Compare commits

...

485 Commits

Author SHA1 Message Date
Federico Builes 88502badc9 Update README.md
Co-authored-by: Sarah Aladetan <sarahkemi@github.com>
2022-09-22 08:03:23 +02:00
Federico Builes ff7c97a976 adding dist 2022-09-21 17:03:01 +02:00
Federico Builes 4d3b8e5269 Clarify code a bit. 2022-09-21 17:01:00 +02:00
Federico Builes 38ee6e8360 Improve scopes example in new docs. 2022-09-21 16:53:20 +02:00
Federico Builes 54cd9a7cba Merge branch 'main' into external-config
# Conflicts:
#	README.md
#	__tests__/config.test.ts
#	dist/index.js.map
#	src/config.ts
#	src/schemas.ts
2022-09-21 16:50:02 +02:00
Federico Builes c4693c00ac Raise errors for invalid values in the external config. 2022-09-21 16:30:05 +02:00
Sarah Aladetan e89f113be2 add callout to checkout main when updating major version tag 2022-09-20 13:21:38 -07:00
Sarah Aladetan 2b96ea7f03 Bump version to 2.2.0
We've added filtering by dependency scopes
2022-09-20 13:06:20 -07:00
Sarah Aladetan 4300ce8d38 Merge pull request #243 from actions/sarahkemi/filter-dev-deps
Filter blocking dependency changes by scopes
2022-09-20 16:05:19 -04:00
Sarah Aladetan de48c615a3 build and package scope filtering 2022-09-20 15:18:31 +00:00
Federico Builes eef7e39202 Accept options from both sources, prioritize external config. 2022-09-20 15:52:34 +02:00
Federico Builes 37dc32836b Merge branch 'main' into external-config 2022-09-20 15:29:28 +02:00
Federico Builes 890361387d Updating dist. 2022-09-20 15:16:25 +02:00
Federico Builes 61f19e6447 Let the users set the path for the config file. 2022-09-20 15:15:14 +02:00
Federico Builes fd959624bf Merge pull request #245 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.38.0
Bump @typescript-eslint/eslint-plugin from 5.37.0 to 5.38.0
2022-09-20 07:59:56 +02:00
Federico Builes 11dd186eb0 Merge pull request #246 from actions/dependabot/npm_and_yarn/got-12.5.0
Bump got from 12.4.1 to 12.5.0
2022-09-20 07:59:44 +02:00
dependabot[bot] 1ab05cf855 Bump @typescript-eslint/eslint-plugin from 5.37.0 to 5.38.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.37.0 to 5.38.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 05:54:32 +00:00
dependabot[bot] 7d7d5e7c84 Bump got from 12.4.1 to 12.5.0
Bumps [got](https://github.com/sindresorhus/got) from 12.4.1 to 12.5.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.4.1...v12.5.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 05:54:28 +00:00
Federico Builes 8a8fa8bd07 Merge pull request #244 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.38.0
Bump @typescript-eslint/parser from 5.37.0 to 5.38.0
2022-09-20 07:53:39 +02:00
dependabot[bot] 06daf8e801 Bump @typescript-eslint/parser from 5.37.0 to 5.38.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.37.0 to 5.38.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.38.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-20 01:31:24 +00:00
Federico Builes aeb9ff5438 adding dist 2022-09-19 17:34:53 +02:00
Federico Builes 1ef21ab130 Leave a failing test for tomorrow! 2022-09-19 17:34:12 +02:00
Federico Builes 3c95902dd6 Adding more tests for the config file. 2022-09-19 17:29:25 +02:00
Federico Builes 4b4ec08f7b Make sure we get rid of the ridiculous dashes in the names. 2022-09-19 17:28:59 +02:00
Federico Builes a91c3ac205 Split reading inline/external configuration options. 2022-09-19 17:28:44 +02:00
Federico Builes bf0cb7fac4 Add a default config file. 2022-09-19 17:28:20 +02:00
Federico Builes 07a7056819 Update README to include config-file option. 2022-09-19 16:46:42 +02:00
Federico Builes b93fcee7ff Raise an error if the config file is not found. 2022-09-19 16:36:45 +02:00
Federico Builes 8bac022bfd Merge branch 'main' into external-config 2022-09-19 16:14:41 +02:00
Federico Builes fc4fb55b25 Merge pull request #241 from actions/dependabot/npm_and_yarn/nodemon-2.0.20
Bump nodemon from 2.0.19 to 2.0.20
2022-09-19 07:38:12 +02:00
dependabot[bot] 31c132fdca Bump nodemon from 2.0.19 to 2.0.20
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.19 to 2.0.20.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.19...v2.0.20)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-19 01:55:04 +00:00
Sarah Aladetan 10bc05df70 ensure scope filtering is backward compatible with enterprise rest api versions 2022-09-16 19:13:58 +00:00
Sarah Aladetan e641ee9a41 update readme with notes on dependency scopes 2022-09-16 16:45:59 +00:00
Federico Builes 0ba71661e5 Adding failing tests. 2022-09-16 14:32:09 +02:00
Federico Builes 8ef181b2cb Read a hardcoded config file. 2022-09-16 14:30:57 +02:00
Federico Builes 7e2a489d03 Merge branch 'main' into external-config 2022-09-16 13:55:17 +02:00
Federico Builes eaeaeb3d57 Merge pull request #239 from actions/dependabot/npm_and_yarn/types/node-16.11.59
Bump @types/node from 16.11.58 to 16.11.59
2022-09-16 13:55:02 +02:00
Federico Builes 1eaf30e6eb Merge pull request #240 from actions/hm/fix-scan_pr
Fix passing repo-token input in scan_pr script
2022-09-16 13:50:52 +02:00
Federico Builes 5da3462152 Explain why we mangle dashed variables. 2022-09-16 13:47:16 +02:00
Sarah Aladetan 6fa5a8f9c0 add fail-on-scopes input to action config 2022-09-15 20:07:28 +00:00
Sarah Aladetan 0d23c39a5d filter by scope in action 2022-09-15 20:03:27 +00:00
Sarah Aladetan 6549b27685 add configuration for scopes to fail on 2022-09-15 18:48:58 +00:00
Sarah Aladetan f4b16c52e5 add method to filter changes by given scopes 2022-09-15 18:00:07 +00:00
Sarah Aladetan 1a7a37c468 add scope to change schema 2022-09-15 17:53:34 +00:00
Henri Maurer 38b459efad Fix passing repo-token input in scan_pr script 2022-09-15 10:09:46 +00:00
dependabot[bot] 6410b2cdd2 Bump @types/node from 16.11.58 to 16.11.59
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.58 to 16.11.59.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-14 02:00:08 +00:00
Federico Builes fd3a3b1051 Merge pull request #236 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.37.0
Bump @typescript-eslint/parser from 5.36.2 to 5.37.0
2022-09-13 07:16:16 +02:00
dependabot[bot] 6771e49f11 Bump @typescript-eslint/parser from 5.36.2 to 5.37.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.2 to 5.37.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.37.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 05:14:03 +00:00
Federico Builes c7c07e1117 Merge pull request #237 from actions/dependabot/npm_and_yarn/eslint-8.23.1
Bump eslint from 8.23.0 to 8.23.1
2022-09-13 07:13:17 +02:00
Federico Builes 59fdb0cce7 Merge pull request #238 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.37.0
Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.37.0
2022-09-13 07:13:03 +02:00
dependabot[bot] 950228f7f7 Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.37.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.2 to 5.37.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.37.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 03:40:44 +00:00
dependabot[bot] 6973819203 Bump eslint from 8.23.0 to 8.23.1
Bumps [eslint](https://github.com/eslint/eslint) from 8.23.0 to 8.23.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.23.0...v8.23.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-13 03:40:27 +00:00
Federico Builes eee2e3260e Merge pull request #235 from actions/dependabot/npm_and_yarn/ansi-styles-6.1.1
Bump ansi-styles from 6.1.0 to 6.1.1
2022-09-12 06:57:39 +02:00
Federico Builes 7eeddef885 adding dist 2022-09-12 06:56:41 +02:00
Federico Builes 8c58cdad09 Merge branch 'main' into dependabot/npm_and_yarn/ansi-styles-6.1.1 2022-09-12 06:56:12 +02:00
Federico Builes 380290a89b Merge pull request #234 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.4
Bump eslint-plugin-jest from 27.0.2 to 27.0.4
2022-09-12 06:54:43 +02:00
Federico Builes 50c3ed0ba6 Merge pull request #233 from actions/dependabot/npm_and_yarn/zod-3.19.1
Bump zod from 3.19.0 to 3.19.1
2022-09-12 06:54:18 +02:00
Federico Builes 0455501026 adding dist 2022-09-12 06:54:07 +02:00
dependabot[bot] bac3f038ac Bump ansi-styles from 6.1.0 to 6.1.1
Bumps [ansi-styles](https://github.com/chalk/ansi-styles) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/chalk/ansi-styles/releases)
- [Commits](https://github.com/chalk/ansi-styles/compare/v6.1.0...v6.1.1)

---
updated-dependencies:
- dependency-name: ansi-styles
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:55:42 +00:00
dependabot[bot] 2d81062605 Bump eslint-plugin-jest from 27.0.2 to 27.0.4
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.0.2 to 27.0.4.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.0.2...v27.0.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:55:29 +00:00
dependabot[bot] 2ae4b932b7 Bump zod from 3.19.0 to 3.19.1
Bumps [zod](https://github.com/colinhacks/zod) from 3.19.0 to 3.19.1.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.19.0...v3.19.1)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-12 01:54:09 +00:00
Federico Builes c7d4075ae0 Merge pull request #232 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.2
Bump eslint-plugin-jest from 27.0.1 to 27.0.2
2022-09-09 08:45:35 +02:00
Federico Builes 49a0208abf Merge pull request #231 from actions/dependabot/npm_and_yarn/typescript-4.8.3
Bump typescript from 4.8.2 to 4.8.3
2022-09-09 08:45:23 +02:00
dependabot[bot] 94941958fb Bump eslint-plugin-jest from 27.0.1 to 27.0.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.0.1 to 27.0.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.0.1...v27.0.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 01:30:41 +00:00
dependabot[bot] 2764e60363 Bump typescript from 4.8.2 to 4.8.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.8.2 to 4.8.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.8.2...v4.8.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-09 01:29:54 +00:00
