Compare commits

...

1262 Commits

Author SHA1 Message Date
Federico Builes a89dd96450 adding dist 2023-11-08 08:49:49 +01:00
Federico Builes 76891836b1 revert octokit changes 2023-11-08 08:47:43 +01:00
Federico Builes fc5e2db757 go back to Node 16 to skip using fetch API 2023-11-08 08:36:27 +01:00
Federico Builes ded987cb3b Downgrade usage of retries.
This commit reverts:

f7363549ac
76b050a607
8dc52cdbed
2023-11-08 08:35:44 +01:00
Federico Builes 9f45b2463b bumping to 3.1.1 2023-11-06 08:03:41 +01:00
Federico Builes 559513a56c Merge pull request #606 from actions/dependabot/npm_and_yarn/actions/github-6.0.0
Bump @actions/github from 5.1.1 to 6.0.0
2023-11-06 07:55:54 +01:00
Federico Builes 8edc431d7d Merge branch 'main' into dependabot/npm_and_yarn/actions/github-6.0.0 2023-11-06 07:52:53 +01:00
Federico Builes 3e8322e4bb Merge pull request #605 from actions/dependabot/npm_and_yarn/yaml-2.3.4
Bump yaml from 2.3.3 to 2.3.4
2023-11-06 07:51:31 +01:00
Federico Builes 5a55885447 adding dist 2023-11-06 07:50:51 +01:00
Federico Builes f952b5a2c5 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.3.4 2023-11-06 07:48:24 +01:00
Federico Builes 8678cfac42 Merge pull request #607 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.9.1
Bump @typescript-eslint/eslint-plugin from 6.9.0 to 6.9.1
2023-11-06 07:47:08 +01:00
Federico Builes aa8e70d588 adding dist 2023-11-06 07:46:52 +01:00
Federico Builes 3331d25f9d adding dist 2023-11-06 07:42:40 +01:00
dependabot[bot] 2af83f55fa Bump @actions/github from 5.1.1 to 6.0.0
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.1.1 to 6.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 06:42:18 +00:00
dependabot[bot] 0d3cf5ba9e Bump @typescript-eslint/eslint-plugin from 6.9.0 to 6.9.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.9.0 to 6.9.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 06:42:16 +00:00
Federico Builes b2a5ead1f7 Merge pull request #604 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.9.1
Bump @typescript-eslint/parser from 6.8.0 to 6.9.1
2023-11-06 07:41:16 +01:00
Federico Builes 79f0a0b62b Merge pull request #603 from actions/dependabot/npm_and_yarn/actions/core-1.10.1
Bump @actions/core from 1.10.0 to 1.10.1
2023-11-06 07:40:58 +01:00
Federico Builes fc44602899 adding dist 2023-11-06 07:40:46 +01:00
dependabot[bot] 7177991451 Bump yaml from 2.3.3 to 2.3.4
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.3...v2.3.4)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:54 +00:00
dependabot[bot] 90fe789d91 Bump @typescript-eslint/parser from 6.8.0 to 6.9.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.8.0 to 6.9.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:45 +00:00
dependabot[bot] 5cbf74f675 Bump @actions/core from 1.10.0 to 1.10.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.10.0 to 1.10.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:17:31 +00:00
Federico Builes 11e0dead9a Merge pull request #598 from actions/dependabot/npm_and_yarn/packageurl-js-1.2.0
Bump packageurl-js from 1.0.2 to 1.2.0
2023-10-30 09:43:41 +01:00
Federico Builes 3c1cb72dcd updating dist 2023-10-30 09:31:26 +01:00
Federico Builes 570a2b5dcd Merge pull request #597 from actions/dependabot/npm_and_yarn/eslint-8.52.0
Bump eslint from 8.51.0 to 8.52.0
2023-10-30 09:28:21 +01:00
Federico Builes a7e01b8d9c Merge pull request #599 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.9.0
Bump @typescript-eslint/eslint-plugin from 6.8.0 to 6.9.0
2023-10-30 09:28:05 +01:00
dependabot[bot] 168567cd17 Bump eslint from 8.51.0 to 8.52.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.51.0 to 8.52.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.51.0...v8.52.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 08:25:08 +00:00
dependabot[bot] 1d86ff759b Bump @typescript-eslint/eslint-plugin from 6.8.0 to 6.9.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.9.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 08:25:07 +00:00
Federico Builes 0631089c32 Merge pull request #596 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.6.0
Bump eslint-plugin-jest from 27.4.2 to 27.6.0
2023-10-30 09:24:44 +01:00
Federico Builes 0b8ffde994 Merge pull request #600 from actions/dependabot/npm_and_yarn/types/spdx-satisfies-0.1.1
Bump @types/spdx-satisfies from 0.1.0 to 0.1.1
2023-10-30 09:23:36 +01:00
Federico Builes 68d57cd360 Merge pull request #601 from actions/dependabot/github_actions/actions/setup-node-4
Bump actions/setup-node from 3 to 4
2023-10-30 09:22:44 +01:00
dependabot[bot] 7314a0c1f5 Bump actions/setup-node from 3 to 4
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:40:15 +00:00
dependabot[bot] cfeea91bf4 Bump @types/spdx-satisfies from 0.1.0 to 0.1.1
Bumps [@types/spdx-satisfies](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-satisfies) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-satisfies)

---
updated-dependencies:
- dependency-name: "@types/spdx-satisfies"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:08:35 +00:00
dependabot[bot] c8515ab391 Bump packageurl-js from 1.0.2 to 1.2.0
Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 1.0.2 to 1.2.0.
- [Changelog](https://github.com/package-url/packageurl-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/package-url/packageurl-js/compare/v1.0.2...v1.2.0)

---
updated-dependencies:
- dependency-name: packageurl-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:07:56 +00:00
dependabot[bot] cff52fd316 Bump eslint-plugin-jest from 27.4.2 to 27.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.4.2 to 27.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-30 01:07:31 +00:00
Federico Builes e65eb02ccf Merge pull request #591 from actions/dependabot/npm_and_yarn/typescript-5.2.2
Bump typescript from 4.9.5 to 5.2.2
2023-10-23 12:27:41 +02:00
Federico Builes 88953c2b16 updating dist 2023-10-23 12:26:03 +02:00
Federico Builes d97416955e Merge pull request #594 from actions/dependabot/npm_and_yarn/babel/traverse-7.23.2
Bump @babel/traverse from 7.23.0 to 7.23.2
2023-10-23 06:57:28 +02:00
dependabot[bot] 523c9a28aa Bump @babel/traverse from 7.23.0 to 7.23.2
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.23.0 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 04:56:30 +00:00
dependabot[bot] f85d4d5bc2 Bump typescript from 4.9.5 to 5.2.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.5 to 5.2.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.5...v5.2.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:19:39 +00:00
Federico Builes 89ff65dbf7 Merge pull request #589 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.10.1
Bump eslint-plugin-github from 4.9.2 to 4.10.1
2023-10-23 05:18:52 +02:00
Federico Builes c3c32181a9 Merge pull request #592 from actions/dependabot/npm_and_yarn/types/spdx-expression-parse-3.0.4
Bump @types/spdx-expression-parse from 3.0.3 to 3.0.4
2023-10-23 05:18:42 +02:00
Federico Builes ead6e4616f Merge pull request #593 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.8.0
Bump @typescript-eslint/parser from 6.7.3 to 6.8.0
2023-10-23 05:18:25 +02:00
dependabot[bot] a265e18106 Bump @types/spdx-expression-parse from 3.0.3 to 3.0.4
Bumps [@types/spdx-expression-parse](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-expression-parse) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-expression-parse)

---
updated-dependencies:
- dependency-name: "@types/spdx-expression-parse"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:13:32 +00:00
dependabot[bot] a8759965d7 Bump @typescript-eslint/parser from 6.7.3 to 6.8.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.7.3 to 6.8.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 03:13:20 +00:00
Federico Builes 954314c2b1 Merge pull request #590 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.8.0
Bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.8.0
2023-10-23 05:11:58 +02:00
dependabot[bot] 5b62f3bc06 Bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.8.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.7.5 to 6.8.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 01:57:41 +00:00
dependabot[bot] fddf4c3474 Bump eslint-plugin-github from 4.9.2 to 4.10.1
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.9.2 to 4.10.1.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.9.2...v4.10.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 01:57:14 +00:00
Federico Builes 04e56a4409 Merge pull request #586 from actions/dependabot/npm_and_yarn/yaml-2.3.3
Bump yaml from 2.3.2 to 2.3.3
2023-10-16 05:39:42 +02:00
Federico Builes af51c4b700 adding dist 2023-10-16 03:44:04 +02:00
dependabot[bot] bd3b04e194 Bump yaml from 2.3.2 to 2.3.3
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:43:15 +00:00
Federico Builes 382d2873a9 Merge pull request #585 from actions/dependabot/npm_and_yarn/types/spdx-expression-parse-3.0.3
Bump @types/spdx-expression-parse from 3.0.2 to 3.0.3
2023-10-16 03:42:54 +02:00
dependabot[bot] 500120a761 Bump @types/spdx-expression-parse from 3.0.2 to 3.0.3
Bumps [@types/spdx-expression-parse](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/spdx-expression-parse) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/spdx-expression-parse)

