Compare commits

..

63 Commits

Author SHA1 Message Date
cnagadya 0ff3da6f81 3.0.2 patch release 2022-12-16 13:45:58 +00:00
cnagadya 6d88398316 Merge pull request #350 from actions/dependabot/npm_and_yarn/types/node-16.18.8
Bump @types/node from 16.18.4 to 16.18.8
2022-12-16 14:09:01 +01:00
cnagadya 29022577bf Merge pull request #352 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.6.0
Bump eslint-plugin-github from 4.4.1 to 4.6.0
2022-12-12 11:35:37 +01:00
dependabot[bot] a4bf690c47 Bump eslint-plugin-github from 4.4.1 to 4.6.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.4.1 to 4.6.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.4.1...v4.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 09:22:23 +00:00
cnagadya 3f67248108 Merge pull request #351 from actions/dependabot/npm_and_yarn/vercel/ncc-0.36.0
Bump @vercel/ncc from 0.34.0 to 0.36.0
2022-12-12 10:19:33 +01:00
cnagadya e82e9497cb Fix dist 2022-12-12 09:14:19 +00:00
dependabot[bot] 945cb4d00a Bump @types/node from 16.18.4 to 16.18.8
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.4 to 16.18.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:38 +00:00
dependabot[bot] 459b39211c Bump @vercel/ncc from 0.34.0 to 0.36.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.34.0 to 0.36.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.34.0...0.36.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:37 +00:00
cnagadya c109d3f46d Merge pull request #349 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.46.0
Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
2022-12-12 09:34:54 +01:00
cnagadya 706aa54d76 Merge pull request #353 from actions/dependabot/npm_and_yarn/prettier-2.8.1
Bump prettier from 2.8.0 to 2.8.1
2022-12-12 09:34:29 +01:00
dependabot[bot] 12cfe866a8 Bump prettier from 2.8.0 to 2.8.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:24:53 +00:00
dependabot[bot] 0caa632377 Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.45.0 to 5.46.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.46.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:23:08 +00:00
Eli Reisman df02ee7d42 Merge pull request #348 from jsoref/spelling
Spelling
2022-12-09 13:23:18 -08:00
Josh Soref 38e9237630 Update dist/ 2022-12-08 20:03:56 -05:00
Josh Soref 03c7962be5 spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref cff3674e25 spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref a184554be2 spelling: minimum
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref 660812709b spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
cnagadya d8b4cd80d5 Merge pull request #345 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.45.0
Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
2022-12-05 11:01:36 +01:00
dependabot[bot] 8e5d487bb8 Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:58:32 +00:00
cnagadya 3e6e055a26 Merge pull request #344 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.45.0
Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
2022-12-05 10:57:43 +01:00
dependabot[bot] 1f8d096c90 Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:56:10 +00:00
cnagadya 0247f51a25 Merge pull request #346 from actions/dependabot/npm_and_yarn/types/node-16.18.4
Bump @types/node from 16.18.3 to 16.18.4
2022-12-05 10:55:16 +01:00
cnagadya f599dc7887 Merge pull request #347 from actions/dependabot/npm_and_yarn/eslint-8.29.0
Bump eslint from 8.28.0 to 8.29.0
2022-12-05 10:54:24 +01:00
dependabot[bot] 6919a4885f Bump eslint from 8.28.0 to 8.29.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.28.0 to 8.29.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.28.0...v8.29.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:27 +00:00
dependabot[bot] 8f97494d2e Bump @types/node from 16.18.3 to 16.18.4
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.3 to 16.18.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:05 +00:00
Federico Builes 08ec176670 Merge pull request #341 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.6
Bump eslint-plugin-jest from 27.1.5 to 27.1.6
2022-11-28 17:40:48 +01:00
dependabot[bot] 40a9da4614 Bump eslint-plugin-jest from 27.1.5 to 27.1.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.5 to 27.1.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.5...v27.1.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 01:45:07 +00:00
Federico Builes 9ad1f84ed2 Dependabot Updates should only happen once a week. 2022-11-24 10:57:01 +01:00
Federico Builes 464e6ac735 Merge pull request #337 from actions/dependabot/npm_and_yarn/prettier-2.8.0
Bump prettier from 2.7.1 to 2.8.0
2022-11-24 06:57:46 +01:00
dependabot[bot] 141e2dae22 Bump prettier from 2.7.1 to 2.8.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.1...2.8.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-24 01:05:35 +00:00
Federico Builes 37bb7a46dd Merge pull request #336 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.44.0
Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