Federico Builes bcd1b9ab86 Merge pull request #230 from actions/dependabot/npm_and_yarn/types/node-16.11.58
Bump @types/node from 16.11.57 to 16.11.58
2022-09-08 12:02:31 +02:00
dependabot[bot] d96759fedc Bump @types/node from 16.11.57 to 16.11.58
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.57 to 16.11.58.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-08 01:32:47 +00:00
Federico Builes bfd72e7da2 Merge pull request #229 from actions/dependabot/npm_and_yarn/zod-3.19.0
Bump zod from 3.18.0 to 3.19.0
2022-09-07 07:50:34 +02:00
Federico Builes d8efcf0c1f updating dist files 2022-09-07 07:47:22 +02:00
dependabot[bot] 3b74514266 Bump zod from 3.18.0 to 3.19.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.18.0...v3.19.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-07 01:30:01 +00:00
Federico Builes 6dfe5fd567 Force line-breaks. 2022-09-06 14:36:50 +02:00
Federico Builes 71a0ed0a31 Updating the README to include instructions for both config file options. 2022-09-06 14:30:39 +02:00
Federico Builes 7a364ecd6b Merge pull request #226 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.2
Bump @typescript-eslint/eslint-plugin from 5.36.1 to 5.36.2
2022-09-06 09:29:02 +02:00
dependabot[bot] 435083feb7 Bump @typescript-eslint/eslint-plugin from 5.36.1 to 5.36.2
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.1 to 5.36.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-06 07:28:29 +00:00
Federico Builes 781a55eaaa Merge pull request #227 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.2
Bump @typescript-eslint/parser from 5.36.1 to 5.36.2
2022-09-06 09:27:33 +02:00
dependabot[bot] 335c64c139 Bump @typescript-eslint/parser from 5.36.1 to 5.36.2
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.1 to 5.36.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.2/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-06 01:29:26 +00:00
Federico Builes af9a4fa160 Merge pull request #225 from actions/dependabot/npm_and_yarn/got-12.4.1
Bump got from 12.3.1 to 12.4.1
2022-09-05 15:47:15 +02:00
Federico Builes 3e04d4bc87 Merge pull request #224 from actions/dependabot/npm_and_yarn/types/node-16.11.57
Bump @types/node from 16.11.56 to 16.11.57
2022-09-05 15:47:07 +02:00
dependabot[bot] be076ebeca Bump got from 12.3.1 to 12.4.1
Bumps [got](https://github.com/sindresorhus/got) from 12.3.1 to 12.4.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.3.1...v12.4.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-05 12:50:09 +00:00
dependabot[bot] b74c52c335 Bump @types/node from 16.11.56 to 16.11.57
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.56 to 16.11.57.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-05 12:49:27 +00:00
Federico Builes 2233eb2b88 Merge pull request #222 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.1
Bump @typescript-eslint/parser from 5.36.0 to 5.36.1
2022-08-31 08:11:10 +02:00
dependabot[bot] ca11176434 Bump @typescript-eslint/parser from 5.36.0 to 5.36.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.36.0 to 5.36.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-31 06:09:50 +00:00
Federico Builes c8f5c5518e Merge pull request #221 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.1
Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1
2022-08-31 08:09:04 +02:00
dependabot[bot] 469156603d Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.36.0 to 5.36.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-31 02:28:29 +00:00
Federico Builes 6b1d7e7207 Merge pull request #220 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.36.0
Bump @typescript-eslint/eslint-plugin from 5.35.1 to 5.36.0
2022-08-30 08:23:32 +02:00
dependabot[bot] a57a1dd454 Bump @typescript-eslint/eslint-plugin from 5.35.1 to 5.36.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.35.1 to 5.36.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-30 06:13:21 +00:00
Federico Builes 0e8bd1f46f Merge pull request #219 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.36.0
Bump @typescript-eslint/parser from 5.35.1 to 5.36.0
2022-08-30 08:12:25 +02:00
dependabot[bot] dd931c7005 Bump @typescript-eslint/parser from 5.35.1 to 5.36.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.35.1 to 5.36.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.36.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-30 01:39:32 +00:00
Federico Builes d8d78b6ace Merge pull request #218 from actions/dependabot/npm_and_yarn/eslint-8.23.0
Bump eslint from 8.22.0 to 8.23.0
2022-08-29 10:50:27 +02:00
dependabot[bot] a1eafc653a Bump eslint from 8.22.0 to 8.23.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.22.0 to 8.23.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.22.0...v8.23.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-29 08:49:31 +00:00
Federico Builes 35b0f5ded9 Merge pull request #217 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.0.1
Bump eslint-plugin-jest from 26.8.7 to 27.0.1
2022-08-29 10:49:01 +02:00
Federico Builes 5a25f0b1b3 Merge pull request #215 from actions/dependabot/npm_and_yarn/typescript-4.8.2
Bump typescript from 4.7.4 to 4.8.2
2022-08-29 10:31:12 +02:00
dependabot[bot] 88dd76a7ef Bump eslint-plugin-jest from 26.8.7 to 27.0.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.7 to 27.0.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.7...v27.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-29 01:55:23 +00:00
dependabot[bot] b1427bfe58 Bump typescript from 4.7.4 to 4.8.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.4 to 4.8.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.4...v4.8.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-26 01:36:36 +00:00
Federico Builes 0d079c6553 Merge pull request #214 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.35.1
Bump @typescript-eslint/parser from 5.34.0 to 5.35.1
2022-08-25 07:54:11 +02:00
dependabot[bot] ce3b0c8116 Bump @typescript-eslint/parser from 5.34.0 to 5.35.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.34.0 to 5.35.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.35.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 05:53:10 +00:00
Federico Builes d01dd09c36 Merge pull request #213 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.35.1
Bump @typescript-eslint/eslint-plugin from 5.34.0 to 5.35.1
2022-08-25 07:52:20 +02:00
dependabot[bot] 21d1a080df Bump @typescript-eslint/eslint-plugin from 5.34.0 to 5.35.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.34.0 to 5.35.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.35.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 05:49:54 +00:00
Federico Builes c869fcfa38 Merge pull request #212 from actions/dependabot/npm_and_yarn/types/node-16.11.56
Bump @types/node from 16.11.55 to 16.11.56
2022-08-25 07:49:19 +02:00
dependabot[bot] 20229aad71 Bump @types/node from 16.11.55 to 16.11.56
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.55 to 16.11.56.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-25 01:27:41 +00:00
Federico Builes 65d6c26087 Merge pull request #211 from actions/dependabot/npm_and_yarn/types/node-16.11.55
Bump @types/node from 16.11.54 to 16.11.55
2022-08-24 09:00:15 +02:00
dependabot[bot] 8b6795d89d Bump @types/node from 16.11.54 to 16.11.55
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.54 to 16.11.55.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 01:40:56 +00:00
Federico Builes 030c97ab49 Merge pull request #210 from actions/dependabot/npm_and_yarn/types/node-16.11.54
Bump @types/node from 16.11.52 to 16.11.54
2022-08-23 08:39:29 +02:00
Federico Builes dc44a85a96 Merge pull request #208 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.34.0
Bump @typescript-eslint/parser from 5.33.1 to 5.34.0
2022-08-23 08:38:58 +02:00
dependabot[bot] 9cdfbb83fa Bump @types/node from 16.11.52 to 16.11.54
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.52 to 16.11.54.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 06:38:16 +00:00
dependabot[bot] b1f8412445 Bump @typescript-eslint/parser from 5.33.1 to 5.34.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.33.1 to 5.34.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.34.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 06:38:02 +00:00
Federico Builes 0d02efb12c Merge pull request #207 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.34.0
Bump @typescript-eslint/eslint-plugin from 5.33.1 to 5.34.0
2022-08-23 08:37:24 +02:00
dependabot[bot] 2a09e52261 Bump @typescript-eslint/eslint-plugin from 5.33.1 to 5.34.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.33.1 to 5.34.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.34.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 01:35:02 +00:00
Federico Builes e86dfd8cc0 Merge pull request #206 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.7
Bump eslint-plugin-jest from 26.8.3 to 26.8.7
2022-08-22 08:10:22 +02:00
Federico Builes a39d9063b3 Merge pull request #205 from actions/dependabot/npm_and_yarn/types/node-16.11.52
Bump @types/node from 16.11.49 to 16.11.52
2022-08-22 08:09:56 +02:00
dependabot[bot] 9809e06c2d Bump eslint-plugin-jest from 26.8.3 to 26.8.7
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.3 to 26.8.7.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.3...v26.8.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-22 01:51:45 +00:00
dependabot[bot] 70bbe4186e Bump @types/node from 16.11.49 to 16.11.52
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.49 to 16.11.52.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-22 01:51:24 +00:00
Federico Builes 23d1ffffb6 Bumping to 2.1.0. 2022-08-18 16:22:01 +02:00
Federico Builes d792f3e8ca Add a reminder to update the version number in package.json
when creating a new release.