---
updated-dependencies:
- dependency-name: "@types/spdx-expression-parse"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:41:27 +00:00
Federico Builes 212ded88b2 Merge pull request #584 from actions/dependabot/npm_and_yarn/eslint-plugin-prettier-5.0.1
Bump eslint-plugin-prettier from 5.0.0 to 5.0.1
2023-10-16 03:41:10 +02:00
Federico Builes 7ec89343e1 Merge pull request #587 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.7.5
Bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.5
2023-10-16 03:40:22 +02:00
Federico Builes 536cc3d4b6 Merge pull request #588 from actions/dependabot/npm_and_yarn/types/node-16.18.58
Bump @types/node from 16.18.54 to 16.18.58
2023-10-16 03:40:11 +02:00
dependabot[bot] 2bc52c6348 Bump @types/node from 16.18.54 to 16.18.58
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.54 to 16.18.58.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:17:28 +00:00
dependabot[bot] fe9d8a52c4 Bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.7.2 to 6.7.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:17:14 +00:00
dependabot[bot] bd251cc9eb Bump eslint-plugin-prettier from 5.0.0 to 5.0.1
Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-16 01:16:34 +00:00
Federico Builes 7e65a9bb48 Merge branch 'update-octokit' 2023-10-09 13:39:21 +02:00
Federico Builes b91ea51364 updating dist. 2023-10-09 13:34:29 +02:00
Federico Builes 76b050a607 Use octokit-rest for the PR comments client. 2023-10-09 13:34:14 +02:00
Federico Builes e6d6badddb Update jest. 2023-10-09 13:33:55 +02:00
Federico Builes f7363549ac use octokit plugins 2023-10-09 13:20:24 +02:00
Federico Builes f71a906c2e Update plugins. 2023-10-09 13:17:54 +02:00
Federico Builes 03ace23f96 Update Node JS version. 2023-10-09 12:36:16 +02:00
Federico Builes 0564d6f4de adding dist 2023-10-09 11:41:16 +02:00
dependabot[bot] cd09f857a3 Bump octokit from 2.1.0 to 3.1.1
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.1.0 to 3.1.1.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 09:38:02 +00:00
Federico Builes 69a61b613b updating dist 2023-10-09 11:36:34 +02:00
Federico Builes 53eb1ebcf5 Merge branch 'update-request-errors' 2023-10-09 11:36:00 +02:00
Federico Builes 8dc52cdbed update tests 2023-10-09 11:23:53 +02:00
Federico Builes e8634671a4 Merge pull request #583 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.4.2
Bump eslint-plugin-jest from 27.2.3 to 27.4.2
2023-10-09 10:25:41 +02:00
Federico Builes 69ecf4db79 Merge pull request #582 from actions/dependabot/npm_and_yarn/eslint-8.51.0
Bump eslint from 8.48.0 to 8.51.0
2023-10-09 10:25:28 +02:00
dependabot[bot] 70835908ea Bump eslint-plugin-jest from 27.2.3 to 27.4.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.2.3 to 27.4.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.2.3...v27.4.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 01:37:39 +00:00
dependabot[bot] f704f55fa1 Bump eslint from 8.48.0 to 8.51.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.48.0 to 8.51.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.48.0...v8.51.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-09 01:37:24 +00:00
Federico Builes e51d18ae1e updating dist 2023-10-05 17:15:27 +02:00
Federico Builes 62f26a66d6 bumping zod 2023-10-05 17:14:25 +02:00
Federico Builes 2f836bbce6 Merge pull request #580 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.7.3
Bump @typescript-eslint/parser from 6.6.0 to 6.7.3
2023-10-01 21:21:28 -05:00
dependabot[bot] 75dbba1acf Bump @typescript-eslint/parser from 6.6.0 to 6.7.3
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.6.0 to 6.7.3.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.3/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 02:15:09 +00:00
Federico Builes 8325453339 Merge pull request #579 from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.0
Bump @vercel/ncc from 0.36.1 to 0.38.0
2023-10-01 21:13:34 -05:00
dependabot[bot] 353956d50d Bump @vercel/ncc from 0.36.1 to 0.38.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.36.1 to 0.38.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.36.1...0.38.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-10-02 01:59:34 +00:00
Federico Builes 4e41165d4b Merge pull request #577 from jsoref/modernize-versions
Modernize versions
2023-09-27 13:46:13 -05:00
Josh Soref cf3393ef0a Drop references to v2 from README
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-09-27 12:53:32 -04:00
Josh Soref 8213a1db10 Use checkout@v4
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-09-27 12:53:32 -04:00
Federico Builes 64a6d1a0b8 Merge pull request #571 from actions/dependabot/npm_and_yarn/types/node-16.18.54
Bump @types/node from 16.18.48 to 16.18.54
2023-09-26 12:24:33 -05:00
Federico Builes 364de25b16 Merge pull request #573 from actions/dependabot/npm_and_yarn/prettier-3.0.3
Bump prettier from 3.0.2 to 3.0.3
2023-09-26 12:24:18 -05:00
dependabot[bot] ad34390f92 Bump @octokit/request-error from 2.1.0 to 5.0.1
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 5.0.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v5.0.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:31:40 +00:00
dependabot[bot] 1f5e4f1cd9 Bump prettier from 3.0.2 to 3.0.3
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:30:59 +00:00
dependabot[bot] fcb0293419 Bump @types/node from 16.18.48 to 16.18.54
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.48 to 16.18.54.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-25 01:30:38 +00:00
Federico Builes 6c530dbedd Merge pull request #570 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.7.2
Bump @typescript-eslint/eslint-plugin from 6.4.0 to 6.7.2
2023-09-18 14:42:50 -05:00
dependabot[bot] e5c6ae035a Bump @typescript-eslint/eslint-plugin from 6.4.0 to 6.7.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.4.0 to 6.7.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-18 19:41:12 +00:00
Federico Builes 9c66f1b1b1 Merge pull request #569 from actions/dependabot/npm_and_yarn/esbuild-register-3.5.0
Bump esbuild-register from 3.4.2 to 3.5.0
2023-09-18 14:39:13 -05:00
dependabot[bot] 9add2f12fa Bump esbuild-register from 3.4.2 to 3.5.0
Bumps esbuild-register from 3.4.2 to 3.5.0.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-18 01:47:43 +00:00
Federico Builes 079b962af9 Merge pull request #564 from actions/dependabot/npm_and_yarn/zod-3.22.2
Bump zod from 3.21.4 to 3.22.2
2023-09-11 07:17:25 -05:00
Federico Builes e6b5e83d4e adding dist 2023-09-11 07:16:56 -05:00
Federico Builes 3c40a50e4b Merge pull request #565 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.6.0
Bump @typescript-eslint/parser from 6.2.1 to 6.6.0
2023-09-11 07:13:54 -05:00
Federico Builes 886d1fcf5f Merge pull request #563 from actions/dependabot/github_actions/actions/checkout-4
Bump actions/checkout from 3 to 4
2023-09-11 07:13:45 -05:00
dependabot[bot] 615671754c Bump @typescript-eslint/parser from 6.2.1 to 6.6.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.2.1 to 6.6.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.6.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:42:06 +00:00
dependabot[bot] cd1bb8895d Bump zod from 3.21.4 to 3.22.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.21.4 to 3.22.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.21.4...v3.22.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:41:45 +00:00
dependabot[bot] 7095391667 Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-11 01:14:30 +00:00
Justin Holguín 6c5ccdad46 Merge pull request #562 from actions/juxtin/v3.0.9
Update version to 3.1.0
2023-09-07 14:46:08 -07:00
Federico Builes 51da82b3f5 updating package-lock.json 2023-09-07 16:44:36 -05:00
Justin Holguín ca13810d94 Update version to 3.1.0 2023-09-07 21:42:29 +00:00
Justin Holguín 8447b31d38 Merge pull request #561 from actions/juxtin/dr-snaps-readme
Add new Dr Snaps config options to readme
2023-09-07 14:19:42 -07:00
Justin Holguín 85df23de2c Update readme with new parameters 2023-09-07 21:17:45 +00:00
Justin Holguín 5da6fdbdf9 Clean up markdown formatting 2023-09-07 21:11:56 +00:00
Justin Holguín 92837b0ca8 Merge pull request #560 from actions/juxtin/improve-warnings
Improve display of snapshot warnings
2023-09-07 14:09:36 -07:00
Justin Holguín 35a52fd146 Minor tweaks to snapshot warnings 2023-09-07 18:00:57 +00:00
Justin Holguín bed9726f78 Make snapshot warning messages clearer and more actionable 2023-09-07 17:54:42 +00:00
Justin Holguín e4d20ce9ad Merge pull request #556 from actions/juxtin/dr-snaps-pre-launch
Dr Snaps launch PR
2023-09-07 10:18:47 -07:00
Justin Holguín bb0ca79fcd Update action.yml to show retry default 2023-09-07 17:08:20 +00:00
Justin Holguín 07f52ce621 Add example with retry-on-snapshot-warnings to docs 2023-09-07 17:07:50 +00:00
Justin Holguín c7e8727af4 Update action.yml
Co-authored-by: Federico Builes <febuiles@github.com>
2023-09-07 09:50:44 -07:00
Federico Builes 5e4b90e080 add dist 2023-09-07 09:06:46 -05:00
Federico Builes 7d0e0f61e8 Update src/dependency-graph.ts
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-09-07 07:08:21 -05:00
Justin Holguín ffaf251c92 update dist 2023-09-06 20:38:47 +00:00
Justin Holguín 726ffc8aa8 Merge remote-tracking branch 'origin/main' into juxtin/dr-snaps-pre-launch 2023-09-06 20:26:55 +00:00
Justin Holguín fcef41f1e0 Add docs link to snapshot warnings 2023-09-06 19:07:18 +00:00
Justin Holguín e81e6e582f Default retry-on-snapshot-warnings to false
Keeping this true by default means wasting actions minutes for
the vast majority of DR users
2023-09-06 18:04:16 +00:00
Federico Builes 511675e747 Merge pull request #558 from actions/dependabot/npm_and_yarn/types/node-16.18.48
Bump @types/node from 16.18.41 to 16.18.48
2023-09-05 16:15:52 -04:00
Federico Builes dcdbff2f84 Merge pull request #557 from actions/dependabot/npm_and_yarn/yaml-2.3.2
Bump yaml from 2.3.1 to 2.3.2
2023-09-05 11:55:49 -04:00
Federico Builes 29513b58ad updating dist 2023-09-05 08:28:43 -05:00
dependabot[bot] 347cb43687 Bump @types/node from 16.18.41 to 16.18.48
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.41 to 16.18.48.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 01:44:52 +00:00
dependabot[bot] dfe37bb356 Bump yaml from 2.3.1 to 2.3.2
Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.1...v2.3.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-04 01:44:44 +00:00
Justin Holguín ada103783f Merge remote-tracking branch 'origin/retry-on-snapshot-warnings' into juxtin/dr-snaps-pre-launch 2023-08-31 16:31:44 +00:00
Justin Holguín abc80cf6a0 Merge branch 'juxtin/snapshot-warnings' into juxtin/dr-snaps-pre-launch 2023-08-31 16:06:14 +00:00
Federico Builes 15e91a3980 Merge pull request #554 from actions/dependabot/npm_and_yarn/eslint-8.48.0
Bump eslint from 8.47.0 to 8.48.0
2023-08-28 08:52:43 -05:00
Federico Builes c7d2795410 Merge pull request #553 from actions/dependabot/npm_and_yarn/prettier-3.0.2
Bump prettier from 3.0.1 to 3.0.2
2023-08-28 08:52:32 -05:00
dependabot[bot] eb07c6d763 Bump eslint from 8.47.0 to 8.48.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.47.0 to 8.48.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.47.0...v8.48.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 01:52:04 +00:00
dependabot[bot] 4d8fe1e464 Bump prettier from 3.0.1 to 3.0.2
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.1...3.0.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 01:51:43 +00:00
Justin Holguín ee86529290 Show all non-empty snapshot warnings 2023-08-23 18:45:35 +00:00
Federico Builes c17dea4c51 Merge pull request #549 from actions/dependabot/npm_and_yarn/types/node-16.18.41
Bump @types/node from 16.18.39 to 16.18.41
2023-08-23 15:16:07 +02:00
Federico Builes 727ca667a3 Merge pull request #550 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.4.0
Bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.0
2023-08-23 15:15:56 +02:00
Federico Builes 84cd472b61 Merge pull request #551 from oerd/update-inputs-documentation-and-links
Fix(docs): Correct action input name
2023-08-22 17:02:07 +02:00
Oerd Cukalla 366fffb717 Fix(docs): Correct article use. 2023-08-22 00:28:34 +02:00
Oerd Cukalla 62a1d2d370 Fix(docs): Correct action input name
Change input name used for passing the personal access token to
`external-repo-token`.
2023-08-22 00:20:26 +02:00
dependabot[bot] 42c2f7100f Bump @typescript-eslint/eslint-plugin from 6.3.0 to 6.4.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.4.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-21 01:04:16 +00:00
dependabot[bot] 608049acca Bump @types/node from 16.18.39 to 16.18.41
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.39 to 16.18.41.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-21 01:03:36 +00:00
Federico Builes 32037a1d97 bumping to 3.0.8 2023-08-15 10:11:44 +02:00
Federico Builes f6fff72a32 Merge pull request #540 from sgmurphy/comment-on-failure
Add `on-failure` option to `comment-summary-in-pr` setting
2023-08-15 10:08:44 +02:00
Federico Builes 61ee12c097 Merge pull request #548 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.3.0
Bump @typescript-eslint/eslint-plugin from 6.2.0 to 6.3.0
2023-08-14 06:39:45 +02:00
Federico Builes 7d5babfc38 Merge pull request #547 from actions/dependabot/npm_and_yarn/eslint-8.47.0
Bump eslint from 8.46.0 to 8.47.0
2023-08-14 06:39:28 +02:00
dependabot[bot] ddb1b9361c Bump @typescript-eslint/eslint-plugin from 6.2.0 to 6.3.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.3.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-14 01:26:56 +00:00
dependabot[bot] 7c3177d3c2 Bump eslint from 8.46.0 to 8.47.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.46.0 to 8.47.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.46.0...v8.47.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-14 01:26:22 +00:00
Sean Murphy 31afeba06d Add unit tests 2023-08-09 21:10:48 -04:00
Sean Murphy 7ef37f3853 Merge branch 'main' into comment-on-failure 2023-08-09 17:31:16 -04:00
Sean Murphy 2e59943778 Parse boolean to enum 2023-08-09 15:57:03 -04:00
Federico Builes 7d90b4f05f bumping to 3.0.7 2023-08-09 15:27:02 +02:00
Federico Builes 02aa4b66a7 Merge pull request #544 from adrienpessu/main
Add an option to deny packages or groups of packages
2023-08-09 15:25:21 +02:00
Federico Builes fe2a482baf Apply suggestions from code review 2023-08-09 15:24:26 +02:00
Adrien Pessu ce14e1f894 improve example 2023-08-08 17:21:30 +02:00
Adrien Pessu eacc0328b1 improve example 2023-08-08 17:10:23 +02:00
Adrien Pessu 98aae180cb debug 2023-08-08 16:56:01 +02:00
Adrien Pessu c280c303e6 debug 2023-08-08 16:51:40 +02:00
Adrien Pessu 1db9156f85 change from name of the package to the package url to avoid conflict between 2 dependencies with the same name but for different ecosystems 2023-08-08 16:34:23 +02:00
Adrien Pessu c462e2e50e add example 2023-08-08 10:12:55 +02:00
Adrien Pessu 0796abb9cf add changes on js.map file 2023-08-07 17:17:27 +02:00
Adrien Pessu eab07548a7 Merge remote-tracking branch 'upstream/main' 2023-08-07 14:25:57 +02:00
Adrien Pessu 00f1f5b642 add tests and docs 2023-08-07 14:07:46 +02:00
Adrien Pessu 6862f6f65f add groups 2023-08-07 14:07:26 +02:00
Adrien Pessu 2f38ecd3fd add deny_list as paramter 2023-08-07 14:07:26 +02:00
Adrien Pessu 309d082d5f initial commit 2023-08-07 14:07:26 +02:00
Federico Builes 0e6dece6c7 update more dependencies 2023-08-07 14:07:26 +02:00
dependabot[bot] 942409c937 Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.1 to 6.2.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 14:07:26 +02:00
Federico Builes 6af66592ad dependbot updates 2023-08-07 14:07:26 +02:00
dependabot[bot] d5a7e34e39 Bump prettier from 2.8.8 to 3.0.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 14:07:25 +02:00
Federico Builes 328a08ea42 Merge pull request #541 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.2.1
Bump @typescript-eslint/parser from 6.2.0 to 6.2.1
2023-08-07 10:20:46 +02:00
Federico Builes 3f88e84ced Merge pull request #542 from actions/dependabot/npm_and_yarn/prettier-3.0.1
Bump prettier from 3.0.0 to 3.0.1
2023-08-07 10:07:55 +02:00
dependabot[bot] 4463280ae5 Bump prettier from 3.0.0 to 3.0.1
Bumps [prettier](https://github.com/prettier/prettier) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.0...3.0.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 01:49:54 +00:00
dependabot[bot] ae11b24682 Bump @typescript-eslint/parser from 6.2.0 to 6.2.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-07 01:49:41 +00:00
Sean Murphy 902e86c6f5 Add on-failure option to comment-summary-in-pr setting 2023-08-04 22:37:51 -04:00
Federico Builes 1e70f06e66 Merge pull request #537 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-6.2.0
Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
2023-07-31 18:03:04 +02:00
Federico Builes 0ea885e7c5 update more dependencies 2023-07-31 18:01:31 +02:00
dependabot[bot] 498c8717d3 Bump @typescript-eslint/eslint-plugin from 5.60.1 to 6.2.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.1 to 6.2.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 06:42:19 +00:00
Federico Builes fc8a06c798 Merge pull request #526 from actions/dependabot/npm_and_yarn/prettier-3.0.0
Bump prettier from 2.8.8 to 3.0.0
2023-07-31 08:40:45 +02:00
Federico Builes 8c593e9822 dependbot updates 2023-07-31 08:39:38 +02:00
Federico Builes 98d4fd7247 Merge pull request #534 from rajbos/main
Make GHES support / setup more clear
2023-07-19 16:27:05 +02:00
Federico Builes 0a68c5dfa6 Update README.md 2023-07-19 16:26:44 +02:00
Federico Builes f015f96b55 Update README.md 2023-07-19 16:26:39 +02:00
Rob Bos 3290c85b0f Make GHES support more clear 2023-07-19 13:05:42 +02:00
dependabot[bot] 6b0d5029d1 Bump prettier from 2.8.8 to 3.0.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 01:39:16 +00:00
cnagadya 090b9fe2a1 Merge pull request #524 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.60.1
Bump @typescript-eslint/eslint-plugin from 5.60.0 to 5.60.1
2023-07-03 10:32:12 +02:00
dependabot[bot] c5e57016d8 Bump @typescript-eslint/eslint-plugin from 5.60.0 to 5.60.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.60.0 to 5.60.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 08:18:28 +00:00
cnagadya 8cf6fcb693 Merge pull request #523 from actions/dependabot/npm_and_yarn/eslint-8.44.0
Bump eslint from 8.43.0 to 8.44.0
2023-07-03 10:17:48 +02:00
cnagadya 9bf5053b8a Merge pull request #522 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.60.1
Bump @typescript-eslint/parser from 5.60.0 to 5.60.1
2023-07-03 10:17:36 +02:00
cnagadya a213934318 Merge pull request #521 from actions/dependabot/npm_and_yarn/types/node-16.18.38
Bump @types/node from 16.18.36 to 16.18.38
2023-07-03 10:17:27 +02:00
dependabot[bot] e301b1bd30 Bump eslint from 8.43.0 to 8.44.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.43.0 to 8.44.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.43.0...v8.44.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:29:06 +00:00
dependabot[bot] c730d72f23 Bump @typescript-eslint/parser from 5.60.0 to 5.60.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.60.0 to 5.60.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:28:46 +00:00
dependabot[bot] a65c766d12 Bump @types/node from 16.18.36 to 16.18.38
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.36 to 16.18.38.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-03 01:28:23 +00:00
Federico Builes 7599c4bc8e Merge pull request #519 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.4
Bump @octokit/plugin-retry from 5.0.2 to 5.0.4
2023-06-26 15:38:01 +02:00
Federico Builes 0f4e96f7e8 adding build files 2023-06-26 15:36:01 +02:00
dependabot[bot] a234018432 Bump @octokit/plugin-retry from 5.0.2 to 5.0.4
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 5.0.2 to 5.0.4.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v5.0.2...v5.0.4)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 13:29:15 +00:00
Federico Builes 328eb79003 Merge pull request #518 from actions/dependabot/npm_and_yarn/octokit-2.1.0
Bump octokit from 2.0.19 to 2.1.0
2023-06-26 15:28:32 +02:00
Federico Builes 5bb28e508e npm i 2023-06-26 15:26:17 +02:00
Federico Builes 11a4a75728 Merge pull request #516 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.60.0
Bump @typescript-eslint/eslint-plugin from 5.59.11 to 5.60.0
2023-06-26 07:10:03 +02:00
dependabot[bot] c5ac6e1eba Bump @typescript-eslint/eslint-plugin from 5.59.11 to 5.60.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.11 to 5.60.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 05:08:33 +00:00
Federico Builes a3753ba2c6 Merge pull request #520 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.2.2
Bump eslint-plugin-jest from 27.2.1 to 27.2.2
2023-06-26 07:03:16 +02:00
Federico Builes ec3136c4ba Merge pull request #517 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.60.0
Bump @typescript-eslint/parser from 5.59.11 to 5.60.0
2023-06-26 07:03:01 +02:00
dependabot[bot] 38b79e2fbe Bump eslint-plugin-jest from 27.2.1 to 27.2.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.2.1 to 27.2.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.2.1...v27.2.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:30:13 +00:00
dependabot[bot] 01a70a14e2 Bump octokit from 2.0.19 to 2.1.0
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.19 to 2.1.0.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.19...v2.1.0)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:29:16 +00:00
dependabot[bot] d32ada785e Bump @typescript-eslint/parser from 5.59.11 to 5.60.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.11 to 5.60.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.60.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-26 01:28:47 +00:00
Federico Builes c61b0a3941 Merge pull request #510 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.11
Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.59.11
2023-06-19 07:54:57 +02:00
Federico Builes 38c1dbdffa Merge branch 'main' into dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.11 2023-06-19 07:00:21 +02:00
Federico Builes 84fe280943 Merge pull request #512 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.11
Bump @typescript-eslint/parser from 5.59.9 to 5.59.11
2023-06-19 06:58:36 +02:00
Federico Builes cf65a75df3 Merge pull request #511 from actions/dependabot/npm_and_yarn/eslint-8.43.0
Bump eslint from 8.41.0 to 8.43.0
2023-06-19 06:58:17 +02:00
dependabot[bot] 3d532eeb2e Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.59.11
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.9 to 5.59.11.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.11/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:17 +00:00
dependabot[bot] 2a14180549 Bump @typescript-eslint/parser from 5.59.9 to 5.59.11
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.9 to 5.59.11.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.11/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:17 +00:00
dependabot[bot] 3958f9d2c8 Bump eslint from 8.41.0 to 8.43.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.41.0 to 8.43.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.41.0...v8.43.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 04:52:12 +00:00
Federico Builes d561324ef9 Merge pull request #509 from actions/dependabot/npm_and_yarn/types/node-16.18.36
Bump @types/node from 16.18.35 to 16.18.36
2023-06-19 06:51:36 +02:00
dependabot[bot] 5c03808159 Bump @types/node from 16.18.35 to 16.18.36
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.35 to 16.18.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-19 01:58:19 +00:00
Henri Maurer d3fa764646 fix 2023-06-14 10:38:45 +01:00
Henri Maurer 1856a6de19 fix 2023-06-14 10:26:22 +01:00
Henri Maurer 5573b58443 better logging 2023-06-14 10:24:40 +01:00
Henri Maurer c3c3c2e746 fix retry until 2023-06-14 10:12:19 +01:00
Federico Builes 9617594ce4 Merge pull request #506 from actions/dependabot/npm_and_yarn/octokit-2.0.19
update octokit, regenerate dist
2023-06-12 07:29:57 +02:00
Federico Builes c10600ad00 update octokit, regenerate dist 2023-06-12 07:28:23 +02:00
Federico Builes 86477f1ea0 Merge pull request #504 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.9
Bump @typescript-eslint/eslint-plugin from 5.59.8 to 5.59.9
2023-06-12 07:19:03 +02:00
Federico Builes b6ef88155e Merge pull request #505 from actions/dependabot/npm_and_yarn/types/node-16.18.35
Bump @types/node from 16.18.34 to 16.18.35
2023-06-12 07:18:49 +02:00
Federico Builes 1c01b75438 Merge pull request #503 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.2
Bump @octokit/plugin-retry from 5.0.0 to 5.0.2
2023-06-12 07:18:36 +02:00
dependabot[bot] 1590d3f795 Bump @typescript-eslint/eslint-plugin from 5.59.8 to 5.59.9
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.8 to 5.59.9.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.9/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 05:17:03 +00:00
Federico Builes 90de8e47b4 adding dist 2023-06-12 07:16:52 +02:00
Federico Builes 6d3699baca Merge pull request #502 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.9
Bump @typescript-eslint/parser from 5.59.8 to 5.59.9
2023-06-12 07:15:59 +02:00
dependabot[bot] 87e767d41f Bump @types/node from 16.18.34 to 16.18.35
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.34 to 16.18.35.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:59:53 +00:00
dependabot[bot] 554d5fa52b Bump @octokit/plugin-retry from 5.0.0 to 5.0.2
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 5.0.0 to 5.0.2.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v5.0.0...v5.0.2)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:59:03 +00:00
dependabot[bot] 983fa12c36 Bump @typescript-eslint/parser from 5.59.8 to 5.59.9
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.8 to 5.59.9.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.9/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-12 01:58:41 +00:00
Henri Maurer f6f94a23a4 fix 2023-06-09 10:44:43 +01:00
Henri Maurer 50954e6a9a fix 2023-06-09 10:30:56 +01:00
Henri Maurer 66b6f67835 Add configs 2023-06-09 10:26:24 +01:00
Henri Maurer 1644401f8d rewrite retry logic 2023-06-08 18:11:13 +01:00
Henri Maurer 1a326fc7fa proceed even if warnings 2023-06-08 17:04:40 +01:00
Henri Maurer a82096e68a fix 2023-06-07 16:51:53 +01:00
Henri Maurer 90d3a94eb7 fix 2023-06-07 16:48:32 +01:00
Henri Maurer 9dde5949a8 retry every 10s 2023-06-07 16:39:16 +01:00
Henri Maurer cff142b535 includes_dependency_snapshots 2023-06-07 14:04:29 +01:00
Henri Maurer a4c5ac881a disable caching 2023-06-07 10:10:21 +01:00
Henri Maurer d35955ebf6 Prototype re-try on snapshot warnings 2023-06-06 16:44:27 +01:00
Federico Builes 0342e75832 Merge pull request #500 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-5.0.0
Bump @octokit/plugin-retry from 4.1.3 to 5.0.0
2023-06-05 07:14:34 +02:00
Federico Builes 3daf1c6551 Updating dist 2023-06-05 07:13:53 +02:00
Federico Builes 16cbdf9d97 Merge pull request #498 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.8.0
Bump eslint-plugin-github from 4.7.0 to 4.8.0
2023-06-05 07:09:55 +02:00
Federico Builes 59a0ce5dc2 Merge pull request #497 from actions/dependabot/npm_and_yarn/got-13.0.0
Bump got from 12.6.0 to 13.0.0
2023-06-05 07:08:54 +02:00
dependabot[bot] 6cc98d3032 Bump @octokit/plugin-retry from 4.1.3 to 5.0.0
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.1.3 to 5.0.0.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.1.3...v5.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:59:54 +00:00
dependabot[bot] 617fd3907e Bump eslint-plugin-github from 4.7.0 to 4.8.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.7.0 to 4.8.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.7.0...v4.8.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:59:21 +00:00
dependabot[bot] 537fc8f28d Bump got from 12.6.0 to 13.0.0
Bumps [got](https://github.com/sindresorhus/got) from 12.6.0 to 13.0.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.6.0...v13.0.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-05 01:58:58 +00:00
Federico Builes 1360a344cc Merge pull request #494 from actions/fix-purl-bug
Empty PURLs should not block the action from running
2023-05-31 17:11:07 +02:00
Federico Builes 123b58703a bumping to 3.0.6 2023-05-31 17:10:00 +02:00
Federico Builes cd559bc984 adding dist 2023-05-31 17:09:53 +02:00
Federico Builes 70f8094bec adding a test for empty PURLs 2023-05-31 16:24:19 +02:00
Federico Builes 0b306aef97 Don't try to create PURLs from empty strings. 2023-05-31 16:14:02 +02:00
Federico Builes 554aaf5c3d Merge pull request #423 from theztefan/allow-list-dependencies
Exclude dependencies from license checks
2023-05-31 14:24:05 +02:00
Federico Builes c6e94c1336 External config files should use underscores, not dashes 2023-05-31 14:21:57 +02:00
Stefan Petrushevski 88d6af3d4a latest build 2023-05-31 12:54:16 +02:00
Stefan Petrushevski f1c8401a59 resolve merge conflicts 2023-05-30 18:04:26 +02:00
Stefan Petrushevski ef8ebf0eef rebuild 2023-05-30 17:33:40 +02:00
Federico Builes 1f7c838fcb Merge pull request #492 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.8
Bump @typescript-eslint/eslint-plugin from 5.59.6 to 5.59.8
2023-05-30 08:10:28 +02:00
dependabot[bot] 1ee07d8652 Bump @typescript-eslint/eslint-plugin from 5.59.6 to 5.59.8
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.6 to 5.59.8.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.8/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-30 05:32:06 +00:00
Federico Builes 861f696c44 Merge pull request #491 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.8
Bump @typescript-eslint/parser from 5.59.7 to 5.59.8
2023-05-30 07:31:16 +02:00
dependabot[bot] ce9db3928f Bump @typescript-eslint/parser from 5.59.7 to 5.59.8
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.7 to 5.59.8.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.8/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-30 05:25:32 +00:00
Federico Builes 854aa8a142 Merge pull request #485 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.7
Bump @typescript-eslint/parser from 5.59.6 to 5.59.7
2023-05-30 07:24:55 +02:00
Federico Builes 9fbf14f620 Merge pull request #484 from actions/dependabot/npm_and_yarn/types/node-16.18.34
Bump @types/node from 16.18.32 to 16.18.34
2023-05-30 07:24:43 +02:00
Federico Builes 64222d2efe Merge pull request #483 from actions/dependabot/npm_and_yarn/yaml-2.3.1
Bump yaml from 2.2.2 to 2.3.1
2023-05-30 07:24:34 +02:00
Federico Builes f2a3e1af33 updating dist 2023-05-30 07:23:40 +02:00
dependabot[bot] e3de7a00a8 Bump @typescript-eslint/parser from 5.59.6 to 5.59.7
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.6 to 5.59.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.7/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-29 02:01:45 +00:00
dependabot[bot] 627344199b Bump @types/node from 16.18.32 to 16.18.34
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.32 to 16.18.34.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-29 02:01:13 +00:00
dependabot[bot] 2406ed1539 Bump yaml from 2.2.2 to 2.3.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.2 to 2.3.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.2.2...v2.3.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-29 02:00:41 +00:00
Stefan 20f1bbadfc Update README.md
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-05-26 20:20:06 +02:00
Stefan 32e5b32ec4 Update docs/examples.md
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-05-26 20:19:52 +02:00
Federico Builes 4ee0db82cc Merge pull request #480 from actions/dependabot/npm_and_yarn/octokit-2.0.16
Bump octokit from 2.0.14 to 2.0.16
2023-05-22 07:35:59 +02:00
Federico Builes f303e9cd65 adding dist 2023-05-22 07:31:33 +02:00
Federico Builes fa8ddf1781 Merge pull request #482 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.6
Bump @typescript-eslint/parser from 5.59.2 to 5.59.6
2023-05-22 07:26:50 +02:00
dependabot[bot] 70422dcfbd Bump @typescript-eslint/parser from 5.59.2 to 5.59.6
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.2 to 5.59.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.6/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 05:25:44 +00:00
Federico Builes fe724aebb5 Merge pull request #481 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.6
Bump @typescript-eslint/eslint-plugin from 5.59.2 to 5.59.6
2023-05-22 07:25:14 +02:00
Federico Builes 6ab307aa49 Merge pull request #479 from actions/dependabot/npm_and_yarn/types/node-16.18.32
Bump @types/node from 16.18.26 to 16.18.32
2023-05-22 07:24:49 +02:00
Federico Builes 7b02d77054 Merge pull request #478 from actions/dependabot/npm_and_yarn/eslint-8.41.0
Bump eslint from 8.40.0 to 8.41.0
2023-05-22 07:24:40 +02:00
dependabot[bot] 98717099a1 Bump @typescript-eslint/eslint-plugin from 5.59.2 to 5.59.6
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.2 to 5.59.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.6/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 02:02:05 +00:00
dependabot[bot] b582a7ae96 Bump octokit from 2.0.14 to 2.0.16
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.14 to 2.0.16.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.14...v2.0.16)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 02:01:13 +00:00
dependabot[bot] 894a896fb1 Bump @types/node from 16.18.26 to 16.18.32
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.26 to 16.18.32.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 01:59:51 +00:00
dependabot[bot] eb565747bb Bump eslint from 8.40.0 to 8.41.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.40.0 to 8.41.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.40.0...v8.41.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 01:59:24 +00:00
Stefan Petrushevski 7b5fa84cfc added tests; docs and cleanup 2023-05-19 10:47:59 +02:00
Stefan 8ef2903f61 Update action.yml
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-05-17 09:45:02 +02:00
Stefan 16c0c13a8b Update README.md
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-05-17 09:44:49 +02:00
Stefan b36110c8a0 Update docs/examples.md
Co-authored-by: Justin Holguín <juxtin@github.com>
2023-05-17 09:44:33 +02:00
Stefan Petrushevski 0574926a14 document; code style; 2023-05-16 16:50:04 +02:00
Federico Builes 57c07f037a Merge pull request #473 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.2
Bump @typescript-eslint/parser from 5.59.1 to 5.59.2
2023-05-08 06:16:13 +02:00
dependabot[bot] 8fba746b74 Bump @typescript-eslint/parser from 5.59.1 to 5.59.2
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.1 to 5.59.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-08 04:16:03 +00:00
Federico Builes 632eabaaf6 Merge pull request #474 from actions/dependabot/npm_and_yarn/eslint-8.40.0
Bump eslint from 8.39.0 to 8.40.0
2023-05-08 06:15:33 +02:00
Federico Builes d1f8348e2e Merge pull request #472 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.2
Bump @typescript-eslint/eslint-plugin from 5.59.1 to 5.59.2
2023-05-08 06:15:13 +02:00
Federico Builes 66da8857a8 Merge pull request #471 from actions/dependabot/npm_and_yarn/types/node-16.18.26
Bump @types/node from 16.18.25 to 16.18.26
2023-05-08 06:15:06 +02:00
dependabot[bot] 9fe22cbd4d Bump eslint from 8.39.0 to 8.40.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.39.0 to 8.40.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.39.0...v8.40.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-08 02:01:40 +00:00
dependabot[bot] 192b846247 Bump @typescript-eslint/eslint-plugin from 5.59.1 to 5.59.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.1 to 5.59.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-08 02:00:42 +00:00
dependabot[bot] faed3d989f Bump @types/node from 16.18.25 to 16.18.26
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.25 to 16.18.26.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-08 01:59:37 +00:00
Federico Builes 7d25be7d68 Merge pull request #467 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.1
Bump @typescript-eslint/eslint-plugin from 5.59.0 to 5.59.1
2023-05-01 13:47:42 +02:00
Federico Builes 57e6a1aeb8 Merge pull request #469 from actions/dependabot/npm_and_yarn/yaml-2.2.2
Bump yaml from 2.2.1 to 2.2.2
2023-05-01 13:47:23 +02:00
Federico Builes 8450611ed5 adding dist 2023-05-01 13:47:13 +02:00
dependabot[bot] adc7610fb4 Bump @typescript-eslint/eslint-plugin from 5.59.0 to 5.59.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.59.0 to 5.59.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 11:45:43 +00:00
dependabot[bot] b81c2dfce6 Bump yaml from 2.2.1 to 2.2.2
Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 11:45:32 +00:00
Federico Builes 70370c1727 Merge pull request #468 from actions/dependabot/npm_and_yarn/types/node-16.18.25
Bump @types/node from 16.18.24 to 16.18.25
2023-05-01 13:44:58 +02:00
Federico Builes 1e46123a48 Merge pull request #466 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.1
Bump @typescript-eslint/parser from 5.59.0 to 5.59.1
2023-05-01 13:44:30 +02:00
dependabot[bot] de626ab5bc Bump @types/node from 16.18.24 to 16.18.25
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.24 to 16.18.25.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 02:03:23 +00:00
dependabot[bot] 5907e06ae4 Bump @typescript-eslint/parser from 5.59.0 to 5.59.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.59.0 to 5.59.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-01 02:01:40 +00:00
Federico Builes 9bc0593cb7 Merge pull request #462 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.59.0
Bump @typescript-eslint/eslint-plugin from 5.57.1 to 5.59.0
2023-04-24 13:32:54 +02:00
dependabot[bot] 7070612acc Bump @typescript-eslint/eslint-plugin from 5.57.1 to 5.59.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.57.1 to 5.59.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 11:31:30 +00:00
Federico Builes f6e0fab375 Merge pull request #465 from actions/dependabot/npm_and_yarn/prettier-2.8.8
Bump prettier from 2.8.7 to 2.8.8
2023-04-24 13:31:03 +02:00
Federico Builes 51fa253565 Merge pull request #464 from actions/dependabot/npm_and_yarn/eslint-8.39.0
Bump eslint from 8.38.0 to 8.39.0
2023-04-24 13:30:54 +02:00
Federico Builes 2dffe8e22c Merge pull request #463 from actions/dependabot/npm_and_yarn/types/node-16.18.24
Bump @types/node from 16.18.23 to 16.18.24
2023-04-24 13:30:43 +02:00
Federico Builes e263d60b8b Merge pull request #461 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.0
Bump @typescript-eslint/parser from 5.57.1 to 5.59.0
2023-04-24 13:30:07 +02:00
dependabot[bot] bf512683a2 Bump prettier from 2.8.7 to 2.8.8
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.7 to 2.8.8.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.7...2.8.8)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 02:01:16 +00:00
dependabot[bot] 6c9f94c4e5 Bump eslint from 8.38.0 to 8.39.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.38.0 to 8.39.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.38.0...v8.39.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 02:01:05 +00:00
dependabot[bot] 8321ca9367 Bump @types/node from 16.18.23 to 16.18.24
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.23 to 16.18.24.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 02:00:45 +00:00
dependabot[bot] 00ef46c947 Bump @typescript-eslint/parser from 5.57.1 to 5.59.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.57.1 to 5.59.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-24 01:59:58 +00:00
Federico Builes b206cbf92e Merge pull request #453 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.57.1
Bump @typescript-eslint/eslint-plugin from 5.57.0 to 5.57.1
2023-04-10 07:48:03 +02:00
dependabot[bot] d482d746c3 Bump @typescript-eslint/eslint-plugin from 5.57.0 to 5.57.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.57.0 to 5.57.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-10 05:47:39 +00:00
Federico Builes 041e4f1437 Merge pull request #454 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.57.1
Bump @typescript-eslint/parser from 5.57.0 to 5.57.1
2023-04-10 07:47:09 +02:00
Federico Builes c883e5a202 Merge pull request #455 from actions/dependabot/npm_and_yarn/eslint-8.38.0
Bump eslint from 8.37.0 to 8.38.0
2023-04-10 07:46:57 +02:00
Federico Builes 8938bd9ef0 Merge pull request #451 from actions/fix-external-config
Fix default values for fail-on-severity
2023-04-10 07:41:00 +02:00
dependabot[bot] 35a369d1cd Bump eslint from 8.37.0 to 8.38.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.38.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.37.0...v8.38.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-10 02:03:04 +00:00
dependabot[bot] 0a9f43e15a Bump @typescript-eslint/parser from 5.57.0 to 5.57.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.57.0 to 5.57.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-10 02:02:19 +00:00
Justin Holguín e0ec35dfb0 Merge pull request #439 from actions/juxtin/snapshot-warnings
Show snapshot warnings in the summary
2023-04-06 13:27:46 -07:00
Federico Builes 73625ad716 Merge branch 'allow-list-dependencies' of github.com:theztefan/dependency-review-action into allow-list-dependencies 2023-04-06 22:01:49 +02:00
Federico Builes 654eb5ca1c Updating README.md 2023-04-06 21:42:26 +02:00
Federico Builes 9885d0c74c Remove default values in action.yml 2023-04-06 21:33:35 +02:00
Federico Builes cebb5b1214 Don't use underscore for inline configs. 2023-04-06 21:33:24 +02:00
Federico Builes 50b918791f Update README. 2023-04-06 17:59:34 +02:00
Federico Builes 3f6a17c81c Update examples to use underscores instead of dashes. 2023-04-06 17:58:58 +02:00
Federico Builes 2c065db296 Add a test-helpers file. 2023-04-06 17:32:42 +02:00
Federico Builes ff46a4b16e Fixing failing test. 2023-04-06 17:11:29 +02:00
Federico Builes 153f274eb4 Mock octokit. 2023-04-06 17:11:16 +02:00
Federico Builes 0041d7fa41 Add a failing test. 2023-04-06 16:21:52 +02:00
Stefan Petrushevski 1896d6f936 Clean up; updated docs 2023-04-06 10:49:30 +02:00
Stefan Petrushevski 39dca1ce09 Adjusted output 2023-04-06 10:04:48 +02:00
Stefan Petrushevski d3fdbc93c5 Build and updated README 2023-04-06 09:58:14 +02:00
Stefan Petrushevski 9ad7edb033 switched to purl format 2023-04-06 09:37:42 +02:00
Federico Builes 97c9465751 separate tests for external configs 2023-04-05 15:14:57 +02:00
Federico Builes 8b0d4b3327 Merge pull request #446 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.57.0
Bump @typescript-eslint/eslint-plugin from 5.56.0 to 5.57.0
2023-04-03 11:05:13 +02:00
Federico Builes 8c24360582 Merge pull request #448 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.7.0
Bump eslint-plugin-github from 4.6.1 to 4.7.0
2023-04-03 11:04:36 +02:00
dependabot[bot] 80be5a7079 Bump @typescript-eslint/eslint-plugin from 5.56.0 to 5.57.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.56.0 to 5.57.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 05:10:30 +00:00
dependabot[bot] 35bd59fb9e Bump eslint-plugin-github from 4.6.1 to 4.7.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 05:09:05 +00:00
Federico Builes b7ce9d546d Merge pull request #447 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.57.0
Bump @typescript-eslint/parser from 5.56.0 to 5.57.0
2023-04-03 07:02:10 +02:00
Federico Builes 5875c70f8f Merge pull request #449 from actions/dependabot/npm_and_yarn/types/node-16.18.23
Bump @types/node from 16.18.21 to 16.18.23
2023-04-03 07:01:49 +02:00
Federico Builes 43274f6899 Merge pull request #450 from actions/dependabot/npm_and_yarn/eslint-8.37.0
Bump eslint from 8.36.0 to 8.37.0
2023-04-03 07:01:31 +02:00
dependabot[bot] 81d482fe7f Bump eslint from 8.36.0 to 8.37.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.36.0 to 8.37.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.36.0...v8.37.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 02:02:13 +00:00
dependabot[bot] 420f61c64a Bump @types/node from 16.18.21 to 16.18.23
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.21 to 16.18.23.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 02:01:46 +00:00
dependabot[bot] 866b422c9e Bump @typescript-eslint/parser from 5.56.0 to 5.57.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.56.0 to 5.57.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-03 02:00:49 +00:00
Justin Holguín 76b8e83d1a Use 'Unnamed Manifest' as catchall bucket 2023-03-28 16:06:07 +00:00
Federico Builes 91eae64e0c Merge pull request #442 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.56.0
Bump @typescript-eslint/eslint-plugin from 5.55.0 to 5.56.0
2023-03-27 07:57:20 +02:00
Federico Builes f5f2eae995 Merge pull request #441 from actions/dependabot/npm_and_yarn/nodemon-2.0.22
Bump nodemon from 2.0.21 to 2.0.22
2023-03-27 07:37:18 +02:00
dependabot[bot] 355bcf860e Bump @typescript-eslint/eslint-plugin from 5.55.0 to 5.56.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.55.0 to 5.56.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.56.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 05:32:56 +00:00
dependabot[bot] 5726b20f6c Bump nodemon from 2.0.21 to 2.0.22
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.21 to 2.0.22.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.21...v2.0.22)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 05:32:36 +00:00
Federico Builes 4d05b525ee Merge pull request #444 from actions/dependabot/npm_and_yarn/prettier-2.8.7
Bump prettier from 2.8.4 to 2.8.7
2023-03-27 07:32:04 +02:00
Federico Builes 81ee3a8dc8 Merge pull request #443 from actions/dependabot/npm_and_yarn/types/node-16.18.21
Bump @types/node from 16.18.16 to 16.18.21
2023-03-27 07:31:53 +02:00
Federico Builes 3b871daeea Merge pull request #440 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.56.0
Bump @typescript-eslint/parser from 5.55.0 to 5.56.0
2023-03-27 07:31:31 +02:00
dependabot[bot] 3f5b40d019 Bump prettier from 2.8.4 to 2.8.7
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.4 to 2.8.7.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.4...2.8.7)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 02:06:07 +00:00
dependabot[bot] 89b3ba9416 Bump @types/node from 16.18.16 to 16.18.21
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.16 to 16.18.21.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 02:05:34 +00:00
dependabot[bot] a44d7c538d Bump @typescript-eslint/parser from 5.55.0 to 5.56.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.55.0 to 5.56.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.56.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-27 02:01:38 +00:00
Justin Holguín 7e1f7be1f6 Handle dependencies with an empty manifest field
This happens sometimes with snapshots. We just want them to be displayed properly in the HTML output.
2023-03-24 19:07:22 +00:00
Justin Holguín 0c01e947d6 Flesh out the warnings section a tiny bit 2023-03-23 23:26:23 +00:00
