expression-parse-3.0.3
Bump @types/spdx-expression-parse from 3.0.2 to 3.0.3
2023-10-16 03:42:54 +02:00
dependabot[bot] 500120a761 Bump @types/spdx-expression-parse from 3.0.2 to 3.0.3
Bumps [@types/spdx-expression-parse](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-expression-parse) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-expression-parse)

---
updated-dependencies:
- dependency-name: "@types/spdx-expression-parse"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:41:27 +00:00
Federico Builes 212ded88b2 Merge pull request #584 from actions/dependabot/npm_and_yarn/eslint-plugin-prettier-5.0.1
Bump eslint-plugin-prettier from 5.0.0 to 5.0.1
2023-10-16 03:41:10 +02:00
Federico Builes 7ec89343e1 Merge pull request #587 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.7.5
Bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.5
2023-10-16 03:40:22 +02:00
Federico Builes 536cc3d4b6 Merge pull request #588 from actions/dependabot/npm_and_yarn/types/node-16.18.58
Bump @types/node from 16.18.54 to 16.18.58
2023-10-16 03:40:11 +02:00
dependabot[bot] 2bc52c6348 Bump @types/node from 16.18.54 to 16.18.58
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.54 to 16.18.58.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:17:28 +00:00
dependabot[bot] fe9d8a52c4 Bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.7.2 to 6.7.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:17:14 +00:00
dependabot[bot] bd251cc9eb Bump eslint-plugin-prettier from 5.0.0 to 5.0.1
Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:16:34 +00:00
Federico Builes 7e65a9bb48 Merge branch 'update-octokit' 2023-10-09 13:39:21 +02:00
Federico Builes b91ea51364 updating dist. 2023-10-09 13:34:29 +02:00
Federico Builes 76b050a607 Use octokit-rest for the PR comments client. 2023-10-09 13:34:14 +02:00
Federico Builes e6d6badddb Update jest. 2023-10-09 13:33:55 +02:00
Federico Builes f7363549ac use octokit plugins 2023-10-09 13:20:24 +02:00
Federico Builes f71a906c2e Update plugins. 2023-10-09 13:17:54 +02:00
Federico Builes 03ace23f96 Update Node JS version. 2023-10-09 12:36:16 +02:00
Federico Builes 0564d6f4de adding dist 2023-10-09 11:41:16 +02:00
dependabot[bot] cd09f857a3 Bump octokit from 2.1.0 to 3.1.1
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.1.0 to 3.1.1.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 09:38:02 +00:00
Federico Builes 69a61b613b updating dist 2023-10-09 11:36:34 +02:00
Federico Builes 53eb1ebcf5 Merge branch 'update-request-errors' 2023-10-09 11:36:00 +02:00
Federico Builes 8dc52cdbed update tests 2023-10-09 11:23:53 +02:00
Federico Builes e8634671a4 Merge pull request #583 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.4.2
Bump eslint-plugin-jest from 27.2.3 to 27.4.2
2023-10-09 10:25:41 +02:00
Federico Builes 69ecf4db79 Merge pull request #582 from actions/dependabot/npm_and_yarn/eslint-8.51.0
Bump eslint from 8.48.0 to 8.51.0
2023-10-09 10:25:28 +02:00
dependabot[bot] 70835908ea Bump eslint-plugin-jest from 27.2.3 to 27.4.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.2.3 to 27.4.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.2.3...v27.4.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 01:37:39 +00:00
dependabot[bot] f704f55fa1 Bump eslint from 8.48.0 to 8.51.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.48.0 to 8.51.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.48.0...v8.51.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 01:37:24 +00:00
Federico Builes e51d18ae1e updating dist 2023-10-05 17:15:27 +02:00
Federico Builes 62f26a66d6 bumping zod 2023-10-05 17:14:25 +02:00
Federico Builes 2f836bbce6 Merge pull request #580 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.7.3
Bump @typescript-eslint/parser from 6.6.0 to 6.7.3
2023-10-01 21:21:28 -05:00
dependabot[bot] 75dbba1acf Bump @typescript-eslint/parser from 6.6.0 to 6.7.3
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.6.0 to 6.7.3.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.3/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 02:15:09 +00:00
Federico Builes 8325453339 Merge pull request #579 from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.0
Bump @vercel/ncc from 0.36.1 to 0.38.0
2023-10-01 21:13:34 -05:00
dependabot[bot] 353956d50d Bump @vercel/ncc from 0.36.1 to 0.38.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.36.1 to 0.38.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.36.1...0.38.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 01:59:34 +00:00
Federico Builes 4e41165d4b Merge pull request #577 from jsoref/modernize-versions
Modernize versions
2023-09-27 13:46:13 -05:00
Josh Soref cf3393ef0a Drop references to v2 from README
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-09-27 12:53:32 -04:00
Josh Soref 8213a1db10 Use checkout@v4
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-09-27 12:53:32 -04:00
Federico Builes 64a6d1a0b8 Merge pull request #571 from actions/dependabot/npm_and_yarn/types/node-16.18.54
Bump @types/node from 16.18.48 to 16.18.54
2023-09-26 12:24:33 -05:00
Federico Builes 364de25b16 Merge pull request #573 from actions/dependabot/npm_and_yarn/prettier-3.0.3
Bump prettier from 3.0.2 to 3.0.3
2023-09-26 12:24:18 -05:00
dependabot[bot] ad34390f92 Bump @octokit/request-error from 2.1.0 to 5.0.1
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 5.0.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v5.0.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:31:40 +00:00
dependabot[bot] 1f5e4f1cd9 Bump prettier from 3.0.2 to 3.0.3
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:30:59 +00:00
dependabot[bot] fcb0293419 Bump @types/node from 16.18.48 to 16.18.54
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.48 to 16.18.54.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:30:38 +00:00
Federico Builes 6c530dbedd Merge pull request #570 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.7.2
Bump @typescript-eslint/eslint-plugin from 6.4.0 to 6.7.2
2023-09-18 14:42:50 -05:00
dependabot[bot] e5c6ae035a Bump @typescript-eslint/eslint-plugin from 6.4.0 to 6.7.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.4.0 to 6.7.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-18 19:41:12 +00:00
Federico Builes 9c66f1b1b1 Merge pull request #569 from actions/dependabot/npm_and_yarn/esbuild-register-3.5.0
