Compare commits

...

21 Commits

Author SHA1 Message Date
Federico Builes 369356e2e7 Fixing merge conflict in dist/
# Conflicts:
#	dist/index.js.map
2022-11-16 11:24:44 +01:00
cnagadya 13fe21bc0a Merge pull request #331 from actions/octokit/enterprise
Set octokit baseurl for GHES
2022-11-16 10:03:07 +01:00
Federico Builes 136c0838bf Merge pull request #332 from actions/dependabot/npm_and_yarn/typescript-4.9.3
Bump typescript from 4.8.4 to 4.9.3
2022-11-16 07:04:34 +01:00
dependabot[bot] 8ed85b3757 Bump typescript from 4.8.4 to 4.9.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.4 to 4.9.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-16 01:11:56 +00:00
Federico Builes a952d7b1b7 adding dist 2022-11-15 22:34:15 +01:00
Federico Builes b8e622f102 Move test out of failing block. 2022-11-15 22:33:31 +01:00
Federico Builes ac059c649c Checkpoint! 2022-11-15 22:29:00 +01:00
Federico Builes 93652d7af0 Fix failing tests. 2022-11-15 22:28:50 +01:00
Federico Builes ba127cac5e Adding a test to confirm lists work properly in config files. 2022-11-15 22:25:26 +01:00
Federico Builes 1dd7392739 Adding fixture for testing config file string lists. 2022-11-15 22:25:13 +01:00
cnagadya 8f801ec4bb Update external-repo-token requirements 2022-11-15 12:25:35 +00:00
Federico Builes 2d265aa7cc Updating dist. 2022-11-15 07:50:53 +01:00
Federico Builes c57c602135 Force error casting to get messages! 2022-11-15 07:50:45 +01:00
Federico Builes c2097b2a9b Updating copy in a test. 2022-11-15 07:50:32 +01:00
Federico Builes 0a055a6a13 Improve error messages for external config files. 2022-11-15 07:45:29 +01:00
Federico Builes 3417e62ba2 Merge pull request #328 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.43.0
Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
2022-11-15 05:38:42 +01:00
dependabot[bot] 49fecaf158 Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 04:33:19 +00:00
Federico Builes 173a4b8d96 Merge pull request #329 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.43.0
Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
2022-11-15 05:32:34 +01:00
dependabot[bot] db1829cd87 Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 01:05:54 +00:00
cnagadya d87317e782 Set octokit baseurl for enterprise 2022-11-14 13:49:52 +00:00
Federico Builes 30d5821115 Bumping version number 2022-11-11 15:41:53 +01:00
9 changed files with 190 additions and 108 deletions
+1 -1
View File
@@ -115,7 +115,7 @@ You can use an external configuration file to specify the settings for this acti
| Option | Usage | Possible values |
|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
| `external-repo-token` | Specifies a token for fetching the configuration file if the file resides in a private external repository. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
#### Example
+13 -3
View File
@@ -113,7 +113,7 @@ test('it reads an external config file', async () => {
test('raises an error when the the config file was not found', async () => {
setInput('config-file', 'fixtures/i-dont-exist')
await expect(readConfig()).rejects.toThrow(/Unable to fetch config file/)
await expect(readConfig()).rejects.toThrow(/Unable to fetch/)
})
test('it parses options from both sources', async () => {
@@ -232,6 +232,16 @@ test('it is not possible to disable both checks', async () => {
)
})
test('it supports comma-separated lists', async () => {
setInput(
'config-file',
'./__tests__/fixtures/inline-license-config-sample.yml'
)
let config = await readConfig()
expect(config.allow_licenses).toEqual(['MIT', 'GPL-2.0-only'])
})
describe('licenses that are not valid SPDX licenses', () => {
beforeAll(() => {
jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(false)
@@ -240,14 +250,14 @@ describe('licenses that are not valid SPDX licenses', () => {
test('it raises an error for invalid licenses in allow-licenses', async () => {
setInput('allow-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in allow-licenses: BSD, GPL 2'