2022-08-18 16:20:03 +02:00
Federico Builes 5da7945e2b Fixing lint/dist. 2022-08-18 16:15:03 +02:00
Federico Builes a8e7c378a3 Merge pull request #181 from tspascoal/add-summary
Show vulnerabities and license information on the job summary.
2022-08-18 16:14:27 +02:00
Federico Builes 0e0d6ec5d6 Merge branch 'main' into add-summary 2022-08-18 16:11:15 +02:00
Federico Builes 9f2f2d8aa6 Merge pull request #200 from actions/willdasilva-fork
Support user-provided base/head refs & non-PR workflows
2022-08-18 15:30:04 +02:00
Federico Builes d2018420d8 Clean up mock data setup. 2022-08-18 15:03:11 +02:00
Federico Builes 54af7c7fbe Merge branch 'main' into WillDaSilva-main.
Took the time to tweak the README.

# Conflicts:
#	README.md
#	dist/index.js.map
2022-08-18 14:56:08 +02:00
Federico Builes f2e57a19af Merge pull request #196 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.1
Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
2022-08-16 07:50:18 +02:00
dependabot[bot] fb59017069 Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:46:37 +00:00
Federico Builes 3d5f077fa9 Merge pull request #195 from actions/dependabot/npm_and_yarn/types/node-16.11.49
Bump @types/node from 16.11.48 to 16.11.49
2022-08-16 07:45:40 +02:00
dependabot[bot] cb1474859d Bump @types/node from 16.11.48 to 16.11.49
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.48 to 16.11.49.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:44:24 +00:00
Federico Builes 5f53719ca3 Merge pull request #197 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.3
Bump eslint-plugin-jest from 26.8.2 to 26.8.3
2022-08-16 07:44:12 +02:00
Federico Builes 193b31de81 Merge pull request #198 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.1
Bump @octokit/request-error from 3.0.0 to 3.0.1
2022-08-16 07:43:59 +02:00
Federico Builes 92e8b8da75 Merge pull request #199 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.1
Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
2022-08-16 07:43:43 +02:00
dependabot[bot] 625da714f5 Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:20 +00:00
dependabot[bot] 0794c6c280 Bump @octokit/request-error from 3.0.0 to 3.0.1
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:07 +00:00
dependabot[bot] d12f30b747 Bump eslint-plugin-jest from 26.8.2 to 26.8.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.2 to 26.8.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.2...v26.8.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:41:59 +00:00
Federico Builes dbafdf9b30 Merge pull request #194 from actions/dependabot/npm_and_yarn/eslint-8.22.0
Bump eslint from 8.21.0 to 8.22.0
2022-08-15 09:18:00 +02:00
dependabot[bot] 3f3ba6e567 Bump eslint from 8.21.0 to 8.22.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.21.0 to 8.22.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.21.0...v8.22.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 01:55:22 +00:00
Federico Builes e2e1913ee9 Merge pull request #192 from actions/dependabot/npm_and_yarn/zod-3.18.0
Bump zod from 3.17.10 to 3.18.0
2022-08-12 18:19:08 +02:00
Federico Builes 2122cb87dc Merge branch 'main' into dependabot/npm_and_yarn/zod-3.18.0
# Conflicts:
#	dist/index.js.map
2022-08-12 18:17:01 +02:00
Federico Builes 694e9af6c9 Merge pull request #193 from actions/dependabot/npm_and_yarn/types/node-16.11.48
Bump @types/node from 16.11.47 to 16.11.48
2022-08-12 18:14:26 +02:00
Federico Builes 96dcfbbcd4 adding dist 2022-08-12 18:14:15 +02:00
dependabot[bot] c77018cec1 Bump @types/node from 16.11.47 to 16.11.48
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.47 to 16.11.48.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:07:54 +00:00
Federico Builes 36a493b367 Merge pull request #189 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.0
Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
2022-08-12 18:05:11 +02:00
dependabot[bot] 11e4eca6c1 Bump zod from 3.17.10 to 3.18.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.10 to 3.18.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.10...v3.18.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:04:10 +00:00
dependabot[bot] e9f051f098 Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:03:51 +00:00
Federico Builes f59ac52391 Merge pull request #186 from actions/dependabot/npm_and_yarn/got-12.3.1
Bump got from 12.3.0 to 12.3.1
2022-08-12 18:03:34 +02:00
Federico Builes 5391a8b654 Merge pull request #190 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.0
Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
2022-08-12 18:02:56 +02:00
Federico Builes 531da4bab3 Merge pull request #191 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.2
Bump eslint-plugin-jest from 26.7.0 to 26.8.2
2022-08-12 18:02:28 +02:00
Federico Builes a059506842 Merge pull request #188 from actions/dependabot/npm_and_yarn/actions/core-1.9.1
Bump @actions/core from 1.9.0 to 1.9.1
2022-08-12 18:01:43 +02:00
Federico Builes d8aff4cfce adding dist 2022-08-12 18:00:10 +02:00
dependabot[bot] 1069034a80 Bump eslint-plugin-jest from 26.7.0 to 26.8.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.7.0 to 26.8.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.7.0...v26.8.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-10 01:22:58 +00:00
dependabot[bot] 424d622090 Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:36:41 +00:00
dependabot[bot] 979fe8f031 Bump @actions/core from 1.9.0 to 1.9.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:35:43 +00:00
dependabot[bot] ea4b93e2db Bump got from 12.3.0 to 12.3.1
Bumps [got](https://github.com/sindresorhus/got) from 12.3.0 to 12.3.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.3.0...v12.3.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 01:50:21 +00:00
Tiago Pascoal 47f663b6ee update dist after fixing typo 2022-08-07 11:39:10 +00:00
Tiago Pascoal dfcdb87cb3 Fix typo
Co-authored-by: Eric Cornelissen <ericornelissen@gmail.com>
2022-08-07 12:36:42 +01:00
Tiago Pascoal 79f5aede88 Merge branch 'main' into add-summary 2022-08-04 16:59:57 +01:00
Tiago Pascoal aef949f026 Show vulnerabities and license information on the job summary.
Users can see the results that were found directly on the job summary

All the results are grouped by manifest.

It shows a table with vulnerable packages, together with package version,
the vulnerabily info and it's severity.

Shows info about package licenses, which packages have a non allowed license,
and the list of packages with unknown licenses.