Bump esbuild-register from 3.4.2 to 3.5.0
2023-09-18 14:39:13 -05:00
dependabot[bot] 9add2f12fa Bump esbuild-register from 3.4.2 to 3.5.0
Bumps esbuild-register from 3.4.2 to 3.5.0.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-18 01:47:43 +00:00
Federico Builes 079b962af9 Merge pull request #564 from actions/dependabot/npm_and_yarn/zod-3.22.2
Bump zod from 3.21.4 to 3.22.2
2023-09-11 07:17:25 -05:00
Federico Builes e6b5e83d4e adding dist 2023-09-11 07:16:56 -05:00
Federico Builes 3c40a50e4b Merge pull request #565 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.6.0
Bump @typescript-eslint/parser from 6.2.1 to 6.6.0
2023-09-11 07:13:54 -05:00
Federico Builes 886d1fcf5f Merge pull request #563 from actions/dependabot/github_actions/actions/checkout-4
Bump actions/checkout from 3 to 4
2023-09-11 07:13:45 -05:00
dependabot[bot] 615671754c Bump @typescript-eslint/parser from 6.2.1 to 6.6.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.2.1 to 6.6.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.6.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:42:06 +00:00
dependabot[bot] cd1bb8895d Bump zod from 3.21.4 to 3.22.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.21.4 to 3.22.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.21.4...v3.22.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:41:45 +00:00
dependabot[bot] 7095391667 Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:14:30 +00:00
Justin Holguín 6c5ccdad46 Merge pull request #562 from actions/juxtin/v3.0.9
Update version to 3.1.0
2023-09-07 14:46:08 -07:00
Federico Builes 51da82b3f5 updating package-lock.json 2023-09-07 16:44:36 -05:00
Justin Holguín ca13810d94 Update version to 3.1.0 2023-09-07 21:42:29 +00:00
Justin Holguín 8447b31d38 Merge pull request #561 from actions/juxtin/dr-snaps-readme
Add new Dr Snaps config options to readme
2023-09-07 14:19:42 -07:00
Justin Holguín 85df23de2c Update readme with new parameters 2023-09-07 21:17:45 +00:00
Justin Holguín 5da6fdbdf9 Clean up markdown formatting 2023-09-07 21:11:56 +00:00
Justin Holguín 92837b0ca8 Merge pull request #560 from actions/juxtin/improve-warnings
Improve display of snapshot warnings
2023-09-07 14:09:36 -07:00
Justin Holguín 35a52fd146 Minor tweaks to snapshot warnings 2023-09-07 18:00:57 +00:00
Justin Holguín bed9726f78 Make snapshot warning messages clearer and more actionable 2023-09-07 17:54:42 +00:00
Justin Holguín e4d20ce9ad Merge pull request #556 from actions/juxtin/dr-snaps-pre-launch
Dr Snaps launch PR
2023-09-07 10:18:47 -07:00
Justin Holguín bb0ca79fcd Update action.yml to show retry default 2023-09-07 17:08:20 +00:00
Justin Holguín 07f52ce621 Add example with retry-on-snapshot-warnings to docs 2023-09-07 17:07:50 +00:00
Justin Holguín c7e8727af4 Update action.yml
Co-authored-by: Federico Builes <febuiles@github.com>
2023-09-07 09:50:44 -07:00
Federico Builes 5e4b90e080 add dist 2023-09-07 09:06:46 -05:00
Federico Builes 7d0e0f61e8 Update src/dependency-graph.ts
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-09-07 07:08:21 -05:00
Justin Holguín ffaf251c92 update dist 2023-09-06 20:38:47 +00:00
Justin Holguín 726ffc8aa8 Merge remote-tracking branch 'origin/main' into juxtin/dr-snaps-pre-launch 2023-09-06 20:26:55 +00:00
Justin Holguín fcef41f1e0 Add docs link to snapshot warnings 2023-09-06 19:07:18 +00:00
Justin Holguín e81e6e582f Default retry-on-snapshot-warnings to false
Keeping this true by default means wasting actions minutes for
the vast majority of DR users
2023-09-06 18:04:16 +00:00
Federico Builes 511675e747 Merge pull request #558 from actions/dependabot/npm_and_yarn/types/node-16.18.48
Bump @types/node from 16.18.41 to 16.18.48
2023-09-05 16:15:52 -04:00
Federico Builes dcdbff2f84 Merge pull request #557 from actions/dependabot/npm_and_yarn/yaml-2.3.2
Bump yaml from 2.3.1 to 2.3.2
2023-09-05 11:55:49 -04:00
Federico Builes 29513b58ad updating dist 2023-09-05 08:28:43 -05:00
dependabot[bot] 347cb43687 Bump @types/node from 16.18.41 to 16.18.48
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.41 to 16.18.48.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 01:44:52 +00:00
dependabot[bot] dfe37bb356 Bump yaml from 2.3.1 to 2.3.2
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.1...v2.3.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 01:44:44 +00:00
Justin Holguín ada103783f Merge remote-tracking branch 'origin/retry-on-snapshot-warnings' into juxtin/dr-snaps-pre-launch 2023-08-31 16:31:44 +00:00
Justin Holguín abc80cf6a0 Merge branch 'juxtin/snapshot-warnings' into juxtin/dr-snaps-pre-launch 2023-08-31 16:06:14 +00:00
Federico Builes 15e91a3980 Merge pull request #554 from actions/dependabot/npm_and_yarn/eslint-8.48.0
Bump eslint from 8.47.0 to 8.48.0
2023-08-28 08:52:43 -05:00
Federico Builes c7d2795410 Merge pull request #553 from actions/dependabot/npm_and_yarn/prettier-3.0.2
Bump prettier from 3.0.1 to 3.0.2
2023-08-28 08:52:32 -05:00
dependabot[bot] eb07c6d763 Bump eslint from 8.47.0 to 8.48.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.47.0 to 8.48.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.47.0...v8.48.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 01:52:04 +00:00
dependabot[bot] 4d8fe1e464 Bump prettier from 3.0.1 to 3.0.2
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.1...3.0.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 01:51:43 +00:00
Justin Holguín ee86529290 Show all non-empty snapshot warnings 2023-08-23 18:45:35 +00:00
Federico Builes c17dea4c51 Merge pull request #549 from actions/dependabot/npm_and_yarn/types/node-16.18.41
Bump @types/node from 16.18.39 to 16.18.41
2023-08-23 15:16:07 +02:00
Federico Builes 727ca667a3 Merge pull request #550 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.4.0
Bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.0
2023-08-23 15:15:56 +02:00
Federico Builes 84cd472b61 Merge pull request #551 from oerd/update-inputs-documentation-and-links
Fix(docs): Correct action input name
2023-08-22 17:02:07 +02:00
Oerd Cukalla 366fffb717 Fix(docs): Correct article use. 2023-08-22 00:28:34 +02:00
Oerd Cukalla 62a1d2d370 Fix(docs): Correct action input name
Change input name used for passing the personal access token to
`external-repo-token`.