'Invalid license(s) in allow-licenses: BSD,GPL 2'
)
})
test('it raises an error for invalid licenses in deny-licenses', async () => {
setInput('deny-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in deny-licenses: BSD, GPL 2'
'Invalid license(s) in deny-licenses: BSD,GPL 2'
)
})
})
@@ -0,0 +1 @@
allow-licenses: MIT, GPL-2.0-only
Generated Vendored
+39 -3
View File
@@ -802,6 +802,11 @@ function isSPDXValid(license) {
}
}
exports.isSPDXValid = isSPDXValid;
function isEnterprise() {
var _a;
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
return serverUrl.hostname.toLowerCase() !== 'github.com';
}
function octokitClient(token = 'repo-token', required = true) {
const opts = {};
// auth is only added if token is present. For remote config files in public
@@ -810,6 +815,11 @@ function octokitClient(token = 'repo-token', required = true) {
if (auth !== undefined) {
opts['auth'] = auth;
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
}
return new octokit_1.Octokit(opts);
}
exports.octokitClient = octokitClient;
@@ -27507,7 +27517,7 @@ function validateLicenses(key, licenses) {
}
const invalid_licenses = licenses.filter(license => !(0, utils_1.isSPDXValid)(license));
if (invalid_licenses.length > 0) {
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses.join(', ')}`);
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`);
}
}
function readConfigFile(filePath) {
@@ -27531,15 +27541,31 @@ function readConfigFile(filePath) {
return parseConfigFile(data);
}
catch (error) {
core.debug(error);
throw new Error('Unable to fetch config file');
throw new Error(`Unable to fetch or parse config file: ${error.message}`);
}
});
}
function parseConfigFile(configData) {
try {
const data = yaml_1.default.parse(configData);
// These are the options that we support where the user can provide
// either a YAML list or a comma-separated string.
const listKeys = [
'allow-licenses',
'deny-licenses',
'fail-on-scopes',
'allow-ghsas'
];
for (const key of Object.keys(data)) {
// strings can contain list values (e.g. 'MIT, Apache-2.0'). In this
// case we need to parse that into a list (e.g. ['MIT', 'Apache-2.0']).
if (listKeys.includes(key)) {
const val = data[key];
if (typeof val === 'string') {
data[key] = val.split(',').map(x => x.trim());
}
}
// perform SPDX validation
if (key === 'allow-licenses' || key === 'deny-licenses') {
validateLicenses(key, data[key]);
}
@@ -27830,6 +27856,11 @@ function isSPDXValid(license) {
}
}
exports.isSPDXValid = isSPDXValid;
function isEnterprise() {
var _a;
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
return serverUrl.hostname.toLowerCase() !== 'github.com';
}
function octokitClient(token = 'repo-token', required = true) {
const opts = {};
// auth is only added if token is present. For remote config files in public
@@ -27838,6 +27869,11 @@ function octokitClient(token = 'repo-token', required = true) {
if (auth !== undefined) {
opts['auth'] = auth;
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
}
return new octokit_1.Octokit(opts);
}
exports.octokitClient = octokitClient;
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+91 -91
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
@@ -27,8 +27,8 @@
"@types/node": "^16.18.3",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@typescript-eslint/eslint-plugin": "^5.42.1",
"@typescript-eslint/parser": "^5.42.1",
"@typescript-eslint/eslint-plugin": "^5.43.0",
"@typescript-eslint/parser": "^5.43.0",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.4.1",
"eslint": "^8.27.0",
@@ -39,7 +39,7 @@
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"ts-jest": "^27.1.4",
"typescript": "^4.8.4"
"typescript": "^4.9.3"
}
},
"node_modules/@actions/core": {
@@ -1852,14 +1852,14 @@
"dev": true
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.42.1.tgz",
"integrity": "sha512-LyR6x784JCiJ1j6sH5Y0K6cdExqCCm8DJUTcwG5ThNXJj/G8o5E56u5EdG4SLy+bZAwZBswC+GYn3eGdttBVCg==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.43.0.tgz",