2022-08-04 15:35:07 +00:00
Federico Builes 415088b56e Merge pull request #180 from actions/enterprise-docs
Adding instructions for installing in GHES
2022-08-03 17:28:05 +02:00
Federico Builes be18317f94 Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-08-03 17:27:39 +02:00
Courtney Claessens e20b197c93 adding info on licenses not supported for GHES 2022-08-03 10:46:47 -04:00
Federico Builes e66fd91484 Point to the 3.6 docs for Connect. 2022-08-03 11:29:50 +02:00
Federico Builes ea815ebddb Add link for GHAS. 2022-08-03 11:25:03 +02:00
Federico Builes bb3e014e0a Adding instructions for GHES 3.6. 2022-08-03 11:22:48 +02:00
Federico Builes 4317da3e38 Merge pull request #179 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.32.0
Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
2022-08-02 10:46:34 +02:00
dependabot[bot] 2aa2a269c4 Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 08:45:25 +00:00
Federico Builes 67562b4c74 Merge pull request #178 from actions/dependabot/npm_and_yarn/eslint-8.21.0
Bump eslint from 8.20.0 to 8.21.0
2022-08-02 10:44:48 +02:00
Federico Builes fe523440bc Merge pull request #177 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.32.0
Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
2022-08-02 10:44:39 +02:00
dependabot[bot] bddb4f4ac8 Bump eslint from 8.20.0 to 8.21.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.20.0 to 8.21.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.20.0...v8.21.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:32:02 +00:00
dependabot[bot] 951c4b6b47 Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:31:50 +00:00
Federico Builes 90edb6f286 Merge pull request #174 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.7.0
Bump eslint-plugin-jest from 26.6.0 to 26.7.0
2022-08-01 17:33:21 +02:00
Federico Builes 76cb47a13a Merge pull request #175 from actions/dependabot/npm_and_yarn/types/node-16.11.47
Bump @types/node from 16.11.46 to 16.11.47
2022-08-01 17:33:11 +02:00
dependabot[bot] 8c65c50f8e Bump @types/node from 16.11.46 to 16.11.47
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.46 to 16.11.47.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:27 +00:00
dependabot[bot] 15dae1771a Bump eslint-plugin-jest from 26.6.0 to 26.7.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.6.0 to 26.7.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.6.0...v26.7.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:18 +00:00
Will Da Silva 15d18576a5 Merge branch 'upstream/main' into main 2022-07-30 00:44:27 -04:00
Federico Builes 0517f5ae3d Merge pull request #172 from actions/dependabot/npm_and_yarn/types/node-16.11.46
Bump @types/node from 16.11.45 to 16.11.46
2022-07-29 14:32:13 +02:00
Federico Builes a7ed04cb6d Merge pull request #173 from actions/dependabot/npm_and_yarn/got-12.3.0
Bump got from 12.2.0 to 12.3.0
2022-07-29 14:23:49 +02:00
dependabot[bot] 5956ba4d37 Bump got from 12.2.0 to 12.3.0
Bumps [got](https://github.com/sindresorhus/got) from 12.2.0 to 12.3.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.2.0...v12.3.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:53 +00:00
dependabot[bot] ee739211c3 Bump @types/node from 16.11.45 to 16.11.46
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.45 to 16.11.46.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:43 +00:00
Federico Builes 2427b83fb6 Merge pull request #171 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.31.0
Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
2022-07-26 12:45:30 +02:00
dependabot[bot] e004499203 Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 09:30:36 +00:00
Federico Builes 15e8301141 Merge pull request #170 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.31.0
Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
2022-07-26 11:29:43 +02:00
dependabot[bot] 074e15f1d2 Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 01:49:44 +00:00
Federico Builes 28bd35e115 Merge pull request #167 from actions/dependabot/npm_and_yarn/zod-3.17.10
Bump zod from 3.17.9 to 3.17.10
2022-07-26 03:00:59 +02:00
Federico Builes 1a8b866371 adding dist 2022-07-26 02:59:21 +02:00
dependabot[bot] 7414ae2b68 Bump zod from 3.17.9 to 3.17.10
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 00:54:13 +00:00
Federico Builes 25a2578e41 Merge pull request #169 from actions/dependabot/npm_and_yarn/got-12.2.0
Bump got from 12.1.0 to 12.2.0
2022-07-26 02:53:24 +02:00
Federico Builes 5a348f087a Merge pull request #168 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.3.7
Bump eslint-plugin-github from 4.3.6 to 4.3.7
2022-07-26 02:53:05 +02:00
dependabot[bot] 4d7937d9b8 Bump got from 12.1.0 to 12.2.0
Bumps [got](https://github.com/sindresorhus/got) from 12.1.0 to 12.2.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.1.0...v12.2.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:54:31 +00:00
dependabot[bot] 4b57fa2745 Bump eslint-plugin-github from 4.3.6 to 4.3.7
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.6 to 4.3.7.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.6...v4.3.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:53:49 +00:00
Will Da Silva 388b1a309d Support user-provided base/head refs & non-PR workflows 2022-07-21 15:47:05 -04:00
Federico Builes b15d68a617 Merge pull request #163 from actions/dependabot/npm_and_yarn/zod-3.17.9
Bump zod from 3.17.4 to 3.17.9
2022-07-19 13:29:36 +02:00
Federico Builes 86ba360860 updating dist 2022-07-19 05:28:23 -06:00
dependabot[bot] 1c643b69e3 Bump zod from 3.17.4 to 3.17.9
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.4 to 3.17.9.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.4...v3.17.9)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:26:12 +00:00
Federico Builes cc90e94fd7 Merge pull request #162 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.7
Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
2022-07-19 13:13:51 +02:00
dependabot[bot] ca03cb626b Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:12:11 +00:00
Federico Builes 0c672b9f6f Merge pull request #161 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.7
Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
2022-07-19 13:11:11 +02:00
dependabot[bot] 9b38d34b70 Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 01:53:55 +00:00
Federico Builes bd0f0459f8 Merge pull request #160 from actions/dependabot/npm_and_yarn/eslint-8.20.0
Bump eslint from 8.19.0 to 8.20.0
2022-07-18 15:02:44 +02:00
Federico Builes ace98b5898 Merge pull request #159 from actions/dependabot/npm_and_yarn/types/node-16.11.45
Bump @types/node from 16.11.44 to 16.11.45
2022-07-18 15:02:24 +02:00
dependabot[bot] 79aa012b58 Bump @types/node from 16.11.44 to 16.11.45
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.44 to 16.11.45.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:01:56 +00:00
Federico Builes 264bf85801 Merge pull request #158 from actions/dependabot/npm_and_yarn/zod-3.17.4
Bump zod from 3.17.3 to 3.17.4
2022-07-18 15:01:30 +02:00
Federico Builes 0e2da932f6 updating dist files 2022-07-18 07:00:33 -06:00
dependabot[bot] 0a8934fb6a Bump eslint from 8.19.0 to 8.20.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.19.0 to 8.20.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.19.0...v8.20.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:00:14 +00:00
Federico Builes f83d7f264c Merge branch 'main' into dependabot/npm_and_yarn/zod-3.17.4 2022-07-18 07:00:01 -06:00
Federico Builes d0e46c9613 Merge pull request #157 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.6.0
Bump eslint-plugin-jest from 26.5.3 to 26.6.0
2022-07-18 14:59:20 +02:00
dependabot[bot] 22bb279ab1 Bump zod from 3.17.3 to 3.17.4
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.3 to 3.17.4.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.3...v3.17.4)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:53:03 +00:00
dependabot[bot] d33c19c38d Bump eslint-plugin-jest from 26.5.3 to 26.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.5.3 to 26.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.5.3...v26.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:52:43 +00:00
Federico Builes 2ef513a94a Update example tag text. 2022-07-14 09:39:56 +02:00
Federico Builes abd8ae5da7 Make CONTRIBUTING.md examples easier to copy/paste. 2022-07-14 09:35:44 +02:00
Federico Builes 94145f3150 Bumping the version to 2.0.4.
Missed the version changes in the previous release.