2023-08-22 00:20:26 +02:00
dependabot[bot] 42c2f7100f Bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.4.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-21 01:04:16 +00:00
dependabot[bot] 608049acca Bump @types/node from 16.18.39 to 16.18.41
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.39 to 16.18.41.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-21 01:03:36 +00:00
Federico Builes 32037a1d97 bumping to 3.0.8 2023-08-15 10:11:44 +02:00
Federico Builes f6fff72a32 Merge pull request #540 from sgmurphy/comment-on-failure
Add `on-failure` option to `comment-summary-in-pr` setting
2023-08-15 10:08:44 +02:00
Federico Builes 61ee12c097 Merge pull request #548 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.3.0
Bump @typescript-eslint/eslint-plugin from 6.2.0 to 6.3.0
2023-08-14 06:39:45 +02:00
Federico Builes 7d5babfc38 Merge pull request #547 from actions/dependabot/npm_and_yarn/eslint-8.47.0
Bump eslint from 8.46.0 to 8.47.0
2023-08-14 06:39:28 +02:00
dependabot[bot] ddb1b9361c Bump @typescript-eslint/eslint-plugin from 6.2.0 to 6.3.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.3.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-14 01:26:56 +00:00
dependabot[bot] 7c3177d3c2 Bump eslint from 8.46.0 to 8.47.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.46.0 to 8.47.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.46.0...v8.47.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-14 01:26:22 +00:00
Sean Murphy 31afeba06d Add unit tests 2023-08-09 21:10:48 -04:00
Sean Murphy 7ef37f3853 Merge branch 'main' into comment-on-failure 2023-08-09 17:31:16 -04:00
Sean Murphy 2e59943778 Parse boolean to enum 2023-08-09 15:57:03 -04:00
Federico Builes 7d90b4f05f bumping to 3.0.7 2023-08-09 15:27:02 +02:00
Federico Builes 02aa4b66a7 Merge pull request #544 from adrienpessu/main
Add an option to deny packages or groups of packages
2023-08-09 15:25:21 +02:00
Federico Builes fe2a482baf Apply suggestions from code review 2023-08-09 15:24:26 +02:00
Adrien Pessu ce14e1f894 improve example 2023-08-08 17:21:30 +02:00
Adrien Pessu eacc0328b1 improve example 2023-08-08 17:10:23 +02:00
Adrien Pessu 98aae180cb debug 2023-08-08 16:56:01 +02:00
Adrien Pessu c280c303e6 debug 2023-08-08 16:51:40 +02:00
Adrien Pessu 1db9156f85 change from name of the package to the package url to avoid conflict between 2 dependencies with the same name but for different ecosystems 2023-08-08 16:34:23 +02:00
Adrien Pessu c462e2e50e add example 2023-08-08 10:12:55 +02:00
Adrien Pessu 0796abb9cf add changes on js.map file 2023-08-07 17:17:27 +02:00
Adrien Pessu eab07548a7 Merge remote-tracking branch 'upstream/main' 2023-08-07 14:25:57 +02:00
Adrien Pessu 00f1f5b642 add tests and docs 2023-08-07 14:07:46 +02:00
Adrien Pessu 6862f6f65f add groups 2023-08-07 14:07:26 +02:00
Adrien Pessu 2f38ecd3fd add deny_list as paramter 2023-08-07 14:07:26 +02:00
Adrien Pessu 309d082d5f initial commit 2023-08-07 14:07:26 +02:00
Federico Builes 0e6dece6c7 update more dependencies 2023-08-07 14:07:26 +02:00
dependabot[bot] 942409c937 Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.1 to 6.2.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 14:07:26 +02:00
Federico Builes 6af66592ad dependbot updates 2023-08-07 14:07:26 +02:00
dependabot[bot] d5a7e34e39 Bump prettier from 2.8.8 to 3.0.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 14:07:25 +02:00
Federico Builes 328a08ea42 Merge pull request #541 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.2.1
Bump @typescript-eslint/parser from 6.2.0 to 6.2.1
2023-08-07 10:20:46 +02:00
Federico Builes 3f88e84ced Merge pull request #542 from actions/dependabot/npm_and_yarn/prettier-3.0.1
Bump prettier from 3.0.0 to 3.0.1
2023-08-07 10:07:55 +02:00
dependabot[bot] 4463280ae5 Bump prettier from 3.0.0 to 3.0.1
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.0...3.0.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 01:49:54 +00:00
dependabot[bot] ae11b24682 Bump @typescript-eslint/parser from 6.2.0 to 6.2.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 01:49:41 +00:00
Sean Murphy 902e86c6f5 Add on-failure option to comment-summary-in-pr setting 2023-08-04 22:37:51 -04:00
Federico Builes 1e70f06e66 Merge pull request #537 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.2.0
Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
2023-07-31 18:03:04 +02:00
Federico Builes 0ea885e7c5 update more dependencies 2023-07-31 18:01:31 +02:00
dependabot[bot] 498c8717d3 Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.1 to 6.2.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 06:42:19 +00:00
Federico Builes fc8a06c798 Merge pull request #526 from actions/dependabot/npm_and_yarn/prettier-3.0.0
Bump prettier from 2.8.8 to 3.0.0
2023-07-31 08:40:45 +02:00
Federico Builes 8c593e9822 dependbot updates 2023-07-31 08:39:38 +02:00
Federico Builes 98d4fd7247 Merge pull request #534 from rajbos/main
Make GHES support / setup more clear
2023-07-19 16:27:05 +02:00
Federico Builes 0a68c5dfa6 Update README.md 2023-07-19 16:26:44 +02:00
Federico Builes f015f96b55 Update README.md 2023-07-19 16:26:39 +02:00
Rob Bos 3290c85b0f Make GHES support more clear 2023-07-19 13:05:42 +02:00
dependabot[bot] 6b0d5029d1 Bump prettier from 2.8.8 to 3.0.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 01:39:16 +00:00
cnagadya 090b9fe2a1 Merge pull request #524 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.60.1
Bump @typescript-eslint/eslint-plugin from 5.60.0 to 5.60.1
2023-07-03 10:32:12 +02:00
dependabot[bot] c5e57016d8 Bump @typescript-eslint/eslint-plugin from 5.60.0 to 5.60.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.0 to 5.60.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 08:18:28 +00:00
cnagadya 8cf6fcb693 Merge pull request #523 from actions/dependabot/npm_and_yarn/eslint-8.44.0
Bump eslint from 8.43.0 to 8.44.0
2023-07-03 10:17:48 +02:00
cnagadya 9bf5053b8a Merge pull request #522 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.60.1
Bump @typescript-eslint/parser from 5.60.0 to 5.60.1
2023-07-03 10:17:36 +02:00
cnagadya a213934318 Merge pull request #521 from actions/dependabot/npm_and_yarn/types/node-16.18.38
Bump @types/node from 16.18.36 to 16.18.38
2023-07-03 10:17:27 +02:00
dependabot[bot] e301b1bd30 Bump eslint from 8.43.0 to 8.44.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.43.0 to 8.44.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.43.0...v8.44.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:29:06 +00:00
dependabot[bot] c730d72f23 Bump @typescript-eslint/parser from 5.60.0 to 5.60.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.60.0 to 5.60.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:28:46 +00:00
dependabot[bot] a65c766d12 Bump @types/node from 16.18.36 to 16.18.38
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.36 to 16.18.38.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:28:23 +00:00
Federico Builes 7599c4bc8e Merge pull request #519 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.4
Bump @octokit/plugin-retry from 5.0.2 to 5.0.4
2023-06-26 15:38:01 +02:00
Federico Builes 0f4e96f7e8 adding build files 2023-06-26 15:36:01 +02:00
dependabot[bot] a234018432 Bump @octokit/plugin-retry from 5.0.2 to 5.0.4
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 5.0.2 to 5.0.4.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v5.0.2...v5.0.4)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 13:29:15 +00:00
Federico Builes 328eb79003 Merge pull request #518 from actions/dependabot/npm_and_yarn/octokit-2.1.0
Bump octokit from 2.0.19 to 2.1.0
2023-06-26 15:28:32 +02:00
Federico Builes 5bb28e508e npm i 2023-06-26 15:26:17 +02:00
Federico Builes 11a4a75728 Merge pull request #516 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.60.0
Bump @typescript-eslint/eslint-plugin from 5.59.11 to 5.60.0
2023-06-26 07:10:03 +02:00
dependabot[bot] c5ac6e1eba Bump @typescript-eslint/eslint-plugin from 5.59.11 to 5.60.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.11 to 5.60.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 05:08:33 +00:00