"integrity": "sha512-wNPzG+eDR6+hhW4yobEmpR36jrqqQv1vxBq5LJO3fBAktjkvekfr4BRl+3Fn1CM/A+s8/EiGUbOMDoYqWdbtXA==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/type-utils": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/type-utils": "5.43.0",
"@typescript-eslint/utils": "5.43.0",
"debug": "^4.3.4",
"ignore": "^5.2.0",
"natural-compare-lite": "^1.4.0",
@@ -1885,14 +1885,14 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.42.1.tgz",
"integrity": "sha512-kAV+NiNBWVQDY9gDJDToTE/NO8BHi4f6b7zTsVAJoTkmB/zlfOpiEVBzHOKtlgTndCKe8vj9F/PuolemZSh50Q==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.43.0.tgz",
"integrity": "sha512-2iHUK2Lh7PwNUlhFxxLI2haSDNyXvebBO9izhjhMoDC+S3XI9qt2DGFUsiJ89m2k7gGYch2aEpYqV5F/+nwZug==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/typescript-estree": "5.43.0",
"debug": "^4.3.4"
},
"engines": {
@@ -1912,13 +1912,13 @@
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.42.1.tgz",
"integrity": "sha512-QAZY/CBP1Emx4rzxurgqj3rUinfsh/6mvuKbLNMfJMMKYLRBfweus8brgXF8f64ABkIZ3zdj2/rYYtF8eiuksQ==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.43.0.tgz",
"integrity": "sha512-XNWnGaqAtTJsUiZaoiGIrdJYHsUOd3BZ3Qj5zKp9w6km6HsrjPk/TGZv0qMTWyWj0+1QOqpHQ2gZOLXaGA9Ekw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1"
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/visitor-keys": "5.43.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1929,13 +1929,13 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.42.1.tgz",
"integrity": "sha512-WWiMChneex5w4xPIX56SSnQQo0tEOy5ZV2dqmj8Z371LJ0E+aymWD25JQ/l4FOuuX+Q49A7pzh/CGIQflxMVXg==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.43.0.tgz",
"integrity": "sha512-K21f+KY2/VvYggLf5Pk4tgBOPs2otTaIHy2zjclo7UZGLyFH86VfUOm5iq+OtDtxq/Zwu2I3ujDBykVW4Xtmtg==",
"dev": true,
"dependencies": {
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/typescript-estree": "5.43.0",
"@typescript-eslint/utils": "5.43.0",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
},
@@ -1956,9 +1956,9 @@
}
},
"node_modules/@typescript-eslint/types": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.42.1.tgz",
"integrity": "sha512-Qrco9dsFF5lhalz+lLFtxs3ui1/YfC6NdXu+RAGBa8uSfn01cjO7ssCsjIsUs484vny9Xm699FSKwpkCcqwWwA==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.43.0.tgz",
"integrity": "sha512-jpsbcD0x6AUvV7tyOlyvon0aUsQpF8W+7TpJntfCUWU1qaIKu2K34pMwQKSzQH8ORgUrGYY6pVIh1Pi8TNeteg==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1969,13 +1969,13 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.42.1.tgz",
"integrity": "sha512-qElc0bDOuO0B8wDhhW4mYVgi/LZL+igPwXtV87n69/kYC/7NG3MES0jHxJNCr4EP7kY1XVsRy8C/u3DYeTKQmw==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.43.0.tgz",
"integrity": "sha512-BZ1WVe+QQ+igWal2tDbNg1j2HWUkAa+CVqdU79L4HP9izQY6CNhXfkNwd1SS4+sSZAP/EthI1uiCSY/+H0pROg==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/visitor-keys": "5.43.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -1996,16 +1996,16 @@
}
},
"node_modules/@typescript-eslint/utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.42.1.tgz",
"integrity": "sha512-Gxvf12xSp3iYZd/fLqiQRD4uKZjDNR01bQ+j8zvhPjpsZ4HmvEFL/tC4amGNyxN9Rq+iqvpHLhlqx6KTxz9ZyQ==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.43.0.tgz",
"integrity": "sha512-8nVpA6yX0sCjf7v/NDfeaOlyaIIqL7OaIGOWSPFqUKK59Gnumd3Wa+2l8oAaYO2lk0sO+SbWFWRSvhu8gLGv4A==",
"dev": true,
"dependencies": {
"@types/json-schema": "^7.0.9",
"@types/semver": "^7.3.12",
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/typescript-estree": "5.43.0",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0",
"semver": "^7.3.7"
@@ -2022,12 +2022,12 @@
}
},
"node_modules/@typescript-eslint/visitor-keys": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.42.1.tgz",
"integrity": "sha512-LOQtSF4z+hejmpUvitPlc4hA7ERGoj2BVkesOcG91HCn8edLGUXbTrErmutmPbl8Bo9HjAvOO/zBKQHExXNA2A==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.43.0.tgz",