2022-07-14 09:31:49 +02:00
Federico Builes af8d39d8a3 Bumping the version to 2.0.3. 2022-07-14 09:14:17 +02:00
Federico Builes b83777ffd0 Merge pull request #156 from actions/dependabot/npm_and_yarn/types/node-16.11.44
Bump @types/node from 16.11.43 to 16.11.44
2022-07-14 09:11:42 +02:00
Federico Builes 1dc503a722 Merge pull request #155 from kachick/fix-154
Ignore removed changes in license checker
2022-07-14 09:10:17 +02:00
dependabot[bot] 8975a27eeb Bump @types/node from 16.11.43 to 16.11.44
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.43 to 16.11.44.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 01:36:49 +00:00
Kenichi Kamiya c003e7f8fc Add more test for added and removed pattern 2022-07-13 19:07:12 +09:00
Kenichi Kamiya ae4118f8fa Update build files with npm run all 2022-07-13 18:11:55 +09:00
Kenichi Kamiya c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Federico Builes bced8aa1b2 Merge pull request #153 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.6
Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
2022-07-12 09:07:41 +02:00
dependabot[bot] ba8e0b013b Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 07:04:11 +00:00
Federico Builes cfcdef93a4 Merge pull request #152 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.6
Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
2022-07-12 09:03:21 +02:00
dependabot[bot] 43b6f9fe4a Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 01:46:01 +00:00
Federico Builes 467931ed7e Merge pull request #151 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.0
Bump @octokit/request-error from 2.1.0 to 3.0.0
2022-07-11 10:52:17 +02:00
Federico Builes 29c7e47bc6 adding dist folder 2022-07-11 10:49:16 +02:00
dependabot[bot] aa4260f0b0 Bump @octokit/request-error from 2.1.0 to 3.0.0
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v3.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 02:03:02 +00:00
Federico Builes f187f64fc9 Merge pull request #139 from actions/dependabot/npm_and_yarn/eslint-8.19.0
Bump eslint from 8.18.0 to 8.19.0
2022-07-06 11:09:37 +02:00
Federico Builes f3bcf122c7 Merge pull request #144 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.5
Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
2022-07-06 11:09:15 +02:00
dependabot[bot] c43f51429e Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:16 +00:00
dependabot[bot] c9027d07d6 Bump eslint from 8.18.0 to 8.19.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.18.0 to 8.19.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.18.0...v8.19.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:10 +00:00
Federico Builes c316251843 Merge pull request #146 from kachick/add-vscode-workspace-configs
Enable prettier and recommend eslint in vscode workspace config
2022-07-06 11:01:23 +02:00
Federico Builes d8e436b2d5 Merge pull request #143 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.5
Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
2022-07-06 11:01:06 +02:00
Federico Builes 82d4814150 Merge pull request #142 from kachick/fix-lint-errors-and-add-ci
Add CI workflow and fix lint errors
2022-07-06 11:00:13 +02:00
Federico Builes 89de8ab245 Merge pull request #148 from actions/dependabot/npm_and_yarn/nodemon-2.0.19
Bump nodemon from 2.0.18 to 2.0.19
2022-07-06 10:41:04 +02:00
dependabot[bot] 3e74bf2266 Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 08:40:11 +00:00
Federico Builes 1ea517b3fa Merge pull request #141 from kachick/use-fixed-major-version-for-node-types
Use fixed major version for node types
2022-07-06 10:38:56 +02:00
Federico Builes 2aef88c152 Merge pull request #145 from kachick/fix-typo-dangerouns
Fix a typo s/dangerouns/dangerous/
2022-07-06 10:26:18 +02:00
Kenichi Kamiya 51d1824002 Focus only on the node issue
https://github.com/actions/dependency-review-action/pull/141#discussion_r914526073

https://github.com/actions/dependency-review-action/pull/141#discussion_r914537222

Co-authored-by: Federico Builes <febuiles@github.com>
2022-07-06 17:13:18 +09:00
dependabot[bot] 94edc9c394 Bump nodemon from 2.0.18 to 2.0.19
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.18...v2.0.19)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 02:07:14 +00:00
Kenichi Kamiya 7219e93649 Enable prettier and recommend eslint in vscode workspace config 2022-07-05 20:32:34 +09:00
Kenichi Kamiya 08074685be Fix a typo s/dangerouns/dangerous/ 2022-07-05 18:32:34 +09:00
Kenichi Kamiya 3efca1e3dd Update build files with npm run all 2022-07-04 20:13:08 +09:00
Kenichi Kamiya 9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 40346e9340 Run test and linter in CI 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 7f576504ed Stop dependabot PRs for different major version of types
It is possible to make a mismatch with actual logic.
2022-07-04 11:25:57 +09:00
Kenichi Kamiya 09100640b0 Adjust types of node to 16.x again
`npm uninstall @types/node && npm install --save-dev "@types/node@^16.11.43"`
2022-07-04 11:23:37 +09:00
Federico Builes 26b7908701 Merge pull request #136 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.0
Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
2022-06-28 08:04:16 +02:00
dependabot[bot] b564b42423 Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 05:56:11 +00:00
Federico Builes 2ceda66c21 Merge pull request #135 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.0
Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
2022-06-28 07:55:08 +02:00
dependabot[bot] 49a36aa04e Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 01:40:44 +00:00
Brandyn Phelps 17b8abf3bb Merge pull request #132 from kachick/fix-typo
docs: Fix a typo
2022-06-24 14:17:17 -07:00
Kenichi Kamiya c699fc9e3e docs: Fix a typo 2022-06-25 01:18:31 +09:00
Federico Builes 24ab96e8b8 Merge pull request #128 from actions/dependabot/npm_and_yarn/nodemon-2.0.18
Bump nodemon from 2.0.16 to 2.0.18
2022-06-24 08:37:57 +02:00
dependabot[bot] 04f86c1583 Bump nodemon from 2.0.16 to 2.0.18
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.16 to 2.0.18.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.16...v2.0.18)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 01:41:25 +00:00
Federico Builes 81b5cbd111 Merge pull request #127 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.29.0
Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
2022-06-21 07:50:03 +02:00
dependabot[bot] 4b88091897 Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 05:49:04 +00:00
Federico Builes febb822f26 Merge pull request #126 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.29.0
Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
2022-06-21 07:48:11 +02:00
dependabot[bot] ea91d29cdf Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 01:51:23 +00:00
Federico Builes a9539be12a Merge pull request #123 from actions/dependabot/npm_and_yarn/typescript-4.7.4
Bump typescript from 4.7.3 to 4.7.4
2022-06-20 08:14:45 +02:00
Federico Builes 9c688a568f Merge pull request #124 from actions/dependabot/npm_and_yarn/eslint-8.18.0
Bump eslint from 8.17.0 to 8.18.0
2022-06-20 08:14:26 +02:00
dependabot[bot] ff449a1296 Bump eslint from 8.17.0 to 8.18.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.17.0 to 8.18.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.17.0...v8.18.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:47:10 +00:00
dependabot[bot] 2a961b0169 Bump typescript from 4.7.3 to 4.7.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.3 to 4.7.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.3...v4.7.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:46:55 +00:00
Federico Builes 879687b22c Merge pull request #122 from actions/dependabot/npm_and_yarn/prettier-2.7.1
Bump prettier from 2.7.0 to 2.7.1
2022-06-17 07:40:15 +02:00
dependabot[bot] cb52804670 Bump prettier from 2.7.0 to 2.7.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.0...2.7.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-17 01:54:43 +00:00
Federico Builes 17187536c0 Merge pull request #120 from actions/dependabot/npm_and_yarn/types/node-18.0.0
Bump @types/node from 17.0.43 to 18.0.0
2022-06-16 07:18:52 +02:00
Federico Builes c0faf55fe4 Merge pull request #119 from actions/dependabot/npm_and_yarn/actions/core-1.9.0
Bump @actions/core from 1.8.2 to 1.9.0
2022-06-16 07:18:37 +02:00
Federico Builes b6f6142660 adding dist files 2022-06-16 07:07:13 +02:00
Federico Builes 333e7ce17e Merge branch 'main' into dependabot/npm_and_yarn/actions/core-1.9.0 2022-06-16 07:06:25 +02:00
Federico Builes 4e9a45ca5b Merge pull request #121 from kachick/fix-duplicate-words
Fix duplicate words in README
2022-06-16 06:58:18 +02:00
dependabot[bot] 32a1ef9487 Bump @actions/core from 1.8.2 to 1.9.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 04:57:11 +00:00
Federico Builes 83be5f6c90 bumping version 2022-06-16 06:56:22 +02:00
Kenichi Kamiya 70f41926ca Fix duplicate words in README 2022-06-16 13:06:54 +09:00
Federico Builes 1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
dependabot[bot] ba0681f88b Bump @types/node from 17.0.43 to 18.0.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.43 to 18.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 01:32:41 +00:00
Federico Builes 29fc7a23bd Merge pull request #117 from actions/readme-capitalisation
Fixing branding in the readme
2022-06-15 15:40:19 +02:00
Courtney Claessens 903977c63a branding! 2022-06-15 09:32:17 -04:00
Federico Builes aabd50a60d Bumping version to 2.0.1 2022-06-15 15:27:15 +02:00
Federico Builes 981c44c2a9 Merge pull request #116 from actions/unknown-licenses
Unknown licenses
2022-06-15 15:26:38 +02:00
Federico Builes c0d32934e8 Adding dist. 2022-06-15 15:25:21 +02:00
Federico Builes 963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Federico Builes 43ce5df965 Update CONTRIBUTING.md 2022-06-15 14:03:10 +02:00
Federico Builes 24bc5e9934 Updating the CONTRIBUTING.md docs. 2022-06-15 14:01:47 +02:00
Federico Builes 97790d29c7 update version in package.json 2022-06-15 11:55:10 +02:00
Federico Builes 74dbdf9819 Merge pull request #112 from actions/move-config-file
Move configuration file location
2022-06-15 11:53:18 +02:00
Federico Builes f3f3519b2a Merge branch 'main' into move-config-file 2022-06-15 06:43:18 +02:00
Federico Builes 216910dd9a Merge pull request #113 from actions/dependabot/npm_and_yarn/prettier-2.7.0
Bump prettier from 2.6.2 to 2.7.0
2022-06-15 06:42:57 +02:00
dependabot[bot] eb561ba6bd Bump prettier from 2.6.2 to 2.7.0
Bumps [prettier](https://github.com/prettier/prettier) from 2.6.2 to 2.7.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.6.2...2.7.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-15 03:36:59 +00:00
Federico Builes 3f246861d8 Merge pull request #114 from actions/dependabot/npm_and_yarn/types/node-17.0.43
Bump @types/node from 17.0.42 to 17.0.43
2022-06-15 05:36:17 +02:00
Federico Builes faa63c3cba adding dist 2022-06-15 05:21:16 +02:00
Courtney Claessens dfd519642f Update schemas.ts 2022-06-14 22:37:00 -04:00
Courtney Claessens 871f4064a1 adding doc for protected branches 2022-06-14 22:32:34 -04:00
dependabot[bot] d6f6abdda3 Bump @types/node from 17.0.42 to 17.0.43
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.42 to 17.0.43.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-15 01:44:34 +00:00
Courtney Claessens 54764c9203 Update README.md
adding some clarity to failing on severity; naming formatting, update example for v2
2022-06-14 12:16:03 -04:00
Federico Builes c6587b663d Updating README with instructions for unknown licenses. 2022-06-14 14:11:01 +02:00
Federico Builes 42e2bc1ed2 Handle unknown licenses. 2022-06-14 13:54:27 +02:00
Federico Builes 0b87f02bee Document how we test inputs 2022-06-14 13:00:18 +02:00
Federico Builes 00be2ce1fc Typos. 2022-06-14 12:27:56 +02:00
Federico Builes 2860b57e48 Update README.md 2022-06-14 12:24:27 +02:00
Federico Builes fd6e756c7b Updating readConfig() to be more readable, get rid of typecasts.