Federico Builes a3753ba2c6 Merge pull request #520 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.2.2
Bump eslint-plugin-jest from 27.2.1 to 27.2.2
2023-06-26 07:03:16 +02:00
Federico Builes ec3136c4ba Merge pull request #517 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.60.0
Bump @typescript-eslint/parser from 5.59.11 to 5.60.0
2023-06-26 07:03:01 +02:00
dependabot[bot] 38b79e2fbe Bump eslint-plugin-jest from 27.2.1 to 27.2.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.2.1 to 27.2.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.2.1...v27.2.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:30:13 +00:00
dependabot[bot] 01a70a14e2 Bump octokit from 2.0.19 to 2.1.0
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.19 to 2.1.0.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.19...v2.1.0)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:29:16 +00:00
dependabot[bot] d32ada785e Bump @typescript-eslint/parser from 5.59.11 to 5.60.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.11 to 5.60.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:28:47 +00:00
Federico Builes c61b0a3941 Merge pull request #510 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.11
Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.59.11
2023-06-19 07:54:57 +02:00
Federico Builes 38c1dbdffa Merge branch 'main' into dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.11 2023-06-19 07:00:21 +02:00
Federico Builes 84fe280943 Merge pull request #512 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.11
Bump @typescript-eslint/parser from 5.59.9 to 5.59.11
2023-06-19 06:58:36 +02:00
Federico Builes cf65a75df3 Merge pull request #511 from actions/dependabot/npm_and_yarn/eslint-8.43.0
Bump eslint from 8.41.0 to 8.43.0
2023-06-19 06:58:17 +02:00
dependabot[bot] 3d532eeb2e Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.59.11
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.9 to 5.59.11.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.11/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:17 +00:00
dependabot[bot] 2a14180549 Bump @typescript-eslint/parser from 5.59.9 to 5.59.11
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.59.11.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.11/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:17 +00:00
dependabot[bot] 3958f9d2c8 Bump eslint from 8.41.0 to 8.43.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.41.0 to 8.43.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.41.0...v8.43.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:12 +00:00
Federico Builes d561324ef9 Merge pull request #509 from actions/dependabot/npm_and_yarn/types/node-16.18.36
Bump @types/node from 16.18.35 to 16.18.36
2023-06-19 06:51:36 +02:00
dependabot[bot] 5c03808159 Bump @types/node from 16.18.35 to 16.18.36
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.35 to 16.18.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 01:58:19 +00:00
Henri Maurer d3fa764646 fix 2023-06-14 10:38:45 +01:00
Henri Maurer 1856a6de19 fix 2023-06-14 10:26:22 +01:00
Henri Maurer 5573b58443 better logging 2023-06-14 10:24:40 +01:00
Henri Maurer c3c3c2e746 fix retry until 2023-06-14 10:12:19 +01:00
Federico Builes 9617594ce4 Merge pull request #506 from actions/dependabot/npm_and_yarn/octokit-2.0.19
update octokit, regenerate dist
2023-06-12 07:29:57 +02:00
Federico Builes c10600ad00 update octokit, regenerate dist 2023-06-12 07:28:23 +02:00
Federico Builes 86477f1ea0 Merge pull request #504 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.9
Bump @typescript-eslint/eslint-plugin from 5.59.8 to 5.59.9
2023-06-12 07:19:03 +02:00
Federico Builes b6ef88155e Merge pull request #505 from actions/dependabot/npm_and_yarn/types/node-16.18.35
Bump @types/node from 16.18.34 to 16.18.35
2023-06-12 07:18:49 +02:00
Federico Builes 1c01b75438 Merge pull request #503 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.2
Bump @octokit/plugin-retry from 5.0.0 to 5.0.2
2023-06-12 07:18:36 +02:00
dependabot[bot] 1590d3f795 Bump @typescript-eslint/eslint-plugin from 5.59.8 to 5.59.9
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.8 to 5.59.9.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.9/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 05:17:03 +00:00
Federico Builes 90de8e47b4 adding dist 2023-06-12 07:16:52 +02:00
Federico Builes 6d3699baca Merge pull request #502 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.9
Bump @typescript-eslint/parser from 5.59.8 to 5.59.9
2023-06-12 07:15:59 +02:00
dependabot[bot] 87e767d41f Bump @types/node from 16.18.34 to 16.18.35
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.34 to 16.18.35.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:59:53 +00:00
dependabot[bot] 554d5fa52b Bump @octokit/plugin-retry from 5.0.0 to 5.0.2
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 5.0.0 to 5.0.2.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v5.0.0...v5.0.2)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:59:03 +00:00
dependabot[bot] 983fa12c36 Bump @typescript-eslint/parser from 5.59.8 to 5.59.9
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.8 to 5.59.9.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.9/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:58:41 +00:00
Henri Maurer f6f94a23a4 fix 2023-06-09 10:44:43 +01:00
Henri Maurer 50954e6a9a fix 2023-06-09 10:30:56 +01:00
Henri Maurer 66b6f67835 Add configs 2023-06-09 10:26:24 +01:00
Henri Maurer 1644401f8d rewrite retry logic 2023-06-08 18:11:13 +01:00
Henri Maurer 1a326fc7fa proceed even if warnings 2023-06-08 17:04:40 +01:00
Henri Maurer a82096e68a fix 2023-06-07 16:51:53 +01:00
Henri Maurer 90d3a94eb7 fix 2023-06-07 16:48:32 +01:00
Henri Maurer 9dde5949a8 retry every 10s 2023-06-07 16:39:16 +01:00
Henri Maurer cff142b535 includes_dependency_snapshots 2023-06-07 14:04:29 +01:00
Henri Maurer a4c5ac881a disable caching 2023-06-07 10:10:21 +01:00
Henri Maurer d35955ebf6 Prototype re-try on snapshot warnings 2023-06-06 16:44:27 +01:00
Federico Builes 0342e75832 Merge pull request #500 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.0
Bump @octokit/plugin-retry from 4.1.3 to 5.0.0
2023-06-05 07:14:34 +02:00
Federico Builes 3daf1c6551 Updating dist 2023-06-05 07:13:53 +02:00
Federico Builes 16cbdf9d97 Merge pull request #498 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.8.0
Bump eslint-plugin-github from 4.7.0 to 4.8.0
2023-06-05 07:09:55 +02:00
Federico Builes 59a0ce5dc2 Merge pull request #497 from actions/dependabot/npm_and_yarn/got-13.0.0
Bump got from 12.6.0 to 13.0.0
2023-06-05 07:08:54 +02:00
dependabot[bot] 6cc98d3032 Bump @octokit/plugin-retry from 4.1.3 to 5.0.0
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.1.3 to 5.0.0.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.1.3...v5.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:59:54 +00:00
dependabot[bot] 617fd3907e Bump eslint-plugin-github from 4.7.0 to 4.8.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.7.0 to 4.8.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.7.0...v4.8.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:59:21 +00:00
dependabot[bot] 537fc8f28d Bump got from 12.6.0 to 13.0.0
Bumps [got](https://github.com/sindresorhus/got) from 12.6.0 to 13.0.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.6.0...v13.0.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:58:58 +00:00
Federico Builes 1360a344cc Merge pull request #494 from actions/fix-purl-bug
Empty PURLs should not block the action from running
2023-05-31 17:11:07 +02:00
22 changed files with 38249 additions and 27525 deletions
+2 -2
View File
@@ -21,10 +21,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set Node.js 18.x
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: 18.x
cache: npm
+4 -4
View File
@@ -14,8 +14,8 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
cache: npm
@@ -27,8 +27,8 @@ jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
cache: npm
+1 -1
View File
@@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@main
+1 -1
View File
@@ -79,7 +79,7 @@ Here are a few things you can do that will increase the likelihood of your pull
- Write tests.