2022-11-23 08:13:04 +01:00
dependabot[bot] 5abb42a215 Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 07:08:38 +00:00
Federico Builes 5aafbe4a32 Merge pull request #335 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.44.0
Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
2022-11-23 08:07:40 +01:00
dependabot[bot] d623612924 Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 01:36:15 +00:00
Federico Builes 08fe899167 Merge pull request #334 from actions/dependabot/npm_and_yarn/eslint-8.28.0
Bump eslint from 8.27.0 to 8.28.0
2022-11-21 07:16:29 +01:00
dependabot[bot] 067e030d27 Bump eslint from 8.27.0 to 8.28.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.27.0 to 8.28.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.27.0...v8.28.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-21 01:51:38 +00:00
Federico Builes 6b47d2662b Merge pull request #333 from actions/dependabot/npm_and_yarn/got-12.5.3
Bump got from 12.5.2 to 12.5.3
2022-11-17 07:17:03 +01:00
dependabot[bot] 290634fe98 Bump got from 12.5.2 to 12.5.3
Bumps [got](https://github.com/sindresorhus/got) from 12.5.2 to 12.5.3.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.2...v12.5.3)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 01:14:38 +00:00
Federico Builes 352f50a80e Update contribution instructions with v3 for easier copy/pasting. 2022-11-16 11:36:08 +01:00
Federico Builes 11310527b4 bumping version 2022-11-16 11:31:19 +01:00
Federico Builes ea0f46928b Merge pull request #330 from actions/errors-for-external-configs
Improve error messages for external config files
2022-11-16 11:26:15 +01:00
Federico Builes 369356e2e7 Fixing merge conflict in dist/
# Conflicts:
#	dist/index.js.map
2022-11-16 11:24:44 +01:00
cnagadya 13fe21bc0a Merge pull request #331 from actions/octokit/enterprise
Set octokit baseurl for GHES
2022-11-16 10:03:07 +01:00
Federico Builes 136c0838bf Merge pull request #332 from actions/dependabot/npm_and_yarn/typescript-4.9.3
Bump typescript from 4.8.4 to 4.9.3
2022-11-16 07:04:34 +01:00
dependabot[bot] 8ed85b3757 Bump typescript from 4.8.4 to 4.9.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.4 to 4.9.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-16 01:11:56 +00:00
Federico Builes a952d7b1b7 adding dist 2022-11-15 22:34:15 +01:00
Federico Builes b8e622f102 Move test out of failing block. 2022-11-15 22:33:31 +01:00
Federico Builes ac059c649c Checkpoint! 2022-11-15 22:29:00 +01:00
Federico Builes 93652d7af0 Fix failing tests. 2022-11-15 22:28:50 +01:00
Federico Builes ba127cac5e Adding a test to confirm lists work properly in config files. 2022-11-15 22:25:26 +01:00
Federico Builes 1dd7392739 Adding fixture for testing config file string lists. 2022-11-15 22:25:13 +01:00
cnagadya 8f801ec4bb Update external-repo-token requirements 2022-11-15 12:25:35 +00:00
Federico Builes 2d265aa7cc Updating dist. 2022-11-15 07:50:53 +01:00
Federico Builes c57c602135 Force error casting to get messages! 2022-11-15 07:50:45 +01:00
Federico Builes c2097b2a9b Updating copy in a test. 2022-11-15 07:50:32 +01:00
Federico Builes 0a055a6a13 Improve error messages for external config files. 2022-11-15 07:45:29 +01:00
Federico Builes 3417e62ba2 Merge pull request #328 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.43.0
Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
2022-11-15 05:38:42 +01:00
dependabot[bot] 49fecaf158 Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 04:33:19 +00:00
Federico Builes 173a4b8d96 Merge pull request #329 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.43.0
Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
2022-11-15 05:32:34 +01:00
dependabot[bot] db1829cd87 Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 01:05:54 +00:00
cnagadya d87317e782 Set octokit baseurl for enterprise 2022-11-14 13:49:52 +00:00
Federico Builes 30d5821115 Bumping version number 2022-11-11 15:41:53 +01:00
13 changed files with 375 additions and 176 deletions
+2 -2
View File
@@ -3,12 +3,12 @@ updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
interval: weekly
- package-ecosystem: npm
directory: /
schedule:
interval: daily
interval: weekly
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+2 -2
View File
@@ -112,8 +112,8 @@ minor/patch updates.
To do this just checkout `main`, force-create a new annotated tag, and push it:
```
git tag -fa v2 -m "Updating v2 to 2.3.4"
git push origin v2 --force
git tag -fa v3 -m "Updating v3 to 3.0.1"
git push origin v3 --force
```
## Resources
+1 -1
View File
@@ -115,7 +115,7 @@ You can use an external configuration file to specify the settings for this acti
| Option | Usage | Possible values |
|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
| `external-repo-token` | Specifies a token for fetching the configuration file if the file resides in a private external repository. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
#### Example
+14 -4
View File
@@ -111,9 +111,9 @@ test('it reads an external config file', async () => {