Co-authored-by: Henri Maurer <hmaurer@github.com>
2022-06-14 11:29:13 +02:00
Federico Builes f83a407eb9 Use the correct name for allowlists. 2022-06-14 09:46:59 +02:00
Federico Builes b0e1f384d7 Linting YAML 2022-06-14 09:05:05 +02:00
Federico Builes c973154c92 Dashes instead of underscores. 2022-06-14 07:50:25 +02:00
Federico Builes 3355ec4be5 adding dist 2022-06-14 07:44:17 +02:00
Federico Builes 76ad37608d Adding more tests for the config file. 2022-06-14 07:42:51 +02:00
Federico Builes 3eff3f5918 let => const 2022-06-14 07:42:13 +02:00
Federico Builes 7278093fa0 Clarify some of the error messages. 2022-06-14 07:41:37 +02:00
Federico Builes b5b49104d4 Adding the config definition to action.yml 2022-06-14 07:40:16 +02:00
Federico Builes e56fe29417 Remove old config file. 2022-06-14 07:38:45 +02:00
Federico Builes cc3101831d Updating dist. 2022-06-14 07:04:33 +02:00
Federico Builes ef97470a0f Don't set the defaults in the test :/ 2022-06-14 07:04:26 +02:00
Federico Builes efecf6fd09 Remove the variables from env so they don't default to empty strings. 2022-06-14 06:49:18 +02:00
Federico Builes 24d7ef3c5d Use an empty config options type. 2022-06-14 06:48:58 +02:00
Federico Builes 01fa67b82e adding dist 2022-06-14 06:26:18 +02:00
Federico Builes 1791775ce6 temp commit 2022-06-14 05:57:43 +02:00
Federico Builes 92f1ecaaea Merge pull request #106 from actions/adding-lists
Adding allow and deny lists
2022-06-14 04:45:37 +02:00
Federico Builes 47d4ff9127 Merge pull request #111 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.28.0
Bump @typescript-eslint/parser from 5.27.1 to 5.28.0
2022-06-14 04:45:19 +02:00
dependabot[bot] 9c5310eee9 Bump @typescript-eslint/parser from 5.27.1 to 5.28.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.27.1 to 5.28.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.28.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-14 02:44:10 +00:00
Federico Builes d616ba30f2 Merge pull request #110 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.28.0
Bump @typescript-eslint/eslint-plugin from 5.27.1 to 5.28.0
2022-06-14 04:43:24 +02:00
dependabot[bot] 7181a20a1f Bump @typescript-eslint/eslint-plugin from 5.27.1 to 5.28.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.27.1 to 5.28.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.28.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-14 01:45:00 +00:00
Federico Builes eebebcdc2a Use real PURLs in tests 2022-06-13 20:19:01 +02:00
Federico Builes 571f236610 Improved wording on license messages. 2022-06-13 20:08:16 +02:00
Federico Builes fe78920139 Document unwanted behavior for a future refactoring. 2022-06-13 20:04:39 +02:00
Federico Builes bd115a9b66 Merge pull request #108 from actions/dependabot/npm_and_yarn/types/node-17.0.42
Bump @types/node from 17.0.40 to 17.0.42
2022-06-13 11:36:18 +02:00
dependabot[bot] 72a5a0f647 Bump @types/node from 17.0.40 to 17.0.42
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.40 to 17.0.42.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 01:44:57 +00:00
Federico Builes 21412fec7b fixing dist check 2022-06-09 10:46:00 +02:00
Federico Builes 0777fbe61e Updating dist. 2022-06-09 10:42:56 +02:00
Federico Builes cc22dcd654 Use undefined instead of null when dealing with lists. 2022-06-09 10:42:31 +02:00
Federico Builes 6b5518a9ed Adding more docs to licenses.ts 2022-06-09 10:33:05 +02:00
Federico Builes 20cca5c0c4 The default settings should not use []. 2022-06-08 18:28:10 +02:00
Federico Builes a51db20961 Use null for unspecified values when filtering licenses. 2022-06-08 18:21:28 +02:00
Federico Builes a7d02aef82 adding dist 2022-06-08 17:47:06 +02:00
Federico Builes 4ac3d318ab Refactoring on PR feedback. 2022-06-08 17:45:42 +02:00
Federico Builes 25271922eb Clarify variable names. 2022-06-08 15:53:14 +02:00
Federico Builes 4474253eb8 Merge branch 'main' into adding-lists 2022-06-07 06:23:53 +02:00
Federico Builes 1a7225bc91 Merge pull request #104 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.1
Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
2022-06-07 06:20:33 +02:00
Federico Builes 4ebaca3419 Merge pull request #105 from actions/dependabot/npm_and_yarn/yaml-2.1.1
Bump yaml from 2.1.0 to 2.1.1
2022-06-07 06:20:17 +02:00
Federico Builes a96d28f120 Remove configuration docs until we have a proper release. 2022-06-07 06:19:22 +02:00
dependabot[bot] 29b67f0a05 Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 04:16:25 +00:00
Federico Builes c187f6f12d Merge pull request #103 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.1
Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
2022-06-07 06:15:32 +02:00
dependabot[bot] 3b0a091baa Bump yaml from 2.1.0 to 2.1.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:33:07 +00:00
dependabot[bot] 3456819f12 Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:32:39 +00:00
Federico Builes 56e63b1bc5 adding dist 2022-06-06 20:32:46 +02:00
Federico Builes 2ae9a2d51b Add logic for denied licenses. 2022-06-06 20:32:46 +02:00
Federico Builes 1261e18905 Clarify license tests. 2022-06-06 20:32:46 +02:00
Federico Builes dc7b0a2788 Show an error when disallowed dependencies show up. 2022-06-06 20:32:46 +02:00
Federico Builes 06297bf229 Fixing failing tests 2022-06-06 20:32:46 +02:00
Federico Builes bccacf9708 Skeleton for license validation. 2022-06-06 20:32:46 +02:00
Federico Builes 8c646c1c91 Get rid of redundant variables. 2022-06-06 20:32:46 +02:00
Federico Builes 30c4549c8c Merge pull request #91 from actions/adding-config-file
Adding configuration options
2022-06-06 20:32:21 +02:00
Federico Builes 93c8cb2c8a Merge pull request #101 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.5.3
Bump eslint-plugin-jest from 26.4.6 to 26.5.3
2022-06-06 13:43:17 +02:00
Federico Builes d7c6d6203f Merge pull request #100 from actions/dependabot/npm_and_yarn/esbuild-register-3.3.3
Bump esbuild-register from 3.3.2 to 3.3.3
2022-06-06 13:34:38 +02:00
dependabot[bot] 92bcc5a0bf Bump esbuild-register from 3.3.2 to 3.3.3
Bumps esbuild-register from 3.3.2 to 3.3.3.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 11:32:09 +00:00
Federico Builes 545050ada5 Merge pull request #99 from actions/dependabot/npm_and_yarn/eslint-8.17.0
Bump eslint from 8.16.0 to 8.17.0
2022-06-06 13:31:00 +02:00
Federico Builes 2b674f0e26 Merge pull request #98 from actions/dependabot/npm_and_yarn/types/node-17.0.40
Bump @types/node from 17.0.38 to 17.0.40
2022-06-06 13:30:45 +02:00
Federico Builes 802525536f Merge pull request #97 from actions/dependabot/npm_and_yarn/typescript-4.7.3
Bump typescript from 4.7.2 to 4.7.3
2022-06-06 13:30:28 +02:00
dependabot[bot] 4eb9ad1d38 Bump eslint-plugin-jest from 26.4.6 to 26.5.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.6 to 26.5.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.6...v26.5.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:49:06 +00:00
dependabot[bot] 12cf02f216 Bump eslint from 8.16.0 to 8.17.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.16.0 to 8.17.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.16.0...v8.17.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:31 +00:00
dependabot[bot] c7ff505b05 Bump @types/node from 17.0.38 to 17.0.40
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.38 to 17.0.40.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:14 +00:00
dependabot[bot] 90221b23f7 Bump typescript from 4.7.2 to 4.7.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.2 to 4.7.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.2...v4.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:47:20 +00:00