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
- Write a [good commit message](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Cutting a new release
+22 -18
View File
@@ -31,7 +31,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
```
@@ -43,7 +43,7 @@ This action is available in Enterprise Server starting with version 3.6. Make su
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
and [GitHub
Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
are enabled.
are enabled, and that you have installed the [dependency-review-action](https://github.com/actions/dependency-review-action) on the server.
You can use the same workflow as above, replacing the `runs-on` value
with the label of any of your runners (the default label
@@ -57,7 +57,7 @@ jobs:
runs-on: self-hosted
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
```
@@ -66,18 +66,22 @@ jobs:
Configure this action by either inlining these options in your workflow file, or by using an external configuration file. All configuration options are optional.
| Option | Usage | Possible values | Default value |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | ------------- |
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
| `allow-licenses`\* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `deny-licenses`\* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` |
| Option | Usage | Possible values | Default value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------- |
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
| `allow-licenses`\* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `deny-licenses`\* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `fail-on-scopes` | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `always`, `on-failure`, `never` | `never` |
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |
| `retry-on-snapshot-warnings`\* | Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete. | `true`, `false` | `false` |
| `retry-on-snapshot-warnings-timeout`\* | Maximum amount of time (in seconds) to retry the action while waiting for dependency submission actions to complete. | Any positive integer | 120 |
\*not supported for use with GitHub Enterprise Server
@@ -99,7 +103,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
@@ -124,7 +128,7 @@ Start by specifying that you will be using an external configuration file:
```yaml
- name: Dependency Review
uses: actions/dependency-review-action@v2
uses: actions/dependency-review-action@v3
with:
config-file: './.github/dependency-review-config.yml'
```
@@ -144,7 +148,7 @@ For more examples of how to use this action and its configuration options, see t
### Considerations
- Checking for licenses is not supported on Enterprise Server.
- Checking for licenses is not supported on Enterprise Server as the API does not return license information.
- The action will only accept one of the two `license` parameters; an error will be raised if you provide both.
- We don't have license information for all of your dependents. If we can't detect the license for a dependency **we will inform you, but the action won't fail**.
+26
View File
@@ -171,3 +171,29 @@ describe('licenses that are not valid SPDX licenses', () => {
)
})
})
test('it parses the comment-summary-in-pr input', async () => {
setInput('comment-summary-in-pr', 'true')
let config = await readConfig()
expect(config.comment_summary_in_pr).toBe('always')
clearInputs()
setInput('comment-summary-in-pr', 'false')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('never')
clearInputs()
setInput('comment-summary-in-pr', 'always')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('always')
clearInputs()
setInput('comment-summary-in-pr', 'never')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('never')
clearInputs()
setInput('comment-summary-in-pr', 'on-failure')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('on-failure')
})
+166
View File
@@ -0,0 +1,166 @@
import {expect, jest, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
let getDeniedChanges: Function
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const pipChange: Change = {
change_type: 'added',
manifest: 'requirements.txt',
ecosystem: 'pip',
name: 'package-1',
version: '1.1.1',
package_url: 'pkg:pip/package-1@1.1.1',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const mvnChange: Change = {
change_type: 'added',
manifest: 'pom.xml',
ecosystem: 'maven',
name: 'org.apache.logging.log4j:log4j-core',
version: '2.15.0',
package_url: 'pkg:maven/org.apache.logging.log4j/log4j-core@2.14.7',
license: 'Apache-2.0',
source_repository_url:
'https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core',
scope: 'unknown',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
jest.mock('@actions/core')
const mockOctokit = {
rest: {
licenses: {
getForRepo: jest
.fn()
.mockReturnValue({data: {license: {spdx_id: 'AGPL'}}})
}
}
}
jest.mock('octokit', () => {
return {
// eslint-disable-next-line @typescript-eslint/no-extraneous-class
Octokit: class {
constructor() {
return mockOctokit
}
}
}
})
beforeEach(async () => {
jest.resetModules()
jest.doMock('spdx-satisfies', () => {
// mock spdx-satisfies return value
// true for BSD, false for all others
return jest.fn((license: string, _: string): boolean => license === 'BSD')
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getDeniedChanges} = require('../src/deny'))
})
test('it adds packages in the deny packages list', async () => {
const changes: Changes = [npmChange, rubyChange]
const deniedChanges = await getDeniedChanges(
changes,
['pkg:gem/actionsomething'],
[]
)
expect(deniedChanges[0]).toBe(rubyChange)
expect(deniedChanges.length).toEqual(1)
})
test('it adds packages in the deny group list', async () => {
const changes: Changes = [mvnChange, rubyChange]
const deniedChanges = await getDeniedChanges(
changes,
[],
['pkg:maven/org.apache.logging.log4j']
)
expect(deniedChanges[0]).toBe(mvnChange)
expect(deniedChanges.length).toEqual(1)
})
test('it adds packages outside of the deny lists', async () => {
const changes: Changes = [npmChange, pipChange]
const deniedChanges = await getDeniedChanges(
changes,
['pkg:gem/actionsomething'],
['pkg:maven:org.apache.logging.log4j']
)
expect(deniedChanges.length).toEqual(0)
})
+34 -5
View File
@@ -24,7 +24,11 @@ const defaultConfig: ConfigurationOptions = {
allow_ghsas: [],
allow_licenses: [],
deny_licenses: [],
comment_summary_in_pr: true
deny_packages: [],
deny_groups: [],
comment_summary_in_pr: true,
retry_on_snapshot_warnings: false,
retry_on_snapshot_warnings_timeout: 120
}
const changesWithEmptyManifests: Changes = [
@@ -70,6 +74,7 @@ test('prints headline as h1', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
@@ -81,6 +86,7 @@ test('only includes "No vulnerabilities or license issues found"-message if both
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
@@ -90,7 +96,12 @@ test('only includes "No vulnerabilities or license issues found"-message if both
test('only includes "No vulnerabilities found"-message if "license_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, license_check: false}
summary.addSummaryToSummary(emptyChanges, emptyInvalidLicenseChanges, config)
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
config
)
const text = core.summary.stringify()
expect(text).toContain('✅ No vulnerabilities found.')
@@ -98,7 +109,12 @@ test('only includes "No vulnerabilities found"-message if "license_check" is set
test('only includes "No license issues found"-message if "vulnerability_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, vulnerability_check: false}
summary.addSummaryToSummary(emptyChanges, emptyInvalidLicenseChanges, config)
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
config
)
const text = core.summary.stringify()
expect(text).toContain('✅ No license issues found.')