expect(config.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('raises an error when the the config file was not found', async () => {
test('raises an error when the config file was not found', async () => {
setInput('config-file', 'fixtures/i-dont-exist')
await expect(readConfig()).rejects.toThrow(/Unable to fetch config file/)
await expect(readConfig()).rejects.toThrow(/Unable to fetch/)
})
test('it parses options from both sources', async () => {
@@ -232,6 +232,16 @@ test('it is not possible to disable both checks', async () => {
)
})
test('it supports comma-separated lists', async () => {
setInput(
'config-file',
'./__tests__/fixtures/inline-license-config-sample.yml'
)
let config = await readConfig()
expect(config.allow_licenses).toEqual(['MIT', 'GPL-2.0-only'])
})
describe('licenses that are not valid SPDX licenses', () => {
beforeAll(() => {
jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(false)
@@ -240,14 +250,14 @@ describe('licenses that are not valid SPDX licenses', () => {
test('it raises an error for invalid licenses in allow-licenses', async () => {
setInput('allow-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in allow-licenses: BSD, GPL 2'
'Invalid license(s) in allow-licenses: BSD,GPL 2'
)
})
test('it raises an error for invalid licenses in deny-licenses', async () => {
setInput('deny-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in deny-licenses: BSD, GPL 2'
'Invalid license(s) in deny-licenses: BSD,GPL 2'
)
})
})
@@ -0,0 +1 @@
allow-licenses: MIT, GPL-2.0-only
+1 -1
View File
@@ -30,7 +30,7 @@ inputs:
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
allow-ghsas:
description: Comma-separated list of allowed Github Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
description: Comma-separated list of allowed GitHub Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
required: false
external-repo-token:
description: A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
Generated Vendored
+43 -7
View File
@@ -622,7 +622,7 @@ function addChangeVulnerabilitiesToSummary(addedPackages, severity) {
const manifests = (0, utils_1.getManifestsSet)(addedPackages);
core.summary
.addHeading('Vulnerabilities')
.addQuote(`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`);
.addQuote(`Vulnerabilities were filtered by minimum severity <strong>${severity}</strong>.`);
if (addedPackages.length === 0) {
core.summary.addQuote('No vulnerabilities found in added packages.');
return;
@@ -802,6 +802,11 @@ function isSPDXValid(license) {
}
}
exports.isSPDXValid = isSPDXValid;
function isEnterprise() {
var _a;
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
return serverUrl.hostname.toLowerCase() !== 'github.com';
}
function octokitClient(token = 'repo-token', required = true) {
const opts = {};
// auth is only added if token is present. For remote config files in public
@@ -810,6 +815,11 @@ function octokitClient(token = 'repo-token', required = true) {
if (auth !== undefined) {
opts['auth'] = auth;
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
}
return new octokit_1.Octokit(opts);
}
exports.octokitClient = octokitClient;
@@ -27507,7 +27517,7 @@ function validateLicenses(key, licenses) {
}
const invalid_licenses = licenses.filter(license => !(0, utils_1.isSPDXValid)(license));
if (invalid_licenses.length > 0) {
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses.join(', ')}`);
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`);
}
}
function readConfigFile(filePath) {
@@ -27531,15 +27541,31 @@ function readConfigFile(filePath) {
return parseConfigFile(data);
}
catch (error) {
core.debug(error);
throw new Error('Unable to fetch config file');
throw new Error(`Unable to fetch or parse config file: ${error.message}`);
}
});
}
function parseConfigFile(configData) {
try {
const data = yaml_1.default.parse(configData);
// These are the options that we support where the user can provide
// either a YAML list or a comma-separated string.
const listKeys = [
'allow-licenses',
'deny-licenses',
'fail-on-scopes',
'allow-ghsas'
];
for (const key of Object.keys(data)) {
// strings can contain list values (e.g. 'MIT, Apache-2.0'). In this
// case we need to parse that into a list (e.g. ['MIT', 'Apache-2.0']).
if (listKeys.includes(key)) {
const val = data[key];
if (typeof val === 'string') {
data[key] = val.split(',').map(x => x.trim());
}
}
// perform SPDX validation
if (key === 'allow-licenses' || key === 'deny-licenses') {
validateLicenses(key, data[key]);
}
@@ -27830,6 +27856,11 @@ function isSPDXValid(license) {
}
}
exports.isSPDXValid = isSPDXValid;
function isEnterprise() {
var _a;
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
return serverUrl.hostname.toLowerCase() !== 'github.com';
}
function octokitClient(token = 'repo-token', required = true) {
const opts = {};
// auth is only added if token is present. For remote config files in public
@@ -27838,6 +27869,11 @@ function octokitClient(token = 'repo-token', required = true) {