Federico Builes 2f38c7e78c Add severity level to the vulns not found message. 2022-06-01 15:56:16 +02:00
Federico Builes c235374b9d Removing redundant test. 2022-06-01 13:42:22 +02:00
Federico Builes ae2949c9c1 Removing old file. 2022-06-01 13:40:09 +02:00
Federico Builes 3ae540bf96 Updating the README with config instructions. 2022-06-01 13:39:05 +02:00
Federico Builes 1c15a1745e Adding dependency-review.yml. 2022-06-01 13:38:42 +02:00
Federico Builes 19b36f0933 Use a more definitive name for the config file. 2022-06-01 13:28:03 +02:00
Federico Builes 0b9547aabf Adding more expectations for severities. 2022-06-01 13:14:32 +02:00
Federico Builes b327132e4b Remove state from the filtering function. 2022-06-01 13:10:58 +02:00
Federico Builes f9a13e70f4 Fixing circular reference, adding prettier. 2022-06-01 12:09:11 +02:00
Federico Builes db9f724163 Introduce a schema for ConfigurationOptions.
This commit illustrates an approach, but is currently
failing the tests.
2022-06-01 06:36:02 +02:00
Federico Builes 7db11574b7 Make vulnerabilities be [] by default. 2022-06-01 05:36:46 +02:00
Federico Builes 7063d0ca45 Don't modify array in place. 2022-06-01 05:32:50 +02:00
Federico Builes 2dd55385c1 Use let instead of var, fix failing test. 2022-06-01 05:31:33 +02:00
Federico Builes 48729e4e38 Merge pull request #96 from actions/dependabot/npm_and_yarn/types/node-17.0.38
Bump @types/node from 17.0.36 to 17.0.38
2022-06-01 04:48:28 +02:00
dependabot[bot] 230442bc30 Bump @types/node from 17.0.36 to 17.0.38
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.36 to 17.0.38.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-01 01:54:46 +00:00
Federico Builes 4235242818 adding dist files 2022-05-31 17:09:21 +02:00
Federico Builes 731e67eca2 Add filtering by low severity as the default. 2022-05-31 17:08:22 +02:00
Federico Builes b601c09c4e Merge branch 'main' into adding-config-file 2022-05-31 16:59:33 +02:00
Federico Builes 982e1d16cb Whitespace and newlines. 2022-05-31 16:54:59 +02:00
Federico Builes f0a04841ce Adding logic to filter by vulnerability severity. 2022-05-31 16:50:39 +02:00
Federico Builes e622e72c6f Export Change schema. 2022-05-31 06:06:19 +02:00
Federico Builes 92e40d7290 Move printing function out. 2022-05-31 06:03:42 +02:00
Federico Builes 21763d05e0 Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6
Bump eslint-plugin-jest from 26.4.5 to 26.4.6
2022-05-31 05:25:05 +02:00
Federico Builes 2c245d1aba Merge pull request #93 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.0
Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
2022-05-31 05:24:37 +02:00
dependabot[bot] d6fb424a28 Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 03:22:15 +00:00
Federico Builes 088fc4d4e8 Merge pull request #92 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.0
Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
2022-05-31 05:21:37 +02:00
dependabot[bot] 132427b4bc Bump eslint-plugin-jest from 26.4.5 to 26.4.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.5 to 26.4.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.5...v26.4.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:59 +00:00
dependabot[bot] 5f0449f13c Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:15 +00:00
Federico Builes 0b73ead548 Merge branch 'main' into adding-config-file 2022-05-30 06:37:29 +02:00
Federico Builes 67a046c994 Merge pull request #89 from actions/dependabot/npm_and_yarn/types/node-17.0.36
Bump @types/node from 17.0.35 to 17.0.36
2022-05-30 06:30:17 +02:00
Federico Builes 64c25ba2f4 Merge pull request #90 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.5
Bump eslint-plugin-jest from 26.2.2 to 26.4.5
2022-05-30 06:30:05 +02:00
dependabot[bot] f3682c87a7 Bump eslint-plugin-jest from 26.2.2 to 26.4.5
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.2.2 to 26.4.5.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.2.2...v26.4.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:47:42 +00:00
dependabot[bot] fc7745e42a Bump @types/node from 17.0.35 to 17.0.36
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.35 to 17.0.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:46:36 +00:00
Federico Builes a8dcc6b774 Adding basic config file parsing and some test scaffolding. 2022-05-26 15:54:59 -07:00
Federico Builes d09b96a7b1 Updating YAML deps. 2022-05-26 14:49:02 -07:00
Federico Builes 243561faa0 Merge pull request #87 from actions/dependabot/npm_and_yarn/vercel/ncc-0.34.0
Bump @vercel/ncc from 0.33.4 to 0.34.0
2022-05-26 10:47:33 -07:00
Federico Builes 860cc21fc2 Merge pull request #86 from actions/dependabot/npm_and_yarn/got-12.1.0
Bump got from 12.0.4 to 12.1.0
2022-05-26 10:47:20 -07:00
dependabot[bot] 98f8200aaa Bump @vercel/ncc from 0.33.4 to 0.34.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.33.4 to 0.34.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.33.4...0.34.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:41 +00:00
dependabot[bot] b3375e0be4 Bump got from 12.0.4 to 12.1.0
Bumps [got](https://github.com/sindresorhus/got) from 12.0.4 to 12.1.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.0.4...v12.1.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:11 +00:00
Federico Builes 737f9b3a71 Merge pull request #85 from actions/dependabot/npm_and_yarn/typescript-4.7.2
Bump typescript from 4.6.4 to 4.7.2
2022-05-25 10:57:24 -07:00
dependabot[bot] 91660a5ad1 Bump typescript from 4.6.4 to 4.7.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.4 to 4.7.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.4...v4.7.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 01:46:29 +00:00
Federico Builes 2b78124491 Merge pull request #83 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.26.0
Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
2022-05-24 16:21:37 -07:00
Federico Builes 365fad2034 Merge pull request #82 from actions/dependabot/npm_and_yarn/zod-3.17.3
Bump zod from 3.17.2 to 3.17.3
2022-05-24 14:54:41 -07:00
Federico Builes 31314537ae adding dist files 2022-05-24 14:52:45 -07:00
dependabot[bot] c893395cf8 Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.25.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:43:26 +00:00
dependabot[bot] 93e4466112 Bump zod from 3.17.2 to 3.17.3
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.2 to 3.17.3.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.2...v3.17.3)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:42:32 +00:00
Federico Builes a9c83d3af6 Merge pull request #81 from actions/elireisman/fix-default-case
Fix default-case in error handling
2022-05-23 12:30:51 -07:00
Eli Reisman f4b10ab0c4 update dist package 2022-05-23 11:46:07 -07:00
Eli Reisman a4da1f9048 handle unexpected error types opaquely 2022-05-23 11:45:36 -07:00
Eli Reisman 19edfd7243 fix default case in error handling 2022-05-23 11:36:34 -07:00
Federico Builes 0be808458e Merge pull request #80 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.26.0
Bump @typescript-eslint/parser from 5.24.0 to 5.26.0
2022-05-23 11:20:37 -07:00
Federico Builes 77396f2e4f Merge pull request #79 from actions/dependabot/npm_and_yarn/zod-3.17.2
Bump zod from 3.16.0 to 3.17.2
2022-05-23 11:19:59 -07:00
Federico Builes 9bc6bded9e updating dist 2022-05-23 11:18:56 -07:00
dependabot[bot] 3b26a2a544 Bump zod from 3.16.0 to 3.17.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.16.0 to 3.17.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.16.0...v3.17.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:16:20 +00:00
dependabot[bot] 7517e23bfc Bump @typescript-eslint/parser from 5.24.0 to 5.26.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.24.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:16:05 +00:00