@@ -108,6 +124,7 @@ test('groups dependencies with empty manifest paths together', () => {
summary.addSummaryToSummary(
changesWithEmptyManifests,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
summary.addScannedDependencies(changesWithEmptyManifests)
@@ -124,6 +141,7 @@ test('does not include status section if nothing was found', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
@@ -142,7 +160,12 @@ test('includes count and status icons for all findings', () => {
unlicensed: [createTestChange(), createTestChange(), createTestChange()]
}
summary.addSummaryToSummary(vulnerabilities, licenseIssues, defaultConfig)
summary.addSummaryToSummary(
vulnerabilities,
licenseIssues,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('❌ 2 vulnerable package(s)')
@@ -159,6 +182,7 @@ test('uses checkmarks for license issues if only vulnerabilities were found', ()
summary.addSummaryToSummary(
vulnerabilities,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
@@ -178,7 +202,12 @@ test('uses checkmarks for vulnerabilities if only license issues were found', ()
unlicensed: []
}
summary.addSummaryToSummary(emptyChanges, licenseIssues, defaultConfig)
summary.addSummaryToSummary(
emptyChanges,
licenseIssues,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('✅ 0 vulnerable package(s)')
+15 -1
View File
@@ -45,8 +45,22 @@ inputs:
description: A boolean to determine if vulnerability checks should be performed
required: false
comment-summary-in-pr:
description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
description: Determines if the summary is posted as a comment in the PR itself. Setting this to `always` or `on-failure` requires you to give the workflow the write permissions for pull-requests
required: false
deny-packages:
description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
deny-groups:
description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
retry-on-snapshot-warnings:
description: Whether to retry on snapshot warnings
required: false
default: false
retry-on-snapshot-warnings-timeout:
description: Number of seconds to wait before stopping snapshot retries.
required: false
default: 120
runs:
using: 'node16'
main: 'dist/index.js'
Generated Vendored
+34346 -24648
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+280 -2
View File
@@ -47,6 +47,28 @@ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@fastify/busboy
MIT
Copyright Brian White. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
@octokit/app
MIT
The MIT License
@@ -1175,9 +1197,240 @@ FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TOR
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash
lodash.includes
MIT
Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isboolean
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isinteger
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isnumber
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isplainobject
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isstring
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.once
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
@@ -1517,6 +1770,31 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
undici
MIT
MIT License
Copyright (c) Matteo Collina and Undici contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
universal-github-app-jwt
MIT
The MIT License
+78 -14
View File
@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
```
@@ -39,7 +39,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
@@ -76,14 +76,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: './.github/dependency-review-config.yml'
```
## Using a configuration file from a external repository
## Using a configuration file from an external repository
The following example will use a configuration file from an external public GitHub repository to configure the action.
@@ -103,14 +103,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: 'github/octorepo/dependency-review-config.yml@main'
```
## Using a configuration file from a external repository with a personal access token
## Using a configuration file from an external repository with a personal access token
The following example will use a configuration file from an external private GtiHub repository to configure the action.
@@ -130,12 +130,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: 'github/octorepo-private/dependency-review-config.yml@main'
config-file-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
```
## Getting the results of the action in the PR as a comment
@@ -155,13 +155,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
comment-summary-in-pr: true
comment-summary-in-pr: always
```
## Exclude dependencies from the license check
@@ -183,13 +183,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
comment-summary-in-pr: true
comment-summary-in-pr: always
allow-dependencies-licenses: 'pkg:npm/loadash, pkg:pip/requests'
```
@@ -222,11 +222,75 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
comment-summary-in-pr: true
comment-summary-in-pr: always
license-check: false
```
## Exclude dependencies from their name or groups
Using the `deny-packages` option you can exclude dependencies by their PURL. You can add multiple values separated by a commas.
Using the `deny-groups` option you can exclude dependencies by their group name/namespace. You can add multiple values separated by a comma.
In this example, we are excluding `pkg:maven/org.apache.logging.log4j:log4j-api` and `pkg:maven/org.apache.logging.log4j/log4j-core` from `maven` and all packages in the group `pkg:maven/com.bazaarvoice.maven`
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
deny-packages: 'pkg:maven/org.apache.logging.log4j/log4j-api,pkg:maven/org.apache.logging.log4j/log4j-core'
deny-groups: 'pkg:maven/com.bazaarvoice.jolt'
```
## Waiting for dependency submission jobs to complete
When possible, this action will [include dependencies submitted through the dependency submission API][DSAPI]. In this case,
it's important for the action not to complete until all of the relevant dependencies have been submitted for both the base
and head commits.
When this action runs before one or more of the dependency submission actions, there will be an unequal number of dependency
snapshots between the base and head commits. For example, there may be one snapshot available for the tip of `main` and none
for the PR branch. In that case, the API response will contain a "snapshot warning" explaining the discrepancy.
In this example, when the action encounters one of these warnings it will retry every 10 seconds after that for 60 seconds
or until there is no warning in the response.
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
retry-on-snapshot-warnings: true
retry-on-snapshot-warnings-timeout: 60
```
[DSAPI]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together
+3010 -2769