if (auth !== undefined) {
opts['auth'] = auth;
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
}
return new octokit_1.Octokit(opts);
}
exports.octokitClient = octokitClient;
@@ -36285,11 +36321,11 @@ exports.visitAsync = visitAsync;
"use strict";
__nccwpck_require__.r(__webpack_exports__);
/* harmony export */ __nccwpck_require__.d(__webpack_exports__, {
/* harmony export */ "modifierNames": () => (/* binding */ modifierNames),
/* harmony export */ "foregroundColorNames": () => (/* binding */ foregroundColorNames),
/* harmony export */ "backgroundColorNames": () => (/* binding */ backgroundColorNames),
/* harmony export */ "colorNames": () => (/* binding */ colorNames),
/* harmony export */ "default": () => (__WEBPACK_DEFAULT_EXPORT__)
/* harmony export */ "default": () => (__WEBPACK_DEFAULT_EXPORT__),
/* harmony export */ "foregroundColorNames": () => (/* binding */ foregroundColorNames),
/* harmony export */ "modifierNames": () => (/* binding */ modifierNames)
/* harmony export */ });
const ANSI_BACKGROUND_OFFSET = 10;
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+258 -141
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.2",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.2",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
@@ -14,7 +14,7 @@
"@octokit/plugin-retry": "^4.0.3",
"@octokit/request-error": "^3.0.2",
"ansi-styles": "^6.2.1",
"got": "^12.5.2",
"got": "^12.5.3",
"nodemon": "^2.0.20",
"octokit": "^2.0.10",
"spdx-expression-parse": "^3.0.1",
@@ -24,22 +24,22 @@
},
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.3",
"@types/node": "^16.18.8",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@typescript-eslint/eslint-plugin": "^5.42.1",
"@typescript-eslint/parser": "^5.42.1",
"@vercel/ncc": "^0.34.0",
"@typescript-eslint/eslint-plugin": "^5.45.0",
"@typescript-eslint/parser": "^5.46.0",
"@vercel/ncc": "^0.36.0",
"esbuild-register": "^3.4.1",
"eslint": "^8.27.0",
"eslint-plugin-github": "^4.4.1",
"eslint-plugin-jest": "^27.1.5",
"eslint": "^8.29.0",
"eslint-plugin-github": "^4.6.0",
"eslint-plugin-jest": "^27.1.6",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"prettier": "2.8.1",
"ts-jest": "^27.1.4",
"typescript": "^4.8.4"
"typescript": "^4.9.3"
}
},
"node_modules/@actions/core": {
@@ -1802,9 +1802,9 @@
"integrity": "sha512-ssE3Vlrys7sdIzs5LOxCzTVMsU7i9oa/IaW92wF32JFb3CVczqOkru2xspuKczHEbG3nvmPY7IFqVmGGHdNbYw=="
},
"node_modules/@types/node": {
"version": "16.18.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz",
"integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg=="
"version": "16.18.8",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.8.tgz",
"integrity": "sha512-TrpoNiaPvBH5h8rQQenMtVsJXtGsVBRJrcp2Ik6oEt99jHfGvDLh20VTTq3ixTbjYujukYz1IlY4N8a8yfY0jA=="
},
"node_modules/@types/prettier": {
"version": "2.7.1",
@@ -1852,14 +1852,14 @@
"dev": true
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.42.1.tgz",
"integrity": "sha512-LyR6x784JCiJ1j6sH5Y0K6cdExqCCm8DJUTcwG5ThNXJj/G8o5E56u5EdG4SLy+bZAwZBswC+GYn3eGdttBVCg==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.45.0.tgz",
"integrity": "sha512-CXXHNlf0oL+Yg021cxgOdMHNTXD17rHkq7iW6RFHoybdFgQBjU3yIXhhcPpGwr1CjZlo6ET8C6tzX5juQoXeGA==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/type-utils": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/scope-manager": "5.45.0",
"@typescript-eslint/type-utils": "5.45.0",
"@typescript-eslint/utils": "5.45.0",
"debug": "^4.3.4",
"ignore": "^5.2.0",
"natural-compare-lite": "^1.4.0",
@@ -1885,14 +1885,14 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.42.1.tgz",
"integrity": "sha512-kAV+NiNBWVQDY9gDJDToTE/NO8BHi4f6b7zTsVAJoTkmB/zlfOpiEVBzHOKtlgTndCKe8vj9F/PuolemZSh50Q==",
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.46.0.tgz",
"integrity": "sha512-joNO6zMGUZg+C73vwrKXCd8usnsmOYmgW/w5ZW0pG0RGvqeznjtGDk61EqqTpNrFLUYBW2RSBFrxdAZMqA4OZA==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.46.0",
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/typescript-estree": "5.46.0",
"debug": "^4.3.4"
},
"engines": {
@@ -1911,14 +1911,88 @@
}
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.42.1.tgz",
"integrity": "sha512-QAZY/CBP1Emx4rzxurgqj3rUinfsh/6mvuKbLNMfJMMKYLRBfweus8brgXF8f64ABkIZ3zdj2/rYYtF8eiuksQ==",
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.46.0.tgz",
"integrity": "sha512-7wWBq9d/GbPiIM6SqPK9tfynNxVbfpihoY5cSFMer19OYUA3l4powA2uv0AV2eAZV6KoAh6lkzxv4PoxOLh1oA==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1"
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/visitor-keys": "5.46.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.46.0.tgz",
"integrity": "sha512-wHWgQHFB+qh6bu0IAPAJCdeCdI0wwzZnnWThlmHNY01XJ9Z97oKqKOzWYpR2I83QmshhQJl6LDM9TqMiMwJBTw==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.46.0.tgz",
"integrity": "sha512-kDLNn/tQP+Yp8Ro2dUpyyVV0Ksn2rmpPpB0/3MO874RNmXtypMwSeazjEN/Q6CTp8D7ExXAAekPEcCEB/vtJkw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/visitor-keys": "5.46.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