"integrity": "sha512-icl1jNH/d18OVHLfcwdL3bWUKsBeIiKYTGxMJCoGe7xFht+E4QgzOqoWYrU8XSLJWhVw8nTacbm03v23J/hFTg==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/types": "5.43.0",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
@@ -7782,9 +7782,9 @@
}
},
"node_modules/typescript": {
"version": "4.8.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
"integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
"version": "4.9.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
"integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
"dev": true,
"bin": {
"tsc": "bin/tsc",
@@ -9652,14 +9652,14 @@
"dev": true
},
"@typescript-eslint/eslint-plugin": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.42.1.tgz",
"integrity": "sha512-LyR6x784JCiJ1j6sH5Y0K6cdExqCCm8DJUTcwG5ThNXJj/G8o5E56u5EdG4SLy+bZAwZBswC+GYn3eGdttBVCg==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.43.0.tgz",
"integrity": "sha512-wNPzG+eDR6+hhW4yobEmpR36jrqqQv1vxBq5LJO3fBAktjkvekfr4BRl+3Fn1CM/A+s8/EiGUbOMDoYqWdbtXA==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/type-utils": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/type-utils": "5.43.0",
"@typescript-eslint/utils": "5.43.0",
"debug": "^4.3.4",
"ignore": "^5.2.0",
"natural-compare-lite": "^1.4.0",
@@ -9669,53 +9669,53 @@
}
},
"@typescript-eslint/parser": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.42.1.tgz",
"integrity": "sha512-kAV+NiNBWVQDY9gDJDToTE/NO8BHi4f6b7zTsVAJoTkmB/zlfOpiEVBzHOKtlgTndCKe8vj9F/PuolemZSh50Q==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.43.0.tgz",
"integrity": "sha512-2iHUK2Lh7PwNUlhFxxLI2haSDNyXvebBO9izhjhMoDC+S3XI9qt2DGFUsiJ89m2k7gGYch2aEpYqV5F/+nwZug==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/typescript-estree": "5.43.0",
"debug": "^4.3.4"
}
},
"@typescript-eslint/scope-manager": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.42.1.tgz",
"integrity": "sha512-QAZY/CBP1Emx4rzxurgqj3rUinfsh/6mvuKbLNMfJMMKYLRBfweus8brgXF8f64ABkIZ3zdj2/rYYtF8eiuksQ==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.43.0.tgz",
"integrity": "sha512-XNWnGaqAtTJsUiZaoiGIrdJYHsUOd3BZ3Qj5zKp9w6km6HsrjPk/TGZv0qMTWyWj0+1QOqpHQ2gZOLXaGA9Ekw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1"
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/visitor-keys": "5.43.0"
}
},
"@typescript-eslint/type-utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.42.1.tgz",
"integrity": "sha512-WWiMChneex5w4xPIX56SSnQQo0tEOy5ZV2dqmj8Z371LJ0E+aymWD25JQ/l4FOuuX+Q49A7pzh/CGIQflxMVXg==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.43.0.tgz",
"integrity": "sha512-K21f+KY2/VvYggLf5Pk4tgBOPs2otTaIHy2zjclo7UZGLyFH86VfUOm5iq+OtDtxq/Zwu2I3ujDBykVW4Xtmtg==",
"dev": true,
"requires": {
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/typescript-estree": "5.43.0",
"@typescript-eslint/utils": "5.43.0",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
}
},
"@typescript-eslint/types": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.42.1.tgz",
"integrity": "sha512-Qrco9dsFF5lhalz+lLFtxs3ui1/YfC6NdXu+RAGBa8uSfn01cjO7ssCsjIsUs484vny9Xm699FSKwpkCcqwWwA==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.43.0.tgz",
"integrity": "sha512-jpsbcD0x6AUvV7tyOlyvon0aUsQpF8W+7TpJntfCUWU1qaIKu2K34pMwQKSzQH8ORgUrGYY6pVIh1Pi8TNeteg==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.42.1.tgz",
"integrity": "sha512-qElc0bDOuO0B8wDhhW4mYVgi/LZL+igPwXtV87n69/kYC/7NG3MES0jHxJNCr4EP7kY1XVsRy8C/u3DYeTKQmw==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.43.0.tgz",
"integrity": "sha512-BZ1WVe+QQ+igWal2tDbNg1j2HWUkAa+CVqdU79L4HP9izQY6CNhXfkNwd1SS4+sSZAP/EthI1uiCSY/+H0pROg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/visitor-keys": "5.43.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -9724,28 +9724,28 @@
}
},
"@typescript-eslint/utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.42.1.tgz",
"integrity": "sha512-Gxvf12xSp3iYZd/fLqiQRD4uKZjDNR01bQ+j8zvhPjpsZ4HmvEFL/tC4amGNyxN9Rq+iqvpHLhlqx6KTxz9ZyQ==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.43.0.tgz",