View File
File diff suppressed because it is too large Load Diff
+25 -27
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "3.0.6",
"version": "3.1.2",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -25,39 +25,37 @@
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/core": "^1.10.1",
"@actions/github": "^5.1.1",
"@octokit/plugin-retry": "^4.1.1",
"@octokit/plugin-retry": "^5.0.4",
"@octokit/request-error": "^2.1.0",
"@types/jest": "^29.5.5",
"ansi-styles": "^6.2.1",
"got": "^12.6.0",
"nodemon": "^2.0.22",
"octokit": "^2.0.16",
"packageurl-js": "^1.0.2",
"got": "^13.0.0",
"jest": "^29.7.0",
"octokit": "^2.1.0",
"packageurl-js": "^1.2.0",
"spdx-expression-parse": "^3.0.1",
"spdx-satisfies": "^5.0.1",
"yaml": "^2.3.1",
"zod": "^3.21.4"
"ts-jest": "^29.1.1",
"yaml": "^2.3.4",
"zod": "^3.22.3"
},
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.34",
"@typescript-eslint/eslint-plugin": "^5.48.1",
"@typescript-eslint/parser": "^5.48.0",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@typescript-eslint/eslint-plugin": "^5.59.8",
"@typescript-eslint/parser": "^5.59.8",
"@vercel/ncc": "^0.36.1",
"esbuild-register": "^3.4.2",
"eslint": "^8.41.0",
"eslint-plugin-github": "^4.7.0",
"eslint-plugin-jest": "^27.2.1",
"jest": "^27.5.1",
"@types/node": "^16.18.58",
"@types/spdx-expression-parse": "^3.0.4",
"@types/spdx-satisfies": "^0.1.1",
"@typescript-eslint/eslint-plugin": "^6.9.1",
"@typescript-eslint/parser": "^6.9.1",
"@vercel/ncc": "^0.38.0",
"esbuild-register": "^3.5.0",
"eslint": "^8.52.0",
"eslint-plugin-github": "^4.10.1",
"eslint-plugin-jest": "^27.6.0",
"eslint-plugin-prettier": "^5.0.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.22",
"prettier": "2.8.8",
"ts-jest": "^27.1.4",
"typescript": "^4.9.5"
"nodemon": "^3.0.1",
"prettier": "3.0.3",
"typescript": "^5.2.2"
}
}
+10 -4
View File
@@ -6,7 +6,7 @@
* npx ts-node scripts/create_summary.ts
*/
import {Changes, ConfigurationOptions} from '../src/schemas'
import {Change, Changes, ConfigurationOptions} from '../src/schemas'
import {createTestChange} from '../__tests__/fixtures/create-test-change'
import {InvalidLicenseChanges} from '../src/licenses'
import * as fs from 'fs'
@@ -22,13 +22,17 @@ const defaultConfig: ConfigurationOptions = {
allow_ghsas: [],
allow_licenses: ['MIT'],
deny_licenses: [],
deny_packages: [],
deny_groups: [],
allow_dependencies_licenses: [
'pkg:npm/express@4.17.1',
'pkg:pip/requests',
'pkg:pip/certifi',
'pkg:pip/pycrypto@2.6.1'
],
comment_summary_in_pr: true
comment_summary_in_pr: true,
retry_on_snapshot_warnings: false,
retry_on_snapshot_warnings_timeout: 120
}
const tmpDir = path.resolve(__dirname, '../tmp')
@@ -44,6 +48,7 @@ const createNonIssueSummary = async (): Promise<void> => {
await createSummary(
[],
{forbidden: [], unresolved: [], unlicensed: []},
[],
defaultConfig,
'non-issue-summary.md'
)
@@ -85,16 +90,17 @@ const createFullSummary = async (): Promise<void> => {
]
}
await createSummary(changes, licenses, defaultConfig, 'full-summary.md')
await createSummary(changes, licenses, [], defaultConfig, 'full-summary.md')
}
async function createSummary(
vulnerabilities: Changes,
licenseIssues: InvalidLicenseChanges,
denied: Change[],
config: ConfigurationOptions,
fileName: string
): Promise<void> {
summary.addSummaryToSummary(vulnerabilities, licenseIssues, config)
summary.addSummaryToSummary(vulnerabilities, licenseIssues, denied, config)
summary.addChangeVulnerabilitiesToSummary(
vulnerabilities,
config.fail_on_severity
+2 -2
View File
@@ -74,8 +74,8 @@ async function findCommentByMarker(
)
for await (const {data: comments} of commentsIterator) {
const existingComment = comments.find(comment =>
comment.body?.includes(commentBodyIncludes)
const existingComment = comments.find(
comment => comment.body?.includes(commentBodyIncludes)
)
if (existingComment) return existingComment.id
}
+23 -3
View File
@@ -33,12 +33,20 @@ function readInlineConfig(): ConfigurationOptionsPartial {
const allow_dependencies_licenses = parseList(
getOptionalInput('allow-dependencies-licenses')
)
const deny_packages = parseList(getOptionalInput('deny-packages'))
const deny_groups = parseList(getOptionalInput('deny-groups'))
const allow_ghsas = parseList(getOptionalInput('allow-ghsas'))
const license_check = getOptionalBoolean('license-check')
const vulnerability_check = getOptionalBoolean('vulnerability-check')
const base_ref = getOptionalInput('base-ref')
const head_ref = getOptionalInput('head-ref')
const comment_summary_in_pr = getOptionalBoolean('comment-summary-in-pr')
const comment_summary_in_pr = getOptionalInput('comment-summary-in-pr')
const retry_on_snapshot_warnings = getOptionalBoolean(
'retry-on-snapshot-warnings'
)
const retry_on_snapshot_warnings_timeout = getOptionalNumber(
'retry-on-snapshot-warnings-timeout'
)
validatePURL(allow_dependencies_licenses)
validateLicenses('allow-licenses', allow_licenses)
@@ -49,13 +57,17 @@ function readInlineConfig(): ConfigurationOptionsPartial {
fail_on_scopes,
allow_licenses,
deny_licenses,
deny_packages,
deny_groups,
allow_dependencies_licenses,
allow_ghsas,
license_check,
vulnerability_check,
base_ref,
head_ref,
comment_summary_in_pr
comment_summary_in_pr,
retry_on_snapshot_warnings,
retry_on_snapshot_warnings_timeout
}
return Object.fromEntries(
@@ -63,6 +75,12 @@ function readInlineConfig(): ConfigurationOptionsPartial {
)
}
function getOptionalNumber(name: string): number | undefined {
const value = core.getInput(name)
const parsed = z.string().regex(/^\d+$/).transform(Number).safeParse(value)
return parsed.success ? parsed.data : undefined
}
function getOptionalBoolean(name: string): boolean | undefined {
const value = core.getInput(name)
return value.length > 0 ? core.getBooleanInput(name) : undefined
@@ -137,7 +155,9 @@ function parseConfigFile(configData: string): ConfigurationOptionsPartial {
'deny-licenses',
'fail-on-scopes',
'allow-ghsas',
'allow-dependencies-licenses'
'allow-dependencies-licenses',
'deny-packages',
'deny-groups'
]
for (const key of Object.keys(data)) {
+42
View File
@@ -0,0 +1,42 @@
import {Change} from './schemas'
import * as core from '@actions/core'
export async function getDeniedChanges(
changes: Change[],
deniedPackages: string[],
deniedGroups: string[]
): Promise<Change[]> {
const changesDenied: Change[] = []
let failed = false
for (const change of changes) {
change.name = change.name.toLowerCase()
const packageUrl = change.package_url.toLowerCase().split('@')[0]
if (deniedPackages) {
for (const denied of deniedPackages) {
if (packageUrl === denied.split('@')[0].toLowerCase()) {
changesDenied.push(change)
failed = true
}
}
}
if (deniedGroups) {
for (const denied of deniedGroups) {
if (packageUrl.startsWith(denied.toLowerCase())) {
changesDenied.push(change)
failed = true
}
}
}
}
if (failed) {
core.setFailed('Dependency review detected denied packages.')