Justin Holguín 782549c724 Ignore snapshot_warnings for missing head snapshots 2023-03-23 22:59:07 +00:00
Justin Holguín 419396de41 Show snapshot warnings in the summary 2023-03-22 21:30:12 +00:00
Federico Builes f46c48ed6d bumping version 2023-03-20 07:22:20 +01:00
Federico Builes 1ac6f5d754 Merge pull request #437 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.55.0
Bump @typescript-eslint/eslint-plugin from 5.54.1 to 5.55.0
2023-03-20 06:47:27 +01:00
dependabot[bot] 30049aaf02 Bump @typescript-eslint/eslint-plugin from 5.54.1 to 5.55.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.54.1 to 5.55.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.55.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 05:45:47 +00:00
Federico Builes 02b3fbad1c Merge pull request #436 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.55.0
Bump @typescript-eslint/parser from 5.54.1 to 5.55.0
2023-03-20 06:44:51 +01:00
Federico Builes 5c5feeb63d Merge pull request #435 from actions/dependabot/npm_and_yarn/types/node-16.18.16
Bump @types/node from 16.18.14 to 16.18.16
2023-03-20 06:44:19 +01:00
dependabot[bot] 85bb8372bf Bump @typescript-eslint/parser from 5.54.1 to 5.55.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.54.1 to 5.55.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.55.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 02:15:06 +00:00
dependabot[bot] 463aece43a Bump @types/node from 16.18.14 to 16.18.16
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.14 to 16.18.16.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 02:14:20 +00:00
Stefan Petrushevski e17845d155 README changes as per PR comments 2023-03-16 11:23:57 +01:00
Federico Builes e3fb5152be Merge pull request #426 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.54.1
Bump @typescript-eslint/eslint-plugin from 5.54.0 to 5.54.1
2023-03-13 09:29:06 +01:00
Federico Builes 4b088f072a Merge pull request #427 from actions/dependabot/npm_and_yarn/zod-3.21.4
Bump zod from 3.21.0 to 3.21.4
2023-03-13 09:28:51 +01:00
dependabot[bot] e46d65f438 Bump @typescript-eslint/eslint-plugin from 5.54.0 to 5.54.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.54.0 to 5.54.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.54.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 07:08:40 +00:00
Federico Builes 75222ed640 adding dist 2023-03-13 08:02:02 +01:00
Federico Builes f46bc4dbf8 Merge pull request #428 from actions/dependabot/npm_and_yarn/eslint-8.36.0
Bump eslint from 8.35.0 to 8.36.0
2023-03-13 08:00:22 +01:00
Federico Builes e0a5088fd6 Merge pull request #429 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.54.1
Bump @typescript-eslint/parser from 5.53.0 to 5.54.1
2023-03-13 08:00:01 +01:00
dependabot[bot] f1f8f2bf88 Bump @typescript-eslint/parser from 5.53.0 to 5.54.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.53.0 to 5.54.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.54.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 02:06:48 +00:00
dependabot[bot] 453f5e3690 Bump eslint from 8.35.0 to 8.36.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.35.0 to 8.36.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.35.0...v8.36.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 02:06:12 +00:00
dependabot[bot] 6a47644794 Bump zod from 3.21.0 to 3.21.4
Bumps [zod](https://github.com/colinhacks/zod) from 3.21.0 to 3.21.4.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.21.0...v3.21.4)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 02:05:51 +00:00
Stefan Petrushevski f0bda66bbf updated README 2023-03-08 15:44:01 +01:00
Stefan Petrushevski 1d7d9a2c93 new builds 2023-03-08 15:24:23 +01:00
Stefan Petrushevski d5c2f70a7f no inline config options due to limitations 2023-03-08 15:23:57 +01:00
Stefan Petrushevski f92376010c inline config options 2023-03-08 15:05:16 +01:00
Stefan Petrushevski c2303c3070 builds 2023-03-08 14:30:37 +01:00
Stefan Petrushevski 884b7abd2d updated summary output; create_summary.ts script 2023-03-08 13:02:59 +01:00
Stefan Petrushevski 600458c5dd licenses check exclusion list 2023-03-08 12:38:34 +01:00
Federico Builes d11e757f70 No support for custom branches note in README. 2023-03-06 09:13:40 +01:00
Federico Builes 63e5e62dba Merge pull request #416 from davelosert/adjust_summary_format
Adjust summary format
2023-03-06 09:10:58 +01:00
Federico Builes 5951e7db04 Merge branch 'main' into adjust_summary_format 2023-03-06 09:08:35 +01:00
Federico Builes 4f537bf170 Merge pull request #417 from actions/dependabot/npm_and_yarn/zod-3.21.0
Bump zod from 3.20.6 to 3.21.0
2023-03-06 08:25:25 +01:00
Federico Builes 25f22ad0c7 dist files 2023-03-06 08:25:10 +01:00
Federico Builes 2878425083 Merge pull request #419 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.54.0
Bump @typescript-eslint/eslint-plugin from 5.53.0 to 5.54.0
2023-03-06 05:56:03 +01:00
Federico Builes 862b667fee Merge pull request #421 from actions/dependabot/npm_and_yarn/nodemon-2.0.21
Bump nodemon from 2.0.20 to 2.0.21
2023-03-06 05:55:16 +01:00
dependabot[bot] f7c42c00ca Bump @typescript-eslint/eslint-plugin from 5.53.0 to 5.54.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.53.0 to 5.54.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.54.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 04:48:15 +00:00
dependabot[bot] 00dbe9df8d Bump nodemon from 2.0.20 to 2.0.21
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.20...v2.0.21)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 04:47:54 +00:00
Federico Builes f89a053f16 Merge pull request #420 from actions/dependabot/npm_and_yarn/types/node-16.18.14
Bump @types/node from 16.18.13 to 16.18.14
2023-03-06 05:47:25 +01:00
Federico Builes 700f66ed8f Merge pull request #418 from actions/dependabot/npm_and_yarn/got-12.6.0
Bump got from 12.5.3 to 12.6.0
2023-03-06 05:47:11 +01:00
dependabot[bot] fc5eaef91a Bump @types/node from 16.18.13 to 16.18.14
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.13 to 16.18.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:15:36 +00:00
dependabot[bot] 087d445ca8 Bump got from 12.5.3 to 12.6.0
Bumps [got](https://github.com/sindresorhus/got) from 12.5.3 to 12.6.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.3...v12.6.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:14:13 +00:00
dependabot[bot] 95fa321e74 Bump zod from 3.20.6 to 3.21.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.20.6 to 3.21.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.20.6...v3.21.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 02:13:53 +00:00
David Losert 429d317ccc Rebuilt dist files 2023-03-02 07:52:41 +00:00
David Losert 6b34d93738 Skips dependency review if no changes detected 2023-03-02 07:47:09 +00:00
David Losert b7a25f4e9b Makes License Issues a single table per manifest 2023-03-02 07:43:23 +00:00
David Losert 9f0792541a Rebuilt dist files 2023-03-02 06:57:41 +00:00
David Losert 5e6910e937 Built the library in it's current state 2023-03-01 07:43:17 +00:00
David Losert 715956774a Adds some explanation on how to use the script 2023-03-01 07:43:08 +00:00
David Losert 94e6fb6deb Fixes build to only include src folder 2023-03-01 07:43:00 +00:00
David Losert 1090cda9d5 Adjusts headlines and formatting for license issues 2023-02-28 12:28:20 +00:00
David Losert 6315b3822f Renames variable to be more speaking 2023-02-28 12:27:55 +00:00
David Losert c5dab80dd4 Adds script to generate test-markdown files 2023-02-28 11:08:48 +00:00
David Losert b089c5b002 Adds conditional license summary 2023-02-28 11:08:39 +00:00
David Losert 6e66d136ec Reformats vulnerability section 2023-02-27 16:05:59 +00:00
David Losert 1b9faef957 Fixes ESLint to also incldue tests and fixes eslint errors in tests 2023-02-27 16:05:03 +00:00
Federico Builes 748b8a5c33 Merge pull request #414 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.53.0
Bump @typescript-eslint/parser from 5.52.0 to 5.53.0
2023-02-27 08:13:40 +01:00
dependabot[bot] 1639aef23d Bump @typescript-eslint/parser from 5.52.0 to 5.53.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.52.0 to 5.53.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.53.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 07:11:29 +00:00
Federico Builes f5f33b0c33 Merge pull request #415 from actions/dependabot/npm_and_yarn/types/node-16.18.13
Bump @types/node from 16.18.12 to 16.18.13
2023-02-27 08:08:52 +01:00
Federico Builes 2d8dd98fa8 Merge pull request #413 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.53.0
Bump @typescript-eslint/eslint-plugin from 5.52.0 to 5.53.0
2023-02-27 08:08:23 +01:00
Federico Builes 182833caa3 Merge pull request #412 from actions/dependabot/npm_and_yarn/eslint-8.35.0
Bump eslint from 8.34.0 to 8.35.0
2023-02-27 08:08:09 +01:00
dependabot[bot] b0bc193e06 Bump @types/node from 16.18.12 to 16.18.13
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.12 to 16.18.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:53:14 +00:00
dependabot[bot] f3146217d6 Bump @typescript-eslint/eslint-plugin from 5.52.0 to 5.53.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.52.0 to 5.53.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.53.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:51:25 +00:00
dependabot[bot] c5b1778acb Bump eslint from 8.34.0 to 8.35.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.34.0 to 8.35.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.34.0...v8.35.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 02:50:27 +00:00
David Losert 19ee172e7e feat: Adjusts the formatting and content for the status header 2023-02-22 14:05:52 +00:00
Federico Builes 23c92ea3fe Merge pull request #407 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.52.0
Bump @typescript-eslint/eslint-plugin from 5.51.0 to 5.52.0
2023-02-20 09:58:01 +01:00
dependabot[bot] 1af3349db2 Bump @typescript-eslint/eslint-plugin from 5.51.0 to 5.52.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.51.0 to 5.52.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.52.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 06:08:25 +00:00
Federico Builes 2238302e66 Merge pull request #408 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.6.1
Bump eslint-plugin-github from 4.6.0 to 4.6.1
2023-02-20 07:03:23 +01:00
Federico Builes e4158c9844 Merge pull request #405 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.52.0
Bump @typescript-eslint/parser from 5.51.0 to 5.52.0
2023-02-20 07:02:50 +01:00
dependabot[bot] 7f874fd2fb Bump eslint-plugin-github from 4.6.0 to 4.6.1
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 02:27:53 +00:00
dependabot[bot] 9928099802 Bump @typescript-eslint/parser from 5.51.0 to 5.52.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.51.0 to 5.52.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.52.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 02:26:07 +00:00
Federico Builes d9d1c4ba24 adding dist 2023-02-16 14:44:46 +01:00
Federico Builes a3ee6a76df Merge pull request #393 from davelosert/write-summary-to-pr
Add Feature: Write Summary as comment to the pull request
2023-02-16 14:44:03 +01:00
David Losert f69167c9be Build files for current version 2023-02-16 10:04:56 +00:00
David Losert 1c85e9db8d Adds option to write summary into a pr comment 2023-02-16 10:03:16 +00:00
Federico Builes 5c771993de doing npm audit fix 2023-02-13 07:07:59 +01:00
Federico Builes 3f5300728c Merge pull request #403 from actions/dependabot/npm_and_yarn/zod-3.20.6
Bump zod from 3.20.2 to 3.20.6
2023-02-13 07:06:20 +01:00
Federico Builes 221de4a420 add dist 2023-02-13 07:06:09 +01:00
Federico Builes 9aa2640fd4 Merge pull request #401 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.51.0
Bump @typescript-eslint/parser from 5.50.0 to 5.51.0
2023-02-13 07:04:32 +01:00
dependabot[bot] d5ff038b8b Bump @typescript-eslint/parser from 5.50.0 to 5.51.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.50.0 to 5.51.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.51.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 06:02:15 +00:00
Federico Builes 63d79cae5c Merge pull request #402 from actions/dependabot/npm_and_yarn/eslint-8.34.0
Bump eslint from 8.33.0 to 8.34.0
2023-02-13 07:00:32 +01:00
Federico Builes ee7fefc22c Merge pull request #399 from actions/dependabot/npm_and_yarn/prettier-2.8.4
Bump prettier from 2.8.3 to 2.8.4
2023-02-13 06:59:53 +01:00
dependabot[bot] fa8de14daa Bump eslint from 8.33.0 to 8.34.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.33.0 to 8.34.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.33.0...v8.34.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 05:55:49 +00:00
Federico Builes eb8231dc40 Merge pull request #400 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.51.0
Bump @typescript-eslint/eslint-plugin from 5.50.0 to 5.51.0
2023-02-13 06:55:02 +01:00
dependabot[bot] fff46df8ec Bump zod from 3.20.2 to 3.20.6
Bumps [zod](https://github.com/colinhacks/zod) from 3.20.2 to 3.20.6.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.20.2...v3.20.6)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:52:22 +00:00
dependabot[bot] 9613501c27 Bump @typescript-eslint/eslint-plugin from 5.50.0 to 5.51.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.50.0 to 5.51.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.51.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:50:50 +00:00
dependabot[bot] 08d6d26179 Bump prettier from 2.8.3 to 2.8.4
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.3...2.8.4)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-13 02:49:57 +00:00
Federico Builes 96d0e9ac03 Merge pull request #396 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.50.0
Bump @typescript-eslint/parser from 5.49.0 to 5.50.0
2023-02-06 06:34:53 +01:00
dependabot[bot] 189bf7bc26 Bump @typescript-eslint/parser from 5.49.0 to 5.50.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.49.0 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 05:32:26 +00:00
Federico Builes a2165983d1 Merge pull request #397 from actions/dependabot/npm_and_yarn/types/node-16.18.12
Bump @types/node from 16.18.11 to 16.18.12
2023-02-06 06:32:08 +01:00
Federico Builes 0a618d4025 Merge pull request #395 from actions/dependabot/npm_and_yarn/typescript-4.9.5
Bump typescript from 4.9.4 to 4.9.5
2023-02-06 06:31:45 +01:00
Federico Builes 71acb8773c Merge pull request #394 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.50.0
Bump @typescript-eslint/eslint-plugin from 5.48.2 to 5.50.0
2023-02-06 06:31:34 +01:00
dependabot[bot] 8ae3c6ccb4 Bump @types/node from 16.18.11 to 16.18.12
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.11 to 16.18.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:04:54 +00:00
dependabot[bot] 2ad07a3006 Bump typescript from 4.9.4 to 4.9.5
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.4...v4.9.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:03:23 +00:00
dependabot[bot] 5d0265a143 Bump @typescript-eslint/eslint-plugin from 5.48.2 to 5.50.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.48.2 to 5.50.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.50.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 02:02:45 +00:00
Federico Builes 9aeec9038b Merge pull request #388 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-4.1.1
Bump @octokit/plugin-retry from 4.0.4 to 4.1.1
2023-01-30 08:36:50 +01:00
Federico Builes 579f2338ab update dist 2023-01-30 08:34:58 +01:00
dependabot[bot] 2cf5e60887 Bump @octokit/plugin-retry from 4.0.4 to 4.1.1
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.0.4 to 4.1.1.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.0.4...v4.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 07:30:33 +00:00
Federico Builes 4e761fd545 Merge pull request #387 from actions/dependabot/npm_and_yarn/octokit-2.0.14
Bump octokit from 2.0.13 to 2.0.14
2023-01-30 08:29:58 +01:00
Federico Builes 51951998f5 really gotta make a script out of this 2023-01-30 08:29:48 +01:00
Federico Builes b87919684c Merge pull request #389 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.49.0
Bump @typescript-eslint/parser from 5.48.2 to 5.49.0
2023-01-30 08:28:46 +01:00
dependabot[bot] 5cc528819d Bump @typescript-eslint/parser from 5.48.2 to 5.49.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.2 to 5.49.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.49.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 05:59:00 +00:00
Federico Builes e8bb60680f Merge pull request #390 from actions/dependabot/npm_and_yarn/eslint-8.33.0
Bump eslint from 8.32.0 to 8.33.0
2023-01-30 06:58:27 +01:00
Federico Builes 916da45422 Merge pull request #391 from actions/dependabot/npm_and_yarn/vercel/ncc-0.36.1
Bump @vercel/ncc from 0.36.0 to 0.36.1
2023-01-30 06:58:12 +01:00
dependabot[bot] 00c58871a0 Bump @vercel/ncc from 0.36.0 to 0.36.1
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.36.0 to 0.36.1.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.36.0...0.36.1)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:49:32 +00:00
dependabot[bot] 5232f0766f Bump eslint from 8.32.0 to 8.33.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:49:16 +00:00
dependabot[bot] 649dad513a Bump octokit from 2.0.13 to 2.0.14
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.13 to 2.0.14.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.13...v2.0.14)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 01:47:40 +00:00
Federico Builes 1a5397226b Merge pull request #384 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.48.2
Bump @typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2
2023-01-23 06:20:32 +01:00
Federico Builes 83db3fd780 Merge pull request #383 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-4.0.4
Bump @octokit/plugin-retry from 4.0.3 to 4.0.4
2023-01-23 06:20:13 +01:00
Federico Builes 2bdc2cf95f Merge branch 'main' into dependabot/npm_and_yarn/octokit/plugin-retry-4.0.4 2023-01-23 06:19:03 +01:00
dependabot[bot] cebddc8ad2 Bump @typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.48.1 to 5.48.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 05:18:48 +00:00
Federico Builes caa6381bae add dist 2023-01-23 06:17:33 +01:00
Federico Builes 31520dc391 Merge pull request #382 from actions/dependabot/npm_and_yarn/octokit-2.0.13
Bump octokit from 2.0.11 to 2.0.13
2023-01-23 06:16:38 +01:00
Federico Builes 4f412af8fc adding dist 2023-01-23 06:16:21 +01:00
Federico Builes 5703934fec Merge pull request #381 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.2
Bump @typescript-eslint/parser from 5.48.1 to 5.48.2
2023-01-23 06:15:00 +01:00
dependabot[bot] e78e4ce152 Bump @octokit/plugin-retry from 4.0.3 to 4.0.4
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v4.0.3...v4.0.4)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:23:06 +00:00
dependabot[bot] a4da452f33 Bump octokit from 2.0.11 to 2.0.13
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.11 to 2.0.13.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.11...v2.0.13)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:22:40 +00:00
dependabot[bot] d92ca08767 Bump @typescript-eslint/parser from 5.48.1 to 5.48.2
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.1 to 5.48.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 02:22:13 +00:00
Federico Builes 0b30e242cd Merge pull request #379 from actions/dependabot/npm_and_yarn/eslint-8.32.0
Bump eslint from 8.31.0 to 8.32.0
2023-01-16 09:19:54 +01:00
Federico Builes f668822520 Merge pull request #378 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.1
Bump @typescript-eslint/parser from 5.48.0 to 5.48.1
2023-01-16 09:19:40 +01:00
Federico Builes 898008ba83 Merge pull request #377 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.48.1
Bump @typescript-eslint/eslint-plugin from 5.47.1 to 5.48.1
2023-01-16 09:19:28 +01:00
Federico Builes 4105edb24b Merge pull request #376 from actions/dependabot/npm_and_yarn/prettier-2.8.3
Bump prettier from 2.8.2 to 2.8.3
2023-01-16 09:19:12 +01:00
dependabot[bot] 2f20ab0305 Bump eslint from 8.31.0 to 8.32.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.31.0 to 8.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.31.0...v8.32.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:05:01 +00:00
dependabot[bot] fa94fed3e7 Bump @typescript-eslint/parser from 5.48.0 to 5.48.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.48.0 to 5.48.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:04:23 +00:00
dependabot[bot] 65e82f802d Bump @typescript-eslint/eslint-plugin from 5.47.1 to 5.48.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.47.1 to 5.48.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:03:33 +00:00
dependabot[bot] 06d9a244cc Bump prettier from 2.8.2 to 2.8.3
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.2...2.8.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-16 02:02:24 +00:00
Federico Builes c090f4e553 release for 3.0.3 2023-01-09 08:21:47 +01:00
Federico Builes 42ee3c8f53 Merge pull request #370 from felickz/fix-request-error-handling
Fix Dependency Review API response error handling
2023-01-09 08:18:23 +01:00
Federico Builes 6855e6ed4e Merge branch 'main' of gh into fix-request-error-handling 2023-01-09 08:16:48 +01:00
Federico Builes efd78809f9 Merge pull request #375 from actions/dependabot/npm_and_yarn/octokit-2.0.11
Bump octokit from 2.0.10 to 2.0.11
2023-01-09 08:02:36 +01:00
Federico Builes e91b527bcb add json5 too 2023-01-09 08:02:24 +01:00
Federico Builes f508195cbc Merge pull request #374 from actions/dependabot/npm_and_yarn/prettier-2.8.2
Bump prettier from 2.8.1 to 2.8.2
2023-01-09 08:00:58 +01:00
Federico Builes ef8bfcec89 linter suggestions 2023-01-09 07:59:55 +01:00
Federico Builes 31cb4e05f7 Merge branch 'main' into dependabot/npm_and_yarn/prettier-2.8.2 2023-01-09 07:57:09 +01:00
Federico Builes 7920884bc8 Merge pull request #373 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.2.1
Bump eslint-plugin-jest from 27.1.7 to 27.2.1
2023-01-09 07:56:01 +01:00
dependabot[bot] aae0422a7f Bump eslint-plugin-jest from 27.1.7 to 27.2.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.7 to 27.2.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.7...v27.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 06:55:47 +00:00
Federico Builes 46d2ba8805 Merge pull request #372 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.0
Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
2023-01-09 07:55:20 +01:00
Federico Builes 7c07c1da42 Merge pull request #371 from actions/dependabot/npm_and_yarn/eslint-8.31.0
Bump eslint from 8.30.0 to 8.31.0
2023-01-09 07:54:56 +01:00
dependabot[bot] 6e3a1cfe9e Bump octokit from 2.0.10 to 2.0.11
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.10 to 2.0.11.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.10...v2.0.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:43:52 +00:00
dependabot[bot] 3190101729 Bump prettier from 2.8.1 to 2.8.2
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.1...2.8.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:42:48 +00:00
dependabot[bot] 3576f26c76 Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.1 to 5.48.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:54 +00:00
dependabot[bot] 97fef8f979 Bump eslint from 8.30.0 to 8.31.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.30.0 to 8.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.30.0...v8.31.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:16 +00:00
Chad Bentz 60e20b95c9 npm run build && npm run package 2023-01-05 17:41:37 +00:00
Chad Bentz e6aba92fb0 Enhance failure message to include GHAS note 2023-01-05 17:26:46 +00:00
Chad Bentz 4b2cf01947 integration test to ensure RequestError catch 2023-01-05 17:22:27 +00:00
Chad Bentz 33b11b63b3 downgrade octokit/request-error to ^2.1.0
- supported by actions/core ^1.10.0
2023-01-04 20:55:58 +00:00
Federico Builes 90014ebf46 Merge pull request #368 from actions/dependabot/npm_and_yarn/yaml-2.2.1
Bump yaml from 2.1.3 to 2.2.1
2023-01-02 05:36:29 -05:00
Federico Builes c0fcb40fb5 dist 2023-01-02 11:35:30 +01:00
Federico Builes 6213daabf8 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.2.1 2023-01-02 11:34:56 +01:00
Federico Builes 6c62d64ea3 Merge pull request #366 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.47.1
Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
2023-01-02 05:32:26 -05:00
Federico Builes 6154af02da updating dist files 2023-01-02 11:23:18 +01:00
Federico Builes df40ce1edc fixing package.json conflict 2023-01-02 11:21:05 +01:00
dependabot[bot] a033837e12 Bump yaml from 2.1.3 to 2.2.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.3...v2.2.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 10:20:01 +00:00
Federico Builes d79457303f adding dist 2023-01-02 11:19:49 +01:00
Federico Builes b2f83f35c7 adding dist 2023-01-02 11:17:39 +01:00
Federico Builes 389b38eb1a Merge pull request #367 from actions/dependabot/npm_and_yarn/zod-3.20.2
Bump zod from 3.19.1 to 3.20.2
2023-01-02 05:17:04 -05:00
Federico Builes e3926a59f5 adding dist 2023-01-02 11:16:52 +01:00
Federico Builes 54656aadd8 Merge pull request #365 from actions/dependabot/npm_and_yarn/esbuild-register-3.4.2
Bump esbuild-register from 3.4.1 to 3.4.2
2023-01-02 05:13:23 -05:00
Federico Builes f02b9fb886 Merge pull request #364 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.1
Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
2023-01-02 05:12:50 -05:00
dependabot[bot] 6587f9feee Bump zod from 3.19.1 to 3.20.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.19.1 to 3.20.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.19.1...v3.20.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:52 +00:00
dependabot[bot] cab2d5f36f Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.45.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:14 +00:00
dependabot[bot] ef411f3a4c Bump esbuild-register from 3.4.1 to 3.4.2
Bumps esbuild-register from 3.4.1 to 3.4.2.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:17:15 +00:00
dependabot[bot] 589f46e5a2 Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:16:48 +00:00
Federico Builes a482eabd84 Merge pull request #362 from actions/dependabot/npm_and_yarn/types/node-16.18.11
Bump @types/node from 16.18.8 to 16.18.11
2022-12-27 09:42:24 -05:00
Federico Builes c63a70f2bb Merge pull request #358 from actions/dependabot/npm_and_yarn/typescript-4.9.4
Bump typescript from 4.9.3 to 4.9.4
2022-12-27 09:41:58 -05:00
Federico Builes ea081cab93 Merge pull request #357 from actions/dependabot/npm_and_yarn/eslint-8.30.0
Bump eslint from 8.29.0 to 8.30.0
2022-12-27 09:41:47 -05:00
dependabot[bot] 78231376d4 Bump typescript from 4.9.3 to 4.9.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.3...v4.9.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:46 +00:00
Federico Builes ea38797bf9 Merge pull request #359 from jongwooo/chore/use-cache-in-check-dist
Use cache in check-dist.yml
2022-12-27 09:40:44 -05:00
dependabot[bot] 383b34b013 Bump eslint from 8.29.0 to 8.30.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.29.0 to 8.30.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.29.0...v8.30.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:20 +00:00
Federico Builes 234f1c3e6b Merge pull request #355 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.7
Bump eslint-plugin-jest from 27.1.6 to 27.1.7
2022-12-27 09:39:34 -05:00
dependabot[bot] 1aca439347 Bump @types/node from 16.18.8 to 16.18.11
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.8 to 16.18.11.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:37:29 +00:00
Federico Builes f5231a7139 Merge pull request #361 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.0
Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
2022-12-27 09:36:32 -05:00
dependabot[bot] 872c5e3689 Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.46.0 to 5.47.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-26 01:43:00 +00:00
Jongwoo Han 86e4c38e88 Use cache in check-dist.yml
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2022-12-20 03:17:46 +09:00
dependabot[bot] 70a13ae7e3 Bump eslint-plugin-jest from 27.1.6 to 27.1.7
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.6 to 27.1.7.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.6...v27.1.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 01:42:28 +00:00
cnagadya 0ff3da6f81 3.0.2 patch release 2022-12-16 13:45:58 +00:00
cnagadya 6d88398316 Merge pull request #350 from actions/dependabot/npm_and_yarn/types/node-16.18.8
Bump @types/node from 16.18.4 to 16.18.8
2022-12-16 14:09:01 +01:00
cnagadya 29022577bf Merge pull request #352 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.6.0
Bump eslint-plugin-github from 4.4.1 to 4.6.0
2022-12-12 11:35:37 +01:00
dependabot[bot] a4bf690c47 Bump eslint-plugin-github from 4.4.1 to 4.6.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.4.1 to 4.6.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.4.1...v4.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 09:22:23 +00:00
cnagadya 3f67248108 Merge pull request #351 from actions/dependabot/npm_and_yarn/vercel/ncc-0.36.0
Bump @vercel/ncc from 0.34.0 to 0.36.0
2022-12-12 10:19:33 +01:00
cnagadya e82e9497cb Fix dist 2022-12-12 09:14:19 +00:00
dependabot[bot] 945cb4d00a Bump @types/node from 16.18.4 to 16.18.8
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.4 to 16.18.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:38 +00:00
dependabot[bot] 459b39211c Bump @vercel/ncc from 0.34.0 to 0.36.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.34.0 to 0.36.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.34.0...0.36.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 08:35:37 +00:00
cnagadya c109d3f46d Merge pull request #349 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.46.0
Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
2022-12-12 09:34:54 +01:00
cnagadya 706aa54d76 Merge pull request #353 from actions/dependabot/npm_and_yarn/prettier-2.8.1
Bump prettier from 2.8.0 to 2.8.1
2022-12-12 09:34:29 +01:00
dependabot[bot] 12cfe866a8 Bump prettier from 2.8.0 to 2.8.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.0...2.8.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:24:53 +00:00
dependabot[bot] 0caa632377 Bump @typescript-eslint/parser from 5.45.0 to 5.46.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.45.0 to 5.46.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.46.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-12 01:23:08 +00:00
Eli Reisman df02ee7d42 Merge pull request #348 from jsoref/spelling
Spelling
2022-12-09 13:23:18 -08:00
Josh Soref 38e9237630 Update dist/ 2022-12-08 20:03:56 -05:00
Josh Soref 03c7962be5 spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref cff3674e25 spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref a184554be2 spelling: minimum
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
Josh Soref 660812709b spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-12-08 11:04:05 -05:00
cnagadya d8b4cd80d5 Merge pull request #345 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.45.0
Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
2022-12-05 11:01:36 +01:00
dependabot[bot] 8e5d487bb8 Bump @typescript-eslint/parser from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:58:32 +00:00
cnagadya 3e6e055a26 Merge pull request #344 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.45.0
Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
2022-12-05 10:57:43 +01:00
dependabot[bot] 1f8d096c90 Bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.44.0 to 5.45.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.45.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 09:56:10 +00:00
cnagadya 0247f51a25 Merge pull request #346 from actions/dependabot/npm_and_yarn/types/node-16.18.4
Bump @types/node from 16.18.3 to 16.18.4
2022-12-05 10:55:16 +01:00
cnagadya f599dc7887 Merge pull request #347 from actions/dependabot/npm_and_yarn/eslint-8.29.0
Bump eslint from 8.28.0 to 8.29.0
2022-12-05 10:54:24 +01:00
dependabot[bot] 6919a4885f Bump eslint from 8.28.0 to 8.29.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.28.0 to 8.29.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.28.0...v8.29.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:27 +00:00
dependabot[bot] 8f97494d2e Bump @types/node from 16.18.3 to 16.18.4
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.3 to 16.18.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 01:44:05 +00:00
Federico Builes 08ec176670 Merge pull request #341 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.6
Bump eslint-plugin-jest from 27.1.5 to 27.1.6
2022-11-28 17:40:48 +01:00
dependabot[bot] 40a9da4614 Bump eslint-plugin-jest from 27.1.5 to 27.1.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.5 to 27.1.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.5...v27.1.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 01:45:07 +00:00
Federico Builes 9ad1f84ed2 Dependabot Updates should only happen once a week. 2022-11-24 10:57:01 +01:00
Federico Builes 464e6ac735 Merge pull request #337 from actions/dependabot/npm_and_yarn/prettier-2.8.0
Bump prettier from 2.7.1 to 2.8.0
2022-11-24 06:57:46 +01:00
dependabot[bot] 141e2dae22 Bump prettier from 2.7.1 to 2.8.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.1...2.8.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-24 01:05:35 +00:00
Federico Builes 37bb7a46dd Merge pull request #336 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.44.0
Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
2022-11-23 08:13:04 +01:00
dependabot[bot] 5abb42a215 Bump @typescript-eslint/parser from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 07:08:38 +00:00
Federico Builes 5aafbe4a32 Merge pull request #335 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.44.0
Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
2022-11-23 08:07:40 +01:00
dependabot[bot] d623612924 Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.44.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.43.0 to 5.44.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.44.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-23 01:36:15 +00:00
Federico Builes 08fe899167 Merge pull request #334 from actions/dependabot/npm_and_yarn/eslint-8.28.0
Bump eslint from 8.27.0 to 8.28.0
2022-11-21 07:16:29 +01:00
dependabot[bot] 067e030d27 Bump eslint from 8.27.0 to 8.28.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.27.0 to 8.28.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.27.0...v8.28.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-21 01:51:38 +00:00
Federico Builes 6b47d2662b Merge pull request #333 from actions/dependabot/npm_and_yarn/got-12.5.3
Bump got from 12.5.2 to 12.5.3
2022-11-17 07:17:03 +01:00
dependabot[bot] 290634fe98 Bump got from 12.5.2 to 12.5.3
Bumps [got](https://github.com/sindresorhus/got) from 12.5.2 to 12.5.3.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.2...v12.5.3)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 01:14:38 +00:00
Federico Builes 352f50a80e Update contribution instructions with v3 for easier copy/pasting. 2022-11-16 11:36:08 +01:00
Federico Builes 11310527b4 bumping version 2022-11-16 11:31:19 +01:00
Federico Builes ea0f46928b Merge pull request #330 from actions/errors-for-external-configs
Improve error messages for external config files
2022-11-16 11:26:15 +01:00
Federico Builes 369356e2e7 Fixing merge conflict in dist/
# Conflicts:
#	dist/index.js.map
2022-11-16 11:24:44 +01:00
cnagadya 13fe21bc0a Merge pull request #331 from actions/octokit/enterprise
Set octokit baseurl for GHES
2022-11-16 10:03:07 +01:00
Federico Builes 136c0838bf Merge pull request #332 from actions/dependabot/npm_and_yarn/typescript-4.9.3
Bump typescript from 4.8.4 to 4.9.3
2022-11-16 07:04:34 +01:00
dependabot[bot] 8ed85b3757 Bump typescript from 4.8.4 to 4.9.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.4 to 4.9.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-16 01:11:56 +00:00
Federico Builes a952d7b1b7 adding dist 2022-11-15 22:34:15 +01:00
Federico Builes b8e622f102 Move test out of failing block. 2022-11-15 22:33:31 +01:00
Federico Builes ac059c649c Checkpoint! 2022-11-15 22:29:00 +01:00
Federico Builes 93652d7af0 Fix failing tests. 2022-11-15 22:28:50 +01:00
Federico Builes ba127cac5e Adding a test to confirm lists work properly in config files. 2022-11-15 22:25:26 +01:00
Federico Builes 1dd7392739 Adding fixture for testing config file string lists. 2022-11-15 22:25:13 +01:00
cnagadya 8f801ec4bb Update external-repo-token requirements 2022-11-15 12:25:35 +00:00
Federico Builes 2d265aa7cc Updating dist. 2022-11-15 07:50:53 +01:00
Federico Builes c57c602135 Force error casting to get messages! 2022-11-15 07:50:45 +01:00
Federico Builes c2097b2a9b Updating copy in a test. 2022-11-15 07:50:32 +01:00
Federico Builes 0a055a6a13 Improve error messages for external config files. 2022-11-15 07:45:29 +01:00
Federico Builes 3417e62ba2 Merge pull request #328 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.43.0
Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
2022-11-15 05:38:42 +01:00
dependabot[bot] 49fecaf158 Bump @typescript-eslint/parser from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 04:33:19 +00:00
Federico Builes 173a4b8d96 Merge pull request #329 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.43.0
Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
2022-11-15 05:32:34 +01:00
dependabot[bot] db1829cd87 Bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.43.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.42.1 to 5.43.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.43.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-15 01:05:54 +00:00
cnagadya d87317e782 Set octokit baseurl for enterprise 2022-11-14 13:49:52 +00:00
Federico Builes 30d5821115 Bumping version number 2022-11-11 15:41:53 +01:00
Federico Builes 6e42c3395a Remove defaults from the recently added fields. 2022-11-11 15:19:46 +01:00
Federico Builes a3074cd699 Merge pull request #327 from actions/adding-extra-options
Updating action.yml to include `*-check` config options
2022-11-11 15:11:20 +01:00
Federico Builes 51a29d6960 Updating action.yml to include *-check config
options.
2022-11-11 14:56:07 +01:00
Federico Builes 235a221cf4 Merge pull request #324 from actions/readme-update
Update the README
2022-11-11 11:27:19 +01:00
Federico Builes 9b3a7f61dd Minor README tweaks. 2022-11-11 11:26:05 +01:00
Federico Builes a4761312ac Add pull_request to the list of events that don't need refs. 2022-11-11 11:23:46 +01:00
Federico Builes 28c7c8c314 Set the correct default for license-check in README. 2022-11-11 11:17:08 +01:00
Federico Builes 9da0fd4871 Merge pull request #325 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.5
Bump eslint-plugin-jest from 27.1.4 to 27.1.5
2022-11-11 09:00:04 +01:00
Federico Builes fe45fd6645 Merge pull request #326 from actions/dependabot/npm_and_yarn/esbuild-register-3.4.1
Bump esbuild-register from 3.4.0 to 3.4.1
2022-11-11 08:59:46 +01:00
dependabot[bot] c41b9f9cfb Bump esbuild-register from 3.4.0 to 3.4.1
Bumps esbuild-register from 3.4.0 to 3.4.1.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-11 01:16:27 +00:00
dependabot[bot] 10c5aa9564 Bump eslint-plugin-jest from 27.1.4 to 27.1.5
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.4 to 27.1.5.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.4...v27.1.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-11 01:13:55 +00:00
Courtney Claessens 8e5000107a Update README.md 2022-11-10 20:01:11 -05:00
Courtney Claessens 89a074ec7e Update README.md 2022-11-10 19:59:21 -05:00
Courtney Claessens 8d7a4c48ad Update README.md 2022-11-10 19:55:22 -05:00
Courtney Claessens 2f59625b62 reorg the readme 2022-11-10 19:51:20 -05:00
Federico Builes 9e552623cc Merge pull request #323 from actions/dependabot/npm_and_yarn/esbuild-register-3.4.0
Bump esbuild-register from 3.3.3 to 3.4.0
2022-11-10 12:45:45 +01:00
Federico Builes 4108a15bd3 Merge pull request #306 from actions/external-repo-config
Read configuration from external repositories
2022-11-10 11:03:15 +01:00
Federico Builes 5ea8fbfb83 Update docs for config file paths. 2022-11-10 08:18:58 +01:00
Federico Builes c72eb06e71 Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-11-10 07:59:35 +01:00
Federico Builes aa409fa6cd Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-11-10 07:59:28 +01:00
Federico Builes 5aaa78ce3c Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-11-10 07:59:15 +01:00
dependabot[bot] 8d9ea3eb63 Bump esbuild-register from 3.3.3 to 3.4.0
Bumps esbuild-register from 3.3.3 to 3.4.0.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-10 01:11:37 +00:00
Federico Builes 59a4f4c4ba Fixing typo in README.md 2022-11-09 13:24:07 +01:00
Federico Builes bf8cfe8b38 Linting, adding dist files. 2022-11-09 13:22:33 +01:00
Federico Builes ae538ebe32 Linting and whitespace. Smol rename. 2022-11-09 13:17:12 +01:00
Federico Builes b4126ce983 Shuffle things around. 2022-11-09 13:16:53 +01:00
Federico Builes 418ae59d51 Replace TODO with instructions for getting PAT. 2022-11-08 17:51:31 +01:00
Federico Builes c38007a979 Don't abbreviate repo in docs.
In general let's try not to use abbreviations in public
documentation.
2022-11-08 17:45:23 +01:00
cnagadya ebe5527e72 Fix readme typo 2022-11-08 11:23:48 +00:00
cnagadya 1589654682 Add dist changes 2022-11-08 11:16:48 +00:00
cnagadya f0ff0b670a Rename config token > external-repo-token 2022-11-08 11:16:26 +00:00
cnagadya 336da03de2 Update empty allow-licenses tests 2022-11-08 11:15:36 +00:00
cnagadya 78565a954f Dont merge config lists
Co-authored-by: Henri Maurer<hmaurer@github.com>
Co-authored-by: Federico Builes<febuiles@github.com>
2022-11-08 10:52:30 +00:00
cnagadya 3c73a622ba Fix config-file tests 2022-11-08 09:53:36 +00:00
Federico Builes 7a42af0f2f Merge pull request #320 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.4
Bump eslint-plugin-jest from 27.1.3 to 27.1.4
2022-11-08 10:40:36 +01:00
dependabot[bot] abfd4a1fc7 Bump eslint-plugin-jest from 27.1.3 to 27.1.4
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.3 to 27.1.4.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.3...v27.1.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 09:39:22 +00:00
Federico Builes 40e460b464 Merge pull request #316 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.42.1
Bump @typescript-eslint/parser from 5.42.0 to 5.42.1
2022-11-08 10:38:41 +01:00
dependabot[bot] 9f1bc9b354 Bump @typescript-eslint/parser from 5.42.0 to 5.42.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.42.0 to 5.42.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.42.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 09:38:34 +00:00
Federico Builes 774bd6c1d5 Merge pull request #318 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.4.1
Bump eslint-plugin-github from 4.4.0 to 4.4.1
2022-11-08 10:37:41 +01:00
Federico Builes f7686f8c21 Merge pull request #317 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.42.1
Bump @typescript-eslint/eslint-plugin from 5.42.0 to 5.42.1
2022-11-08 10:36:16 +01:00
dependabot[bot] 688e92b5e5 Bump eslint-plugin-github from 4.4.0 to 4.4.1
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.4.0...v4.4.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 07:35:47 +00:00
Federico Builes 7ce779229f Merge pull request #319 from actions/dependabot/npm_and_yarn/eslint-8.27.0
Bump eslint from 8.26.0 to 8.27.0
2022-11-08 08:34:38 +01:00
dependabot[bot] 543eecb644 Bump eslint from 8.26.0 to 8.27.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.26.0 to 8.27.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.26.0...v8.27.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 01:17:47 +00:00
dependabot[bot] a7ec2eb771 Bump @typescript-eslint/eslint-plugin from 5.42.0 to 5.42.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.42.0 to 5.42.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.42.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-08 01:17:25 +00:00
cnagadya 13455c7175 Merge array config options 2022-11-07 17:57:05 +00:00
cnagadya 6d941b396a Fix inconsistencies due to zod defaults / partials mixup 2022-11-07 17:08:00 +00:00
cnagadya 49ed3f2876 Merge lists in configs instead of overwritting them 2022-11-07 12:33:54 +00:00
cnagadya b55cddb69d Use config-file for both remote and local config-files 2022-11-07 12:12:03 +00:00
cnagadya dcdeb7de77 Remove redundant skips
Co-authored-by: Federico Builes <febuiles@github.com>
2022-11-04 16:12:05 +00:00
cnagadya b4a2fbfa16 Complete functionality for handling remote config file 2022-11-04 14:51:41 +00:00
cnagadya 97e5a607ba Handle getContent response as is
Co-authored-by: Henri Maurer <hmaurer@github.com>
2022-11-04 10:08:00 +00:00
cnagadya 3b410dc4ad Load remote config file 2022-11-04 09:05:45 +00:00
Federico Builes 683cbc4872 Merge branch 'main' into external-repo-config 2022-11-01 08:11:26 +01:00
Federico Builes 2f696d8c7a Merge pull request #314 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.42.0
Bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.42.0
2022-11-01 08:10:28 +01:00
dependabot[bot] 1a9033d563 Bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.42.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.41.0 to 5.42.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.42.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 07:10:21 +00:00
Federico Builes ad6e320da1 Merge pull request #313 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.42.0
Bump @typescript-eslint/parser from 5.41.0 to 5.42.0
2022-11-01 08:09:22 +01:00
dependabot[bot] 3d86825394 Bump @typescript-eslint/parser from 5.41.0 to 5.42.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.41.0 to 5.42.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.42.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 01:49:12 +00:00
Federico Builes 10dc05ba09 Merge pull request #311 from ericcornelissen/308-disable-license-or-vuln
Add `license-check` and `vulnerability-check` inputs
2022-10-31 07:56:37 +01:00
Federico Builes 04f48dec81 Update __tests__/config.test.ts 2022-10-31 07:55:17 +01:00
Federico Builes bb5c0c7ca0 Merge pull request #312 from actions/dependabot/npm_and_yarn/types/node-16.18.3
Bump @types/node from 16.18.2 to 16.18.3
2022-10-31 06:42:09 +01:00
dependabot[bot] 2d7d700469 Bump @types/node from 16.18.2 to 16.18.3
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.2 to 16.18.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 01:33:50 +00:00
Eric Cornelissen f095b5a541 Build and package 2022-10-28 22:25:06 +02:00
Eric Cornelissen f54a1f3b74 Document the license-check & vulnerability-check config options
Include the license-check and vulnerability-check options in the config
documentation in the README.