"semver": "^7.3.7",
"tsutils": "^3.21.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependenciesMeta": {
"typescript": {
"optional": true
}
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.46.0.tgz",
"integrity": "sha512-E13gBoIXmaNhwjipuvQg1ByqSAu/GbEpP/qzFihugJ+MomtoJtFAJG/+2DRPByf57B863m0/q7Zt16V9ohhANw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.46.0",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.45.0.tgz",
"integrity": "sha512-noDMjr87Arp/PuVrtvN3dXiJstQR1+XlQ4R1EvzG+NMgXi8CuMCXpb8JqNtFHKceVSQ985BZhfRdowJzbv4yKw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/visitor-keys": "5.45.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1929,13 +2003,13 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.42.1.tgz",
"integrity": "sha512-WWiMChneex5w4xPIX56SSnQQo0tEOy5ZV2dqmj8Z371LJ0E+aymWD25JQ/l4FOuuX+Q49A7pzh/CGIQflxMVXg==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.45.0.tgz",
"integrity": "sha512-DY7BXVFSIGRGFZ574hTEyLPRiQIvI/9oGcN8t1A7f6zIs6ftbrU0nhyV26ZW//6f85avkwrLag424n+fkuoJ1Q==",
"dev": true,
"dependencies": {
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/typescript-estree": "5.45.0",
"@typescript-eslint/utils": "5.45.0",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
},
@@ -1956,9 +2030,9 @@
}
},
"node_modules/@typescript-eslint/types": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.42.1.tgz",
"integrity": "sha512-Qrco9dsFF5lhalz+lLFtxs3ui1/YfC6NdXu+RAGBa8uSfn01cjO7ssCsjIsUs484vny9Xm699FSKwpkCcqwWwA==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.45.0.tgz",
"integrity": "sha512-QQij+u/vgskA66azc9dCmx+rev79PzX8uDHpsqSjEFtfF2gBUTRCpvYMh2gw2ghkJabNkPlSUCimsyBEQZd1DA==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1969,13 +2043,13 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.42.1.tgz",
"integrity": "sha512-qElc0bDOuO0B8wDhhW4mYVgi/LZL+igPwXtV87n69/kYC/7NG3MES0jHxJNCr4EP7kY1XVsRy8C/u3DYeTKQmw==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.45.0.tgz",
"integrity": "sha512-maRhLGSzqUpFcZgXxg1qc/+H0bT36lHK4APhp0AEUVrpSwXiRAomm/JGjSG+kNUio5kAa3uekCYu/47cnGn5EQ==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1",
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/visitor-keys": "5.45.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -1996,16 +2070,16 @@
}
},
"node_modules/@typescript-eslint/utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.42.1.tgz",
"integrity": "sha512-Gxvf12xSp3iYZd/fLqiQRD4uKZjDNR01bQ+j8zvhPjpsZ4HmvEFL/tC4amGNyxN9Rq+iqvpHLhlqx6KTxz9ZyQ==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.45.0.tgz",
"integrity": "sha512-OUg2JvsVI1oIee/SwiejTot2OxwU8a7UfTFMOdlhD2y+Hl6memUSL4s98bpUTo8EpVEr0lmwlU7JSu/p2QpSvA==",
"dev": true,
"dependencies": {
"@types/json-schema": "^7.0.9",
"@types/semver": "^7.3.12",
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.45.0",
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/typescript-estree": "5.45.0",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0",
"semver": "^7.3.7"
@@ -2022,12 +2096,12 @@
}
},
"node_modules/@typescript-eslint/visitor-keys": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.42.1.tgz",
"integrity": "sha512-LOQtSF4z+hejmpUvitPlc4hA7ERGoj2BVkesOcG91HCn8edLGUXbTrErmutmPbl8Bo9HjAvOO/zBKQHExXNA2A==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.45.0.tgz",
"integrity": "sha512-jc6Eccbn2RtQPr1s7th6jJWQHBHI6GBVQkCHoJFQ5UreaKm59Vxw+ynQUPPY2u2Amquc+7tmEoC2G52ApsGNNg==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/types": "5.45.0",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
@@ -2039,9 +2113,9 @@
}
},
"node_modules/@vercel/ncc": {
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
"integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
"version": "0.36.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.0.tgz",
"integrity": "sha512-/ZTUJ/ZkRt694k7KJNimgmHjtQcRuVwsST2Z6XfYveQIuBbHR+EqkTc1jfgPkQmMyk/vtpxo3nVxe8CNuau86A==",
"dev": true,
"bin": {
"ncc": "dist/ncc/cli.js"
@@ -3614,9 +3688,9 @@
}
},
"node_modules/eslint": {
"version": "8.27.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.27.0.tgz",
"integrity": "sha512-0y1bfG2ho7mty+SiILVf9PfuRA49ek4Nc60Wmmu62QlobNR+CeXa4xXIJgcuwSQgZiWaPH+5BDsctpIW0PR/wQ==",
"version": "8.29.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.29.0.tgz",
"integrity": "sha512-isQ4EEiyUjZFbEKvEGJKKGBwXtvXX+zJbkVKCgTuB9t/+jUBcy8avhkEwWJecI15BkRkOYmvIM5ynbhRjEkoeg==",
"dev": true,
"dependencies": {
"@eslint/eslintrc": "^1.3.3",
@@ -3782,9 +3856,9 @@
}
},
"node_modules/eslint-plugin-github": {
"version": "4.4.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.4.1.tgz",
"integrity": "sha512-wpxUIPw+EK5bdUssB8W5Z9/tapZptfJuLkThwPY8p52v75MV/Fb1AkCrLGlYO0yi3mQGFoa3uE0NMzssVAFrUw==",
"version": "4.6.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.6.0.tgz",
"integrity": "sha512-6VMH3wLUPEnV/0VuV3f0F74LF93N522Ht9KBYWDuPWKhr1NBzCqySIbQsxjPINIynoLtsErSc/YgICrocCc2zw==",