} else {
core.info('Dependency review did not detect any denied packages')
}
return changesDenied
}
+86 -9
View File
@@ -3,7 +3,7 @@ import * as dependencyGraph from './dependency-graph'
import * as github from '@actions/github'
import styles from 'ansi-styles'
import {RequestError} from '@octokit/request-error'
import {Change, Severity, Changes} from './schemas'
import {Change, Severity, Changes, ConfigurationOptions} from './schemas'
import {readConfig} from '../src/config'
import {
filterChangesBySeverity,
@@ -16,6 +16,43 @@ import {getRefs} from './git-refs'
import {groupDependenciesByManifest} from './utils'
import {commentPr} from './comment-pr'
import {getDeniedChanges} from './deny'
async function delay(ms: number): Promise<void> {
return new Promise(resolve => setTimeout(resolve, ms))
}
async function getComparison(
baseRef: string,
headRef: string,
retryOpts?: {
retryUntil: number
retryDelay: number
}
): ReturnType<typeof dependencyGraph.compare> {
const comparison = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef,
headRef
})
if (comparison.snapshot_warnings.trim() !== '') {
core.info(comparison.snapshot_warnings)
if (retryOpts !== undefined) {
if (retryOpts.retryUntil < Date.now()) {
core.info(`Retry timeout exceeded. Proceeding...`)
return comparison
} else {
core.info(`Retrying in ${retryOpts.retryDelay} seconds...`)
await delay(retryOpts.retryDelay * 1000)
return getComparison(baseRef, headRef, retryOpts)
}
}
}
return comparison
}
async function run(): Promise<void> {
try {
@@ -23,12 +60,18 @@ async function run(): Promise<void> {
const refs = getRefs(config, github.context)
const comparison = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef: refs.base,
headRef: refs.head
})
const comparison = await getComparison(
refs.base,
refs.head,
config.retry_on_snapshot_warnings
? {
retryUntil:
Date.now() + config.retry_on_snapshot_warnings_timeout * 1000,
retryDelay: 10
}
: undefined
)
const changes = comparison.changes
const snapshot_warnings = comparison.snapshot_warnings
@@ -63,14 +106,24 @@ async function run(): Promise<void> {
}
)
core.debug(`Filtered Changes: ${JSON.stringify(filteredChanges)}`)
core.debug(`Config Deny Packages: ${JSON.stringify(config)}`)
const deniedChanges = await getDeniedChanges(
filteredChanges,
config.deny_packages,
config.deny_groups
)
summary.addSummaryToSummary(
vulnerableChanges,
invalidLicenseChanges,
deniedChanges,
config
)
if (snapshot_warnings) {
summary.addSnapshotWarnings(snapshot_warnings)
summary.addSnapshotWarnings(config, snapshot_warnings)
}
if (config.vulnerability_check) {
@@ -81,10 +134,18 @@ async function run(): Promise<void> {
summary.addLicensesToSummary(invalidLicenseChanges, config)
printLicensesBlock(invalidLicenseChanges)
}
if (config.deny_packages || config.deny_groups) {
summary.addDeniedToSummary(deniedChanges)
printDeniedDependencies(deniedChanges, config)
}
summary.addScannedDependencies(changes)
printScannedDependencies(changes)
if (config.comment_summary_in_pr) {
if (
config.comment_summary_in_pr === 'always' ||
(config.comment_summary_in_pr === 'on-failure' &&
process.exitCode === core.ExitCode.Failure)
) {
await commentPr(core.summary)
}
} catch (error) {
@@ -239,4 +300,20 @@ function printScannedDependencies(changes: Changes): void {
})
}
function printDeniedDependencies(
changes: Change[],
config: ConfigurationOptions
): void {
core.group('Denied', async () => {
for (const denied of config.deny_packages) {
core.info(`Config: ${denied}`)
}
for (const change of changes) {
core.info(`Change: ${change.name}@${change.version} is denied`)
core.info(`Change: ${change.package_url} is denied`)
}
})
}
run()
+21 -1
View File
@@ -42,12 +42,32 @@ export const ConfigurationOptionsSchema = z
deny_licenses: z.array(z.string()).optional(),
allow_dependencies_licenses: z.array(z.string()).optional(),
allow_ghsas: z.array(z.string()).default([]),
deny_packages: z.array(z.string()).default([]),
deny_groups: z.array(z.string()).default([]),
license_check: z.boolean().default(true),
vulnerability_check: z.boolean().default(true),
config_file: z.string().optional(),
base_ref: z.string().optional(),
head_ref: z.string().optional(),
comment_summary_in_pr: z.boolean().default(false)
retry_on_snapshot_warnings: z.boolean().default(false),
retry_on_snapshot_warnings_timeout: z.number().default(120),
comment_summary_in_pr: z
.union([
z.preprocess(
val => (val === 'true' ? true : val === 'false' ? false : val),
z.boolean()
),
z.enum(['always', 'never', 'on-failure'])
])
.default('never')
})
.transform(config => {
if (config.comment_summary_in_pr === true) {
config.comment_summary_in_pr = 'always'
} else if (config.comment_summary_in_pr === false) {
config.comment_summary_in_pr = 'never'
}
return config
})
.superRefine((config, context) => {
if (config.allow_licenses && config.deny_licenses) {
+54 -13
View File
@@ -1,5 +1,5 @@
import * as core from '@actions/core'
import {ConfigurationOptions, Changes} from './schemas'
import {ConfigurationOptions, Changes, Change} from './schemas'
import {SummaryTableRow} from '@actions/core/lib/summary'
import {InvalidLicenseChanges, InvalidLicenseChangeTypes} from './licenses'
import {groupDependenciesByManifest, getManifestsSet, renderUrl} from './utils'
@@ -13,13 +13,15 @@ const icons = {
export function addSummaryToSummary(
vulnerableChanges: Changes,
invalidLicenseChanges: InvalidLicenseChanges,
deniedChanges: Changes,
config: ConfigurationOptions
): void {
core.summary.addHeading('Dependency Review', 1)
if (
vulnerableChanges.length === 0 &&
countLicenseIssues(invalidLicenseChanges) === 0
countLicenseIssues(invalidLicenseChanges) === 0 &&
deniedChanges.length === 0
) {
if (!config.license_check) {
core.summary.addRaw(`${icons.check} No vulnerabilities found.`)
@@ -56,6 +58,13 @@ export function addSummaryToSummary(
invalidLicenseChanges.unlicensed.length
} package(s) with unknown licenses.`
]
: []),
...(deniedChanges.length > 0
? [
`${checkOrWarnIcon(deniedChanges.length)} ${
deniedChanges.length
} package(s) denied.`
]
: [])
])
.addRaw('See the Details below.')
@@ -222,21 +231,34 @@ export function addScannedDependencies(changes: Changes): void {
}
}
export function addSnapshotWarnings(warnings: string): void {
// For now, we want to ignore warnings that just complain
// about missing snapshots on the head SHA. This is a product
// decision to avoid presenting warnings to users who simply
// don't use snapshots.
const ignore_regex = new RegExp(/No.*snapshot.*found.*head.*/, 'i')
if (ignore_regex.test(warnings)) {
return
function snapshotWarningRecommendation(
config: ConfigurationOptions,
warnings: string
): string {
const no_pr_snaps = warnings.includes(
'No snapshots were found for the head SHA'
)
const retries_disabled = !config.retry_on_snapshot_warnings
if (no_pr_snaps && retries_disabled) {
return 'Ensure that dependencies are being submitted on PR branches and consider enabling <em>retry-on-snapshot-warnings</em>.'
} else if (no_pr_snaps) {
return 'Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue.'
} else if (retries_disabled) {
return 'Consider enabling <em>retry-on-snapshot-warnings</em>.'
}
return 'Re-running this action after a short time may resolve the issue.'
}
export function addSnapshotWarnings(
config: ConfigurationOptions,
warnings: string
): void {
core.summary.addHeading('Snapshot Warnings', 2)
core.summary.addQuote(`${icons.warning}: ${warnings}`)
core.summary.addRaw(
'Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.'
)
const recommendation = snapshotWarningRecommendation(config, warnings)
const docsLink =
'See <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together">the documentation</a> for more information and troubleshooting advice.'
core.summary.addRaw(`${recommendation} ${docsLink}`)
}
function countLicenseIssues(
@@ -248,6 +270,25 @@ function countLicenseIssues(
)
}
export function addDeniedToSummary(deniedChanges: Change[]): void {
if (deniedChanges.length === 0) {
return
}
core.summary.addHeading('Denied dependencies', 2)
for (const change of deniedChanges) {
core.summary.addHeading(`<em>Denied dependencies</em>`, 4)
core.summary.addTable([
['Package', 'Version', 'License'],
[
renderUrl(change.source_repository_url, change.name),
change.version,
change.license || ''
]
])
}
}
function checkOrFailIcon(count: number): string {
return count === 0 ? icons.check : icons.cross
}