Also fix a typo in the README ("configuraton" -> "configuration").
2022-10-28 22:23:33 +02:00
Eric Cornelissen 84921e5e4a Simplify Summary summary based on license-check and vulnerability-check
Omit details related to the license check of vulnerability check from
the GitHub Actions Summary's summary if the respective check is disabled
from the configuration.
2022-10-28 22:15:44 +02:00
Eric Cornelissen c5af7ff272 Prevent disabling all checks
Prevent users from disabling both the license and vulnerability check by
checking if both are set to `false` and throwing if that's the case.
2022-10-28 22:08:55 +02:00
Eric Cornelissen 31279d265a Add license-check and vulnerability-check inputs
Add support for two new inputs, named `license-check` and
`vulnerability-check`, to disable the license checks or vulnerability
checks performed by this action. By default, both are enabled.
2022-10-28 22:06:05 +02:00
Federico Builes 2532504548 Merge pull request #310 from actions/cn/node-18
Upgrade to Node 18
2022-10-28 13:46:26 +02:00
cnagadya cc6d251652 Update contributing guide 2022-10-28 10:13:58 +00:00
cnagadya 516e8497ac Add codespace defaults 2022-10-28 10:13:58 +00:00
cnagadya 43c5083e6c Node 18 2022-10-28 10:13:58 +00:00
Federico Builes fa62a0febc Merge pull request #294 from actions/cn/spdx-licenses
Add support for SPDX expressions
2022-10-28 11:27:18 +02:00
cnagadya e897e8ebdd Add dist folder 2022-10-28 09:25:16 +00:00
cnagadya 216fafaed5 PR feedback
Co-authored-by: Federico Builes <febuiles@github.com>
2022-10-28 11:23:05 +02:00
cnagadya 0144419c8e Format violations area 2022-10-27 16:43:45 +00:00
cnagadya 7b16bd0b54 Add unvalidated changes to summary 2022-10-27 16:24:30 +00:00
cnagadya 4525a8c091 Format summary findings 2022-10-27 15:41:19 +00:00
cnagadya 72273c9a36 Update dist folder 2022-10-27 15:22:00 +00:00
cnagadya 562a2f3c0a Improve summary formatting 2022-10-27 15:19:32 +00:00
cnagadya c82c183029 Resolve package-lock conflicts 2022-10-27 14:37:08 +00:00
cnagadya 26be1f407e Merge pull request #309 from actions/codespace-actions-dependency-review-action-p79j7j9pxqrh669p
Add unresolved licenses section
2022-10-27 15:43:28 +02:00
cnagadya 022ea02fbb Add unresolved licenses section 2022-10-27 13:09:37 +00:00
Federico Builes d6e28cdfae Merge pull request #307 from actions/dependabot/npm_and_yarn/types/node-16.18.2
Bump @types/node from 16.18.0 to 16.18.2
2022-10-27 07:34:11 +02:00
dependabot[bot] da3d8af3e3 Bump @types/node from 16.18.0 to 16.18.2
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.0 to 16.18.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-27 01:26:35 +00:00
cnagadya 52fa73c086 Update readme licenses sections 2022-10-26 10:54:12 +00:00
cnagadya 3baea959cf Fix license test failures 2022-10-26 09:58:00 +00:00
cnagadya 782c57b17e Fix config test failures 2022-10-26 09:57:02 +00:00
cnagadya ac5ed8754d Use SPDX license expressions 2022-10-26 09:56:34 +00:00
Federico Builes 024a5a6342 Merge pull request #305 from actions/dependabot/npm_and_yarn/octokit-2.0.10
Bump octokit from 2.0.9 to 2.0.10
2022-10-26 08:49:12 +02:00
Federico Builes b2fc686406 Resolving merge conflicts 2022-10-26 08:47:43 +02:00
dependabot[bot] 4ec1d46392 Bump octokit from 2.0.9 to 2.0.10
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.9 to 2.0.10.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.9...v2.0.10)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 06:46:16 +00:00
Federico Builes cfef8bfe29 Merge pull request #304 from actions/dependabot/npm_and_yarn/octokit/plugin-retry-4.0.3
Bump @octokit/plugin-retry from 3.0.9 to 4.0.3
2022-10-26 08:45:28 +02:00
Federico Builes bd43b8d1e2 updating dist 2022-10-26 08:45:18 +02:00
dependabot[bot] fced408b87 Bump @octokit/plugin-retry from 3.0.9 to 4.0.3
Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 3.0.9 to 4.0.3.
- [Release notes](https://github.com/octokit/plugin-retry.js/releases)
- [Commits](https://github.com/octokit/plugin-retry.js/compare/v3.0.9...v4.0.3)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-retry"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 01:51:57 +00:00
Federico Builes 65f9f50468 Merge pull request #303 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.41.0
Bump @typescript-eslint/parser from 5.40.1 to 5.41.0
2022-10-25 07:57:41 +02:00
dependabot[bot] a393c83ce5 Bump @typescript-eslint/parser from 5.40.1 to 5.41.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 05:56:55 +00:00
Federico Builes 56163c5659 Merge pull request #302 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.41.0
Bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0
2022-10-25 07:56:10 +02:00
dependabot[bot] 5dc2e6e4bb Bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 01:44:33 +00:00
Federico Builes 0efb1d1d84 bumping to 2.5.1 2022-10-24 17:03:38 +02:00
Federico Builes d4f6425aa4 Merge pull request #290 from actions/cn/scan_pr
Enable setting configuration options for local testing
2022-10-24 16:55:54 +02:00
Federico Builes 49a61bd9bd Update scripts/scan_pr
Co-authored-by: cnagadya <cnagadya@github.com>
2022-10-24 16:54:03 +02:00
Federico Builes 06c01e11e8 Update scripts/scan_pr
Co-authored-by: cnagadya <cnagadya@github.com>
2022-10-24 16:53:56 +02:00
Federico Builes 4538b29c27 Merge pull request #300 from actions/dependabot/npm_and_yarn/eslint-8.26.0
Bump eslint from 8.25.0 to 8.26.0
2022-10-24 07:14:08 +02:00
Federico Builes 4153ec555a Merge pull request #299 from actions/dependabot/npm_and_yarn/types/node-16.18.0
Bump @types/node from 16.11.68 to 16.18.0
2022-10-24 07:13:59 +02:00
dependabot[bot] 7c8d0843f9 Bump eslint from 8.25.0 to 8.26.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.25.0 to 8.26.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.25.0...v8.26.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 01:47:43 +00:00
dependabot[bot] fc00198e43 Bump @types/node from 16.11.68 to 16.18.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.68 to 16.18.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 01:47:19 +00:00
Federico Builes 9760f87258 Fix config-file description in action.yml 2022-10-21 17:38:18 +02:00
Federico Builes 74c047086c Adding README and action.yml for external config files. 2022-10-21 17:34:20 +02:00
Federico Builes 80e573b784 Fixing whitespace. 2022-10-21 14:03:17 +02:00
Federico Builes b5c3d1e723 Update scan_pr to support loading an external config YAML file. 2022-10-21 14:00:52 +02:00
Federico Builes 7fd272118a Updating scan_pr to support a config file option. 2022-10-21 13:55:52 +02:00
Federico Builes 3c9a31f5a0 Updating CONTRIBUTING.md 2022-10-21 13:36:00 +02:00
Federico Builes d8fba3fdc1 Remove hardcode file from .gitignore 2022-10-21 13:33:24 +02:00
Federico Builes e805dd89e8 Merge branch 'main' into cn/scan_pr 2022-10-21 13:27:09 +02:00
Federico Builes 32276cb73d Merge pull request #298 from actions/dependabot/npm_and_yarn/types/node-16.11.68
Bump @types/node from 16.11.66 to 16.11.68
2022-10-19 07:49:08 +02:00
Federico Builes fe226ac019 Merge pull request #297 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.3
Bump eslint-plugin-jest from 27.1.2 to 27.1.3
2022-10-19 07:48:52 +02:00
dependabot[bot] b759175bdb Bump @types/node from 16.11.66 to 16.11.68
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.66 to 16.11.68.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 01:34:58 +00:00
dependabot[bot] 6af054f363 Bump eslint-plugin-jest from 27.1.2 to 27.1.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.2 to 27.1.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.2...v27.1.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 01:34:46 +00:00
Federico Builes 6f32cb0afd Merge pull request #296 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.40.1
Bump @typescript-eslint/parser from 5.40.0 to 5.40.1
2022-10-18 10:05:25 +02:00
dependabot[bot] 2791afab72 Bump @typescript-eslint/parser from 5.40.0 to 5.40.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.40.0 to 5.40.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.40.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-18 06:54:19 +00:00
Federico Builes a8b5c8c24e Merge pull request #295 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.40.1
Bump @typescript-eslint/eslint-plugin from 5.40.0 to 5.40.1
2022-10-18 08:53:31 +02:00
dependabot[bot] 12a250de95 Bump @typescript-eslint/eslint-plugin from 5.40.0 to 5.40.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.40.0 to 5.40.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.40.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-18 01:26:32 +00:00
Federico Builes 917e5af203 Merge pull request #291 from actions/dependabot/npm_and_yarn/types/node-16.11.66
Bump @types/node from 16.11.65 to 16.11.66
2022-10-17 07:28:53 +02:00
Federico Builes ba6dba6225 Merge pull request #292 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.2
Bump eslint-plugin-jest from 27.1.1 to 27.1.2
2022-10-17 07:26:25 +02:00
dependabot[bot] 63154658bc Bump eslint-plugin-jest from 27.1.1 to 27.1.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.1 to 27.1.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.1...v27.1.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 01:51:39 +00:00
dependabot[bot] f84c5813e5 Bump @types/node from 16.11.65 to 16.11.66
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.65 to 16.11.66.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-17 01:51:15 +00:00
cnagadya 228a6404a2 Remove untracked dev-config.yml 2022-10-14 13:07:46 +00:00
cnagadya c84947f64b Ignore dev-config file 2022-10-14 12:31:49 +00:00
cnagadya 71dbf10e60 Add configuration instruction to docs 2022-10-14 12:31:17 +00:00
cnagadya f9deefc2e9 Retrieve config file values for local testing 2022-10-14 09:26:12 +00:00
Federico Builes 0e5d083be1 Merge pull request #289 from actions/dependabot/npm_and_yarn/octokit-2.0.9
Bump octokit from 2.0.7 to 2.0.9
2022-10-14 09:09:30 +02:00
Federico Builes 2f428eec67 adding dist 2022-10-14 09:03:58 +02:00
dependabot[bot] dff2fdff0f Bump octokit from 2.0.7 to 2.0.9
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.7 to 2.0.9.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.7...v2.0.9)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-14 06:56:20 +00:00
Federico Builes 12a171cf96 Merge pull request #288 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.2
Bump @octokit/request-error from 3.0.1 to 3.0.2
2022-10-14 08:55:30 +02:00
dependabot[bot] 3156cf8998 Bump @octokit/request-error from 3.0.1 to 3.0.2
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-14 01:25:21 +00:00
cnagadya fd675ced9c v2.5.0 release
Co-authored-by: Henri Maurer <hmaurer@github.com>
Co-authored-by: Federico Builes <febuiles@github.com>
2022-10-13 15:00:15 +00:00
Federico Builes f7d03d8b76 Merge pull request #284 from actions/cn/license-api-fallback
Use GH Licenses API to retrieve null licenses
2022-10-13 16:54:33 +02:00
Federico Builes 7e41a6f1ee Removing unnecessary beforeAll block
Mocks are removed in Jest automatically due to our
Jest config file.