"dev": true,
"dependencies": {
"@github/browserslist-config": "^1.0.0",
@@ -3875,9 +3949,9 @@
"dev": true
},
"node_modules/eslint-plugin-jest": {
"version": "27.1.5",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.5.tgz",
"integrity": "sha512-CK2dekZ5VBdzsOSOH5Fc1rwC+cWXjkcyrmf1RV714nDUDKu+o73TTJiDxpbILG8PtPPpAAl3ywzh5QA7Ft0mjA==",
"version": "27.1.6",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.6.tgz",
"integrity": "sha512-XA7RFLSrlQF9IGtAmhddkUkBuICCTuryfOTfCSWcZHiHb69OilIH05oozH2XA6CEOtztnOd0vgXyvxZodkxGjg==",
"dev": true,
"dependencies": {
"@typescript-eslint/utils": "^5.10.0"
@@ -4540,9 +4614,9 @@
}
},
"node_modules/got": {
"version": "12.5.2",
"resolved": "https://registry.npmjs.org/got/-/got-12.5.2.tgz",
"integrity": "sha512-guHGMSEcsA5m1oPRweXUJnug0vuvlkX9wx5hzOka+ZBrBUOJHU0Z1JcNu3QE5IPGnA5aXUsQHdWOD4eJg9/v3A==",
"version": "12.5.3",
"resolved": "https://registry.npmjs.org/got/-/got-12.5.3.tgz",
"integrity": "sha512-8wKnb9MGU8IPGRIo+/ukTy9XLJBwDiCpIf5TVzQ9Cpol50eMTpBq2GAuDsuDIz7hTYmZgMgC1e9ydr6kSDWs3w==",
"dependencies": {
"@sindresorhus/is": "^5.2.0",
"@szmarczak/http-timer": "^5.0.1",
@@ -6823,9 +6897,9 @@
}
},
"node_modules/prettier": {
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
"version": "2.8.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.1.tgz",
"integrity": "sha512-lqGoSJBQNJidqCHE80vqZJHWHRFoNYsSpP9AjFhlhi9ODCJA541svILes/+/1GM3VaL/abZi7cpFzOpdR9UPKg==",
"dev": true,
"bin": {
"prettier": "bin-prettier.js"
@@ -7782,9 +7856,9 @@
}
},
"node_modules/typescript": {
"version": "4.8.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
"integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
"version": "4.9.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
"integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
"dev": true,
"bin": {
"tsc": "bin/tsc",
@@ -9602,9 +9676,9 @@
"integrity": "sha512-ssE3Vlrys7sdIzs5LOxCzTVMsU7i9oa/IaW92wF32JFb3CVczqOkru2xspuKczHEbG3nvmPY7IFqVmGGHdNbYw=="
},
"@types/node": {
"version": "16.18.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz",
"integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg=="
"version": "16.18.8",
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.8.tgz",
"integrity": "sha512-TrpoNiaPvBH5h8rQQenMtVsJXtGsVBRJrcp2Ik6oEt99jHfGvDLh20VTTq3ixTbjYujukYz1IlY4N8a8yfY0jA=="
},
"@types/prettier": {
"version": "2.7.1",
@@ -9652,14 +9726,14 @@
"dev": true
},
"@typescript-eslint/eslint-plugin": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.42.1.tgz",
"integrity": "sha512-LyR6x784JCiJ1j6sH5Y0K6cdExqCCm8DJUTcwG5ThNXJj/G8o5E56u5EdG4SLy+bZAwZBswC+GYn3eGdttBVCg==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.45.0.tgz",
"integrity": "sha512-CXXHNlf0oL+Yg021cxgOdMHNTXD17rHkq7iW6RFHoybdFgQBjU3yIXhhcPpGwr1CjZlo6ET8C6tzX5juQoXeGA==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/type-utils": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/scope-manager": "5.45.0",
"@typescript-eslint/type-utils": "5.45.0",
"@typescript-eslint/utils": "5.45.0",
"debug": "^4.3.4",
"ignore": "^5.2.0",
"natural-compare-lite": "^1.4.0",
@@ -9669,53 +9743,96 @@
}
},
"@typescript-eslint/parser": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.42.1.tgz",
"integrity": "sha512-kAV+NiNBWVQDY9gDJDToTE/NO8BHi4f6b7zTsVAJoTkmB/zlfOpiEVBzHOKtlgTndCKe8vj9F/PuolemZSh50Q==",
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.46.0.tgz",
"integrity": "sha512-joNO6zMGUZg+C73vwrKXCd8usnsmOYmgW/w5ZW0pG0RGvqeznjtGDk61EqqTpNrFLUYBW2RSBFrxdAZMqA4OZA==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.46.0",
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/typescript-estree": "5.46.0",
"debug": "^4.3.4"
},
"dependencies": {
"@typescript-eslint/scope-manager": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.46.0.tgz",
"integrity": "sha512-7wWBq9d/GbPiIM6SqPK9tfynNxVbfpihoY5cSFMer19OYUA3l4powA2uv0AV2eAZV6KoAh6lkzxv4PoxOLh1oA==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/visitor-keys": "5.46.0"
}
},
"@typescript-eslint/types": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.46.0.tgz",
"integrity": "sha512-wHWgQHFB+qh6bu0IAPAJCdeCdI0wwzZnnWThlmHNY01XJ9Z97oKqKOzWYpR2I83QmshhQJl6LDM9TqMiMwJBTw==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.46.0.tgz",
"integrity": "sha512-kDLNn/tQP+Yp8Ro2dUpyyVV0Ksn2rmpPpB0/3MO874RNmXtypMwSeazjEN/Q6CTp8D7ExXAAekPEcCEB/vtJkw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.46.0",
"@typescript-eslint/visitor-keys": "5.46.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
"semver": "^7.3.7",
"tsutils": "^3.21.0"
}
},
"@typescript-eslint/visitor-keys": {
"version": "5.46.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.46.0.tgz",
"integrity": "sha512-E13gBoIXmaNhwjipuvQg1ByqSAu/GbEpP/qzFihugJ+MomtoJtFAJG/+2DRPByf57B863m0/q7Zt16V9ohhANw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.46.0",
"eslint-visitor-keys": "^3.3.0"
}
}
}
},
"@typescript-eslint/scope-manager": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.42.1.tgz",