"integrity": "sha512-8nVpA6yX0sCjf7v/NDfeaOlyaIIqL7OaIGOWSPFqUKK59Gnumd3Wa+2l8oAaYO2lk0sO+SbWFWRSvhu8gLGv4A==",
"dev": true,
"requires": {
"@types/json-schema": "^7.0.9",
"@types/semver": "^7.3.12",
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.43.0",
"@typescript-eslint/types": "5.43.0",
"@typescript-eslint/typescript-estree": "5.43.0",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0",
"semver": "^7.3.7"
}
},
"@typescript-eslint/visitor-keys": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.42.1.tgz",
"integrity": "sha512-LOQtSF4z+hejmpUvitPlc4hA7ERGoj2BVkesOcG91HCn8edLGUXbTrErmutmPbl8Bo9HjAvOO/zBKQHExXNA2A==",
"version": "5.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.43.0.tgz",
"integrity": "sha512-icl1jNH/d18OVHLfcwdL3bWUKsBeIiKYTGxMJCoGe7xFht+E4QgzOqoWYrU8XSLJWhVw8nTacbm03v23J/hFTg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/types": "5.43.0",
"eslint-visitor-keys": "^3.3.0"
}
},
@@ -13929,9 +13929,9 @@
}
},
"typescript": {
"version": "4.8.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
"integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
"version": "4.9.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
"integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
"dev": true
},
"unbox-primitive": {
+4 -4
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.0",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -41,8 +41,8 @@
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.3",
"@typescript-eslint/eslint-plugin": "^5.42.1",
"@typescript-eslint/parser": "^5.42.1",
"@typescript-eslint/eslint-plugin": "^5.43.0",
"@typescript-eslint/parser": "^5.43.0",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@vercel/ncc": "^0.34.0",
@@ -55,6 +55,6 @@
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"ts-jest": "^27.1.4",
"typescript": "^4.8.4"
"typescript": "^4.9.3"
}
}
+27 -5
View File
@@ -80,12 +80,11 @@ function validateLicenses(
if (licenses === undefined) {
return
}
const invalid_licenses = licenses.filter(license => !isSPDXValid(license))
if (invalid_licenses.length > 0) {
throw new Error(
`Invalid license(s) in ${key}: ${invalid_licenses.join(', ')}`
)
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`)
}
}
@@ -113,18 +112,41 @@ async function readConfigFile(
}
return parseConfigFile(data)
} catch (error) {
core.debug(error as string)
throw new Error('Unable to fetch config file')
throw new Error(
`Unable to fetch or parse config file: ${(error as Error).message}`
)
}
}
function parseConfigFile(configData: string): ConfigurationOptionsPartial {
try {
const data = YAML.parse(configData)
// These are the options that we support where the user can provide
// either a YAML list or a comma-separated string.
const listKeys = [
'allow-licenses',
'deny-licenses',
'fail-on-scopes',
'allow-ghsas'
]
for (const key of Object.keys(data)) {
// strings can contain list values (e.g. 'MIT, Apache-2.0'). In this
// case we need to parse that into a list (e.g. ['MIT', 'Apache-2.0']).
if (listKeys.includes(key)) {
const val = data[key]
if (typeof val === 'string') {
data[key] = val.split(',').map(x => x.trim())
}
}
// perform SPDX validation
if (key === 'allow-licenses' || key === 'deny-licenses') {
validateLicenses(key, data[key])
}
// get rid of the ugly dashes from the actions conventions
if (key.includes('-')) {
data[key.replace(/-/g, '_')] = data[key]
+13
View File
@@ -41,6 +41,13 @@ export function isSPDXValid(license: string): boolean {
}
}
function isEnterprise(): boolean {
const serverUrl = new URL(
process.env['GITHUB_SERVER_URL'] ?? 'https://github.com'
)
return serverUrl.hostname.toLowerCase() !== 'github.com'
}
export function octokitClient(token = 'repo-token', required = true): Octokit {
const opts: Record<string, unknown> = {}
@@ -51,5 +58,11 @@ export function octokitClient(token = 'repo-token', required = true): Octokit {
opts['auth'] = auth
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL'])
}
return new Octokit(opts)
}