Co-authored-by: Christine Nagadya <cnagadya@github.com>
Co-authored-by: Henri Maurer <hmaurer@github.com>
2022-10-13 16:52:54 +02:00
cnagadya 4c0961eff6 Add tests for GitHub License API fallback 2022-10-13 11:57:38 +00:00
cnagadya d1e9a12830 Resolve conflicts 2022-10-13 11:06:40 +00:00
cnagadya 2e3713aab8 Optimise setGHLicenses
Co-authored-by: Henri Maurer <hmaurer@github.com>
Co-authored-by: Federico Builes <febuiles@github.com>
2022-10-13 11:03:34 +00:00
cnagadya ba9d7c1389 Retrieve null licenses from licenses API 2022-10-13 11:03:34 +00:00
Federico Builes 0cd2781117 Merge pull request #286 from actions/dependabot/npm_and_yarn/ansi-styles-6.2.1
Bump ansi-styles from 6.2.0 to 6.2.1
2022-10-13 12:28:39 +02:00
Federico Builes 129f0ad973 adding dist 2022-10-13 12:26:58 +02:00
dependabot[bot] 0a88a4704b Bump ansi-styles from 6.2.0 to 6.2.1
Bumps [ansi-styles](https://github.com/chalk/ansi-styles) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/chalk/ansi-styles/releases)
- [Commits](https://github.com/chalk/ansi-styles/compare/v6.2.0...v6.2.1)

---
updated-dependencies:
- dependency-name: ansi-styles
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-13 06:12:45 +00:00
Federico Builes 18069caed8 Merge pull request #287 from actions/dependabot/npm_and_yarn/got-12.5.2
Bump got from 12.5.1 to 12.5.2
2022-10-13 08:12:07 +02:00
dependabot[bot] 61cee4b12b Bump got from 12.5.1 to 12.5.2
Bumps [got](https://github.com/sindresorhus/got) from 12.5.1 to 12.5.2.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.1...v12.5.2)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-13 01:25:32 +00:00
Federico Builes 94670a1af8 Merge pull request #282 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.4.0
Bump eslint-plugin-github from 4.3.7 to 4.4.0
2022-10-12 08:05:50 +02:00
Federico Builes 577d9714ad Merge pull request #283 from actions/dependabot/npm_and_yarn/ansi-styles-6.2.0
Bump ansi-styles from 6.1.1 to 6.2.0
2022-10-12 08:02:05 +02:00
Federico Builes 9ce6cb532b adding dist 2022-10-12 08:01:53 +02:00
dependabot[bot] 0b980b1ccd Bump ansi-styles from 6.1.1 to 6.2.0
Bumps [ansi-styles](https://github.com/chalk/ansi-styles) from 6.1.1 to 6.2.0.
- [Release notes](https://github.com/chalk/ansi-styles/releases)
- [Commits](https://github.com/chalk/ansi-styles/compare/v6.1.1...v6.2.0)

---
updated-dependencies:
- dependency-name: ansi-styles
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 01:41:51 +00:00
dependabot[bot] bc5f6c2f39 Bump eslint-plugin-github from 4.3.7 to 4.4.0
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.7 to 4.4.0.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.7...v4.4.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-12 01:41:43 +00:00
cnagadya 9c96258789 Update to 2.4.1 2022-10-11 13:42:40 +00:00
Federico Builes f076f221f4 Merge pull request #280 from actions/format-bugs
Fix display issues with versions and GHSAs
2022-10-11 15:22:44 +02:00
Federico Builes 88b817ec8d adding dist 2022-10-11 15:20:02 +02:00
Federico Builes 2dd6c6a3d7 Fixing a bug with GHSA filtering.
Co-authored-by: Christine Nagadya <cnagadya@github.com>
2022-10-11 15:17:34 +02:00
Federico Builes 1d9bfbbddf Document the behavior of the GHSA filtering function. 2022-10-11 15:09:58 +02:00
Federico Builes f632f5f79d adding dist 2022-10-11 14:51:27 +02:00
Federico Builes ee42a6512f Show the dependency name instead of the manifest. 2022-10-11 14:50:55 +02:00
Federico Builes 6f58092362 Merge pull request #278 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.40.0
Bump @typescript-eslint/eslint-plugin from 5.39.0 to 5.40.0
2022-10-11 12:11:26 +02:00
dependabot[bot] b81bfe53ce Bump @typescript-eslint/eslint-plugin from 5.39.0 to 5.40.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.39.0 to 5.40.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.40.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 10:10:06 +00:00
Federico Builes 5679c0f8be Merge pull request #277 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.40.0
Bump @typescript-eslint/parser from 5.39.0 to 5.40.0
2022-10-11 12:09:15 +02:00
dependabot[bot] 2018b3e66f Bump @typescript-eslint/parser from 5.39.0 to 5.40.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.39.0 to 5.40.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.40.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 08:50:56 +00:00
Federico Builes 463890c1ed Merge pull request #276 from actions/dependabot/npm_and_yarn/types/node-16.11.65
Bump @types/node from 16.11.64 to 16.11.65
2022-10-11 10:50:05 +02:00
dependabot[bot] c9b9d23e75 Bump @types/node from 16.11.64 to 16.11.65
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.64 to 16.11.65.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-11 01:32:53 +00:00
Federico Builes 4c14cfe593 Merge pull request #275 from actions/dependabot/npm_and_yarn/eslint-8.25.0
Bump eslint from 8.24.0 to 8.25.0
2022-10-10 08:24:07 +02:00
dependabot[bot] 5b70fe08e7 Bump eslint from 8.24.0 to 8.25.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.24.0 to 8.25.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.24.0...v8.25.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-10 01:52:29 +00:00
Federico Builes 81216f689b Merge pull request #274 from actions/dependabot/npm_and_yarn/yaml-2.1.3
Bump yaml from 2.1.2 to 2.1.3
2022-10-06 14:43:54 +02:00
Federico Builes afbc15c97f updating dist files 2022-10-06 14:41:07 +02:00
dependabot[bot] 8d974c4ee8 Bump yaml from 2.1.2 to 2.1.3
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.2...v2.1.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-06 11:19:30 +00:00
Federico Builes cdad98596a Merge pull request #273 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.1
Bump eslint-plugin-jest from 27.1.0 to 27.1.1
2022-10-06 13:18:40 +02:00
dependabot[bot] 0a0eb39992 Bump eslint-plugin-jest from 27.1.0 to 27.1.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.0 to 27.1.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.0...v27.1.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-06 01:41:12 +00:00
Federico Builes df3ceaf7f0 Merge pull request #269 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.39.0
Bump @typescript-eslint/eslint-plugin from 5.38.1 to 5.39.0
2022-10-05 13:17:37 +02:00
dependabot[bot] 1997789b86 Bump @typescript-eslint/eslint-plugin from 5.38.1 to 5.39.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.38.1 to 5.39.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.39.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 11:01:03 +00:00
Federico Builes 584e620d09 Merge pull request #270 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.39.0
Bump @typescript-eslint/parser from 5.38.1 to 5.39.0
2022-10-05 13:00:23 +02:00
Federico Builes 1fa34689ad Merge pull request #271 from actions/dependabot/npm_and_yarn/types/node-16.11.64
Bump @types/node from 16.11.63 to 16.11.64
2022-10-05 13:00:15 +02:00
Federico Builes de2814d20e Merge pull request #272 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.0
Bump eslint-plugin-jest from 27.0.4 to 27.1.0
2022-10-05 08:17:58 +02:00
dependabot[bot] eabc27054f Bump eslint-plugin-jest from 27.0.4 to 27.1.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.0.4 to 27.1.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.0.4...v27.1.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 01:54:54 +00:00
dependabot[bot] b486e073e9 Bump @types/node from 16.11.63 to 16.11.64
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.63 to 16.11.64.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 01:54:43 +00:00
dependabot[bot] 03321307df Bump @typescript-eslint/parser from 5.38.1 to 5.39.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.38.1 to 5.39.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.39.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 01:51:49 +00:00
Federico Builes cc2a6ab32f Merge pull request #268 from actions/dependabot/npm_and_yarn/yaml-2.1.2
Bump yaml from 2.1.1 to 2.1.2
2022-10-03 11:32:30 +02:00
Federico Builes 5de8be4c40 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.1.2
# Conflicts:
#	dist/index.js.map
2022-10-03 11:31:02 +02:00
Federico Builes 1b8bd021a3 adding dist 2022-10-03 11:29:46 +02:00
Federico Builes 65d8cd176f Merge pull request #267 from actions/dependabot/npm_and_yarn/types/node-16.11.63
Bump @types/node from 16.11.62 to 16.11.63
2022-10-03 11:29:23 +02:00
Federico Builes 6d500ff869 Merge pull request #266 from actions/dependabot/npm_and_yarn/actions/github-5.1.1
Bump @actions/github from 5.1.0 to 5.1.1
2022-10-03 11:29:14 +02:00
Federico Builes 0259ed8420 add dist 2022-10-03 11:28:16 +02:00
dependabot[bot] ec636f3d19 Bump yaml from 2.1.1 to 2.1.2
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 02:06:25 +00:00
dependabot[bot] 367e85631b Bump @types/node from 16.11.62 to 16.11.63
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.62 to 16.11.63.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 02:05:36 +00:00
dependabot[bot] abf7b5a775 Bump @actions/github from 5.1.0 to 5.1.1
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 02:05:00 +00:00
Federico Builes ba85772f4b Merge pull request #265 from actions/dependabot/npm_and_yarn/actions/core-1.10.0
Bump @actions/core from 1.9.1 to 1.10.0
2022-09-30 09:09:00 +02:00
Federico Builes 8d812df813 adding dist 2022-09-30 09:07:38 +02:00
dependabot[bot] 63e12b21ed Bump @actions/core from 1.9.1 to 1.10.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.1 to 1.10.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-30 01:45:02 +00:00
Federico Builes 0385b5b162 Merge pull request #248 from actions/add-scanned-deps
Add scanned deps
2022-09-28 10:53:37 +02:00
Federico Builes 8e053e0f5e Merge pull request #262 from actions/dependabot/npm_and_yarn/typescript-4.8.4
Bump typescript from 4.8.3 to 4.8.4
2022-09-28 08:04:35 +02:00
Federico Builes e0ff0cf732 Merge pull request #261 from actions/dependabot/npm_and_yarn/got-12.5.1
Bump got from 12.5.0 to 12.5.1
2022-09-28 08:04:26 +02:00
dependabot[bot] ea65cbfc18 Bump typescript from 4.8.3 to 4.8.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.3 to 4.8.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.8.3...v4.8.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-28 01:29:19 +00:00
dependabot[bot] 5bf43a89cd Bump got from 12.5.0 to 12.5.1
Bumps [got](https://github.com/sindresorhus/got) from 12.5.0 to 12.5.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.5.0...v12.5.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-28 01:29:03 +00:00
Federico Builes 468485fc8e Clean up the main script a bit. 2022-09-27 12:25:12 +02:00
Federico Builes 46c9f79a1f Create utils.ts file for helper functions. 2022-09-27 12:23:05 +02:00
Federico Builes cd3f55e8f9 Add all the dependencies to the review summary too. 2022-09-27 11:52:15 +02:00
Federico Builes f832351766 Merge pull request #258 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.38.1
Bump @typescript-eslint/eslint-plugin from 5.38.0 to 5.38.1
2022-09-27 08:10:02 +02:00
dependabot[bot] f96ed229f4 Bump @typescript-eslint/eslint-plugin from 5.38.0 to 5.38.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.38.0 to 5.38.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-27 06:08:27 +00:00
Federico Builes 629703a27b Merge pull request #260 from actions/dependabot/npm_and_yarn/types/node-16.11.62
Bump @types/node from 16.11.60 to 16.11.62
2022-09-27 08:08:06 +02:00
Federico Builes d05bfb69a5 Merge pull request #259 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.38.1
Bump @typescript-eslint/parser from 5.38.0 to 5.38.1
2022-09-27 08:07:40 +02:00
dependabot[bot] 02bcebdd6e Bump @types/node from 16.11.60 to 16.11.62
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.60 to 16.11.62.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-27 01:30:25 +00:00
dependabot[bot] fbeabf7e29 Bump @typescript-eslint/parser from 5.38.0 to 5.38.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.38.0 to 5.38.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-27 01:30:16 +00:00
Federico Builes 0515f5cb39 Adding a skeleton for scanned dependencies in the summary. 2022-09-26 19:14:04 +02:00
Federico Builes 2d1d679f58 Move manifest grouping outside main.ts 2022-09-26 19:13:25 +02:00
Federico Builes a3563a05bc Use a set instead of raw JS objects. 2022-09-26 12:41:16 +02:00
Federico Builes 8a20ddbf25 try adding 3 sections 2022-09-26 12:21:24 +02:00
Federico Builes 2a646668d9 adding dist 2022-09-26 12:03:34 +02:00
Federico Builes 60be833ffd Update manifest formatting in output. 2022-09-26 12:01:39 +02:00
Federico Builes edc501a219 adding dist 2022-09-26 11:41:40 +02:00
Federico Builes 000837f2ac Don't nest groups. 2022-09-26 11:41:02 +02:00
Federico Builes 89f99d150a adding colors to the dep output 2022-09-26 11:35:05 +02:00
Federico Builes 0ed41eff02 Merge branch 'main' into add-scanned-deps 2022-09-26 11:34:43 +02:00
Federico Builes dbe70eb550 updating gitignore 2022-09-26 11:29:22 +02:00
Federico Builes 78c7c01396 Merge branch 'main' into add-scanned-deps
# Conflicts:
#	dist/index.js.map
2022-09-26 08:47:23 +02:00
Federico Builes 89a5c76329 Merge pull request #254 from actions/dependabot/npm_and_yarn/actions/github-5.1.0
Bump @actions/github from 5.0.3 to 5.1.0
2022-09-26 08:46:18 +02:00
Federico Builes 4a6d691283 adding dist 2022-09-26 08:45:09 +02:00
Federico Builes b58d457243 Merge pull request #253 from actions/dependabot/npm_and_yarn/types/node-16.11.60
Bump @types/node from 16.11.59 to 16.11.60
2022-09-26 08:42:47 +02:00
Federico Builes cc033856be Merge pull request #255 from actions/dependabot/npm_and_yarn/eslint-8.24.0
Bump eslint from 8.23.1 to 8.24.0
2022-09-26 08:04:38 +02:00
dependabot[bot] 8595e805a5 Bump eslint from 8.23.1 to 8.24.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.23.1 to 8.24.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.23.1...v8.24.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 01:55:41 +00:00
dependabot[bot] fa10a7f0d6 Bump @actions/github from 5.0.3 to 5.1.0
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.0.3 to 5.1.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 01:54:35 +00:00
dependabot[bot] 6755d8aa71 Bump @types/node from 16.11.59 to 16.11.60
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.59 to 16.11.60.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 01:54:19 +00:00
Sarah Aladetan 375c537008 Updating to 2.4.0 2022-09-23 13:07:20 -07:00
Sarah Aladetan 98f28ebe06 Merge pull request #251 from actions/sarahkemi/ghsa-allowlist
Filter by vulnerability allow-list
2022-09-23 13:06:41 -07:00
Sarah Aladetan 716b322ec9 add allow-ghsas input to action.yml 2022-09-23 19:59:39 +00:00
Sarah Aladetan 12ae1bd550 Update wording in README.md
Co-authored-by: Federico Builes <febuiles@github.com>
2022-09-23 12:32:46 -07:00
Sarah Aladetan bcb52636bd build and package allow-ghsas 2022-09-22 22:58:43 +00:00
Sarah Aladetan 241ff73141 add doc on allow-ghsas to readme 2022-09-22 22:44:17 +00:00
Sarah Aladetan 062b749663 revise ghsa filter 2022-09-22 22:36:34 +00:00
Sarah Aladetan 4f00b72b84 filter allowed ghsas in action flow 2022-09-22 22:25:21 +00:00
Sarah Aladetan 602f968ea2 create a filter for vulns that are on the allowlist 2022-09-22 21:36:26 +00:00
Sarah Aladetan bd61ea0d9e create config option for ghsa allowlist 2022-09-22 21:34:18 +00:00
Federico Builes 8ec13c1f01 adding dist 2022-09-22 16:52:03 +02:00
Federico Builes 723ec8c0d3 Try showing information about the scanned dependencies. 2022-09-22 16:49:45 +02:00
Federico Builes 2843194510 Updating version. 2022-09-22 14:27:24 +02:00
Federico Builes 6944531f76 Update README.md 2022-09-22 14:26:27 +02:00
Federico Builes 29cdbbed37 Merge pull request #228 from actions/external-config
Add external configuration file
2022-09-22 14:22:39 +02:00
Federico Builes 88502badc9 Update README.md
Co-authored-by: Sarah Aladetan <sarahkemi@github.com>
2022-09-22 08:03:23 +02:00
Federico Builes ff7c97a976 adding dist 2022-09-21 17:03:01 +02:00
Federico Builes 4d3b8e5269 Clarify code a bit. 2022-09-21 17:01:00 +02:00
Federico Builes 38ee6e8360 Improve scopes example in new docs. 2022-09-21 16:53:20 +02:00
Federico Builes 54cd9a7cba Merge branch 'main' into external-config
# Conflicts:
#	README.md
#	__tests__/config.test.ts
#	dist/index.js.map
#	src/config.ts
#	src/schemas.ts
2022-09-21 16:50:02 +02:00
Federico Builes c4693c00ac Raise errors for invalid values in the external config. 2022-09-21 16:30:05 +02:00
Sarah Aladetan e89f113be2 add callout to checkout main when updating major version tag 2022-09-20 13:21:38 -07:00
Sarah Aladetan 2b96ea7f03 Bump version to 2.2.0
We've added filtering by dependency scopes
2022-09-20 13:06:20 -07:00
Sarah Aladetan 4300ce8d38 Merge pull request #243 from actions/sarahkemi/filter-dev-deps
Filter blocking dependency changes by scopes
2022-09-20 16:05:19 -04:00
Sarah Aladetan de48c615a3 build and package scope filtering 2022-09-20 15:18:31 +00:00
Federico Builes eef7e39202 Accept options from both sources, prioritize external config. 2022-09-20 15:52:34 +02:00
Federico Builes 37dc32836b Merge branch 'main' into external-config 2022-09-20 15:29:28 +02:00
Federico Builes 890361387d Updating dist. 2022-09-20 15:16:25 +02:00
Federico Builes 61f19e6447 Let the users set the path for the config file. 2022-09-20 15:15:14 +02:00
Federico Builes fd959624bf Merge pull request #245 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.38.0
Bump @typescript-eslint/eslint-plugin from 5.37.0 to 5.38.0
2022-09-20 07:59:56 +02:00
Federico Builes 11dd186eb0 Merge pull request #246 from actions/dependabot/npm_and_yarn/got-12.5.0
Bump got from 12.4.1 to 12.5.0
2022-09-20 07:59:44 +02:00
dependabot[bot] 1ab05cf855 Bump @typescript-eslint/eslint-plugin from 5.37.0 to 5.38.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.37.0 to 5.38.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 05:54:32 +00:00
dependabot[bot] 7d7d5e7c84 Bump got from 12.4.1 to 12.5.0
Bumps [got](https://github.com/sindresorhus/got) from 12.4.1 to 12.5.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.4.1...v12.5.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 05:54:28 +00:00
Federico Builes 8a8fa8bd07 Merge pull request #244 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.38.0
Bump @typescript-eslint/parser from 5.37.0 to 5.38.0
2022-09-20 07:53:39 +02:00
dependabot[bot] 06daf8e801 Bump @typescript-eslint/parser from 5.37.0 to 5.38.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.37.0 to 5.38.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 01:31:24 +00:00
Federico Builes aeb9ff5438 adding dist 2022-09-19 17:34:53 +02:00
Federico Builes 1ef21ab130 Leave a failing test for tomorrow! 2022-09-19 17:34:12 +02:00
Federico Builes 3c95902dd6 Adding more tests for the config file. 2022-09-19 17:29:25 +02:00
Federico Builes 4b4ec08f7b Make sure we get rid of the ridiculous dashes in the names. 2022-09-19 17:28:59 +02:00
Federico Builes a91c3ac205 Split reading inline/external configuration options. 2022-09-19 17:28:44 +02:00
Federico Builes bf0cb7fac4 Add a default config file. 2022-09-19 17:28:20 +02:00
Federico Builes 07a7056819 Update README to include config-file option. 2022-09-19 16:46:42 +02:00
Federico Builes b93fcee7ff Raise an error if the config file is not found. 2022-09-19 16:36:45 +02:00
Federico Builes 8bac022bfd Merge branch 'main' into external-config 2022-09-19 16:14:41 +02:00
Federico Builes fc4fb55b25 Merge pull request #241 from actions/dependabot/npm_and_yarn/nodemon-2.0.20
Bump nodemon from 2.0.19 to 2.0.20
2022-09-19 07:38:12 +02:00
dependabot[bot] 31c132fdca Bump nodemon from 2.0.19 to 2.0.20
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.19 to 2.0.20.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.19...v2.0.20)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-19 01:55:04 +00:00
Sarah Aladetan 10bc05df70 ensure scope filtering is backward compatible with enterprise rest api versions 2022-09-16 19:13:58 +00:00
Sarah Aladetan e641ee9a41 update readme with notes on dependency scopes 2022-09-16 16:45:59 +00:00
Federico Builes 0ba71661e5 Adding failing tests. 2022-09-16 14:32:09 +02:00
Federico Builes 8ef181b2cb Read a hardcoded config file. 2022-09-16 14:30:57 +02:00
Federico Builes 7e2a489d03 Merge branch 'main' into external-config 2022-09-16 13:55:17 +02:00
Federico Builes eaeaeb3d57 Merge pull request #239 from actions/dependabot/npm_and_yarn/types/node-16.11.59
Bump @types/node from 16.11.58 to 16.11.59
2022-09-16 13:55:02 +02:00
Federico Builes 1eaf30e6eb Merge pull request #240 from actions/hm/fix-scan_pr
Fix passing repo-token input in scan_pr script
2022-09-16 13:50:52 +02:00
Federico Builes 5da3462152 Explain why we mangle dashed variables. 2022-09-16 13:47:16 +02:00
Sarah Aladetan 6fa5a8f9c0 add fail-on-scopes input to action config 2022-09-15 20:07:28 +00:00
Sarah Aladetan 0d23c39a5d filter by scope in action 2022-09-15 20:03:27 +00:00
Sarah Aladetan 6549b27685 add configuration for scopes to fail on 2022-09-15 18:48:58 +00:00
Sarah Aladetan f4b16c52e5 add method to filter changes by given scopes 2022-09-15 18:00:07 +00:00
Sarah Aladetan 1a7a37c468 add scope to change schema 2022-09-15 17:53:34 +00:00
Henri Maurer 38b459efad Fix passing repo-token input in scan_pr script 2022-09-15 10:09:46 +00:00
dependabot[bot] 6410b2cdd2 Bump @types/node from 16.11.58 to 16.11.59
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.58 to 16.11.59.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-14 02:00:08 +00:00
Federico Builes fd3a3b1051 Merge pull request #236 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.37.0
Bump @typescript-eslint/parser from 5.36.2 to 5.37.0
2022-09-13 07:16:16 +02:00
dependabot[bot] 6771e49f11 Bump @typescript-eslint/parser from 5.36.2 to 5.37.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.2 to 5.37.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.37.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 05:14:03 +00:00
Federico Builes c7c07e1117 Merge pull request #237 from actions/dependabot/npm_and_yarn/eslint-8.23.1
Bump eslint from 8.23.0 to 8.23.1
2022-09-13 07:13:17 +02:00
Federico Builes 59fdb0cce7 Merge pull request #238 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.37.0
Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.37.0
2022-09-13 07:13:03 +02:00
dependabot[bot] 950228f7f7 Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.37.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.2 to 5.37.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.37.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 03:40:44 +00:00
dependabot[bot] 6973819203 Bump eslint from 8.23.0 to 8.23.1
Bumps [eslint](https://github.com/eslint/eslint) from 8.23.0 to 8.23.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.23.0...v8.23.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 03:40:27 +00:00
Federico Builes eee2e3260e Merge pull request #235 from actions/dependabot/npm_and_yarn/ansi-styles-6.1.1
Bump ansi-styles from 6.1.0 to 6.1.1
2022-09-12 06:57:39 +02:00
Federico Builes 7eeddef885 adding dist 2022-09-12 06:56:41 +02:00
Federico Builes 8c58cdad09 Merge branch 'main' into dependabot/npm_and_yarn/ansi-styles-6.1.1 2022-09-12 06:56:12 +02:00
Federico Builes 380290a89b Merge pull request #234 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.4
Bump eslint-plugin-jest from 27.0.2 to 27.0.4
2022-09-12 06:54:43 +02:00
Federico Builes 50c3ed0ba6 Merge pull request #233 from actions/dependabot/npm_and_yarn/zod-3.19.1
Bump zod from 3.19.0 to 3.19.1
2022-09-12 06:54:18 +02:00
Federico Builes 0455501026 adding dist 2022-09-12 06:54:07 +02:00
dependabot[bot] bac3f038ac Bump ansi-styles from 6.1.0 to 6.1.1
Bumps [ansi-styles](https://github.com/chalk/ansi-styles) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/chalk/ansi-styles/releases)
- [Commits](https://github.com/chalk/ansi-styles/compare/v6.1.0...v6.1.1)

---
updated-dependencies:
- dependency-name: ansi-styles
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:55:42 +00:00
dependabot[bot] 2d81062605 Bump eslint-plugin-jest from 27.0.2 to 27.0.4
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.0.2 to 27.0.4.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.0.2...v27.0.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:55:29 +00:00
dependabot[bot] 2ae4b932b7 Bump zod from 3.19.0 to 3.19.1
Bumps [zod](https://github.com/colinhacks/zod) from 3.19.0 to 3.19.1.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.19.0...v3.19.1)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:54:09 +00:00
Federico Builes c7d4075ae0 Merge pull request #232 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.2
Bump eslint-plugin-jest from 27.0.1 to 27.0.2
2022-09-09 08:45:35 +02:00
Federico Builes 49a0208abf Merge pull request #231 from actions/dependabot/npm_and_yarn/typescript-4.8.3
Bump typescript from 4.8.2 to 4.8.3
2022-09-09 08:45:23 +02:00
dependabot[bot] 94941958fb Bump eslint-plugin-jest from 27.0.1 to 27.0.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.0.1 to 27.0.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.0.1...v27.0.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 01:30:41 +00:00
dependabot[bot] 2764e60363 Bump typescript from 4.8.2 to 4.8.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.2 to 4.8.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.8.2...v4.8.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 01:29:54 +00:00
Federico Builes bcd1b9ab86 Merge pull request #230 from actions/dependabot/npm_and_yarn/types/node-16.11.58
Bump @types/node from 16.11.57 to 16.11.58
2022-09-08 12:02:31 +02:00
dependabot[bot] d96759fedc Bump @types/node from 16.11.57 to 16.11.58
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.57 to 16.11.58.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-08 01:32:47 +00:00
Federico Builes bfd72e7da2 Merge pull request #229 from actions/dependabot/npm_and_yarn/zod-3.19.0
Bump zod from 3.18.0 to 3.19.0
2022-09-07 07:50:34 +02:00
Federico Builes d8efcf0c1f updating dist files 2022-09-07 07:47:22 +02:00
dependabot[bot] 3b74514266 Bump zod from 3.18.0 to 3.19.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.18.0...v3.19.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-07 01:30:01 +00:00
Federico Builes 6dfe5fd567 Force line-breaks. 2022-09-06 14:36:50 +02:00
Federico Builes 71a0ed0a31 Updating the README to include instructions for both config file options. 2022-09-06 14:30:39 +02:00
Federico Builes 7a364ecd6b Merge pull request #226 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.2
Bump @typescript-eslint/eslint-plugin from 5.36.1 to 5.36.2
2022-09-06 09:29:02 +02:00
dependabot[bot] 435083feb7 Bump @typescript-eslint/eslint-plugin from 5.36.1 to 5.36.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.1 to 5.36.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-06 07:28:29 +00:00
Federico Builes 781a55eaaa Merge pull request #227 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.2
Bump @typescript-eslint/parser from 5.36.1 to 5.36.2
2022-09-06 09:27:33 +02:00
dependabot[bot] 335c64c139 Bump @typescript-eslint/parser from 5.36.1 to 5.36.2
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.1 to 5.36.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-06 01:29:26 +00:00
Federico Builes af9a4fa160 Merge pull request #225 from actions/dependabot/npm_and_yarn/got-12.4.1
Bump got from 12.3.1 to 12.4.1
2022-09-05 15:47:15 +02:00
Federico Builes 3e04d4bc87 Merge pull request #224 from actions/dependabot/npm_and_yarn/types/node-16.11.57
Bump @types/node from 16.11.56 to 16.11.57
2022-09-05 15:47:07 +02:00
dependabot[bot] be076ebeca Bump got from 12.3.1 to 12.4.1
Bumps [got](https://github.com/sindresorhus/got) from 12.3.1 to 12.4.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.3.1...v12.4.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-05 12:50:09 +00:00
dependabot[bot] b74c52c335 Bump @types/node from 16.11.56 to 16.11.57
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.56 to 16.11.57.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-05 12:49:27 +00:00
Federico Builes 2233eb2b88 Merge pull request #222 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.1
Bump @typescript-eslint/parser from 5.36.0 to 5.36.1
2022-08-31 08:11:10 +02:00
dependabot[bot] ca11176434 Bump @typescript-eslint/parser from 5.36.0 to 5.36.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.0 to 5.36.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-31 06:09:50 +00:00
Federico Builes c8f5c5518e Merge pull request #221 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.1
Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1
2022-08-31 08:09:04 +02:00
dependabot[bot] 469156603d Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.0 to 5.36.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-31 02:28:29 +00:00
Federico Builes 6b1d7e7207 Merge pull request #220 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.0
Bump @typescript-eslint/eslint-plugin from 5.35.1 to 5.36.0
2022-08-30 08:23:32 +02:00
dependabot[bot] a57a1dd454 Bump @typescript-eslint/eslint-plugin from 5.35.1 to 5.36.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.35.1 to 5.36.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-30 06:13:21 +00:00
Federico Builes 0e8bd1f46f Merge pull request #219 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.0
Bump @typescript-eslint/parser from 5.35.1 to 5.36.0
2022-08-30 08:12:25 +02:00
dependabot[bot] dd931c7005 Bump @typescript-eslint/parser from 5.35.1 to 5.36.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.35.1 to 5.36.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-30 01:39:32 +00:00
Federico Builes d8d78b6ace Merge pull request #218 from actions/dependabot/npm_and_yarn/eslint-8.23.0
Bump eslint from 8.22.0 to 8.23.0
2022-08-29 10:50:27 +02:00
dependabot[bot] a1eafc653a Bump eslint from 8.22.0 to 8.23.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.22.0 to 8.23.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.22.0...v8.23.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-29 08:49:31 +00:00
Federico Builes 35b0f5ded9 Merge pull request #217 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.1
Bump eslint-plugin-jest from 26.8.7 to 27.0.1
2022-08-29 10:49:01 +02:00
Federico Builes 5a25f0b1b3 Merge pull request #215 from actions/dependabot/npm_and_yarn/typescript-4.8.2
Bump typescript from 4.7.4 to 4.8.2
2022-08-29 10:31:12 +02:00
dependabot[bot] 88dd76a7ef Bump eslint-plugin-jest from 26.8.7 to 27.0.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.7 to 27.0.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.7...v27.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-29 01:55:23 +00:00
dependabot[bot] b1427bfe58 Bump typescript from 4.7.4 to 4.8.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.4 to 4.8.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.4...v4.8.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-26 01:36:36 +00:00
Federico Builes 0d079c6553 Merge pull request #214 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.35.1
Bump @typescript-eslint/parser from 5.34.0 to 5.35.1
2022-08-25 07:54:11 +02:00
dependabot[bot] ce3b0c8116 Bump @typescript-eslint/parser from 5.34.0 to 5.35.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.34.0 to 5.35.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.35.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 05:53:10 +00:00
Federico Builes d01dd09c36 Merge pull request #213 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.35.1
Bump @typescript-eslint/eslint-plugin from 5.34.0 to 5.35.1
2022-08-25 07:52:20 +02:00
dependabot[bot] 21d1a080df Bump @typescript-eslint/eslint-plugin from 5.34.0 to 5.35.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.34.0 to 5.35.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.35.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 05:49:54 +00:00
Federico Builes c869fcfa38 Merge pull request #212 from actions/dependabot/npm_and_yarn/types/node-16.11.56
Bump @types/node from 16.11.55 to 16.11.56
2022-08-25 07:49:19 +02:00
dependabot[bot] 20229aad71 Bump @types/node from 16.11.55 to 16.11.56
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.55 to 16.11.56.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 01:27:41 +00:00
Federico Builes 65d6c26087 Merge pull request #211 from actions/dependabot/npm_and_yarn/types/node-16.11.55
Bump @types/node from 16.11.54 to 16.11.55
2022-08-24 09:00:15 +02:00
dependabot[bot] 8b6795d89d Bump @types/node from 16.11.54 to 16.11.55
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.54 to 16.11.55.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 01:40:56 +00:00
Federico Builes 030c97ab49 Merge pull request #210 from actions/dependabot/npm_and_yarn/types/node-16.11.54
Bump @types/node from 16.11.52 to 16.11.54
2022-08-23 08:39:29 +02:00
Federico Builes dc44a85a96 Merge pull request #208 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.34.0
Bump @typescript-eslint/parser from 5.33.1 to 5.34.0
2022-08-23 08:38:58 +02:00
dependabot[bot] 9cdfbb83fa Bump @types/node from 16.11.52 to 16.11.54
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.52 to 16.11.54.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 06:38:16 +00:00
dependabot[bot] b1f8412445 Bump @typescript-eslint/parser from 5.33.1 to 5.34.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.33.1 to 5.34.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.34.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 06:38:02 +00:00
Federico Builes 0d02efb12c Merge pull request #207 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.34.0
Bump @typescript-eslint/eslint-plugin from 5.33.1 to 5.34.0
2022-08-23 08:37:24 +02:00
dependabot[bot] 2a09e52261 Bump @typescript-eslint/eslint-plugin from 5.33.1 to 5.34.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.33.1 to 5.34.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.34.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 01:35:02 +00:00
Federico Builes e86dfd8cc0 Merge pull request #206 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.7
Bump eslint-plugin-jest from 26.8.3 to 26.8.7
2022-08-22 08:10:22 +02:00
Federico Builes a39d9063b3 Merge pull request #205 from actions/dependabot/npm_and_yarn/types/node-16.11.52
Bump @types/node from 16.11.49 to 16.11.52
2022-08-22 08:09:56 +02:00
dependabot[bot] 9809e06c2d Bump eslint-plugin-jest from 26.8.3 to 26.8.7
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.3 to 26.8.7.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.3...v26.8.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-22 01:51:45 +00:00
dependabot[bot] 70bbe4186e Bump @types/node from 16.11.49 to 16.11.52
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.49 to 16.11.52.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-22 01:51:24 +00:00
Federico Builes 23d1ffffb6 Bumping to 2.1.0. 2022-08-18 16:22:01 +02:00
Federico Builes d792f3e8ca Add a reminder to update the version number in package.json
when creating a new release.
2022-08-18 16:20:03 +02:00
Federico Builes 5da7945e2b Fixing lint/dist. 2022-08-18 16:15:03 +02:00
Federico Builes a8e7c378a3 Merge pull request #181 from tspascoal/add-summary
Show vulnerabities and license information on the job summary.
2022-08-18 16:14:27 +02:00
Federico Builes 0e0d6ec5d6 Merge branch 'main' into add-summary 2022-08-18 16:11:15 +02:00
Federico Builes 9f2f2d8aa6 Merge pull request #200 from actions/willdasilva-fork
Support user-provided base/head refs & non-PR workflows
2022-08-18 15:30:04 +02:00
Federico Builes d2018420d8 Clean up mock data setup. 2022-08-18 15:03:11 +02:00
Federico Builes 54af7c7fbe Merge branch 'main' into WillDaSilva-main.
Took the time to tweak the README.