"integrity": "sha512-QAZY/CBP1Emx4rzxurgqj3rUinfsh/6mvuKbLNMfJMMKYLRBfweus8brgXF8f64ABkIZ3zdj2/rYYtF8eiuksQ==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.45.0.tgz",
"integrity": "sha512-noDMjr87Arp/PuVrtvN3dXiJstQR1+XlQ4R1EvzG+NMgXi8CuMCXpb8JqNtFHKceVSQ985BZhfRdowJzbv4yKw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1"
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/visitor-keys": "5.45.0"
}
},
"@typescript-eslint/type-utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.42.1.tgz",
"integrity": "sha512-WWiMChneex5w4xPIX56SSnQQo0tEOy5ZV2dqmj8Z371LJ0E+aymWD25JQ/l4FOuuX+Q49A7pzh/CGIQflxMVXg==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.45.0.tgz",
"integrity": "sha512-DY7BXVFSIGRGFZ574hTEyLPRiQIvI/9oGcN8t1A7f6zIs6ftbrU0nhyV26ZW//6f85avkwrLag424n+fkuoJ1Q==",
"dev": true,
"requires": {
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/utils": "5.42.1",
"@typescript-eslint/typescript-estree": "5.45.0",
"@typescript-eslint/utils": "5.45.0",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
}
},
"@typescript-eslint/types": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.42.1.tgz",
"integrity": "sha512-Qrco9dsFF5lhalz+lLFtxs3ui1/YfC6NdXu+RAGBa8uSfn01cjO7ssCsjIsUs484vny9Xm699FSKwpkCcqwWwA==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.45.0.tgz",
"integrity": "sha512-QQij+u/vgskA66azc9dCmx+rev79PzX8uDHpsqSjEFtfF2gBUTRCpvYMh2gw2ghkJabNkPlSUCimsyBEQZd1DA==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.42.1.tgz",
"integrity": "sha512-qElc0bDOuO0B8wDhhW4mYVgi/LZL+igPwXtV87n69/kYC/7NG3MES0jHxJNCr4EP7kY1XVsRy8C/u3DYeTKQmw==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.45.0.tgz",
"integrity": "sha512-maRhLGSzqUpFcZgXxg1qc/+H0bT36lHK4APhp0AEUVrpSwXiRAomm/JGjSG+kNUio5kAa3uekCYu/47cnGn5EQ==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/visitor-keys": "5.42.1",
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/visitor-keys": "5.45.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -9724,35 +9841,35 @@
}
},
"@typescript-eslint/utils": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.42.1.tgz",
"integrity": "sha512-Gxvf12xSp3iYZd/fLqiQRD4uKZjDNR01bQ+j8zvhPjpsZ4HmvEFL/tC4amGNyxN9Rq+iqvpHLhlqx6KTxz9ZyQ==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.45.0.tgz",
"integrity": "sha512-OUg2JvsVI1oIee/SwiejTot2OxwU8a7UfTFMOdlhD2y+Hl6memUSL4s98bpUTo8EpVEr0lmwlU7JSu/p2QpSvA==",
"dev": true,
"requires": {
"@types/json-schema": "^7.0.9",
"@types/semver": "^7.3.12",
"@typescript-eslint/scope-manager": "5.42.1",
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/typescript-estree": "5.42.1",
"@typescript-eslint/scope-manager": "5.45.0",
"@typescript-eslint/types": "5.45.0",
"@typescript-eslint/typescript-estree": "5.45.0",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0",
"semver": "^7.3.7"
}
},
"@typescript-eslint/visitor-keys": {
"version": "5.42.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.42.1.tgz",
"integrity": "sha512-LOQtSF4z+hejmpUvitPlc4hA7ERGoj2BVkesOcG91HCn8edLGUXbTrErmutmPbl8Bo9HjAvOO/zBKQHExXNA2A==",
"version": "5.45.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.45.0.tgz",
"integrity": "sha512-jc6Eccbn2RtQPr1s7th6jJWQHBHI6GBVQkCHoJFQ5UreaKm59Vxw+ynQUPPY2u2Amquc+7tmEoC2G52ApsGNNg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.42.1",
"@typescript-eslint/types": "5.45.0",
"eslint-visitor-keys": "^3.3.0"
}
},
"@vercel/ncc": {
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
"integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
"version": "0.36.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.0.tgz",
"integrity": "sha512-/ZTUJ/ZkRt694k7KJNimgmHjtQcRuVwsST2Z6XfYveQIuBbHR+EqkTc1jfgPkQmMyk/vtpxo3nVxe8CNuau86A==",
"dev": true
},
"abab": {
@@ -10842,9 +10959,9 @@
}
},
"eslint": {
"version": "8.27.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.27.0.tgz",
"integrity": "sha512-0y1bfG2ho7mty+SiILVf9PfuRA49ek4Nc60Wmmu62QlobNR+CeXa4xXIJgcuwSQgZiWaPH+5BDsctpIW0PR/wQ==",
"version": "8.29.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.29.0.tgz",
"integrity": "sha512-isQ4EEiyUjZFbEKvEGJKKGBwXtvXX+zJbkVKCgTuB9t/+jUBcy8avhkEwWJecI15BkRkOYmvIM5ynbhRjEkoeg==",
"dev": true,
"requires": {
"@eslint/eslintrc": "^1.3.3",
@@ -10994,9 +11111,9 @@
}
},
"eslint-plugin-github": {
"version": "4.4.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.4.1.tgz",
"integrity": "sha512-wpxUIPw+EK5bdUssB8W5Z9/tapZptfJuLkThwPY8p52v75MV/Fb1AkCrLGlYO0yi3mQGFoa3uE0NMzssVAFrUw==",
"version": "4.6.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-github/-/eslint-plugin-github-4.6.0.tgz",
"integrity": "sha512-6VMH3wLUPEnV/0VuV3f0F74LF93N522Ht9KBYWDuPWKhr1NBzCqySIbQsxjPINIynoLtsErSc/YgICrocCc2zw==",
"dev": true,
"requires": {
"@github/browserslist-config": "^1.0.0",
@@ -11072,9 +11189,9 @@
}
},
"eslint-plugin-jest": {
"version": "27.1.5",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.5.tgz",
"integrity": "sha512-CK2dekZ5VBdzsOSOH5Fc1rwC+cWXjkcyrmf1RV714nDUDKu+o73TTJiDxpbILG8PtPPpAAl3ywzh5QA7Ft0mjA==",