# Conflicts:
#	README.md
#	dist/index.js.map
2022-08-18 14:56:08 +02:00
Federico Builes f2e57a19af Merge pull request #196 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.1
Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
2022-08-16 07:50:18 +02:00
dependabot[bot] fb59017069 Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:46:37 +00:00
Federico Builes 3d5f077fa9 Merge pull request #195 from actions/dependabot/npm_and_yarn/types/node-16.11.49
Bump @types/node from 16.11.48 to 16.11.49
2022-08-16 07:45:40 +02:00
dependabot[bot] cb1474859d Bump @types/node from 16.11.48 to 16.11.49
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.48 to 16.11.49.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:44:24 +00:00
Federico Builes 5f53719ca3 Merge pull request #197 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.3
Bump eslint-plugin-jest from 26.8.2 to 26.8.3
2022-08-16 07:44:12 +02:00
Federico Builes 193b31de81 Merge pull request #198 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.1
Bump @octokit/request-error from 3.0.0 to 3.0.1
2022-08-16 07:43:59 +02:00
Federico Builes 92e8b8da75 Merge pull request #199 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.1
Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
2022-08-16 07:43:43 +02:00
dependabot[bot] 625da714f5 Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:20 +00:00
dependabot[bot] 0794c6c280 Bump @octokit/request-error from 3.0.0 to 3.0.1
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:07 +00:00
dependabot[bot] d12f30b747 Bump eslint-plugin-jest from 26.8.2 to 26.8.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.2 to 26.8.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.2...v26.8.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:41:59 +00:00
Federico Builes dbafdf9b30 Merge pull request #194 from actions/dependabot/npm_and_yarn/eslint-8.22.0
Bump eslint from 8.21.0 to 8.22.0
2022-08-15 09:18:00 +02:00
dependabot[bot] 3f3ba6e567 Bump eslint from 8.21.0 to 8.22.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.21.0 to 8.22.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.21.0...v8.22.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 01:55:22 +00:00
Federico Builes e2e1913ee9 Merge pull request #192 from actions/dependabot/npm_and_yarn/zod-3.18.0
Bump zod from 3.17.10 to 3.18.0
2022-08-12 18:19:08 +02:00
Federico Builes 2122cb87dc Merge branch 'main' into dependabot/npm_and_yarn/zod-3.18.0
# Conflicts:
#	dist/index.js.map
2022-08-12 18:17:01 +02:00
Federico Builes 694e9af6c9 Merge pull request #193 from actions/dependabot/npm_and_yarn/types/node-16.11.48
Bump @types/node from 16.11.47 to 16.11.48
2022-08-12 18:14:26 +02:00
Federico Builes 96dcfbbcd4 adding dist 2022-08-12 18:14:15 +02:00
dependabot[bot] c77018cec1 Bump @types/node from 16.11.47 to 16.11.48
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.47 to 16.11.48.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:07:54 +00:00
Federico Builes 36a493b367 Merge pull request #189 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.0
Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
2022-08-12 18:05:11 +02:00
dependabot[bot] 11e4eca6c1 Bump zod from 3.17.10 to 3.18.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.10 to 3.18.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.10...v3.18.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:04:10 +00:00
dependabot[bot] e9f051f098 Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:03:51 +00:00
Federico Builes f59ac52391 Merge pull request #186 from actions/dependabot/npm_and_yarn/got-12.3.1
Bump got from 12.3.0 to 12.3.1
2022-08-12 18:03:34 +02:00
Federico Builes 5391a8b654 Merge pull request #190 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.0
Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
2022-08-12 18:02:56 +02:00
Federico Builes 531da4bab3 Merge pull request #191 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.2
Bump eslint-plugin-jest from 26.7.0 to 26.8.2
2022-08-12 18:02:28 +02:00
Federico Builes a059506842 Merge pull request #188 from actions/dependabot/npm_and_yarn/actions/core-1.9.1
Bump @actions/core from 1.9.0 to 1.9.1
2022-08-12 18:01:43 +02:00
Federico Builes d8aff4cfce adding dist 2022-08-12 18:00:10 +02:00
dependabot[bot] 1069034a80 Bump eslint-plugin-jest from 26.7.0 to 26.8.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.7.0 to 26.8.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.7.0...v26.8.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-10 01:22:58 +00:00
dependabot[bot] 424d622090 Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:36:41 +00:00
dependabot[bot] 979fe8f031 Bump @actions/core from 1.9.0 to 1.9.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:35:43 +00:00
dependabot[bot] ea4b93e2db Bump got from 12.3.0 to 12.3.1
Bumps [got](https://github.com/sindresorhus/got) from 12.3.0 to 12.3.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.3.0...v12.3.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 01:50:21 +00:00
Tiago Pascoal 47f663b6ee update dist after fixing typo 2022-08-07 11:39:10 +00:00
Tiago Pascoal dfcdb87cb3 Fix typo
Co-authored-by: Eric Cornelissen <ericornelissen@gmail.com>
2022-08-07 12:36:42 +01:00
Tiago Pascoal 79f5aede88 Merge branch 'main' into add-summary 2022-08-04 16:59:57 +01:00
Tiago Pascoal aef949f026 Show vulnerabities and license information on the job summary.
Users can see the results that were found directly on the job summary

All the results are grouped by manifest.

It shows a table with vulnerable packages, together with package version,
the vulnerabily info and it's severity.

Shows info about package licenses, which packages have a non allowed license,
and the list of packages with unknown licenses.
2022-08-04 15:35:07 +00:00
Federico Builes 415088b56e Merge pull request #180 from actions/enterprise-docs
Adding instructions for installing in GHES
2022-08-03 17:28:05 +02:00
Federico Builes be18317f94 Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-08-03 17:27:39 +02:00
Courtney Claessens e20b197c93 adding info on licenses not supported for GHES 2022-08-03 10:46:47 -04:00
Federico Builes e66fd91484 Point to the 3.6 docs for Connect. 2022-08-03 11:29:50 +02:00
Federico Builes ea815ebddb Add link for GHAS. 2022-08-03 11:25:03 +02:00
Federico Builes bb3e014e0a Adding instructions for GHES 3.6. 2022-08-03 11:22:48 +02:00
Federico Builes 4317da3e38 Merge pull request #179 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.32.0
Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
2022-08-02 10:46:34 +02:00
dependabot[bot] 2aa2a269c4 Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 08:45:25 +00:00
Federico Builes 67562b4c74 Merge pull request #178 from actions/dependabot/npm_and_yarn/eslint-8.21.0
Bump eslint from 8.20.0 to 8.21.0
2022-08-02 10:44:48 +02:00
Federico Builes fe523440bc Merge pull request #177 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.32.0
Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
2022-08-02 10:44:39 +02:00
dependabot[bot] bddb4f4ac8 Bump eslint from 8.20.0 to 8.21.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.20.0 to 8.21.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.20.0...v8.21.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:32:02 +00:00
dependabot[bot] 951c4b6b47 Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:31:50 +00:00
Federico Builes 90edb6f286 Merge pull request #174 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.7.0
Bump eslint-plugin-jest from 26.6.0 to 26.7.0
2022-08-01 17:33:21 +02:00
Federico Builes 76cb47a13a Merge pull request #175 from actions/dependabot/npm_and_yarn/types/node-16.11.47
Bump @types/node from 16.11.46 to 16.11.47
2022-08-01 17:33:11 +02:00
dependabot[bot] 8c65c50f8e Bump @types/node from 16.11.46 to 16.11.47
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.46 to 16.11.47.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:27 +00:00
dependabot[bot] 15dae1771a Bump eslint-plugin-jest from 26.6.0 to 26.7.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.6.0 to 26.7.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.6.0...v26.7.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:18 +00:00
Will Da Silva 15d18576a5 Merge branch 'upstream/main' into main 2022-07-30 00:44:27 -04:00
Federico Builes 0517f5ae3d Merge pull request #172 from actions/dependabot/npm_and_yarn/types/node-16.11.46
Bump @types/node from 16.11.45 to 16.11.46
2022-07-29 14:32:13 +02:00
Federico Builes a7ed04cb6d Merge pull request #173 from actions/dependabot/npm_and_yarn/got-12.3.0
Bump got from 12.2.0 to 12.3.0
2022-07-29 14:23:49 +02:00
dependabot[bot] 5956ba4d37 Bump got from 12.2.0 to 12.3.0
Bumps [got](https://github.com/sindresorhus/got) from 12.2.0 to 12.3.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.2.0...v12.3.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:53 +00:00
dependabot[bot] ee739211c3 Bump @types/node from 16.11.45 to 16.11.46
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.45 to 16.11.46.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:43 +00:00
Federico Builes 2427b83fb6 Merge pull request #171 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.31.0
Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
2022-07-26 12:45:30 +02:00
dependabot[bot] e004499203 Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 09:30:36 +00:00
Federico Builes 15e8301141 Merge pull request #170 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.31.0
Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
2022-07-26 11:29:43 +02:00
dependabot[bot] 074e15f1d2 Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 01:49:44 +00:00
Federico Builes 28bd35e115 Merge pull request #167 from actions/dependabot/npm_and_yarn/zod-3.17.10
Bump zod from 3.17.9 to 3.17.10
2022-07-26 03:00:59 +02:00
Federico Builes 1a8b866371 adding dist 2022-07-26 02:59:21 +02:00
dependabot[bot] 7414ae2b68 Bump zod from 3.17.9 to 3.17.10
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 00:54:13 +00:00
Federico Builes 25a2578e41 Merge pull request #169 from actions/dependabot/npm_and_yarn/got-12.2.0
Bump got from 12.1.0 to 12.2.0
2022-07-26 02:53:24 +02:00
Federico Builes 5a348f087a Merge pull request #168 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.3.7
Bump eslint-plugin-github from 4.3.6 to 4.3.7
2022-07-26 02:53:05 +02:00
dependabot[bot] 4d7937d9b8 Bump got from 12.1.0 to 12.2.0
Bumps [got](https://github.com/sindresorhus/got) from 12.1.0 to 12.2.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.1.0...v12.2.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:54:31 +00:00
dependabot[bot] 4b57fa2745 Bump eslint-plugin-github from 4.3.6 to 4.3.7
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.6 to 4.3.7.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.6...v4.3.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:53:49 +00:00
Will Da Silva 388b1a309d Support user-provided base/head refs & non-PR workflows 2022-07-21 15:47:05 -04:00
Federico Builes b15d68a617 Merge pull request #163 from actions/dependabot/npm_and_yarn/zod-3.17.9
Bump zod from 3.17.4 to 3.17.9
2022-07-19 13:29:36 +02:00
Federico Builes 86ba360860 updating dist 2022-07-19 05:28:23 -06:00
dependabot[bot] 1c643b69e3 Bump zod from 3.17.4 to 3.17.9
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.4 to 3.17.9.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.4...v3.17.9)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:26:12 +00:00
Federico Builes cc90e94fd7 Merge pull request #162 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.7
Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
2022-07-19 13:13:51 +02:00
dependabot[bot] ca03cb626b Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:12:11 +00:00
Federico Builes 0c672b9f6f Merge pull request #161 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.7
Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
2022-07-19 13:11:11 +02:00
dependabot[bot] 9b38d34b70 Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 01:53:55 +00:00
Federico Builes bd0f0459f8 Merge pull request #160 from actions/dependabot/npm_and_yarn/eslint-8.20.0
Bump eslint from 8.19.0 to 8.20.0
2022-07-18 15:02:44 +02:00
Federico Builes ace98b5898 Merge pull request #159 from actions/dependabot/npm_and_yarn/types/node-16.11.45
Bump @types/node from 16.11.44 to 16.11.45
2022-07-18 15:02:24 +02:00
dependabot[bot] 79aa012b58 Bump @types/node from 16.11.44 to 16.11.45
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.44 to 16.11.45.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:01:56 +00:00
Federico Builes 264bf85801 Merge pull request #158 from actions/dependabot/npm_and_yarn/zod-3.17.4
Bump zod from 3.17.3 to 3.17.4
2022-07-18 15:01:30 +02:00
Federico Builes 0e2da932f6 updating dist files 2022-07-18 07:00:33 -06:00
dependabot[bot] 0a8934fb6a Bump eslint from 8.19.0 to 8.20.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.19.0 to 8.20.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.19.0...v8.20.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:00:14 +00:00
Federico Builes f83d7f264c Merge branch 'main' into dependabot/npm_and_yarn/zod-3.17.4 2022-07-18 07:00:01 -06:00
Federico Builes d0e46c9613 Merge pull request #157 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.6.0
Bump eslint-plugin-jest from 26.5.3 to 26.6.0
2022-07-18 14:59:20 +02:00
dependabot[bot] 22bb279ab1 Bump zod from 3.17.3 to 3.17.4
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.3 to 3.17.4.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.3...v3.17.4)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:53:03 +00:00
dependabot[bot] d33c19c38d Bump eslint-plugin-jest from 26.5.3 to 26.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.5.3 to 26.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.5.3...v26.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:52:43 +00:00
Federico Builes 2ef513a94a Update example tag text. 2022-07-14 09:39:56 +02:00
Federico Builes abd8ae5da7 Make CONTRIBUTING.md examples easier to copy/paste. 2022-07-14 09:35:44 +02:00
Federico Builes 94145f3150 Bumping the version to 2.0.4.
Missed the version changes in the previous release.
2022-07-14 09:31:49 +02:00
Federico Builes af8d39d8a3 Bumping the version to 2.0.3. 2022-07-14 09:14:17 +02:00
Federico Builes b83777ffd0 Merge pull request #156 from actions/dependabot/npm_and_yarn/types/node-16.11.44
Bump @types/node from 16.11.43 to 16.11.44
2022-07-14 09:11:42 +02:00
Federico Builes 1dc503a722 Merge pull request #155 from kachick/fix-154
Ignore removed changes in license checker
2022-07-14 09:10:17 +02:00
dependabot[bot] 8975a27eeb Bump @types/node from 16.11.43 to 16.11.44
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.43 to 16.11.44.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 01:36:49 +00:00
Kenichi Kamiya c003e7f8fc Add more test for added and removed pattern 2022-07-13 19:07:12 +09:00
Kenichi Kamiya ae4118f8fa Update build files with npm run all 2022-07-13 18:11:55 +09:00
Kenichi Kamiya c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Federico Builes bced8aa1b2 Merge pull request #153 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.6
Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
2022-07-12 09:07:41 +02:00
dependabot[bot] ba8e0b013b Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 07:04:11 +00:00
Federico Builes cfcdef93a4 Merge pull request #152 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.6
Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
2022-07-12 09:03:21 +02:00
dependabot[bot] 43b6f9fe4a Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 01:46:01 +00:00
Federico Builes 467931ed7e Merge pull request #151 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.0
Bump @octokit/request-error from 2.1.0 to 3.0.0
2022-07-11 10:52:17 +02:00
Federico Builes 29c7e47bc6 adding dist folder 2022-07-11 10:49:16 +02:00
dependabot[bot] aa4260f0b0 Bump @octokit/request-error from 2.1.0 to 3.0.0
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v3.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 02:03:02 +00:00
Federico Builes f187f64fc9 Merge pull request #139 from actions/dependabot/npm_and_yarn/eslint-8.19.0
Bump eslint from 8.18.0 to 8.19.0
2022-07-06 11:09:37 +02:00
Federico Builes f3bcf122c7 Merge pull request #144 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.5
Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
2022-07-06 11:09:15 +02:00
dependabot[bot] c43f51429e Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:16 +00:00
dependabot[bot] c9027d07d6 Bump eslint from 8.18.0 to 8.19.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.18.0 to 8.19.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.18.0...v8.19.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:10 +00:00
Federico Builes c316251843 Merge pull request #146 from kachick/add-vscode-workspace-configs
Enable prettier and recommend eslint in vscode workspace config
2022-07-06 11:01:23 +02:00
Federico Builes d8e436b2d5 Merge pull request #143 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.5
Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
2022-07-06 11:01:06 +02:00
Federico Builes 82d4814150 Merge pull request #142 from kachick/fix-lint-errors-and-add-ci
Add CI workflow and fix lint errors
2022-07-06 11:00:13 +02:00
Federico Builes 89de8ab245 Merge pull request #148 from actions/dependabot/npm_and_yarn/nodemon-2.0.19
Bump nodemon from 2.0.18 to 2.0.19
2022-07-06 10:41:04 +02:00
dependabot[bot] 3e74bf2266 Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 08:40:11 +00:00
Federico Builes 1ea517b3fa Merge pull request #141 from kachick/use-fixed-major-version-for-node-types
Use fixed major version for node types
2022-07-06 10:38:56 +02:00
Federico Builes 2aef88c152 Merge pull request #145 from kachick/fix-typo-dangerouns
Fix a typo s/dangerouns/dangerous/
2022-07-06 10:26:18 +02:00
Kenichi Kamiya 51d1824002 Focus only on the node issue
https://github.com/actions/dependency-review-action/pull/141#discussion_r914526073

https://github.com/actions/dependency-review-action/pull/141#discussion_r914537222

Co-authored-by: Federico Builes <febuiles@github.com>
2022-07-06 17:13:18 +09:00
dependabot[bot] 94edc9c394 Bump nodemon from 2.0.18 to 2.0.19
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.18...v2.0.19)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 02:07:14 +00:00
Kenichi Kamiya 7219e93649 Enable prettier and recommend eslint in vscode workspace config 2022-07-05 20:32:34 +09:00
Kenichi Kamiya 08074685be Fix a typo s/dangerouns/dangerous/ 2022-07-05 18:32:34 +09:00
Kenichi Kamiya 3efca1e3dd Update build files with npm run all 2022-07-04 20:13:08 +09:00
Kenichi Kamiya 9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 40346e9340 Run test and linter in CI 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 7f576504ed Stop dependabot PRs for different major version of types
It is possible to make a mismatch with actual logic.
2022-07-04 11:25:57 +09:00
Kenichi Kamiya 09100640b0 Adjust types of node to 16.x again
`npm uninstall @types/node && npm install --save-dev "@types/node@^16.11.43"`
2022-07-04 11:23:37 +09:00
Federico Builes 26b7908701 Merge pull request #136 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.0
Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
2022-06-28 08:04:16 +02:00
dependabot[bot] b564b42423 Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 05:56:11 +00:00
Federico Builes 2ceda66c21 Merge pull request #135 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.0
Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
2022-06-28 07:55:08 +02:00
dependabot[bot] 49a36aa04e Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 01:40:44 +00:00
Brandyn Phelps 17b8abf3bb Merge pull request #132 from kachick/fix-typo
docs: Fix a typo
2022-06-24 14:17:17 -07:00
Kenichi Kamiya c699fc9e3e docs: Fix a typo 2022-06-25 01:18:31 +09:00
Federico Builes 24ab96e8b8 Merge pull request #128 from actions/dependabot/npm_and_yarn/nodemon-2.0.18
Bump nodemon from 2.0.16 to 2.0.18
2022-06-24 08:37:57 +02:00
dependabot[bot] 04f86c1583 Bump nodemon from 2.0.16 to 2.0.18
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.16 to 2.0.18.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.16...v2.0.18)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 01:41:25 +00:00
Federico Builes 81b5cbd111 Merge pull request #127 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.29.0
Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
2022-06-21 07:50:03 +02:00
dependabot[bot] 4b88091897 Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 05:49:04 +00:00
Federico Builes febb822f26 Merge pull request #126 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.29.0
Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
2022-06-21 07:48:11 +02:00
dependabot[bot] ea91d29cdf Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 01:51:23 +00:00
Federico Builes a9539be12a Merge pull request #123 from actions/dependabot/npm_and_yarn/typescript-4.7.4
Bump typescript from 4.7.3 to 4.7.4
2022-06-20 08:14:45 +02:00
Federico Builes 9c688a568f Merge pull request #124 from actions/dependabot/npm_and_yarn/eslint-8.18.0
Bump eslint from 8.17.0 to 8.18.0
2022-06-20 08:14:26 +02:00
dependabot[bot] ff449a1296 Bump eslint from 8.17.0 to 8.18.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.17.0 to 8.18.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.17.0...v8.18.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:47:10 +00:00
dependabot[bot] 2a961b0169 Bump typescript from 4.7.3 to 4.7.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.3 to 4.7.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.3...v4.7.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:46:55 +00:00
Federico Builes 879687b22c Merge pull request #122 from actions/dependabot/npm_and_yarn/prettier-2.7.1
Bump prettier from 2.7.0 to 2.7.1
2022-06-17 07:40:15 +02:00
dependabot[bot] cb52804670 Bump prettier from 2.7.0 to 2.7.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.0...2.7.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-17 01:54:43 +00:00
Federico Builes 17187536c0 Merge pull request #120 from actions/dependabot/npm_and_yarn/types/node-18.0.0
Bump @types/node from 17.0.43 to 18.0.0
2022-06-16 07:18:52 +02:00
Federico Builes c0faf55fe4 Merge pull request #119 from actions/dependabot/npm_and_yarn/actions/core-1.9.0
Bump @actions/core from 1.8.2 to 1.9.0
2022-06-16 07:18:37 +02:00
Federico Builes b6f6142660 adding dist files 2022-06-16 07:07:13 +02:00
Federico Builes 333e7ce17e Merge branch 'main' into dependabot/npm_and_yarn/actions/core-1.9.0 2022-06-16 07:06:25 +02:00
Federico Builes 4e9a45ca5b Merge pull request #121 from kachick/fix-duplicate-words
Fix duplicate words in README
2022-06-16 06:58:18 +02:00
dependabot[bot] 32a1ef9487 Bump @actions/core from 1.8.2 to 1.9.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 04:57:11 +00:00
Federico Builes 83be5f6c90 bumping version 2022-06-16 06:56:22 +02:00
Kenichi Kamiya 70f41926ca Fix duplicate words in README 2022-06-16 13:06:54 +09:00
Federico Builes 1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
dependabot[bot] ba0681f88b Bump @types/node from 17.0.43 to 18.0.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.43 to 18.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 01:32:41 +00:00
Federico Builes 29fc7a23bd Merge pull request #117 from actions/readme-capitalisation
Fixing branding in the readme
2022-06-15 15:40:19 +02:00
Courtney Claessens 903977c63a branding! 2022-06-15 09:32:17 -04:00
Federico Builes aabd50a60d Bumping version to 2.0.1 2022-06-15 15:27:15 +02:00
Federico Builes 981c44c2a9 Merge pull request #116 from actions/unknown-licenses
Unknown licenses
2022-06-15 15:26:38 +02:00
Federico Builes c0d32934e8 Adding dist. 2022-06-15 15:25:21 +02:00
Federico Builes 963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Federico Builes 43ce5df965 Update CONTRIBUTING.md 2022-06-15 14:03:10 +02:00
Federico Builes 24bc5e9934 Updating the CONTRIBUTING.md docs. 2022-06-15 14:01:47 +02:00
Federico Builes 97790d29c7 update version in package.json 2022-06-15 11:55:10 +02:00
Federico Builes 74dbdf9819 Merge pull request #112 from actions/move-config-file
Move configuration file location
2022-06-15 11:53:18 +02:00
Federico Builes f3f3519b2a Merge branch 'main' into move-config-file 2022-06-15 06:43:18 +02:00
Federico Builes 216910dd9a Merge pull request #113 from actions/dependabot/npm_and_yarn/prettier-2.7.0
Bump prettier from 2.6.2 to 2.7.0
2022-06-15 06:42:57 +02:00
dependabot[bot] eb561ba6bd Bump prettier from 2.6.2 to 2.7.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.6.2 to 2.7.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.6.2...2.7.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-15 03:36:59 +00:00
Federico Builes 3f246861d8 Merge pull request #114 from actions/dependabot/npm_and_yarn/types/node-17.0.43
Bump @types/node from 17.0.42 to 17.0.43
2022-06-15 05:36:17 +02:00
Federico Builes faa63c3cba adding dist 2022-06-15 05:21:16 +02:00
Courtney Claessens dfd519642f Update schemas.ts 2022-06-14 22:37:00 -04:00
Courtney Claessens 871f4064a1 adding doc for protected branches 2022-06-14 22:32:34 -04:00
dependabot[bot] d6f6abdda3 Bump @types/node from 17.0.42 to 17.0.43
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.42 to 17.0.43.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-15 01:44:34 +00:00
Courtney Claessens 54764c9203 Update README.md
adding some clarity to failing on severity; naming formatting, update example for v2
2022-06-14 12:16:03 -04:00
Federico Builes c6587b663d Updating README with instructions for unknown licenses. 2022-06-14 14:11:01 +02:00
Federico Builes 42e2bc1ed2 Handle unknown licenses. 2022-06-14 13:54:27 +02:00
Federico Builes 0b87f02bee Document how we test inputs 2022-06-14 13:00:18 +02:00
Federico Builes 00be2ce1fc Typos. 2022-06-14 12:27:56 +02:00
Federico Builes 2860b57e48 Update README.md 2022-06-14 12:24:27 +02:00
Federico Builes fd6e756c7b Updating readConfig() to be more readable, get rid of typecasts.
Co-authored-by: Henri Maurer <hmaurer@github.com>
2022-06-14 11:29:13 +02:00
Federico Builes f83a407eb9 Use the correct name for allowlists. 2022-06-14 09:46:59 +02:00
Federico Builes b0e1f384d7 Linting YAML 2022-06-14 09:05:05 +02:00
Federico Builes c973154c92 Dashes instead of underscores. 2022-06-14 07:50:25 +02:00
Federico Builes 3355ec4be5 adding dist 2022-06-14 07:44:17 +02:00
Federico Builes 76ad37608d Adding more tests for the config file. 2022-06-14 07:42:51 +02:00
Federico Builes 3eff3f5918 let => const 2022-06-14 07:42:13 +02:00
Federico Builes 7278093fa0 Clarify some of the error messages. 2022-06-14 07:41:37 +02:00
Federico Builes b5b49104d4 Adding the config definition to action.yml 2022-06-14 07:40:16 +02:00
Federico Builes e56fe29417 Remove old config file. 2022-06-14 07:38:45 +02:00
Federico Builes cc3101831d Updating dist. 2022-06-14 07:04:33 +02:00
Federico Builes ef97470a0f Don't set the defaults in the test :/ 2022-06-14 07:04:26 +02:00
Federico Builes efecf6fd09 Remove the variables from env so they don't default to empty strings. 2022-06-14 06:49:18 +02:00
Federico Builes 24d7ef3c5d Use an empty config options type. 2022-06-14 06:48:58 +02:00
Federico Builes 01fa67b82e adding dist 2022-06-14 06:26:18 +02:00
Federico Builes 1791775ce6 temp commit 2022-06-14 05:57:43 +02:00
Federico Builes 92f1ecaaea Merge pull request #106 from actions/adding-lists
Adding allow and deny lists
2022-06-14 04:45:37 +02:00
Federico Builes 47d4ff9127 Merge pull request #111 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.28.0
Bump @typescript-eslint/parser from 5.27.1 to 5.28.0
2022-06-14 04:45:19 +02:00
dependabot[bot] 9c5310eee9 Bump @typescript-eslint/parser from 5.27.1 to 5.28.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.27.1 to 5.28.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.28.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-14 02:44:10 +00:00
Federico Builes d616ba30f2 Merge pull request #110 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.28.0
Bump @typescript-eslint/eslint-plugin from 5.27.1 to 5.28.0
2022-06-14 04:43:24 +02:00
dependabot[bot] 7181a20a1f Bump @typescript-eslint/eslint-plugin from 5.27.1 to 5.28.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.27.1 to 5.28.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.28.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-14 01:45:00 +00:00
Federico Builes eebebcdc2a Use real PURLs in tests 2022-06-13 20:19:01 +02:00
Federico Builes 571f236610 Improved wording on license messages. 2022-06-13 20:08:16 +02:00
Federico Builes fe78920139 Document unwanted behavior for a future refactoring. 2022-06-13 20:04:39 +02:00
Federico Builes bd115a9b66 Merge pull request #108 from actions/dependabot/npm_and_yarn/types/node-17.0.42
Bump @types/node from 17.0.40 to 17.0.42
2022-06-13 11:36:18 +02:00
dependabot[bot] 72a5a0f647 Bump @types/node from 17.0.40 to 17.0.42
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.40 to 17.0.42.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 01:44:57 +00:00
Federico Builes 21412fec7b fixing dist check 2022-06-09 10:46:00 +02:00
Federico Builes 0777fbe61e Updating dist. 2022-06-09 10:42:56 +02:00
Federico Builes cc22dcd654 Use undefined instead of null when dealing with lists. 2022-06-09 10:42:31 +02:00
Federico Builes 6b5518a9ed Adding more docs to licenses.ts 2022-06-09 10:33:05 +02:00
Federico Builes 20cca5c0c4 The default settings should not use []. 2022-06-08 18:28:10 +02:00
Federico Builes a51db20961 Use null for unspecified values when filtering licenses. 2022-06-08 18:21:28 +02:00
Federico Builes a7d02aef82 adding dist 2022-06-08 17:47:06 +02:00
Federico Builes 4ac3d318ab Refactoring on PR feedback. 2022-06-08 17:45:42 +02:00
Federico Builes 25271922eb Clarify variable names. 2022-06-08 15:53:14 +02:00
Federico Builes 4474253eb8 Merge branch 'main' into adding-lists 2022-06-07 06:23:53 +02:00
Federico Builes 1a7225bc91 Merge pull request #104 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.1
Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
2022-06-07 06:20:33 +02:00
Federico Builes 4ebaca3419 Merge pull request #105 from actions/dependabot/npm_and_yarn/yaml-2.1.1
Bump yaml from 2.1.0 to 2.1.1
2022-06-07 06:20:17 +02:00
Federico Builes a96d28f120 Remove configuration docs until we have a proper release. 2022-06-07 06:19:22 +02:00
dependabot[bot] 29b67f0a05 Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 04:16:25 +00:00
Federico Builes c187f6f12d Merge pull request #103 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.1
Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
2022-06-07 06:15:32 +02:00
dependabot[bot] 3b0a091baa Bump yaml from 2.1.0 to 2.1.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:33:07 +00:00
dependabot[bot] 3456819f12 Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:32:39 +00:00
Federico Builes 56e63b1bc5 adding dist 2022-06-06 20:32:46 +02:00
Federico Builes 2ae9a2d51b Add logic for denied licenses. 2022-06-06 20:32:46 +02:00
Federico Builes 1261e18905 Clarify license tests. 2022-06-06 20:32:46 +02:00
Federico Builes dc7b0a2788 Show an error when disallowed dependencies show up. 2022-06-06 20:32:46 +02:00
Federico Builes 06297bf229 Fixing failing tests 2022-06-06 20:32:46 +02:00
Federico Builes bccacf9708 Skeleton for license validation. 2022-06-06 20:32:46 +02:00
Federico Builes 8c646c1c91 Get rid of redundant variables. 2022-06-06 20:32:46 +02:00
Federico Builes 30c4549c8c Merge pull request #91 from actions/adding-config-file
Adding configuration options
2022-06-06 20:32:21 +02:00
Federico Builes 93c8cb2c8a Merge pull request #101 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.5.3
Bump eslint-plugin-jest from 26.4.6 to 26.5.3
2022-06-06 13:43:17 +02:00
Federico Builes d7c6d6203f Merge pull request #100 from actions/dependabot/npm_and_yarn/esbuild-register-3.3.3
Bump esbuild-register from 3.3.2 to 3.3.3
2022-06-06 13:34:38 +02:00
dependabot[bot] 92bcc5a0bf Bump esbuild-register from 3.3.2 to 3.3.3
Bumps esbuild-register from 3.3.2 to 3.3.3.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 11:32:09 +00:00
Federico Builes 545050ada5 Merge pull request #99 from actions/dependabot/npm_and_yarn/eslint-8.17.0
Bump eslint from 8.16.0 to 8.17.0
2022-06-06 13:31:00 +02:00
Federico Builes 2b674f0e26 Merge pull request #98 from actions/dependabot/npm_and_yarn/types/node-17.0.40
Bump @types/node from 17.0.38 to 17.0.40
2022-06-06 13:30:45 +02:00
Federico Builes 802525536f Merge pull request #97 from actions/dependabot/npm_and_yarn/typescript-4.7.3
Bump typescript from 4.7.2 to 4.7.3
2022-06-06 13:30:28 +02:00
dependabot[bot] 4eb9ad1d38 Bump eslint-plugin-jest from 26.4.6 to 26.5.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.6 to 26.5.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.6...v26.5.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:49:06 +00:00
dependabot[bot] 12cf02f216 Bump eslint from 8.16.0 to 8.17.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.16.0 to 8.17.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.16.0...v8.17.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:31 +00:00
dependabot[bot] c7ff505b05 Bump @types/node from 17.0.38 to 17.0.40
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.38 to 17.0.40.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:14 +00:00
dependabot[bot] 90221b23f7 Bump typescript from 4.7.2 to 4.7.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.2 to 4.7.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.2...v4.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:47:20 +00:00
Federico Builes 2f38c7e78c Add severity level to the vulns not found message. 2022-06-01 15:56:16 +02:00
Federico Builes c235374b9d Removing redundant test. 2022-06-01 13:42:22 +02:00
Federico Builes ae2949c9c1 Removing old file. 2022-06-01 13:40:09 +02:00
Federico Builes 3ae540bf96 Updating the README with config instructions. 2022-06-01 13:39:05 +02:00
Federico Builes 1c15a1745e Adding dependency-review.yml. 2022-06-01 13:38:42 +02:00
Federico Builes 19b36f0933 Use a more definitive name for the config file. 2022-06-01 13:28:03 +02:00
Federico Builes 0b9547aabf Adding more expectations for severities. 2022-06-01 13:14:32 +02:00
Federico Builes b327132e4b Remove state from the filtering function. 2022-06-01 13:10:58 +02:00
Federico Builes f9a13e70f4 Fixing circular reference, adding prettier. 2022-06-01 12:09:11 +02:00
Federico Builes db9f724163 Introduce a schema for ConfigurationOptions.
This commit illustrates an approach, but is currently
failing the tests.
2022-06-01 06:36:02 +02:00
Federico Builes 7db11574b7 Make vulnerabilities be [] by default. 2022-06-01 05:36:46 +02:00
Federico Builes 7063d0ca45 Don't modify array in place. 2022-06-01 05:32:50 +02:00
Federico Builes 2dd55385c1 Use let instead of var, fix failing test. 2022-06-01 05:31:33 +02:00
Federico Builes 48729e4e38 Merge pull request #96 from actions/dependabot/npm_and_yarn/types/node-17.0.38
Bump @types/node from 17.0.36 to 17.0.38
2022-06-01 04:48:28 +02:00
dependabot[bot] 230442bc30 Bump @types/node from 17.0.36 to 17.0.38
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.36 to 17.0.38.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-01 01:54:46 +00:00
Federico Builes 4235242818 adding dist files 2022-05-31 17:09:21 +02:00
Federico Builes 731e67eca2 Add filtering by low severity as the default. 2022-05-31 17:08:22 +02:00
Federico Builes b601c09c4e Merge branch 'main' into adding-config-file 2022-05-31 16:59:33 +02:00
Federico Builes 982e1d16cb Whitespace and newlines. 2022-05-31 16:54:59 +02:00
Federico Builes f0a04841ce Adding logic to filter by vulnerability severity. 2022-05-31 16:50:39 +02:00
Federico Builes e622e72c6f Export Change schema. 2022-05-31 06:06:19 +02:00
Federico Builes 92e40d7290 Move printing function out. 2022-05-31 06:03:42 +02:00
Federico Builes 21763d05e0 Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6
Bump eslint-plugin-jest from 26.4.5 to 26.4.6
2022-05-31 05:25:05 +02:00
Federico Builes 2c245d1aba Merge pull request #93 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.0
Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
2022-05-31 05:24:37 +02:00
dependabot[bot] d6fb424a28 Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 03:22:15 +00:00
Federico Builes 088fc4d4e8 Merge pull request #92 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.0
Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
2022-05-31 05:21:37 +02:00
dependabot[bot] 132427b4bc Bump eslint-plugin-jest from 26.4.5 to 26.4.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.5 to 26.4.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.5...v26.4.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:59 +00:00
dependabot[bot] 5f0449f13c Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:15 +00:00
Federico Builes 0b73ead548 Merge branch 'main' into adding-config-file 2022-05-30 06:37:29 +02:00
Federico Builes 67a046c994 Merge pull request #89 from actions/dependabot/npm_and_yarn/types/node-17.0.36
Bump @types/node from 17.0.35 to 17.0.36
2022-05-30 06:30:17 +02:00
Federico Builes 64c25ba2f4 Merge pull request #90 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.5
Bump eslint-plugin-jest from 26.2.2 to 26.4.5
2022-05-30 06:30:05 +02:00
dependabot[bot] f3682c87a7 Bump eslint-plugin-jest from 26.2.2 to 26.4.5
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.2.2 to 26.4.5.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.2.2...v26.4.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:47:42 +00:00
dependabot[bot] fc7745e42a Bump @types/node from 17.0.35 to 17.0.36
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.35 to 17.0.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:46:36 +00:00
Federico Builes a8dcc6b774 Adding basic config file parsing and some test scaffolding. 2022-05-26 15:54:59 -07:00
Federico Builes d09b96a7b1 Updating YAML deps. 2022-05-26 14:49:02 -07:00
Federico Builes 243561faa0 Merge pull request #87 from actions/dependabot/npm_and_yarn/vercel/ncc-0.34.0
Bump @vercel/ncc from 0.33.4 to 0.34.0
2022-05-26 10:47:33 -07:00
Federico Builes 860cc21fc2 Merge pull request #86 from actions/dependabot/npm_and_yarn/got-12.1.0
Bump got from 12.0.4 to 12.1.0
2022-05-26 10:47:20 -07:00
dependabot[bot] 98f8200aaa Bump @vercel/ncc from 0.33.4 to 0.34.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.33.4 to 0.34.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.33.4...0.34.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:41 +00:00
dependabot[bot] b3375e0be4 Bump got from 12.0.4 to 12.1.0
Bumps [got](https://github.com/sindresorhus/got) from 12.0.4 to 12.1.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.0.4...v12.1.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:11 +00:00
Federico Builes 737f9b3a71 Merge pull request #85 from actions/dependabot/npm_and_yarn/typescript-4.7.2
Bump typescript from 4.6.4 to 4.7.2
2022-05-25 10:57:24 -07:00
dependabot[bot] 91660a5ad1 Bump typescript from 4.6.4 to 4.7.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.4 to 4.7.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.4...v4.7.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 01:46:29 +00:00
Federico Builes 2b78124491 Merge pull request #83 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.26.0
Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
2022-05-24 16:21:37 -07:00
Federico Builes 365fad2034 Merge pull request #82 from actions/dependabot/npm_and_yarn/zod-3.17.3
Bump zod from 3.17.2 to 3.17.3
2022-05-24 14:54:41 -07:00
Federico Builes 31314537ae adding dist files 2022-05-24 14:52:45 -07:00
dependabot[bot] c893395cf8 Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.25.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:43:26 +00:00
dependabot[bot] 93e4466112 Bump zod from 3.17.2 to 3.17.3
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.2 to 3.17.3.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.2...v3.17.3)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:42:32 +00:00
Federico Builes a9c83d3af6 Merge pull request #81 from actions/elireisman/fix-default-case
Fix default-case in error handling
2022-05-23 12:30:51 -07:00
Eli Reisman f4b10ab0c4 update dist package 2022-05-23 11:46:07 -07:00
Eli Reisman a4da1f9048 handle unexpected error types opaquely 2022-05-23 11:45:36 -07:00
Eli Reisman 19edfd7243 fix default case in error handling 2022-05-23 11:36:34 -07:00
Federico Builes 0be808458e Merge pull request #80 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.26.0
Bump @typescript-eslint/parser from 5.24.0 to 5.26.0
2022-05-23 11:20:37 -07:00
Federico Builes 77396f2e4f Merge pull request #79 from actions/dependabot/npm_and_yarn/zod-3.17.2
Bump zod from 3.16.0 to 3.17.2
2022-05-23 11:19:59 -07:00
Federico Builes 9bc6bded9e updating dist 2022-05-23 11:18:56 -07:00
dependabot[bot] 3b26a2a544 Bump zod from 3.16.0 to 3.17.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.16.0 to 3.17.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.16.0...v3.17.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:16:20 +00:00
dependabot[bot] 7517e23bfc Bump @typescript-eslint/parser from 5.24.0 to 5.26.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.24.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:16:05 +00:00
Federico Builes cdae254423 Merge pull request #78 from actions/dependabot/npm_and_yarn/eslint-8.16.0
Bump eslint from 8.15.0 to 8.16.0
2022-05-23 11:14:59 -07:00
Federico Builes a257e84a2f Merge pull request #77 from actions/dependabot/npm_and_yarn/types/node-17.0.35
Bump @types/node from 17.0.33 to 17.0.35
2022-05-23 11:14:38 -07:00
dependabot[bot] e0be07f423 Bump eslint from 8.15.0 to 8.16.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.15.0 to 8.16.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.15.0...v8.16.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:04:04 +00:00
dependabot[bot] 4b83e15691 Bump @types/node from 17.0.33 to 17.0.35
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.33 to 17.0.35.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:03:59 +00:00
Federico Builes e4396493ba Merge pull request #73 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.25.0
Bump @typescript-eslint/eslint-plugin from 5.24.0 to 5.25.0
2022-05-23 11:03:13 -07:00
dependabot[bot] 8ba008fb62 Bump @typescript-eslint/eslint-plugin from 5.24.0 to 5.25.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.24.0 to 5.25.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.25.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-18 01:30:23 +00:00
Federico Builes 5ce46b3424 Merge pull request #65 from actions/update-readme
Update README to include GHAS instructions
2022-05-16 14:20:09 -07:00
Federico Builes 9680f24ea3 Merge pull request #71 from actions/dependabot/npm_and_yarn/actions/github-5.0.3
Bump @actions/github from 5.0.1 to 5.0.3
2022-05-16 14:19:29 -07:00
Federico Builes 9cdb91e238 updating dist files 2022-05-16 14:17:47 -07:00
dependabot[bot] 92e8876693 Bump @actions/github from 5.0.1 to 5.0.3
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.0.1 to 5.0.3.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:15:27 +00:00
Federico Builes c91da44591 Merge pull request #67 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.2.2
Bump eslint-plugin-jest from 26.1.5 to 26.2.2
2022-05-16 14:13:20 -07:00
Federico Builes b988161c8f Merge pull request #70 from actions/updating-deps
Updating NPM Dependencies
2022-05-16 14:09:47 -07:00
Federico Builes a086ec5a2d updating dependencies 2022-05-16 14:06:20 -07:00
dependabot[bot] b40a0040b5 Bump eslint-plugin-jest from 26.1.5 to 26.2.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.1.5 to 26.2.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.1.5...v26.2.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:05:19 +00:00
Federico Builes dcc694e92a Merge pull request #61 from actions/dependabot/npm_and_yarn/zod-3.16.0
Bump zod from 3.15.1 to 3.16.0
2022-05-16 14:04:47 -07:00
dependabot[bot] dfafa144e7 Bump zod from 3.15.1 to 3.16.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.15.1 to 3.16.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.15.1...v3.16.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:03:27 +00:00
Federico Builes 7a2877d9c8 updating the dist folder 2022-05-16 14:02:08 -07:00
Federico Builes 265d6e12a9 updating README 2022-05-13 08:11:58 +02:00
Federico Builes 0e2b63f1f4 Cleaning up errors. 2022-05-12 18:07:14 +02:00
Federico Builes 0e9a322413 Move config into its own file. 2022-05-12 18:05:14 +02:00
Federico Builes fdcc204dbb Adding a YAML parser. 2022-05-12 18:04:51 +02:00
Federico Builes 871c00fde8 adding dist files 2022-05-12 11:44:25 +02:00
Federico Builes 52795b8e93 Print config files. 2022-05-12 11:43:08 +02:00
52 changed files with 65337 additions and 12325 deletions
+9
View File
@@ -0,0 +1,9 @@
{
"name": "Dependency Review Action",
"image": "mcr.microsoft.com/devcontainers/typescript-node:18",
"postCreateCommand": "npm install",
"remoteUser": "node",
"features": {
"ghcr.io/devcontainers/features/ruby:1": {}
}
}
+5 -2
View File
@@ -3,9 +3,12 @@ updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
interval: weekly
- package-ecosystem: npm
directory: /
schedule:
interval: daily
interval: weekly
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+5 -4
View File
@@ -21,12 +21,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set Node.js 16.x
uses: actions/setup-node@v3
- name: Set Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 16.x
node-version: 18.x
cache: npm
- name: Install dependencies
run: npm ci
+42
View File
@@ -0,0 +1,42 @@
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Test
run: |
npm test
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Check format
run: |
npm run format-check
- name: Lint
run: |
npm run lint
+1 -1
View File
@@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@main
+3
View File
@@ -1,4 +1,5 @@
event.json
.ruby-version
# Dependency directory
node_modules
@@ -99,3 +100,5 @@ Thumbs.db
# Ignore built ts files
__tests__/runner/*
lib/**/*
tmp
+3
View File
@@ -0,0 +1,3 @@
{
"recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
}
+13
View File
@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"configurations": [
{
"name": "Debug Jest Tests",
"type": "node",
"request": "launch",
"runtimeArgs": ["--inspect-brk", "${workspaceRoot}/node_modules/.bin/jest", "--runInBand", "--coverage", "false"],
"console": "integratedTerminal",
"internalConsoleOptions": "neverOpen"
}
]
}
+4
View File
@@ -0,0 +1,4 @@
{
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
+54 -11
View File
@@ -1,4 +1,5 @@
# Contributing
[fork]: https://github.com/actions/dependency-review-action/fork
[pr]: https://github.com/actions/dependency-review-action/compare
[code-of-conduct]: CODE_OF_CONDUCT.md
@@ -9,7 +10,6 @@ Contributions to this project are
[released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license)
to the public under the [project's open source license](LICENSE).
Please note that this project is released with a [Contributor Code of
Conduct][code-of-conduct]. By participating in this project you agree
to abide by its terms.
@@ -20,7 +20,6 @@ This Action makes an authenticated query to the Dependency Graph Diff
API endpoint (`GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}`)
to find out the set of added and removed dependencies for each manifest.
### Bootstrapping the project
```
@@ -35,10 +34,11 @@ npm install
npm run test
```
*Note*: We don't have any useful tests yet, contributions are welcome!
_Note_: We don't have any useful tests yet, contributions are welcome!
## Local Development
It is recommended to have atleast [Node 18](https://nodejs.org/en/) installed.
We have a script to scan a given PR for vulnerabilities, this will
help you test your local changes. Make sure to [grab a Personal Access Token (PAT)](https://github.com/settings/tokens) before proceeding (you'll need `repo` permissions for private repos):
@@ -56,22 +56,65 @@ Like this:
$ GITHUB_TOKEN=my-secret-token ./scripts/scan_pr https://github.com/actions/dependency-review-action/pull/3
```
[Configuration options](README.md#configuration-options) can be set by
passing an external YAML [configuration file](README.md#configuration-file) to the
`scan_pr` script with the `-c`/`--config-file` option:
```sh
$ GITHUB_TOKEN=<token> ./scripts/scan_pr --config-file my_custom_config.yml <pr_url>
```
## Submitting a pull request
0. [Fork][fork] and clone the repository
0. Configure and install the dependencies: `npm install`
0. Make sure the tests pass on your machine: `npm run test`
0. Create a new branch: `git checkout -b my-branch-name`
0. Make your change, add tests, and make sure the tests still pass
0. Make sure to build and package before pushing: `npm run build && npm run package`
0. Push to your fork and [submit a pull request][pr]
0. Pat your self on the back and wait for your pull request to be reviewed and merged.
1. Configure and install the dependencies: `npm install`
2. Make sure the tests pass on your machine: `npm run test`
3. Create a new branch: `git checkout -b my-branch-name`
4. Make your change, add tests, and make sure the tests still pass
5. Make sure to build and package before pushing: `npm run build && npm run package`
6. Push to your fork and [submit a pull request][pr]
7. Pat your self on the back and wait for your pull request to be reviewed and merged.
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
- Write tests.
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
- Write a [good commit message](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Cutting a new release
1. Update the version number in [package.json](https://github.com/actions/dependency-review-action/blob/main/package.json).
1. Go to [Draft a new
release](https://github.com/actions/dependency-review-action/releases/new)
in the Releases page.
1. Make sure that the `Publish this Action to the GitHub Marketplace`
checkbox is enabled
<img width="481" alt="Screenshot 2022-06-15 at 12 08 19" src="https://user-images.githubusercontent.com/2161/173822484-4b60d8b4-c674-4bff-b5ff-b0c4a3650ab7.png">
3. Click "Choose a tag" and then "Create new tag", where the tag name
will be your version prefixed by a `v` (e.g. `v1.2.3`).
4. Use a version number for the release title (e.g. "1.2.3").
<img width="700" alt="Screenshot 2022-06-15 at 12 08 36" src="https://user-images.githubusercontent.com/2161/173822548-33ab3432-d679-4dc1-adf8-b50fdaf47de3.png">
5. Add your release notes. If this is a major version make sure to
include a small description of the biggest changes in the new version.
6. Click "Publish Release".
You now have a tag and release using the semver version you used
above. The last remaining thing to do is to move the dynamic version
identifier to match the current SHA. This allows users to adopt a
major version number (e.g. `v1`) in their workflows while
automatically getting all the
minor/patch updates.
To do this just checkout `main`, force-create a new annotated tag, and push it:
```
git tag -fa v3 -m "Updating v3 to 3.0.1"
git push origin v3 --force
```
## Resources
+135 -9
View File
@@ -1,14 +1,22 @@
# dependency-review-action
This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions.
This action scans your pull requests for dependency changes, and will
raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions on your default branch.
The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.
The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
You can see the results on the job logs:
<img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
or on the job summary:
<img src="https://user-images.githubusercontent.com/7847935/182871416-50332bbb-b279-4621-a136-ca72a4314301.png">
## Installation
**Please keep in mind that you need a [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security) license if you're running this action on private repositories.**
1. Add a new YAML workflow to your `.github/workflows` folder:
```yaml
@@ -23,21 +31,139 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v1
uses: actions/dependency-review-action@v3
```
### GitHub Enterprise Server
This action is available in Enterprise Server starting with version 3.6. Make sure
[GitHub Advanced
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
and [GitHub
Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
are enabled, and that you have installed the [dependency-review-action](https://github.com/actions/dependency-review-action) on the server.
You can use the same workflow as above, replacing the `runs-on` value
with the label of any of your runners (the default label
is `self-hosted`):
```yaml
# ...
jobs:
dependency-review:
runs-on: self-hosted
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
```
## Configuration options
Configure this action by either inlining these options in your workflow file, or by using an external configuration file. All configuration options are optional.
| Option | Usage | Possible values | Default value |
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------- |
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
| `allow-licenses`\* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `deny-licenses`\* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
| `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `always`, `on-failure`, `never` | `never` |
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |
| `retry-on-snapshot-warnings`\* | Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete. | `true`, `false` | `false` |
| `retry-on-snapshot-warnings-timeout`\* | Maximum amount of time (in seconds) to retry the action while waiting for dependency submission actions to complete. | Any positive integer | 120 |
\*not supported for use with GitHub Enterprise Server
†will be supported with GitHub Enterprise Server 3.8
### Inline Configuration
You can pass options to the Dependency Review GitHub Action using your workflow file.
#### Example
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
fail-on-severity: moderate
# Use comma-separated names to pass list arguments:
deny-licenses: LGPL-2.0, BSD-2-Clause
```
### Configuration File
You can use an external configuration file to specify the settings for this action. It can be a local file or a file in an external repository. Refer to the following options for the specification.
| Option | Usage | Possible values |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
#### Example
Start by specifying that you will be using an external configuration file:
```yaml
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
config-file: './.github/dependency-review-config.yml'
```
And then create the file in the path you just specified. Please note
that the **option names in external files use underscores instead of dashes**:
```yaml
fail_on_severity: 'critical'
allow_licenses:
- 'GPL-3.0'
- 'BSD-3-Clause'
- 'MIT'
```
For more examples of how to use this action and its configuration options, see the [examples](docs/examples.md) page.
### Considerations
- Checking for licenses is not supported on Enterprise Server as the API does not return license information.
- The action will only accept one of the two `license` parameters; an error will be raised if you provide both.
- We don't have license information for all of your dependents. If we can't detect the license for a dependency **we will inform you, but the action won't fail**.
## Blocking pull requests
The Dependency Review GitHub Action check will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see the [documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging).
## Getting help
If you have bug reports, questions or suggestions please [create a new
issue](https://github.com/actions/dependency-review-action/issues/new/choose).
If you have bug reports, questions or suggestions please [create a new issue](https://github.com/actions/dependency-review-action/issues/new/choose).
## Contributing
We are grateful for any contributions made to this project.
Please read [CONTRIBUTING.MD](https://github.com/actions/dependency-review-action/blob/main/CONTRIBUTING.md) to get started.
We are grateful for any contributions made to this project. Please read [CONTRIBUTING.MD](https://github.com/actions/dependency-review-action/blob/main/CONTRIBUTING.md) to get started.
## License
This project is released under the [MIT License](https://github.com/actions/dependency-review-action/blob/main/LICENSE).
+199
View File
@@ -0,0 +1,199 @@
import {expect, test, beforeEach} from '@jest/globals'
import {readConfig} from '../src/config'
import {getRefs} from '../src/git-refs'
import * as Utils from '../src/utils'
import {setInput, clearInputs} from './test-helpers'
beforeAll(() => {
jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(true)
})
beforeEach(() => {
clearInputs()
})
test('it defaults to low severity', async () => {
const config = await readConfig()
expect(config.fail_on_severity).toEqual('low')
})
test('it reads custom configs', async () => {
setInput('fail-on-severity', 'critical')
setInput('allow-licenses', ' BSD, GPL 2')
const config = await readConfig()
expect(config.fail_on_severity).toEqual('critical')
expect(config.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('it defaults to empty allow/deny lists ', async () => {
const config = await readConfig()
expect(config.allow_licenses).toEqual(undefined)
expect(config.deny_licenses).toEqual(undefined)
})
test('it raises an error if both an allow and denylist are specified', async () => {
setInput('allow-licenses', 'MIT')
setInput('deny-licenses', 'BSD')
await expect(readConfig()).rejects.toThrow(
'You cannot specify both allow-licenses and deny-licenses'
)
})
test('it raises an error if an empty allow list is specified', async () => {
setInput('config-file', './__tests__/fixtures/config-empty-allow-sample.yml')
await expect(readConfig()).rejects.toThrow(
'You should provide at least one license in allow-licenses'
)
})
test('it raises an error when given an unknown severity', async () => {
setInput('fail-on-severity', 'zombies')
await expect(readConfig()).rejects.toThrow(/received 'zombies'/)
})
test('it uses the given refs when the event is not a pull request', async () => {
setInput('base-ref', 'a-custom-base-ref')
setInput('head-ref', 'a-custom-head-ref')
const refs = getRefs(await readConfig(), {
payload: {},
eventName: 'workflow_dispatch'
})
expect(refs.base).toEqual('a-custom-base-ref')
expect(refs.head).toEqual('a-custom-head-ref')
})
test('it raises an error when no refs are provided and the event is not a pull request', async () => {
const config = await readConfig()
expect(() =>
getRefs(config, {
payload: {},
eventName: 'workflow_dispatch'
})
).toThrow()
})
test('it defaults to runtime scope', async () => {
const config = await readConfig()
expect(config.fail_on_scopes).toEqual(['runtime'])
})
test('it parses custom scopes preference', async () => {
setInput('fail-on-scopes', 'runtime, development')
let config = await readConfig()
expect(config.fail_on_scopes).toEqual(['runtime', 'development'])
clearInputs()
setInput('fail-on-scopes', 'development')
config = await readConfig()
expect(config.fail_on_scopes).toEqual(['development'])
})
test('it raises an error when given invalid scope', async () => {
setInput('fail-on-scopes', 'runtime, zombies')
await expect(readConfig()).rejects.toThrow(/received 'zombies'/)
})
test('it defaults to an empty GHSA allowlist', async () => {
const config = await readConfig()
expect(config.allow_ghsas).toEqual([])
})
test('it successfully parses GHSA allowlist', async () => {
setInput('allow-ghsas', 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679')
const config = await readConfig()
expect(config.allow_ghsas).toEqual([
'GHSA-abcd-1234-5679',
'GHSA-efgh-1234-5679'
])
})
test('it defaults to checking licenses', async () => {
const config = await readConfig()
expect(config.license_check).toBe(true)
})
test('it parses the license-check input', async () => {
setInput('license-check', 'false')
let config = await readConfig()
expect(config.license_check).toEqual(false)
clearInputs()
setInput('license-check', 'true')
config = await readConfig()
expect(config.license_check).toEqual(true)
})
test('it defaults to checking vulnerabilities', async () => {
const config = await readConfig()
expect(config.vulnerability_check).toBe(true)
})
test('it parses the vulnerability-check input', async () => {
setInput('vulnerability-check', 'false')
let config = await readConfig()
expect(config.vulnerability_check).toEqual(false)
clearInputs()
setInput('vulnerability-check', 'true')
config = await readConfig()
expect(config.vulnerability_check).toEqual(true)
})
test('it is not possible to disable both checks', async () => {
setInput('license-check', 'false')
setInput('vulnerability-check', 'false')
await expect(readConfig()).rejects.toThrow(
/Can't disable both license-check and vulnerability-check/
)
})
describe('licenses that are not valid SPDX licenses', () => {
beforeAll(() => {
jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(false)
})
test('it raises an error for invalid licenses in allow-licenses', async () => {
setInput('allow-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in allow-licenses: BSD,GPL 2'
)
})
test('it raises an error for invalid licenses in deny-licenses', async () => {
setInput('deny-licenses', ' BSD, GPL 2')
await expect(readConfig()).rejects.toThrow(
'Invalid license(s) in deny-licenses: BSD,GPL 2'
)
})
})
test('it parses the comment-summary-in-pr input', async () => {
setInput('comment-summary-in-pr', 'true')
let config = await readConfig()
expect(config.comment_summary_in_pr).toBe('always')
clearInputs()
setInput('comment-summary-in-pr', 'false')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('never')
clearInputs()
setInput('comment-summary-in-pr', 'always')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('always')
clearInputs()
setInput('comment-summary-in-pr', 'never')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('never')
clearInputs()
setInput('comment-summary-in-pr', 'on-failure')
config = await readConfig()
expect(config.comment_summary_in_pr).toBe('on-failure')
})
+166
View File
@@ -0,0 +1,166 @@
import {expect, jest, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
let getDeniedChanges: Function
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const pipChange: Change = {
change_type: 'added',
manifest: 'requirements.txt',
ecosystem: 'pip',
name: 'package-1',
version: '1.1.1',
package_url: 'pkg:pip/package-1@1.1.1',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const mvnChange: Change = {
change_type: 'added',
manifest: 'pom.xml',
ecosystem: 'maven',
name: 'org.apache.logging.log4j:log4j-core',
version: '2.15.0',
package_url: 'pkg:maven/org.apache.logging.log4j/log4j-core@2.14.7',
license: 'Apache-2.0',
source_repository_url:
'https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core',
scope: 'unknown',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
jest.mock('@actions/core')
const mockOctokit = {
rest: {
licenses: {
getForRepo: jest
.fn()
.mockReturnValue({data: {license: {spdx_id: 'AGPL'}}})
}
}
}
jest.mock('octokit', () => {
return {
// eslint-disable-next-line @typescript-eslint/no-extraneous-class
Octokit: class {
constructor() {
return mockOctokit
}
}
}
})
beforeEach(async () => {
jest.resetModules()
jest.doMock('spdx-satisfies', () => {
// mock spdx-satisfies return value
// true for BSD, false for all others
return jest.fn((license: string, _: string): boolean => license === 'BSD')
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getDeniedChanges} = require('../src/deny'))
})
test('it adds packages in the deny packages list', async () => {
const changes: Changes = [npmChange, rubyChange]
const deniedChanges = await getDeniedChanges(
changes,
['pkg:gem/actionsomething'],
[]
)
expect(deniedChanges[0]).toBe(rubyChange)
expect(deniedChanges.length).toEqual(1)
})
test('it adds packages in the deny group list', async () => {
const changes: Changes = [mvnChange, rubyChange]
const deniedChanges = await getDeniedChanges(
changes,
[],
['pkg:maven/org.apache.logging.log4j']
)
expect(deniedChanges[0]).toBe(mvnChange)
expect(deniedChanges.length).toEqual(1)
})
test('it adds packages outside of the deny lists', async () => {
const changes: Changes = [npmChange, pipChange]
const deniedChanges = await getDeniedChanges(
changes,
['pkg:gem/actionsomething'],
['pkg:maven:org.apache.logging.log4j']
)
expect(deniedChanges.length).toEqual(0)
})
+29
View File
@@ -0,0 +1,29 @@
import {RequestError} from '@octokit/request-error'
import * as dependencyGraph from '../src/dependency-graph'
import * as core from '@actions/core'
// mock call to core.getInput('repo-token'.. to avoid environment setup - Input required and not supplied: repo-token
jest.mock('@actions/core', () => ({
getInput: (input: string) => {
if (input === 'repo-token') {
return 'gh_testtoken'
}
}
}))
test('it properly catches RequestError type', async () => {
const token = core.getInput('repo-token', {required: true})
expect(token).toBe('gh_testtoken')
//Integration test to make an API request using current dependencies and ensure response can parse into RequestError
try {
await dependencyGraph.compare({
owner: 'actions',
repo: 'dependency-review-action',
baseRef: 'refs/heads/master',
headRef: 'refs/heads/master'
})
} catch (error) {
expect(error).toBeInstanceOf(RequestError)
}
})
+111
View File
@@ -0,0 +1,111 @@
import {expect, test, beforeEach} from '@jest/globals'
import {readConfig} from '../src/config'
import * as Utils from '../src/utils'
import {setInput, clearInputs} from './test-helpers'
const externalConfig = `fail_on_severity: 'high'
allow_licenses: ['GPL-2.0-only']
`
const mockOctokit = {
rest: {
repos: {
getContent: jest.fn().mockReturnValue({data: externalConfig})
}
}
}
jest.mock('octokit', () => {
return {
// eslint-disable-next-line @typescript-eslint/no-extraneous-class
Octokit: class {
constructor() {
return mockOctokit
}
}
}
})
beforeAll(() => {
jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(true)
})
beforeEach(() => {
clearInputs()
})
test('it reads an external config file', async () => {
setInput('config-file', './__tests__/fixtures/config-allow-sample.yml')
const config = await readConfig()
expect(config.fail_on_severity).toEqual('critical')
expect(config.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('raises an error when the config file was not found', async () => {
setInput('config-file', 'fixtures/i-dont-exist')
await expect(readConfig()).rejects.toThrow(/Unable to fetch/)
})
test('it parses options from both sources', async () => {
setInput('config-file', './__tests__/fixtures/config-allow-sample.yml')
let config = await readConfig()
expect(config.fail_on_severity).toEqual('critical')
setInput('base-ref', 'a-custom-base-ref')
config = await readConfig()
expect(config.base_ref).toEqual('a-custom-base-ref')
})
test('in case of conflicts, the inline config is the source of truth', async () => {
setInput('fail-on-severity', 'low')
setInput('config-file', './__tests__/fixtures/config-allow-sample.yml') // this will set fail-on-severity to 'critical'
const config = await readConfig()
expect(config.fail_on_severity).toEqual('low')
})
test('it uses the default values when loading external files', async () => {
setInput('config-file', './__tests__/fixtures/no-licenses-config.yml')
let config = await readConfig()
expect(config.allow_licenses).toEqual(undefined)
expect(config.deny_licenses).toEqual(undefined)
setInput('config-file', './__tests__/fixtures/license-config-sample.yml')
config = await readConfig()
expect(config.fail_on_severity).toEqual('low')
})
test('it accepts an external configuration filename', async () => {
setInput('config-file', './__tests__/fixtures/no-licenses-config.yml')
const config = await readConfig()
expect(config.fail_on_severity).toEqual('critical')
})
test('it raises an error when given an unknown severity in an external config file', async () => {
setInput('config-file', './__tests__/fixtures/invalid-severity-config.yml')
await expect(readConfig()).rejects.toThrow()
})
test('it supports comma-separated lists', async () => {
setInput(
'config-file',
'./__tests__/fixtures/inline-license-config-sample.yml'
)
const config = await readConfig()
expect(config.allow_licenses).toEqual(['MIT', 'GPL-2.0-only'])
})
test('it reads a config file hosted in another repo', async () => {
setInput(
'config-file',
'future-funk/anyone-cualkiera/external-config.yml@main'
)
setInput('external-repo-token', 'gh_viptoken')
const config = await readConfig()
expect(config.fail_on_severity).toEqual('high')
expect(config.allow_licenses).toEqual(['GPL-2.0-only'])
})
+123
View File
@@ -0,0 +1,123 @@
import {expect, test} from '@jest/globals'
import {Change} from '../src/schemas'
import {
filterChangesBySeverity,
filterChangesByScopes,
filterAllowedAdvisories
} from '../src/filter'
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'development',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const noVulnNpmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'helpful',
version: '1.0.0',
package_url: 'pkg:npm/helpful@1.0.0',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: []
}
test('it properly filters changes by severity', async () => {
const changes = [npmChange, rubyChange]
let result = filterChangesBySeverity('high', changes)
expect(result).toEqual([npmChange])
result = filterChangesBySeverity('low', changes)
expect(changes).toEqual([npmChange, rubyChange])
result = filterChangesBySeverity('critical', changes)
expect(changes).toEqual([npmChange, rubyChange])
})
test('it properly filters changes by scope', async () => {
const changes = [npmChange, rubyChange]
let result = filterChangesByScopes(['runtime'], changes)
expect(result).toEqual([npmChange])
result = filterChangesByScopes(['development'], changes)
expect(result).toEqual([rubyChange])
result = filterChangesByScopes(['runtime', 'development'], changes)
expect(result).toEqual([npmChange, rubyChange])
})
test('it properly handles undefined advisory IDs', async () => {
const changes = [npmChange, rubyChange, noVulnNpmChange]
const result = filterAllowedAdvisories(undefined, changes)
expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
})
test('it properly filters changes with allowed vulnerabilities', async () => {
const changes = [npmChange, rubyChange, noVulnNpmChange]
let result = filterAllowedAdvisories(['notrealGHSAID'], changes)
expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
result = filterAllowedAdvisories(['first-random_string'], changes)
expect(result).toEqual([rubyChange, noVulnNpmChange])
result = filterAllowedAdvisories(
['second-random_string', 'third-random_string'],
changes
)
expect(result).toEqual([npmChange, noVulnNpmChange])
result = filterAllowedAdvisories(
['first-random_string', 'second-random_string', 'third-random_string'],
changes
)
expect(result).toEqual([noVulnNpmChange])
// if we have a change with multiple vulnerabilities but only one is allowed, we still should not filter out that change
result = filterAllowedAdvisories(['second-random_string'], changes)
expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
})
@@ -0,0 +1,4 @@
fail_on_severity: critical
allow_licenses:
- "BSD"
- "GPL 2"
@@ -0,0 +1,2 @@
fail_on_severity: critical
allow_licenses: []
@@ -0,0 +1,2 @@
allow_licenses: []
deny_licenses: []
+36
View File
@@ -0,0 +1,36 @@
import {Change} from '../../src/schemas'
import {createTestVulnerability} from './create-test-vulnerability'
const defaultChange: Change = {
change_type: 'added',
manifest: 'package.json',
ecosystem: 'npm',
name: 'lodash',
version: '4.17.20',
package_url: 'pkg:npm/lodash@4.17.20',
license: 'MIT',
source_repository_url: 'https://github.com/lodash/lodash',
scope: 'runtime',
vulnerabilities: [
createTestVulnerability({
severity: 'high',
advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
advisory_summary: 'Command Injection in lodash',
advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
}),
createTestVulnerability({
severity: 'moderate',
advisory_ghsa_id: 'GHSA-29mw-wpgm-hmr9',
advisory_summary:
'Regular Expression Denial of Service (ReDoS) in lodash',
advisory_url: 'https://github.com/advisories/GHSA-29mw-wpgm-hmr9'
})
]
}
const createTestChange = (overwrites: Partial<Change> = {}): Change => ({
...defaultChange,
...overwrites
})
export {createTestChange}
@@ -0,0 +1,19 @@
import {Change} from '../../src/schemas'
type Vulnerability = Change['vulnerabilities'][0]
const defaultTestVulnerability: Vulnerability = {
severity: 'high',
advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
advisory_summary: 'Command Injection in lodash',
advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
}
const createTestVulnerability = (
overwrites: Partial<Vulnerability> = {}
): Vulnerability => ({
...defaultTestVulnerability,
...overwrites
})
export {createTestVulnerability}
@@ -0,0 +1 @@
allow-licenses: "MIT, GPL-2.0-only"
@@ -0,0 +1,3 @@
fail_on_severity: 'so many zombies'
deny_licenses:
- MIT
@@ -0,0 +1 @@
allow_licenses: ['MIT', 'GPL 2']
@@ -0,0 +1 @@
fail_on_severity: critical
+264
View File
@@ -0,0 +1,264 @@
import {expect, jest, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
let getInvalidLicenseChanges: Function
const npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
const rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
const pipChange: Change = {
change_type: 'added',
manifest: 'requirements.txt',
ecosystem: 'pip',
name: 'package-1',
version: '1.1.1',
package_url: 'pkg:pip/package-1@1.1.1',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
jest.mock('@actions/core')
const mockOctokit = {
rest: {
licenses: {
getForRepo: jest
.fn()
.mockReturnValue({data: {license: {spdx_id: 'AGPL'}}})
}
}
}
jest.mock('octokit', () => {
return {
// eslint-disable-next-line @typescript-eslint/no-extraneous-class
Octokit: class {
constructor() {
return mockOctokit
}
}
}
})
beforeEach(async () => {
jest.resetModules()
jest.doMock('spdx-satisfies', () => {
// mock spdx-satisfies return value
// true for BSD, false for all others
return jest.fn((license: string, _: string): boolean => license === 'BSD')
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getInvalidLicenseChanges} = require('../src/licenses'))
})
test('it adds license outside the allow list to forbidden changes', async () => {
const changes: Changes = [npmChange, rubyChange]
const {forbidden} = await getInvalidLicenseChanges(changes, {
allow: ['BSD']
})
expect(forbidden[0]).toBe(npmChange)
expect(forbidden.length).toEqual(1)
})
test('it adds license inside the deny list to forbidden changes', async () => {
const changes: Changes = [npmChange, rubyChange]
const {forbidden} = await getInvalidLicenseChanges(changes, {
deny: ['BSD']
})
expect(forbidden[0]).toBe(rubyChange)
expect(forbidden.length).toEqual(1)
})
test('it does not add license outside the allow list to forbidden changes if it is in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const {forbidden} = await getInvalidLicenseChanges(changes, {
allow: ['BSD']
})
expect(forbidden).toStrictEqual([])
})
test('it does not add license inside the deny list to forbidden changes if it is in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const {forbidden} = await getInvalidLicenseChanges(changes, {
deny: ['BSD']
})
expect(forbidden).toStrictEqual([])
})
test('it adds license outside the allow list to forbidden changes if it is in both added and removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
npmChange,
{...rubyChange, change_type: 'removed'}
]
const {forbidden} = await getInvalidLicenseChanges(changes, {
allow: ['BSD']
})
expect(forbidden).toStrictEqual([npmChange])
})
test('it adds all licenses to unresolved if it is unable to determine the validity', async () => {
jest.resetModules() // reset module set in before
jest.doMock('spdx-satisfies', () => {
return jest.fn((_first: string, _second: string) => {
throw new Error('Some Error')
})
})
// eslint-disable-next-line @typescript-eslint/no-require-imports
;({getInvalidLicenseChanges} = require('../src/licenses'))
const changes: Changes = [npmChange, rubyChange]
const invalidLicenses = await getInvalidLicenseChanges(changes, {
allow: ['BSD']
})
expect(invalidLicenses.forbidden.length).toEqual(0)
expect(invalidLicenses.unlicensed.length).toEqual(0)
expect(invalidLicenses.unresolved.length).toEqual(2)
})
test('it does not filter out changes that are on the exclusions list', async () => {
const changes: Changes = [pipChange, npmChange, rubyChange]
const licensesConfig = {
allow: ['BSD'],
licenseExclusions: ['pkg:pip/package-1@1.1.1', 'pkg:npm/reeuhq@1.0.2']
}
const invalidLicenses = await getInvalidLicenseChanges(
changes,
licensesConfig
)
expect(invalidLicenses.forbidden.length).toEqual(0)
})
test('it does not fail when the packages dont have a valid PURL', async () => {
const emptyPurlChange = pipChange
emptyPurlChange.package_url = ''
const changes: Changes = [emptyPurlChange, npmChange, rubyChange]
const licensesConfig = {
allow: ['BSD'],
licenseExclusions: ['pkg:pip/package-1@1.1.1', 'pkg:npm/reeuhq@1.0.2']
}
const invalidLicenses = await getInvalidLicenseChanges(
changes,
licensesConfig
)
expect(invalidLicenses.forbidden.length).toEqual(1)
})
test('it does filters out changes if they are not on the exclusions list', async () => {
const changes: Changes = [pipChange, npmChange, rubyChange]
const licensesConfig = {
allow: ['BSD'],
licenseExclusions: ['pkg:pip/notmypackage-1@1.1.1', 'pkg:npm/alsonot@1.0.2']
}
const invalidLicenses = await getInvalidLicenseChanges(
changes,
licensesConfig
)
expect(invalidLicenses.forbidden.length).toEqual(2)
expect(invalidLicenses.forbidden[0]).toBe(pipChange)
expect(invalidLicenses.forbidden[1]).toBe(npmChange)
})
describe('GH License API fallback', () => {
test('it calls licenses endpoint if atleast one of the changes has null license and valid source_repository_url', async () => {
const nullLicenseChange = {
...npmChange,
license: null,
source_repository_url: 'http://github.com/some-owner/some-repo'
}
const {unlicensed} = await getInvalidLicenseChanges(
[nullLicenseChange, rubyChange],
{}
)
expect(mockOctokit.rest.licenses.getForRepo).toHaveBeenNthCalledWith(1, {
owner: 'some-owner',
repo: 'some-repo'
})
expect(unlicensed.length).toEqual(0)
})
test('it does not call licenses API endpoint for change with null license and invalid source_repository_url ', async () => {
const {unlicensed} = await getInvalidLicenseChanges(
[{...npmChange, license: null}],
{}
)
expect(mockOctokit.rest.licenses.getForRepo).not.toHaveBeenCalled()
expect(unlicensed.length).toEqual(1)
})
test('it does not call licenses API endpoint if licenses for all changes are present', async () => {
const {unlicensed} = await getInvalidLicenseChanges(
[npmChange, rubyChange],
{}
)
expect(mockOctokit.rest.licenses.getForRepo).not.toHaveBeenCalled()
expect(unlicensed.length).toEqual(0)
})
})
-5
View File
@@ -1,5 +0,0 @@
import {expect, test} from '@jest/globals'
test('tests things', async () => {
expect(true).toEqual(true)
})
+389
View File
@@ -0,0 +1,389 @@
import {expect, jest, test} from '@jest/globals'
import {Changes, ConfigurationOptions} from '../src/schemas'
import * as summary from '../src/summary'
import * as core from '@actions/core'
import {createTestChange} from './fixtures/create-test-change'
import {createTestVulnerability} from './fixtures/create-test-vulnerability'
afterEach(() => {
jest.clearAllMocks()
core.summary.emptyBuffer()
})
const emptyChanges: Changes = []
const emptyInvalidLicenseChanges = {
forbidden: [],
unresolved: [],
unlicensed: []
}
const defaultConfig: ConfigurationOptions = {
vulnerability_check: true,
license_check: true,
fail_on_severity: 'high',
fail_on_scopes: ['runtime'],
allow_ghsas: [],
allow_licenses: [],
deny_licenses: [],
deny_packages: [],
deny_groups: [],
comment_summary_in_pr: true,
retry_on_snapshot_warnings: false,
retry_on_snapshot_warnings_timeout: 120
}
const changesWithEmptyManifests: Changes = [
{
change_type: 'added',
manifest: '',
ecosystem: 'unknown',
name: 'castore',
version: '0.1.17',
package_url: 'pkg:hex/castore@0.1.17',
license: null,
source_repository_url: null,
scope: 'runtime',
vulnerabilities: []
},
{
change_type: 'added',
manifest: '',
ecosystem: 'unknown',
name: 'connection',
version: '1.1.0',
package_url: 'pkg:hex/connection@1.1.0',
license: null,
source_repository_url: null,
scope: 'runtime',
vulnerabilities: []
},
{
change_type: 'added',
manifest: 'python/dist-info/METADATA',
ecosystem: 'pip',
name: 'pygments',
version: '2.6.1',
package_url: 'pkg:pypi/pygments@2.6.1',
license: 'BSD-2-Clause',
source_repository_url: 'https://github.com/pygments/pygments',
scope: 'runtime',
vulnerabilities: []
}
]
test('prints headline as h1', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('<h1>Dependency Review</h1>')
})
test('only includes "No vulnerabilities or license issues found"-message if both are configured and nothing was found', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('✅ No vulnerabilities or license issues found.')
})
test('only includes "No vulnerabilities found"-message if "license_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, license_check: false}
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
config
)
const text = core.summary.stringify()
expect(text).toContain('✅ No vulnerabilities found.')
})
test('only includes "No license issues found"-message if "vulnerability_check" is set to false and nothing was found', () => {
const config = {...defaultConfig, vulnerability_check: false}
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
config
)
const text = core.summary.stringify()
expect(text).toContain('✅ No license issues found.')
})
test('groups dependencies with empty manifest paths together', () => {
summary.addSummaryToSummary(
changesWithEmptyManifests,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
summary.addScannedDependencies(changesWithEmptyManifests)
const text = core.summary.stringify()
expect(text).toContain('<summary>Unnamed Manifest</summary>')
expect(text).toContain('castore')
expect(text).toContain('connection')
expect(text).toContain('<summary>python/dist-info/METADATA</summary>')
expect(text).toContain('pygments')
})
test('does not include status section if nothing was found', () => {
summary.addSummaryToSummary(
emptyChanges,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).not.toContain('The following issues were found:')
})
test('includes count and status icons for all findings', () => {
const vulnerabilities = [
createTestChange({name: 'lodash'}),
createTestChange({name: 'underscore', package_url: 'test-url'})