"version": "27.1.6",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.6.tgz",
"integrity": "sha512-XA7RFLSrlQF9IGtAmhddkUkBuICCTuryfOTfCSWcZHiHb69OilIH05oozH2XA6CEOtztnOd0vgXyvxZodkxGjg==",
"dev": true,
"requires": {
"@typescript-eslint/utils": "^5.10.0"
@@ -11520,9 +11637,9 @@
}
},
"got": {
"version": "12.5.2",
"resolved": "https://registry.npmjs.org/got/-/got-12.5.2.tgz",
"integrity": "sha512-guHGMSEcsA5m1oPRweXUJnug0vuvlkX9wx5hzOka+ZBrBUOJHU0Z1JcNu3QE5IPGnA5aXUsQHdWOD4eJg9/v3A==",
"version": "12.5.3",
"resolved": "https://registry.npmjs.org/got/-/got-12.5.3.tgz",
"integrity": "sha512-8wKnb9MGU8IPGRIo+/ukTy9XLJBwDiCpIf5TVzQ9Cpol50eMTpBq2GAuDsuDIz7hTYmZgMgC1e9ydr6kSDWs3w==",
"requires": {
"@sindresorhus/is": "^5.2.0",
"@szmarczak/http-timer": "^5.0.1",
@@ -13245,9 +13362,9 @@
"dev": true
},
"prettier": {
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
"version": "2.8.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.1.tgz",
"integrity": "sha512-lqGoSJBQNJidqCHE80vqZJHWHRFoNYsSpP9AjFhlhi9ODCJA541svILes/+/1GM3VaL/abZi7cpFzOpdR9UPKg==",
"dev": true
},
"prettier-linter-helpers": {
@@ -13929,9 +14046,9 @@
}
},
"typescript": {
"version": "4.8.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
"integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
"version": "4.9.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
"integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
"dev": true
},
"unbox-primitive": {
+11 -11
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "2.5.1",
"version": "3.0.2",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -30,7 +30,7 @@
"@octokit/plugin-retry": "^4.0.3",
"@octokit/request-error": "^3.0.2",
"ansi-styles": "^6.2.1",
"got": "^12.5.2",
"got": "^12.5.3",
"nodemon": "^2.0.20",
"octokit": "^2.0.10",
"spdx-expression-parse": "^3.0.1",
@@ -40,21 +40,21 @@
},
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.3",
"@typescript-eslint/eslint-plugin": "^5.42.1",
"@typescript-eslint/parser": "^5.42.1",
"@types/node": "^16.18.8",
"@typescript-eslint/eslint-plugin": "^5.45.0",
"@typescript-eslint/parser": "^5.46.0",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@vercel/ncc": "^0.34.0",
"@vercel/ncc": "^0.36.0",
"esbuild-register": "^3.4.1",
"eslint": "^8.27.0",
"eslint-plugin-github": "^4.4.1",
"eslint-plugin-jest": "^27.1.5",
"eslint": "^8.29.0",
"eslint-plugin-github": "^4.6.0",
"eslint-plugin-jest": "^27.1.6",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"prettier": "2.8.1",
"ts-jest": "^27.1.4",
"typescript": "^4.8.4"
"typescript": "^4.9.3"
}
}
+27 -5
View File
@@ -80,12 +80,11 @@ function validateLicenses(
if (licenses === undefined) {
return
}
const invalid_licenses = licenses.filter(license => !isSPDXValid(license))
if (invalid_licenses.length > 0) {
throw new Error(
`Invalid license(s) in ${key}: ${invalid_licenses.join(', ')}`
)
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`)
}
}
@@ -113,18 +112,41 @@ async function readConfigFile(
}
return parseConfigFile(data)
} catch (error) {
core.debug(error as string)
throw new Error('Unable to fetch config file')
throw new Error(
`Unable to fetch or parse config file: ${(error as Error).message}`
)
}
}
function parseConfigFile(configData: string): ConfigurationOptionsPartial {
try {
const data = YAML.parse(configData)
// These are the options that we support where the user can provide
// either a YAML list or a comma-separated string.
const listKeys = [
'allow-licenses',
'deny-licenses',
'fail-on-scopes',
'allow-ghsas'
]
for (const key of Object.keys(data)) {
// strings can contain list values (e.g. 'MIT, Apache-2.0'). In this
// case we need to parse that into a list (e.g. ['MIT', 'Apache-2.0']).
if (listKeys.includes(key)) {
const val = data[key]
if (typeof val === 'string') {
data[key] = val.split(',').map(x => x.trim())
}
}
// perform SPDX validation
if (key === 'allow-licenses' || key === 'deny-licenses') {
validateLicenses(key, data[key])
}
// get rid of the ugly dashes from the actions conventions
if (key.includes('-')) {
data[key.replace(/-/g, '_')] = data[key]
+1 -1
View File
@@ -35,7 +35,7 @@ export function addChangeVulnerabilitiesToSummary(
core.summary
.addHeading('Vulnerabilities')
.addQuote(
`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`
`Vulnerabilities were filtered by minimum severity <strong>${severity}</strong>.`
)
if (addedPackages.length === 0) {
+13
View File
@@ -41,6 +41,13 @@ export function isSPDXValid(license: string): boolean {
}
}
function isEnterprise(): boolean {
const serverUrl = new URL(
process.env['GITHUB_SERVER_URL'] ?? 'https://github.com'
)
return serverUrl.hostname.toLowerCase() !== 'github.com'
}
export function octokitClient(token = 'repo-token', required = true): Octokit {
const opts: Record<string, unknown> = {}
@@ -51,5 +58,11 @@ export function octokitClient(token = 'repo-token', required = true): Octokit {
opts['auth'] = auth
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL'])
}
return new Octokit(opts)
}