]
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [createTestChange(), createTestChange()],
unlicensed: [createTestChange(), createTestChange(), createTestChange()]
}
summary.addSummaryToSummary(
vulnerabilities,
licenseIssues,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('❌ 2 vulnerable package(s)')
expect(text).toContain(
'❌ 2 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('❌ 1 package(s) with incompatible licenses')
expect(text).toContain('⚠️ 3 package(s) with unknown licenses')
})
test('uses checkmarks for license issues if only vulnerabilities were found', () => {
const vulnerabilities = [createTestChange()]
summary.addSummaryToSummary(
vulnerabilities,
emptyInvalidLicenseChanges,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('❌ 1 vulnerable package(s)')
expect(text).toContain(
'✅ 0 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('✅ 0 package(s) with incompatible licenses')
expect(text).toContain('✅ 0 package(s) with unknown licenses')
})
test('uses checkmarks for vulnerabilities if only license issues were found', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
summary.addSummaryToSummary(
emptyChanges,
licenseIssues,
emptyChanges,
defaultConfig
)
const text = core.summary.stringify()
expect(text).toContain('✅ 0 vulnerable package(s)')
expect(text).toContain(
'✅ 0 package(s) with invalid SPDX license definitions'
)
expect(text).toContain('❌ 1 package(s) with incompatible licenses')
expect(text).toContain('✅ 0 package(s) with unknown licenses')
})
test('addChangeVulnerabilitiesToSummary() - only includes section if any vulnerabilites found', () => {
summary.addChangeVulnerabilitiesToSummary(emptyChanges, 'low')
const text = core.summary.stringify()
expect(text).toEqual('')
})
test('addChangeVulnerabilitiesToSummary() - includes all vulnerabilities', () => {
const changes = [
createTestChange({name: 'lodash'}),
createTestChange({name: 'underscore', package_url: 'test-url'})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).toContain('<h2>Vulnerabilities</h2>')
expect(text).toContain('lodash')
expect(text).toContain('underscore')
})
test('addChangeVulnerabilitiesToSummary() - includes advisory url if available', () => {
const changes = [
createTestChange({
name: 'underscore',
vulnerabilities: [
createTestVulnerability({
advisory_summary: 'test-summary',
advisory_url: 'test-url'
})
]
})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).toContain('lodash')
expect(text).toContain('<a href="test-url">test-summary</a>')
})
test('addChangeVulnerabilitiesToSummary() - groups vulnerabilities of a single package', () => {
const changes = [
createTestChange({
name: 'package-with-multiple-vulnerabilities',
vulnerabilities: [
createTestVulnerability({advisory_summary: 'test-summary-1'}),
createTestVulnerability({advisory_summary: 'test-summary-2'})
]
})
]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text.match('package-with-multiple-vulnerabilities')).toHaveLength(1)
expect(text).toContain('test-summary-1')
expect(text).toContain('test-summary-2')
})
test('addChangeVulnerabilitiesToSummary() - prints severity statement if above low', () => {
const changes = [createTestChange()]
summary.addChangeVulnerabilitiesToSummary(changes, 'medium')
const text = core.summary.stringify()
expect(text).toContain(
'Only included vulnerabilities with severity <strong>medium</strong> or higher.'
)
})
test('addChangeVulnerabilitiesToSummary() - does not print severity statment if it is set to "low"', () => {
const changes = [createTestChange()]
summary.addChangeVulnerabilitiesToSummary(changes, 'low')
const text = core.summary.stringify()
expect(text).not.toContain('Only included vulnerabilities')
})
test('addLicensesToSummary() - does not include entire section if no license issues found', () => {
summary.addLicensesToSummary(emptyInvalidLicenseChanges, defaultConfig)
const text = core.summary.stringify()
expect(text).toEqual('')
})
test('addLicensesToSummary() - includes all license issues in table', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [createTestChange(), createTestChange()],
unlicensed: [createTestChange(), createTestChange(), createTestChange()]
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('<h2>License Issues</h2>')
expect(text).toContain('<td>Incompatible License</td>')
expect(text).toContain('<td>Invalid SPDX License</td>')
expect(text).toContain('<td>Unknown License</td>')
})
test('addLicenseToSummary() - adds one table per manifest', () => {
const licenseIssues = {
forbidden: [
createTestChange({manifest: 'package.json'}),
createTestChange({manifest: '.github/workflows/test.yml'})
],
unresolved: [],
unlicensed: []
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).toContain('<h4><em>package.json</em></h4>')
expect(text).toContain('<h4><em>.github/workflows/test.yml</em></h4>')
})
test('addLicensesToSummary() - does not include specific license type sub-section if nothing is found', () => {
const licenseIssues = {
forbidden: [],
unlicensed: [],
unresolved: [createTestChange()]
}
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const text = core.summary.stringify()
expect(text).not.toContain('<td>Incompatible License</td>')
expect(text).not.toContain('<td>Unknown License</td>')
expect(text).toContain('<td>Invalid SPDX License</td>')
})
test('addLicensesToSummary() - includes list of configured allowed licenses', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
const config: ConfigurationOptions = {
...defaultConfig,
allow_licenses: ['MIT', 'Apache-2.0']
}
summary.addLicensesToSummary(licenseIssues, config)
const text = core.summary.stringify()
expect(text).toContain('<strong>Allowed Licenses</strong>: MIT, Apache-2.0')
})
test('addLicensesToSummary() - includes configured denied license', () => {
const licenseIssues = {
forbidden: [createTestChange()],
unresolved: [],
unlicensed: []
}
const config: ConfigurationOptions = {
...defaultConfig,
deny_licenses: ['MIT']
}
summary.addLicensesToSummary(licenseIssues, config)
const text = core.summary.stringify()
expect(text).toContain('<strong>Denied Licenses</strong>: MIT')
})
+28
View File
@@ -0,0 +1,28 @@
// GitHub Action inputs come in the form of environment variables
// with an INPUT prefix (e.g. INPUT_FAIL-ON-SEVERITY)
export function setInput(input: string, value: string): void {
process.env[`INPUT_${input.toUpperCase()}`] = value
}
// We want a clean ENV before each test. We use `delete`
// since we want `undefined` values and not empty strings.
export function clearInputs(): void {
const allowedOptions = [
'FAIL-ON-SEVERITY',
'FAIL-ON-SCOPES',
'ALLOW-LICENSES',
'DENY-LICENSES',
'ALLOW-GHSAS',
'LICENSE-CHECK',
'VULNERABILITY-CHECK',
'CONFIG-FILE',
'BASE-REF',
'HEAD-REF',
'COMMENT-SUMMARY-IN-PR'
]
// eslint-disable-next-line github/array-foreach
allowedOptions.forEach(option => {
delete process.env[`INPUT_${option.toUpperCase()}`]
})
}
+56 -1
View File
@@ -1,11 +1,66 @@
# Avoid using default values for options here since they will
# end up overriding external configurations.
name: 'Dependency Review'
description: 'Prevent the introduction of dependencies with known vulnerabilities'
author: 'GitHub'
inputs:
repo-token:
description: 'Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.'
description: Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
required: false
default: ${{ github.token }}
fail-on-severity:
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
required: false
fail-on-scopes:
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
required: false
base-ref:
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
head-ref:
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
config-file:
description: A path to the configuration file for the action.
required: false
allow-licenses:
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
deny-licenses:
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
allow-dependencies-licenses:
description: Comma-separated list of dependencies in purl format (e.g. "pkg:npm/express, pkg:pip/pycrypto"). These dependencies will be permitted to use any license, no matter what license policy is enforced otherwise.
required: false
allow-ghsas:
description: Comma-separated list of allowed GitHub Advisory IDs (e.g. "GHSA-abcd-1234-5679, GHSA-efgh-1234-5679")
required: false
external-repo-token:
description: A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
required: false
license-check:
description: A boolean to determine if license checks should be performed
required: false
vulnerability-check:
description: A boolean to determine if vulnerability checks should be performed
required: false
comment-summary-in-pr:
description: Determines if the summary is posted as a comment in the PR itself. Setting this to `always` or `on-failure` requires you to give the workflow the write permissions for pull-requests
required: false
deny-packages:
description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
deny-groups:
description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
retry-on-snapshot-warnings:
description: Whether to retry on snapshot warnings
required: false
default: false
retry-on-snapshot-warnings-timeout:
description: Number of seconds to wait before stopping snapshot retries.
required: false
default: 120
runs:
using: 'node16'
main: 'dist/index.js'
Generated Vendored
+55873 -3104
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1256
View File
File diff suppressed because it is too large Load Diff
+296
View File
@@ -0,0 +1,296 @@
# Examples on how to use the Dependancy Review Action
## Basic Usage
A very basic example of how to use the action. This will run the action with the default configuration.
The full list of configuration options can be found [here](../README.md#configuration-options).
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
```
## Using an inline configuration
The following example will fail the action if any vulnerabilities are found with a severity of medium or higher; and if any packages are found with an incompatible license - in this case, the LGPL-2.0 and BSD-2-Clause licenses.
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
```
## Using a configuration file
The following example will use a configuration file to configure the action. This is useful if you want to keep your configuration in a single place and makes it easier to manage as the configuration grows.
The configuration file can be located in the same repository or in a separate repository. Having it in a separate repository might be useful if you plan to use the same configuration across multiple repositories and control it centrally.
In this example, the configuration file is located in the same repository under `.github/dependency-review-config.yml`. The following configuration will fail the action if any vulnerabilities are found with a severity of critical; and if any packages are found with an incompatible license - in this case, the LGPL-2.0 and BSD-2-Clause licenses.
```yaml
fail_on_severity: 'critical'
allow_licenses:
- 'LGPL-2.0'
- 'BSD-2-Clause'
```
The Dependancy Review Action workflow file will then look like this:
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: './.github/dependency-review-config.yml'
```
## Using a configuration file from an external repository
The following example will use a configuration file from an external public GitHub repository to configure the action.
Let's say that the configuration file is located in `github/octorepo/dependency-review-config.yml@main`
The Dependancy Review Action workflow file will then look like this:
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: 'github/octorepo/dependency-review-config.yml@main'
```
## Using a configuration file from an external repository with a personal access token
The following example will use a configuration file from an external private GtiHub repository to configure the action.
Let's say that the configuration file is located in `github/octorepo-private/dependency-review-config.yml@main`
The Dependancy Review Action workflow file will then look like this:
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: 'github/octorepo-private/dependency-review-config.yml@main'
external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
```
## Getting the results of the action in the PR as a comment
Using the `comment-summary-in-pr` you can get the results of the action in the PR as a comment. In order for this to work, the action needs to be able to create a comment in the PR. This requires additional `pull-requests: write` permission.
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
comment-summary-in-pr: always
```
## Exclude dependencies from the license check
Using the `allow-dependencies-licenses` you can exclude dependencies from the license check. The values should be provided in [purl](https://github.com/package-url/purl-spec) format.
In this example, we are excluding `lodash` from `npm` and `requests` from `pip` dependencies from the license check
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
comment-summary-in-pr: always
allow-dependencies-licenses: 'pkg:npm/loadash, pkg:pip/requests'
```
If we were to use configuration file, the configuration would look like this:
```yaml
fail-on-severity: 'critical'
allow-licenses:
- 'LGPL-2.0'
- 'BSD-2-Clause'
allow-dependencies-licenses:
- 'pkg:npm/loadash'
- 'pkg:pip/requests'
```
## Only check for vulnerabilities
To only do the vulnerability check you can use the `license-check` to disable the license compatibility check (which is done by default).
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
comment-summary-in-pr: always
license-check: false
```
## Exclude dependencies from their name or groups
Using the `deny-packages` option you can exclude dependencies by their PURL. You can add multiple values separated by a commas.
Using the `deny-groups` option you can exclude dependencies by their group name/namespace. You can add multiple values separated by a comma.
In this example, we are excluding `pkg:maven/org.apache.logging.log4j:log4j-api` and `pkg:maven/org.apache.logging.log4j/log4j-core` from `maven` and all packages in the group `pkg:maven/com.bazaarvoice.maven`
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
deny-packages: 'pkg:maven/org.apache.logging.log4j/log4j-api,pkg:maven/org.apache.logging.log4j/log4j-core'
deny-groups: 'pkg:maven/com.bazaarvoice.jolt'
```
## Waiting for dependency submission jobs to complete
When possible, this action will [include dependencies submitted through the dependency submission API][DSAPI]. In this case,
it's important for the action not to complete until all of the relevant dependencies have been submitted for both the base
and head commits.
When this action runs before one or more of the dependency submission actions, there will be an unequal number of dependency
snapshots between the base and head commits. For example, there may be one snapshot available for the tip of `main` and none
for the PR branch. In that case, the API response will contain a "snapshot warning" explaining the discrepancy.
In this example, when the action encounters one of these warnings it will retry every 10 seconds after that for 60 seconds
or until there is no warning in the response.
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
pull-requests: write
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
retry-on-snapshot-warnings: true
retry-on-snapshot-warnings-timeout: 60
```
[DSAPI]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together
+2 -2
View File
@@ -1,9 +1,9 @@
module.exports = {
clearMocks: true,
moduleFileExtensions: ['js', 'ts'],
moduleFileExtensions: ['js', 'json', 'ts'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
verbose: true
}
}
+4533 -9109
View File
File diff suppressed because it is too large Load Diff
+30 -22
View File
@@ -1,11 +1,11 @@
{
"name": "dependency-review-action",
"version": "0.0.1",
"version": "3.1.2",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
"scripts": {
"build": "tsc",
"build": "tsc -p tsconfig.build.json",
"format": "prettier --write '**/*.ts'",
"format-check": "prettier --check '**/*.ts'",
"lint": "eslint src/**/*.ts",
@@ -25,29 +25,37 @@
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.8.0",
"@actions/github": "^5.0.1",
"@octokit/plugin-retry": "^3.0.9",
"@actions/core": "^1.10.1",
"@actions/github": "^5.1.1",
"@octokit/plugin-retry": "^5.0.4",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.1.0",
"got": "^12.0.4",
"nodemon": "^2.0.16",
"zod": "^3.15.1"
"@types/jest": "^29.5.5",
"ansi-styles": "^6.2.1",
"got": "^13.0.0",
"jest": "^29.7.0",
"octokit": "^2.1.0",
"packageurl-js": "^1.2.0",
"spdx-expression-parse": "^3.0.1",
"spdx-satisfies": "^5.0.1",
"ts-jest": "^29.1.1",
"yaml": "^2.3.4",
"zod": "^3.22.3"
},
"devDependencies": {
"@types/node": "^17.0.31",
"@typescript-eslint/eslint-plugin": "^5.22.0",
"@typescript-eslint/parser": "^5.22.0",
"@vercel/ncc": "^0.33.4",
"esbuild-register": "^3.3.2",
"eslint": "^8.15.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.1.5",
"jest": "^27.5.1",
"@types/node": "^16.18.58",
"@types/spdx-expression-parse": "^3.0.4",
"@types/spdx-satisfies": "^0.1.1",
"@typescript-eslint/eslint-plugin": "^6.9.1",
"@typescript-eslint/parser": "^6.9.1",
"@vercel/ncc": "^0.38.0",
"esbuild-register": "^3.5.0",
"eslint": "^8.52.0",
"eslint-plugin-github": "^4.10.1",
"eslint-plugin-jest": "^27.6.0",
"eslint-plugin-prettier": "^5.0.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.16",
"prettier": "2.6.2",
"ts-jest": "^27.1.4",
"typescript": "^4.6.4"
"nodemon": "^3.0.1",
"prettier": "3.0.3",
"typescript": "^5.2.2"
}
}
+126
View File
@@ -0,0 +1,126 @@
/**
* This scripts creates example markdown files for the summary in the ./tmp folder.
* You can use it to preview changes to the summary.
*
* You can execute it like this:
* npx ts-node scripts/create_summary.ts
*/
import {Change, Changes, ConfigurationOptions} from '../src/schemas'
import {createTestChange} from '../__tests__/fixtures/create-test-change'
import {InvalidLicenseChanges} from '../src/licenses'
import * as fs from 'fs'
import * as core from '@actions/core'
import * as summary from '../src/summary'
import * as path from 'path'
const defaultConfig: ConfigurationOptions = {
vulnerability_check: true,
license_check: true,
fail_on_severity: 'high',
fail_on_scopes: ['runtime'],
allow_ghsas: [],
allow_licenses: ['MIT'],
deny_licenses: [],
deny_packages: [],
deny_groups: [],
allow_dependencies_licenses: [
'pkg:npm/express@4.17.1',
'pkg:pip/requests',
'pkg:pip/certifi',
'pkg:pip/pycrypto@2.6.1'
],
comment_summary_in_pr: true,
retry_on_snapshot_warnings: false,
retry_on_snapshot_warnings_timeout: 120
}
const tmpDir = path.resolve(__dirname, '../tmp')
const createExampleSummaries = async (): Promise<void> => {
await fs.promises.mkdir(tmpDir, {recursive: true})
await createNonIssueSummary()
await createFullSummary()
}
const createNonIssueSummary = async (): Promise<void> => {
await createSummary(
[],
{forbidden: [], unresolved: [], unlicensed: []},
[],
defaultConfig,
'non-issue-summary.md'
)
}
const createFullSummary = async (): Promise<void> => {
const changes = [createTestChange()]
const licenses: InvalidLicenseChanges = {
forbidden: [
createTestChange({
name: 'underscore',
version: '1.12.0',
license: 'Apache 2.0'
})
],
unresolved: [
createTestChange({
name: 'octoinvader',
license: 'Non SPDX License'
}),
createTestChange({
name: 'owner/action-1',
license: 'XYZ-License',
version: 'v1.2.2',
manifest: '.github/workflows/action.yml'
})
],
unlicensed: [
createTestChange({
name: 'my-other-dependency',
license: null
}),
createTestChange({
name: 'owner/action-2',
version: 'main',
license: null,
manifest: '.github/workflows/action.yml'
})
]
}
await createSummary(changes, licenses, [], defaultConfig, 'full-summary.md')
}
async function createSummary(
vulnerabilities: Changes,
licenseIssues: InvalidLicenseChanges,
denied: Change[],
config: ConfigurationOptions,
fileName: string
): Promise<void> {
summary.addSummaryToSummary(vulnerabilities, licenseIssues, denied, config)
summary.addChangeVulnerabilitiesToSummary(
vulnerabilities,
config.fail_on_severity
)
summary.addLicensesToSummary(licenseIssues, defaultConfig)
const allChanges = [
...vulnerabilities,
...licenseIssues.forbidden,
...licenseIssues.unresolved,
...licenseIssues.unlicensed
]
summary.addScannedDependencies(allChanges)
const text = core.summary.stringify()
await fs.promises.writeFile(path.resolve(tmpDir, fileName), text, {
flag: 'w'
})
core.summary.emptyBuffer()
}
createExampleSummaries()
+48 -9
View File
@@ -3,22 +3,52 @@ require 'json'
require 'tempfile'
require 'open3'
require 'bundler/inline'
require 'optparse'
gemfile do
source 'https://rubygems.org'
gem 'octokit'
end
config_file = nil
github_token = ENV["GITHUB_TOKEN"]
if !github_token || github_token.empty?
puts "Please set the GITHUB_TOKEN environment variable"
exit -1
end
arg = /(?<repo_nwo>[\w\-]+\/[\w\-]+)\/pull\/(?<pr_number>\d+)/.match(ARGV[0])
op = OptionParser.new do |opts|
usage = <<EOF
Run Dependency Review on a repository.
\e[1mUsage:\e[22m
scripts/scan_pr [options] <pr_url>
\e[1mExample:\e[22m
scripts/scan_pr https://github.com/actions/dependency-review-action/pull/294
EOF
opts.banner = usage
opts.on('-c', '--config-file <FILE>', 'Use an external configuration file') do |cf|
config_file = cf
end
opts.on("-h", "--help", "Prints this help") do
puts opts
exit
end
end
op.parse!
# make sure we have a NWO somewhere in the parameters
arg = /(?<repo_nwo>[\w\-]+\/[\w\-]+)\/pull\/(?<pr_number>\d+)/.match(ARGV.join(" "))
if arg.nil?
puts "Usage: script/scan_pr <pr_url>"
puts op
exit -1
end
@@ -32,17 +62,26 @@ event_file = Tempfile.new
event_file.write("{ \"pull_request\": #{pr.to_h.to_json}}")
event_file.close
dev_cmd_env = {
"INPUT_REPO-TOKEN" => github_token,
"GITHUB_REPOSITORY" => repo_nwo,
"GITHUB_EVENT_NAME" => "pull_request",
"GITHUB_EVENT_PATH" => event_file.path
action_inputs = {
"repo-token": github_token,
"config-file": config_file
}
dev_cmd = "./node_modules/.bin/nodemon --exec \"node -r esbuild-register\" src/main.ts"
dev_cmd_env = {
"GITHUB_REPOSITORY" => repo_nwo,
"GITHUB_EVENT_NAME" => "pull_request",
"GITHUB_EVENT_PATH" => event_file.path,
"GITHUB_STEP_SUMMARY" => "/dev/null"
}
# bash does not like variable names with dashes like the ones Actions
# uses (e.g. INPUT_REPO-TOKEN). Passing them through `env` instead of
# manually setting them does the job.
action_inputs_env_str = action_inputs.map { |name, value| "\"INPUT_#{name.upcase}=#{value}\"" }.join(" ")
dev_cmd = "./node_modules/.bin/nodemon --exec \"env #{action_inputs_env_str} node -r esbuild-register\" src/main.ts"
Open3.popen2e(dev_cmd_env, dev_cmd) do |stdin, out|
while line = out.gets
puts line
puts line.gsub(github_token, "<REDACTED>")
end
end
+84
View File
@@ -0,0 +1,84 @@
import * as github from '@actions/github'
import * as core from '@actions/core'
import * as githubUtils from '@actions/github/lib/utils'
import * as retry from '@octokit/plugin-retry'
import {RequestError} from '@octokit/request-error'
const retryingOctokit = githubUtils.GitHub.plugin(retry.retry)
const octo = new retryingOctokit(
githubUtils.getOctokitOptions(core.getInput('repo-token', {required: true}))
)
// Comment Marker to identify an existing comment to update, so we don't spam the PR with comments
const COMMENT_MARKER = '<!-- dependency-review-pr-comment-marker -->'
export async function commentPr(summary: typeof core.summary): Promise<void> {
if (!github.context.payload.pull_request) {
core.warning(
'Not in the context of a pull request. Skipping comment creation.'
)
return
}
const commentBody = `${summary.stringify()}\n\n${COMMENT_MARKER}`
try {
const existingCommentId = await findCommentByMarker(COMMENT_MARKER)
if (existingCommentId) {
await octo.rest.issues.updateComment({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
comment_id: existingCommentId,
body: commentBody
})
} else {
await octo.rest.issues.createComment({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
issue_number: github.context.payload.pull_request.number,
body: commentBody
})
}
} catch (error) {
if (error instanceof RequestError && error.status === 403) {
core.warning(
`Unable to write summary to pull-request. Make sure you are giving this workflow the permission 'pull-requests: write'.`
)
} else {
if (error instanceof Error) {
core.warning(
`Unable to comment summary to pull-request, received error: ${error.message}`
)
} else {
core.warning(
'Unable to comment summary to pull-request: Unexpected fatal error'
)
}
}
}
}
async function findCommentByMarker(
commentBodyIncludes: string
): Promise<number | undefined> {
const commentsIterator = octo.paginate.iterator(
octo.rest.issues.listComments,
{
owner: github.context.repo.owner,
repo: github.context.repo.repo,
// We are already checking if we are in the context of a pull request in the caller
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
issue_number: github.context.payload.pull_request!.number
}
)
for await (const {data: comments} of commentsIterator) {
const existingComment = comments.find(
comment => comment.body?.includes(commentBodyIncludes)
)
if (existingComment) return existingComment.id
}
return undefined
}
+237
View File
@@ -0,0 +1,237 @@
import * as fs from 'fs'
import path from 'path'
import YAML from 'yaml'
import * as core from '@actions/core'
import * as z from 'zod'
import {ConfigurationOptions, ConfigurationOptionsSchema} from './schemas'
import {isSPDXValid, octokitClient} from './utils'
import {PackageURL} from 'packageurl-js'
type ConfigurationOptionsPartial = Partial<ConfigurationOptions>
export async function readConfig(): Promise<ConfigurationOptions> {
const inlineConfig = readInlineConfig()
const configFile = getOptionalInput('config-file')
if (configFile !== undefined) {
const externalConfig = await readConfigFile(configFile)
return ConfigurationOptionsSchema.parse({
...externalConfig,
...inlineConfig
})
}
return ConfigurationOptionsSchema.parse(inlineConfig)
}
function readInlineConfig(): ConfigurationOptionsPartial {
const fail_on_severity = getOptionalInput('fail-on-severity')
const fail_on_scopes = parseList(getOptionalInput('fail-on-scopes'))
const allow_licenses = parseList(getOptionalInput('allow-licenses'))
const deny_licenses = parseList(getOptionalInput('deny-licenses'))
const allow_dependencies_licenses = parseList(
getOptionalInput('allow-dependencies-licenses')
)
const deny_packages = parseList(getOptionalInput('deny-packages'))
const deny_groups = parseList(getOptionalInput('deny-groups'))
const allow_ghsas = parseList(getOptionalInput('allow-ghsas'))
const license_check = getOptionalBoolean('license-check')
const vulnerability_check = getOptionalBoolean('vulnerability-check')
const base_ref = getOptionalInput('base-ref')
const head_ref = getOptionalInput('head-ref')
const comment_summary_in_pr = getOptionalInput('comment-summary-in-pr')
const retry_on_snapshot_warnings = getOptionalBoolean(
'retry-on-snapshot-warnings'
)
const retry_on_snapshot_warnings_timeout = getOptionalNumber(
'retry-on-snapshot-warnings-timeout'
)
validatePURL(allow_dependencies_licenses)
validateLicenses('allow-licenses', allow_licenses)
validateLicenses('deny-licenses', deny_licenses)
const keys = {
fail_on_severity,
fail_on_scopes,
allow_licenses,
deny_licenses,
deny_packages,
deny_groups,
allow_dependencies_licenses,
allow_ghsas,
license_check,
vulnerability_check,
base_ref,
head_ref,
comment_summary_in_pr,
retry_on_snapshot_warnings,
retry_on_snapshot_warnings_timeout
}
return Object.fromEntries(
Object.entries(keys).filter(([_, value]) => value !== undefined)
)
}
function getOptionalNumber(name: string): number | undefined {
const value = core.getInput(name)
const parsed = z.string().regex(/^\d+$/).transform(Number).safeParse(value)
return parsed.success ? parsed.data : undefined
}
function getOptionalBoolean(name: string): boolean | undefined {
const value = core.getInput(name)
return value.length > 0 ? core.getBooleanInput(name) : undefined
}
function getOptionalInput(name: string): string | undefined {
const value = core.getInput(name)
return value.length > 0 ? value : undefined
}
function parseList(list: string | undefined): string[] | undefined {
if (list === undefined) {
return list
} else {
return list.split(',').map(x => x.trim())
}
}
function validateLicenses(
key: 'allow-licenses' | 'deny-licenses',
licenses: string[] | undefined
): void {
if (licenses === undefined) {
return
}
const invalid_licenses = licenses.filter(license => !isSPDXValid(license))
if (invalid_licenses.length > 0) {
throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`)
}
}
async function readConfigFile(
filePath: string
): Promise<ConfigurationOptionsPartial> {
// match a remote config (e.g. 'owner/repo/filepath@someref')
const format = new RegExp(
'(?<owner>[^/]+)/(?<repo>[^/]+)/(?<path>[^@]+)@(?<ref>.*)'
)
let data: string
const pieces = format.exec(filePath)
try {
if (pieces?.groups && pieces.length === 5) {
data = await getRemoteConfig({
owner: pieces.groups.owner,
repo: pieces.groups.repo,
path: pieces.groups.path,
ref: pieces.groups.ref
})
} else {
data = fs.readFileSync(path.resolve(filePath), 'utf-8')
}
return parseConfigFile(data)
} catch (error) {
throw new Error(
`Unable to fetch or parse config file: ${(error as Error).message}`
)
}
}
function parseConfigFile(configData: string): ConfigurationOptionsPartial {
try {
const data = YAML.parse(configData)
// These are the options that we support where the user can provide
// either a YAML list or a comma-separated string.
const listKeys = [
'allow-licenses',
'deny-licenses',
'fail-on-scopes',
'allow-ghsas',
'allow-dependencies-licenses',
'deny-packages',
'deny-groups'
]
for (const key of Object.keys(data)) {
// strings can contain list values (e.g. 'MIT, Apache-2.0'). In this
// case we need to parse that into a list (e.g. ['MIT', 'Apache-2.0']).
if (listKeys.includes(key)) {
const val = data[key]
if (typeof val === 'string') {
data[key] = val.split(',').map(x => x.trim())
}
}
// perform SPDX validation
if (key === 'allow-licenses' || key === 'deny-licenses') {
validateLicenses(key, data[key])
}
// validate purls from the allow-dependencies-licenses
if (key === 'allow-dependencies-licenses') {
validatePURL(data[key])
}
// get rid of the ugly dashes from the actions conventions
if (key.includes('-')) {
data[key.replace(/-/g, '_')] = data[key]
delete data[key]
}
}
return data
} catch (error) {
throw error
}
}
async function getRemoteConfig(configOpts: {
[key: string]: string
}): Promise<string> {
try {
const {data} = await octokitClient(
'external-repo-token',
false
).rest.repos.getContent({
mediaType: {
format: 'raw'
},
owner: configOpts.owner,
repo: configOpts.repo,
path: configOpts.path,
ref: configOpts.ref
})
// When using mediaType.format = 'raw', the response.data is a string
// but this is not reflected in the return type of getContent, so we're
// casting the return value to a string.
return z.string().parse(data as unknown)
} catch (error) {
core.debug(error as string)
throw new Error('Error fetching remote config file')
}
}
function validatePURL(allow_dependencies_licenses: string[] | undefined): void {
//validate that the provided elements of the string are in valid purl format
if (allow_dependencies_licenses === undefined) {
return
}
const invalid_purls = allow_dependencies_licenses.filter(
purl => !PackageURL.fromString(purl)
)
if (invalid_purls.length > 0) {
throw new Error(
`Invalid purl(s) in allow-dependencies-licenses: ${invalid_purls}`
)
}
return
}
+42
View File
@@ -0,0 +1,42 @@
import {Change} from './schemas'
import * as core from '@actions/core'
export async function getDeniedChanges(
changes: Change[],
deniedPackages: string[],
deniedGroups: string[]
): Promise<Change[]> {
const changesDenied: Change[] = []
let failed = false
for (const change of changes) {
change.name = change.name.toLowerCase()
const packageUrl = change.package_url.toLowerCase().split('@')[0]
if (deniedPackages) {
for (const denied of deniedPackages) {
if (packageUrl === denied.split('@')[0].toLowerCase()) {
changesDenied.push(change)
failed = true
}
}
}
if (deniedGroups) {
for (const denied of deniedGroups) {
if (packageUrl.startsWith(denied.toLowerCase())) {
changesDenied.push(change)
failed = true
}
}
}
}
if (failed) {
core.setFailed('Dependency review detected denied packages.')
} else {
core.info('Dependency review did not detect any denied packages')
}
return changesDenied
}
+26 -4
View File
@@ -1,9 +1,14 @@
import * as core from '@actions/core'
import * as githubUtils from '@actions/github/lib/utils'
import * as retry from '@octokit/plugin-retry'
import {Changes, ChangesSchema} from './schemas'
import {
ChangesSchema,
ComparisonResponse,
ComparisonResponseSchema
} from './schemas'
const retryingOctokit = githubUtils.GitHub.plugin(retry.retry)
const SnapshotWarningsHeader = 'x-github-dependency-graph-snapshot-warnings'
const octo = new retryingOctokit(
githubUtils.getOctokitOptions(core.getInput('repo-token', {required: true}))
)
@@ -18,14 +23,31 @@ export async function compare({
repo: string
baseRef: string
headRef: string
}): Promise<Changes> {
}): Promise<ComparisonResponse> {
let snapshot_warnings = ''
const changes = await octo.paginate(
'GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}',
{
method: 'GET',
url: '/repos/{owner}/{repo}/dependency-graph/compare/{basehead}',
owner,
repo,
basehead: `${baseRef}...${headRef}`
},
response => {
if (
response.headers[SnapshotWarningsHeader] &&
typeof response.headers[SnapshotWarningsHeader] === 'string'
) {
snapshot_warnings = Buffer.from(
response.headers[SnapshotWarningsHeader],
'base64'
).toString('utf-8')
}
return ChangesSchema.parse(response.data)
}
)
return ChangesSchema.parse(changes)
return ComparisonResponseSchema.parse({
changes,
snapshot_warnings
})
}
+92
View File
@@ -0,0 +1,92 @@
import {Changes, Severity, SEVERITIES, Scope} from './schemas'
export function filterChangesBySeverity(
severity: Severity,
changes: Changes
): Changes {
const severityIdx = SEVERITIES.indexOf(severity)
let filteredChanges = []
for (const change of changes) {
if (
change === undefined ||
change.vulnerabilities === undefined ||
change.vulnerabilities.length === 0
) {
continue
}
const fChange = {
...change,
vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = SEVERITIES.indexOf(vuln.severity)
if (vulnIdx <= severityIdx) {
return true
}
})
}
filteredChanges.push(fChange)
}
// don't want to deal with changes with no vulnerabilities
filteredChanges = filteredChanges.filter(
change => change.vulnerabilities.length > 0
)
return filteredChanges
}
export function filterChangesByScopes(
scopes: Scope[] | undefined,
changes: Changes
): Changes {
if (scopes === undefined) {
return []
}
const filteredChanges = changes.filter(change => {
// if there is no scope on the change (Enterprise Server API for now), we will assume it is a runtime scope
const scope = change.scope || 'runtime'
return scopes.includes(scope)
})
return filteredChanges
}
/**
* Filter out changes that are allowed by the allow_ghsas config
* option. We want to remove these changes before we do any
* processing.
* @param ghsas - list of GHSA IDs to allow
* @param changes - list of changes to filter
* @returns a list of changes with the allowed GHSAs removed
*/
export function filterAllowedAdvisories(
ghsas: string[] | undefined,
changes: Changes
): Changes {
if (ghsas === undefined) {
return changes
}
const filteredChanges = changes.filter(change => {
const noAdvisories =
change.vulnerabilities === undefined ||
change.vulnerabilities.length === 0
if (noAdvisories) {
return true
}
let allAllowedAdvisories = true
// if there's at least one advisory that is not allowlisted, we will keep the change
for (const vulnerability of change.vulnerabilities) {
if (!ghsas.includes(vulnerability.advisory_ghsa_id)) {
allAllowedAdvisories = false
}
if (!allAllowedAdvisories) {
return true
}
}
})
return filteredChanges
}
+42
View File
@@ -0,0 +1,42 @@
import {PullRequestSchema, ConfigurationOptions} from './schemas'
export function getRefs(
config: ConfigurationOptions,
context: {payload: {pull_request?: unknown}; eventName: string}
): {base: string; head: string} {
let base_ref = config.base_ref
let head_ref = config.head_ref
// If possible, source default base & head refs from the GitHub event.
// The base/head ref from the config take priority, if provided.
if (
context.eventName === 'pull_request' ||
context.eventName === 'pull_request_target'
) {
const pull_request = PullRequestSchema.parse(context.payload.pull_request)
base_ref = base_ref || pull_request.base.sha
head_ref = head_ref || pull_request.head.sha
}
if (!base_ref && !head_ref) {
throw new Error(
'Both a base ref and head ref must be provided, either via the `base_ref`/`head_ref` ' +
'config options, or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!base_ref) {
throw new Error(
'A base ref must be provided, either via the `base_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!head_ref) {
throw new Error(
'A head ref must be provided, either via the `head_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
}
return {
base: base_ref,
head: head_ref
}
}
+214
View File
@@ -0,0 +1,214 @@
import spdxSatisfies from 'spdx-satisfies'
import {Change, Changes} from './schemas'
import {isSPDXValid, octokitClient} from './utils'
import {PackageURL} from 'packageurl-js'
/**
* Loops through a list of changes, filtering and returning the
* ones that don't conform to the licenses allow/deny lists.
* It will also filter out the changes which are defined in the licenseExclusions list.
*
* Keep in mind that we don't let users specify both an allow and a deny
* list in their config files, so this code works under the assumption that
* one of the two list parameters will be empty. If both lists are provided,
* we will ignore the deny list.
* @param {Change[]} changes The list of changes to filter.
* @param { { allow?: string[], deny?: string[], licenseExclusions?: string[]}} licenses An object with `allow`/`deny`/`licenseExclusions` keys, each containing a list of licenses.
* @returns {Promise<{Object.<string, Array.<Change>>}} A promise to a Record Object. The keys are strings, unlicensed, unresolved and forbidden. The values are a list of changes
*/
export type InvalidLicenseChangeTypes =
| 'unlicensed'
| 'unresolved'
| 'forbidden'
export type InvalidLicenseChanges = Record<InvalidLicenseChangeTypes, Changes>
export async function getInvalidLicenseChanges(
changes: Change[],
licenses: {
allow?: string[]
deny?: string[]
licenseExclusions?: string[]
}
): Promise<InvalidLicenseChanges> {
const {allow, deny} = licenses
const licenseExclusions = licenses.licenseExclusions?.map(
(pkgUrl: string) => {
return PackageURL.fromString(pkgUrl)
}
)
const groupedChanges = await groupChanges(changes)
// Takes the changes from the groupedChanges object and filters out the ones that are part of the exclusions list
// It does by creating a new PackageURL object from the change and comparing it to the exclusions list
groupedChanges.licensed = groupedChanges.licensed.filter(change => {
if (change.package_url.length === 0) {
return true
}
const changeAsPackageURL = PackageURL.fromString(change.package_url)
// We want to find if the licenseExclussion list contains the PackageURL of the Change
// If it does, we want to filter it out and therefore return false
// If it doesn't, we want to keep it and therefore return true
if (
licenseExclusions !== null &&
licenseExclusions !== undefined &&
licenseExclusions.findIndex(
exclusion =>
exclusion.type === changeAsPackageURL.type &&
exclusion.name === changeAsPackageURL.name
) !== -1
) {
return false
} else {
return true
}
})
const licensedChanges: Changes = groupedChanges.licensed
const invalidLicenseChanges: InvalidLicenseChanges = {
unlicensed: groupedChanges.unlicensed,
unresolved: [],
forbidden: []
}
const validityCache = new Map<string, boolean>()
for (const change of licensedChanges) {
const license = change.license
// should never happen since licensedChanges always have licenses but license is nullable in changes schema
if (license === null) {
continue
}
if (license === 'NOASSERTION') {
invalidLicenseChanges.unlicensed.push(change)
} else if (validityCache.get(license) === undefined) {
try {
if (allow !== undefined) {
const found = allow.find(spdxExpression =>
spdxSatisfies(license, spdxExpression)
)
validityCache.set(license, found !== undefined)
} else if (deny !== undefined) {
const found = deny.find(spdxExpression =>
spdxSatisfies(license, spdxExpression)
)
validityCache.set(license, found === undefined)
}
} catch (err) {
invalidLicenseChanges.unresolved.push(change)
}
}
if (validityCache.get(license) === false) {
invalidLicenseChanges.forbidden.push(change)
}
}
return invalidLicenseChanges
}
const fetchGHLicense = async (
owner: string,
repo: string
): Promise<string | null> => {
try {
const response = await octokitClient().rest.licenses.getForRepo({
owner,
repo
})
return response.data.license?.spdx_id ?? null
} catch (_) {
return null
}
}
const parseGitHubURL = (url: string): {owner: string; repo: string} | null => {
try {
const parsed = new URL(url)
if (parsed.host !== 'github.com') {
return null
}
const components = parsed.pathname.split('/')
if (components.length < 3) {
return null
}
return {owner: components[1], repo: components[2]}
} catch (_) {
return null
}
}
const setGHLicenses = async (changes: Change[]): Promise<Change[]> => {
const updatedChanges = changes.map(async change => {
if (change.license !== null || change.source_repository_url === null) {
return change
}
const githubUrl = parseGitHubURL(change.source_repository_url)
if (githubUrl === null) {
return change
}
return {
...change,
license: await fetchGHLicense(githubUrl.owner, githubUrl.repo)
}
})
return Promise.all(updatedChanges)
}
// Currently Dependency Graph licenses are truncated to 255 characters
// This possibly makes them invalid spdx ids
const truncatedDGLicense = (license: string): boolean =>
license.length === 255 && !isSPDXValid(license)
async function groupChanges(
changes: Changes
): Promise<Record<string, Changes>> {
const result: Record<string, Changes> = {
licensed: [],
unlicensed: []
}
const ghChanges = []
for (const change of changes) {
if (change.change_type === 'removed') {
continue
}
if (change.license === null) {
if (change.source_repository_url !== null) {
ghChanges.push(change)
} else {
result.unlicensed.push(change)
}
} else {
if (
truncatedDGLicense(change.license) &&
change.source_repository_url !== null
) {
ghChanges.push(change)
} else {
result.licensed.push(change)
}
}
}
if (ghChanges.length > 0) {
const ghLicenses = await setGHLicenses(ghChanges)
for (const change of ghLicenses) {
if (change.license === null) {
result.unlicensed.push(change)
} else {
result.licensed.push(change)
}
}
}
return result
}
+272 -36
View File
@@ -3,53 +3,150 @@ import * as dependencyGraph from './dependency-graph'
import * as github from '@actions/github'
import styles from 'ansi-styles'
import {RequestError} from '@octokit/request-error'
import {PullRequestSchema} from './schemas'
import {Change, Severity, Changes, ConfigurationOptions} from './schemas'
import {readConfig} from '../src/config'
import {
filterChangesBySeverity,
filterChangesByScopes,
filterAllowedAdvisories
} from '../src/filter'
import {getInvalidLicenseChanges} from './licenses'
import * as summary from './summary'
import {getRefs} from './git-refs'
import {groupDependenciesByManifest} from './utils'
import {commentPr} from './comment-pr'
import {getDeniedChanges} from './deny'
async function delay(ms: number): Promise<void> {
return new Promise(resolve => setTimeout(resolve, ms))
}
async function getComparison(
baseRef: string,
headRef: string,
retryOpts?: {
retryUntil: number
retryDelay: number
}
): ReturnType<typeof dependencyGraph.compare> {
const comparison = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef,
headRef
})
if (comparison.snapshot_warnings.trim() !== '') {
core.info(comparison.snapshot_warnings)
if (retryOpts !== undefined) {
if (retryOpts.retryUntil < Date.now()) {
core.info(`Retry timeout exceeded. Proceeding...`)
return comparison
} else {
core.info(`Retrying in ${retryOpts.retryDelay} seconds...`)
await delay(retryOpts.retryDelay * 1000)
return getComparison(baseRef, headRef, retryOpts)
}
}
}
return comparison
}
async function run(): Promise<void> {
try {
if (github.context.eventName !== 'pull_request') {
throw new Error(
`This run was triggered by the "${github.context.eventName}" event, which is unsupported. Please ensure you are using the "pull_request" event for this workflow.`
)
}
const config = await readConfig()
const pull_request = PullRequestSchema.parse(
github.context.payload.pull_request
const refs = getRefs(config, github.context)
const comparison = await getComparison(
refs.base,
refs.head,
config.retry_on_snapshot_warnings
? {
retryUntil:
Date.now() + config.retry_on_snapshot_warnings_timeout * 1000,
retryDelay: 10
}
: undefined
)
const changes = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef: pull_request.base.sha,
headRef: pull_request.head.sha
})
const changes = comparison.changes
const snapshot_warnings = comparison.snapshot_warnings
let failed = false
if (!changes) {
core.info('No Dependency Changes found. Skipping Dependency Review.')
return
}
for (const change of changes) {
if (
const minSeverity = config.fail_on_severity
const scopedChanges = filterChangesByScopes(config.fail_on_scopes, changes)
const filteredChanges = filterAllowedAdvisories(
config.allow_ghsas,
scopedChanges
)
const vulnerableChanges = filterChangesBySeverity(
minSeverity,
filteredChanges
).filter(
change =>
change.change_type === 'added' &&
change.vulnerabilities !== undefined &&
change.vulnerabilities.length > 0
) {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
failed = true
)
const invalidLicenseChanges = await getInvalidLicenseChanges(
filteredChanges,
{
allow: config.allow_licenses,
deny: config.deny_licenses,
licenseExclusions: config.allow_dependencies_licenses
}
)
core.debug(`Filtered Changes: ${JSON.stringify(filteredChanges)}`)
core.debug(`Config Deny Packages: ${JSON.stringify(config)}`)
const deniedChanges = await getDeniedChanges(
filteredChanges,
config.deny_packages,
config.deny_groups
)
summary.addSummaryToSummary(
vulnerableChanges,
invalidLicenseChanges,
deniedChanges,
config
)
if (snapshot_warnings) {
summary.addSnapshotWarnings(config, snapshot_warnings)
}
if (failed) {
throw new Error('Dependency review detected vulnerable packages.')
} else {
core.info('Dependency review did not detect any vulnerable packages.')
if (config.vulnerability_check) {
summary.addChangeVulnerabilitiesToSummary(vulnerableChanges, minSeverity)
printVulnerabilitiesBlock(vulnerableChanges, minSeverity)
}
if (config.license_check) {
summary.addLicensesToSummary(invalidLicenseChanges, config)
printLicensesBlock(invalidLicenseChanges)
}
if (config.deny_packages || config.deny_groups) {
summary.addDeniedToSummary(deniedChanges)
printDeniedDependencies(deniedChanges, config)
}
summary.addScannedDependencies(changes)
printScannedDependencies(changes)
if (
config.comment_summary_in_pr === 'always' ||
(config.comment_summary_in_pr === 'on-failure' &&
process.exitCode === core.ExitCode.Failure)
) {
await commentPr(core.summary)
}
} catch (error) {
if (error instanceof RequestError && error.status === 404) {
@@ -58,11 +155,96 @@ async function run(): Promise<void> {
)
} else if (error instanceof RequestError && error.status === 403) {
core.setFailed(
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled along with GitHub Advanced Security on private repositories, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
)
} else if (error instanceof Error) {
core.setFailed(error.message)
} else {
if (error instanceof Error) {
core.setFailed(error.message)
} else {
core.setFailed('Unexpected fatal error')
}
}
} finally {
await core.summary.write()
}
}
function printVulnerabilitiesBlock(
addedChanges: Changes,
minSeverity: Severity
): void {
let failed = false
core.group('Vulnerabilities', async () => {
if (addedChanges.length > 0) {
for (const change of addedChanges) {
printChangeVulnerabilities(change)
}
failed = true
}
if (failed) {
core.setFailed('Dependency review detected vulnerable packages.')
} else {
core.info(
`Dependency review did not detect any vulnerable packages with severity level "${minSeverity}" or higher.`
)
}
})
}
function printChangeVulnerabilities(change: Change): void {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
}
function printLicensesBlock(
invalidLicenseChanges: Record<string, Changes>
): void {
core.group('Licenses', async () => {
if (invalidLicenseChanges.forbidden.length > 0) {
core.info('\nThe following dependencies have incompatible licenses:')
printLicensesError(invalidLicenseChanges.forbidden)
core.setFailed('Dependency review detected incompatible licenses.')
}
if (invalidLicenseChanges.unresolved.length > 0) {
core.warning(
'\nThe validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses:'
)
printLicensesError(invalidLicenseChanges.unresolved)
core.setFailed(
'Dependency review could not detect the validity of all licenses.'
)
}
printNullLicenses(invalidLicenseChanges.unlicensed)
})
}
function printLicensesError(changes: Changes): void {
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close} License: ${styles.color.red.open}${change.license}${styles.color.red.close}`
)
}
}
function printNullLicenses(changes: Changes): void {
if (changes.length === 0) {
return
}
core.info('\nWe could not detect a license for the following dependencies:')
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close}`
)
}
}
@@ -80,4 +262,58 @@ function renderSeverity(
return `${styles.color[color].open}(${severity} severity)${styles.color[color].close}`
}
function renderScannedDependency(change: Change): string {
const changeType: string = change.change_type
if (changeType !== 'added' && changeType !== 'removed') {
throw new Error(`Unexpected change type: ${changeType}`)
}
const color = (
{
added: 'green',
removed: 'red'
} as const
)[changeType]
const icon = (
{
added: '+',
removed: '-'
} as const
)[changeType]
return `${styles.color[color].open}${icon} ${change.name}@${change.version}${styles.color[color].close}`
}
function printScannedDependencies(changes: Changes): void {
core.group('Dependency Changes', async () => {
const dependencies = groupDependenciesByManifest(changes)
for (const manifestName of dependencies.keys()) {
const manifestChanges = dependencies.get(manifestName) || []
core.info(`File: ${styles.bold.open}${manifestName}${styles.bold.close}`)
for (const change of manifestChanges) {
core.info(`${renderScannedDependency(change)}`)
}
}
})
}
function printDeniedDependencies(
changes: Change[],
config: ConfigurationOptions
): void {
core.group('Denied', async () => {
for (const denied of config.deny_packages) {
core.info(`Config: ${denied}`)
}
for (const change of changes) {
core.info(`Change: ${change.name}@${change.version} is denied`)
core.info(`Change: ${change.package_url} is denied`)
}
})
}
run()
+78 -3
View File
@@ -1,6 +1,11 @@
import * as z from 'zod'
const ChangeSchema = z.object({
export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const
export const SCOPES = ['unknown', 'runtime', 'development'] as const
export const SeveritySchema = z.enum(SEVERITIES).default('low')
export const ChangeSchema = z.object({
change_type: z.enum(['added', 'removed']),
manifest: z.string(),
ecosystem: z.string(),
@@ -9,16 +14,18 @@ const ChangeSchema = z.object({
package_url: z.string(),
license: z.string().nullable(),
source_repository_url: z.string().nullable(),
scope: z.enum(SCOPES).optional(),
vulnerabilities: z
.array(
z.object({
severity: z.enum(['critical', 'high', 'moderate', 'low']),
severity: SeveritySchema,
advisory_ghsa_id: z.string(),
advisory_summary: z.string(),
advisory_url: z.string()
})
)
.optional()
.default([])
})
export const PullRequestSchema = z.object({
@@ -27,6 +34,74 @@ export const PullRequestSchema = z.object({
head: z.object({sha: z.string()})
})
export const ChangesSchema = z.array(ChangeSchema)
export const ConfigurationOptionsSchema = z
.object({
fail_on_severity: SeveritySchema,
fail_on_scopes: z.array(z.enum(SCOPES)).default(['runtime']),
allow_licenses: z.array(z.string()).optional(),
deny_licenses: z.array(z.string()).optional(),
allow_dependencies_licenses: z.array(z.string()).optional(),
allow_ghsas: z.array(z.string()).default([]),
deny_packages: z.array(z.string()).default([]),
deny_groups: z.array(z.string()).default([]),
license_check: z.boolean().default(true),
vulnerability_check: z.boolean().default(true),
config_file: z.string().optional(),
base_ref: z.string().optional(),
head_ref: z.string().optional(),
retry_on_snapshot_warnings: z.boolean().default(false),
retry_on_snapshot_warnings_timeout: z.number().default(120),
comment_summary_in_pr: z
.union([
z.preprocess(
val => (val === 'true' ? true : val === 'false' ? false : val),
z.boolean()
),
z.enum(['always', 'never', 'on-failure'])
])
.default('never')
})
.transform(config => {
if (config.comment_summary_in_pr === true) {
config.comment_summary_in_pr = 'always'
} else if (config.comment_summary_in_pr === false) {
config.comment_summary_in_pr = 'never'
}
return config
})
.superRefine((config, context) => {
if (config.allow_licenses && config.deny_licenses) {
context.addIssue({
code: z.ZodIssueCode.custom,
message: 'You cannot specify both allow-licenses and deny-licenses'
})
}
if (config.allow_licenses && config.allow_licenses.length < 1) {
context.addIssue({
code: z.ZodIssueCode.custom,
message: 'You should provide at least one license in allow-licenses'
})
}
if (
config.license_check === false &&
config.vulnerability_check === false
) {
context.addIssue({
code: z.ZodIssueCode.custom,
message: "Can't disable both license-check and vulnerability-check"
})
}
})
export const ChangesSchema = z.array(ChangeSchema)
export const ComparisonResponseSchema = z.object({
changes: z.array(ChangeSchema),
snapshot_warnings: z.string()
})
export type Change = z.infer<typeof ChangeSchema>
export type Changes = z.infer<typeof ChangesSchema>
export type ComparisonResponse = z.infer<typeof ComparisonResponseSchema>
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
export type Severity = z.infer<typeof SeveritySchema>
export type Scope = (typeof SCOPES)[number]
+298
View File
@@ -0,0 +1,298 @@
import * as core from '@actions/core'
import {ConfigurationOptions, Changes, Change} from './schemas'
import {SummaryTableRow} from '@actions/core/lib/summary'
import {InvalidLicenseChanges, InvalidLicenseChangeTypes} from './licenses'
import {groupDependenciesByManifest, getManifestsSet, renderUrl} from './utils'
const icons = {
check: '✅',
cross: '❌',
warning: '⚠️'
}
export function addSummaryToSummary(
vulnerableChanges: Changes,
invalidLicenseChanges: InvalidLicenseChanges,
deniedChanges: Changes,
config: ConfigurationOptions
): void {
core.summary.addHeading('Dependency Review', 1)
if (
vulnerableChanges.length === 0 &&
countLicenseIssues(invalidLicenseChanges) === 0 &&
deniedChanges.length === 0
) {
if (!config.license_check) {
core.summary.addRaw(`${icons.check} No vulnerabilities found.`)
} else if (!config.vulnerability_check) {
core.summary.addRaw(`${icons.check} No license issues found.`)
} else {
core.summary.addRaw(
`${icons.check} No vulnerabilities or license issues found.`
)
}
return
}
core.summary
.addRaw('The following issues were found:')
.addList([
...(config.vulnerability_check
? [
`${checkOrFailIcon(vulnerableChanges.length)} ${
vulnerableChanges.length
} vulnerable package(s)`
]
: []),
...(config.license_check
? [
`${checkOrFailIcon(invalidLicenseChanges.forbidden.length)} ${
invalidLicenseChanges.forbidden.length
} package(s) with incompatible licenses`,
`${checkOrFailIcon(invalidLicenseChanges.unresolved.length)} ${
invalidLicenseChanges.unresolved.length
} package(s) with invalid SPDX license definitions`,
`${checkOrWarnIcon(invalidLicenseChanges.unlicensed.length)} ${
invalidLicenseChanges.unlicensed.length
} package(s) with unknown licenses.`
]
: []),
...(deniedChanges.length > 0
? [
`${checkOrWarnIcon(deniedChanges.length)} ${
deniedChanges.length
} package(s) denied.`
]
: [])
])
.addRaw('See the Details below.')
}
export function addChangeVulnerabilitiesToSummary(
vulnerableChanges: Changes,
severity: string
): void {
if (vulnerableChanges.length === 0) {
return
}
const rows: SummaryTableRow[] = []
const manifests = getManifestsSet(vulnerableChanges)
core.summary.addHeading('Vulnerabilities', 2)
for (const manifest of manifests) {
for (const change of vulnerableChanges.filter(
pkg => pkg.manifest === manifest
)) {
let previous_package = ''
let previous_version = ''
for (const vuln of change.vulnerabilities) {
const sameAsPrevious =
previous_package === change.name &&
previous_version === change.version
if (!sameAsPrevious) {
rows.push([
renderUrl(change.source_repository_url, change.name),
change.version,
renderUrl(vuln.advisory_url, vuln.advisory_summary),
vuln.severity
])
} else {
rows.push([
{data: '', colspan: '2'},
renderUrl(vuln.advisory_url, vuln.advisory_summary),
vuln.severity
])
}
previous_package = change.name
previous_version = change.version
}
}
core.summary.addHeading(`<em>${manifest}</em>`, 4).addTable([
[
{data: 'Name', header: true},
{data: 'Version', header: true},
{data: 'Vulnerability', header: true},
{data: 'Severity', header: true}
],
...rows
])
}
if (severity !== 'low') {
core.summary.addQuote(
`Only included vulnerabilities with severity <strong>${severity}</strong> or higher.`
)
}
}
export function addLicensesToSummary(
invalidLicenseChanges: InvalidLicenseChanges,
config: ConfigurationOptions
): void {
if (countLicenseIssues(invalidLicenseChanges) === 0) {
return
}
core.summary.addHeading('License Issues', 2)
printLicenseViolations(invalidLicenseChanges)
if (config.allow_licenses && config.allow_licenses.length > 0) {
core.summary.addQuote(
`<strong>Allowed Licenses</strong>: ${config.allow_licenses.join(', ')}`
)
}
if (config.deny_licenses && config.deny_licenses.length > 0) {
core.summary.addQuote(
`<strong>Denied Licenses</strong>: ${config.deny_licenses.join(', ')}`
)
}
if (config.allow_dependencies_licenses) {
core.summary.addQuote(
`<strong>Excluded from license check</strong>: ${config.allow_dependencies_licenses.join(
', '
)}`
)
}
core.debug(
`found ${invalidLicenseChanges.unlicensed.length} unknown licenses`
)
core.debug(
`${invalidLicenseChanges.unresolved.length} licenses could not be validated`
)
}
const licenseIssueTypes: InvalidLicenseChangeTypes[] = [
'forbidden',
'unresolved',
'unlicensed'
]
const issueTypeNames: Record<InvalidLicenseChangeTypes, string> = {
forbidden: 'Incompatible License',
unresolved: 'Invalid SPDX License',
unlicensed: 'Unknown License'
}
function printLicenseViolations(changes: InvalidLicenseChanges): void {
const rowsGroupedByManifest: Record<string, SummaryTableRow[]> = {}
for (const issueType of licenseIssueTypes) {
for (const change of changes[issueType]) {
if (!rowsGroupedByManifest[change.manifest]) {
rowsGroupedByManifest[change.manifest] = []
}
rowsGroupedByManifest[change.manifest].push([
renderUrl(change.source_repository_url, change.name),
change.version,
formatLicense(change.license),
issueTypeNames[issueType]
])
}
}
for (const [manifest, rows] of Object.entries(rowsGroupedByManifest)) {
core.summary.addHeading(`<em>${manifest}</em>`, 4)
core.summary.addTable([
['Package', 'Version', 'License', 'Issue Type'],
...rows
])
}
}
function formatLicense(license: string | null): string {
if (license === null || license === 'NOASSERTION') {
return 'Null'
}
return license
}
export function addScannedDependencies(changes: Changes): void {
const dependencies = groupDependenciesByManifest(changes)
const manifests = dependencies.keys()
const summary = core.summary.addHeading('Scanned Manifest Files', 2)
for (const manifest of manifests) {
const deps = dependencies.get(manifest)
if (deps) {
const dependencyNames = deps.map(
dependency => `<li>${dependency.name}@${dependency.version}</li>`
)
summary.addDetails(manifest, `<ul>${dependencyNames.join('')}</ul>`)
}
}
}
function snapshotWarningRecommendation(
config: ConfigurationOptions,
warnings: string
): string {
const no_pr_snaps = warnings.includes(
'No snapshots were found for the head SHA'
)
const retries_disabled = !config.retry_on_snapshot_warnings
if (no_pr_snaps && retries_disabled) {
return 'Ensure that dependencies are being submitted on PR branches and consider enabling <em>retry-on-snapshot-warnings</em>.'
} else if (no_pr_snaps) {
return 'Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue.'
} else if (retries_disabled) {
return 'Consider enabling <em>retry-on-snapshot-warnings</em>.'
}
return 'Re-running this action after a short time may resolve the issue.'
}
export function addSnapshotWarnings(
config: ConfigurationOptions,
warnings: string
): void {
core.summary.addHeading('Snapshot Warnings', 2)
core.summary.addQuote(`${icons.warning}: ${warnings}`)
const recommendation = snapshotWarningRecommendation(config, warnings)
const docsLink =
'See <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together">the documentation</a> for more information and troubleshooting advice.'
core.summary.addRaw(`${recommendation} ${docsLink}`)
}
function countLicenseIssues(
invalidLicenseChanges: InvalidLicenseChanges
): number {
return Object.values(invalidLicenseChanges).reduce(
(acc, val) => acc + val.length,
0
)
}
export function addDeniedToSummary(deniedChanges: Change[]): void {
if (deniedChanges.length === 0) {
return
}
core.summary.addHeading('Denied dependencies', 2)
for (const change of deniedChanges) {
core.summary.addHeading(`<em>Denied dependencies</em>`, 4)
core.summary.addTable([
['Package', 'Version', 'License'],
[
renderUrl(change.source_repository_url, change.name),
change.version,
change.license || ''
]
])
}
}
function checkOrFailIcon(count: number): string {
return count === 0 ? icons.check : icons.cross
}
function checkOrWarnIcon(count: number): string {
return count === 0 ? icons.check : icons.warning
}
+70
View File
@@ -0,0 +1,70 @@
import * as core from '@actions/core'
import {Octokit} from 'octokit'
import spdxParse from 'spdx-expression-parse'
import {Changes} from './schemas'
export function groupDependenciesByManifest(
changes: Changes
): Map<string, Changes> {
const dependencies: Map<string, Changes> = new Map()
for (const change of changes) {
// If the manifest is null or empty, give it a name now to avoid
// breaking the HTML rendering later
const manifestName = change.manifest || 'Unnamed Manifest'
if (dependencies.get(manifestName) === undefined) {
dependencies.set(manifestName, [])
}
dependencies.get(manifestName)?.push(change)
}
return dependencies
}
export function getManifestsSet(changes: Changes): Set<string> {
return new Set(changes.flatMap(c => c.manifest))
}
export function renderUrl(url: string | null, text: string): string {
if (url) {
return `<a href="${url}">${text}</a>`
} else {
return text
}
}
export function isSPDXValid(license: string): boolean {
try {
spdxParse(license)
return true
} catch (_) {
return false
}
}
function isEnterprise(): boolean {
const serverUrl = new URL(
process.env['GITHUB_SERVER_URL'] ?? 'https://github.com'
)
return serverUrl.hostname.toLowerCase() !== 'github.com'
}
export function octokitClient(token = 'repo-token', required = true): Octokit {
const opts: Record<string, unknown> = {}
// auth is only added if token is present. For remote config files in public
// repos the token is optional, so it could be undefined.
const auth = core.getInput(token, {required})
if (auth !== undefined) {
opts['auth'] = auth
}
//baseUrl is required for GitHub Enterprise Server
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
if (isEnterprise()) {
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL'])
}
return new Octokit(opts)
}
+8
View File
@@ -0,0 +1,8 @@
{
"extends": "./tsconfig.json",
"include": ["src"],
"compilerOptions": {
"outDir": "./lib" /* Redirect output structure to the directory. */,
"rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
}
}
+1 -2
View File
@@ -3,10 +3,9 @@
"target": "es6" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
"module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
"outDir": "./lib" /* Redirect output structure to the directory. */,
"rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */,
"strict": true /* Enable all strict type-checking options. */,
"noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
},
"exclude": ["node_modules", "**/*.test.ts"]
"exclude": ["node_modules"]
}