Federico Builes cdae254423 Merge pull request #78 from actions/dependabot/npm_and_yarn/eslint-8.16.0
Bump eslint from 8.15.0 to 8.16.0
2022-05-23 11:14:59 -07:00
Federico Builes a257e84a2f Merge pull request #77 from actions/dependabot/npm_and_yarn/types/node-17.0.35
Bump @types/node from 17.0.33 to 17.0.35
2022-05-23 11:14:38 -07:00
dependabot[bot] e0be07f423 Bump eslint from 8.15.0 to 8.16.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.15.0 to 8.16.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.15.0...v8.16.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:04:04 +00:00
dependabot[bot] 4b83e15691 Bump @types/node from 17.0.33 to 17.0.35
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.33 to 17.0.35.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-23 18:03:59 +00:00
Federico Builes e4396493ba Merge pull request #73 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.25.0
Bump @typescript-eslint/eslint-plugin from 5.24.0 to 5.25.0
2022-05-23 11:03:13 -07:00
dependabot[bot] 8ba008fb62 Bump @typescript-eslint/eslint-plugin from 5.24.0 to 5.25.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.24.0 to 5.25.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.25.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-18 01:30:23 +00:00
Federico Builes 5ce46b3424 Merge pull request #65 from actions/update-readme
Update README to include GHAS instructions
2022-05-16 14:20:09 -07:00
Federico Builes 9680f24ea3 Merge pull request #71 from actions/dependabot/npm_and_yarn/actions/github-5.0.3
Bump @actions/github from 5.0.1 to 5.0.3
2022-05-16 14:19:29 -07:00
Federico Builes 9cdb91e238 updating dist files 2022-05-16 14:17:47 -07:00
dependabot[bot] 92e8876693 Bump @actions/github from 5.0.1 to 5.0.3
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.0.1 to 5.0.3.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:15:27 +00:00
Federico Builes c91da44591 Merge pull request #67 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.2.2
Bump eslint-plugin-jest from 26.1.5 to 26.2.2
2022-05-16 14:13:20 -07:00
Federico Builes b988161c8f Merge pull request #70 from actions/updating-deps
Updating NPM Dependencies
2022-05-16 14:09:47 -07:00
Federico Builes a086ec5a2d updating dependencies 2022-05-16 14:06:20 -07:00
dependabot[bot] b40a0040b5 Bump eslint-plugin-jest from 26.1.5 to 26.2.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.1.5 to 26.2.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.1.5...v26.2.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:05:19 +00:00
Federico Builes dcc694e92a Merge pull request #61 from actions/dependabot/npm_and_yarn/zod-3.16.0
Bump zod from 3.15.1 to 3.16.0
2022-05-16 14:04:47 -07:00
dependabot[bot] dfafa144e7 Bump zod from 3.15.1 to 3.16.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.15.1 to 3.16.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.15.1...v3.16.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 21:03:27 +00:00
Federico Builes 7a2877d9c8 updating the dist folder 2022-05-16 14:02:08 -07:00
Federico Builes 265d6e12a9 updating README 2022-05-13 08:11:58 +02:00
Eli Reisman 39e692fa32 Merge pull request #60 from actions/elireisman/handle-403
Enable differentiated error messages for DR eligibility
2022-05-12 11:13:53 -07:00
Federico Builes 0e2b63f1f4 Cleaning up errors. 2022-05-12 18:07:14 +02:00
Federico Builes 0e9a322413 Move config into its own file. 2022-05-12 18:05:14 +02:00
Federico Builes fdcc204dbb Adding a YAML parser. 2022-05-12 18:04:51 +02:00
Federico Builes 871c00fde8 adding dist files 2022-05-12 11:44:25 +02:00
Federico Builes 52795b8e93 Print config files. 2022-05-12 11:43:08 +02:00
Federico Builes 744ab92b2c Merge pull request #62 from actions/update-hacking
Update CONTRIBUTING.md
2022-05-12 10:26:10 +02:00
Federico Builes 0b8c1ff0d6 Update CONTRIBUTING.md 2022-05-12 10:25:45 +02:00
Eli Reisman 7dcdeab949 update dist 2022-05-11 20:03:29 +00:00
Eli Reisman cabd238caa enable differentiated error messages for DR eligibility when API returns 403 2022-05-11 19:53:29 +00:00
Federico Builes 2fee08ee9a Merge pull request #55 from actions/dependabot/npm_and_yarn/eslint-8.15.0
Bump eslint from 8.14.0 to 8.15.0
2022-05-09 15:42:54 +02:00
Federico Builes 9571135e29 updating dist folder 2022-05-09 15:41:42 +02:00
dependabot[bot] 85d9dc08d0 Bump eslint from 8.14.0 to 8.15.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.14.0 to 8.15.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.14.0...v8.15.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-09 13:40:42 +00:00
Federico Builes 005e168d77 Merge pull request #54 from actions/updating-deps
Updating JS Dependencies in a single PR
2022-05-09 15:39:26 +02:00
Federico Builes 9c59c3e487 Updating dependencies.
Closes #49
Closes #50
Closes #51
Closes #52
Closes #53
2022-05-09 15:36:27 +02:00
Federico Builes e4574efd2a update deps 2022-05-05 17:25:18 +02:00
Federico Builes e343d06cbe Merge pull request #48 from actions/dependabot/npm_and_yarn/typescript-4.6.4
Bump typescript from 4.6.3 to 4.6.4
2022-05-05 17:24:06 +02:00
Federico Builes 3a4a231669 Merge pull request #47 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.22.0
Bump @typescript-eslint/eslint-plugin from 5.18.0 to 5.22.0
2022-05-05 17:23:59 +02:00
dependabot[bot] 3b3aee2807 Bump typescript from 4.6.3 to 4.6.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.3 to 4.6.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.3...v4.6.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 15:23:59 +00:00
Federico Builes 7e68ff5413 Merge pull request #15 from actions/dependabot/npm_and_yarn/actions/github-5.0.1
Bump @actions/github from 5.0.0 to 5.0.1
2022-05-05 17:23:43 +02:00
Federico Builes f3e7f2e17c Merge pull request #39 from actions/dependabot/npm_and_yarn/eslint-8.14.0
Bump eslint from 8.12.0 to 8.14.0
2022-05-05 17:23:08 +02:00
dependabot[bot] 5aadf9df79 Bump @actions/github from 5.0.0 to 5.0.1
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 15:21:20 +00:00
dependabot[bot] 2912ad058b Bump eslint from 8.12.0 to 8.14.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.12.0 to 8.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.12.0...v8.14.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 15:21:10 +00:00
dependabot[bot] 41113f0103 Bump @typescript-eslint/eslint-plugin from 5.18.0 to 5.22.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.18.0 to 5.22.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.22.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 15:20:48 +00:00
Federico Builes 457441cf81 Merge pull request #45 from actions/dependabot/npm_and_yarn/actions/core-1.7.0
Bump @actions/core from 1.6.0 to 1.7.0
2022-05-05 17:20:37 +02:00
Federico Builes 53e123e9bc Merge pull request #46 from actions/dependabot/npm_and_yarn/nodemon-2.0.16
Bump nodemon from 2.0.15 to 2.0.16
2022-05-05 17:19:57 +02:00
Federico Builes 51033d1351 package release 2022-05-05 16:57:05 +02:00
dependabot[bot] 727184648e Bump @actions/core from 1.6.0 to 1.7.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 14:52:31 +00:00
dependabot[bot] 51f78cb35f Bump nodemon from 2.0.15 to 2.0.16
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.15 to 2.0.16.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.15...v2.0.16)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 12:37:24 +00:00
Federico Builes 2ac4ee7782 Merge pull request #40 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.1.5
Bump eslint-plugin-jest from 26.1.3 to 26.1.5
2022-05-05 14:36:22 +02:00
Federico Builes 731c8509d5 Merge pull request #29 from actions/dependabot/npm_and_yarn/vercel/ncc-0.33.4
Bump @vercel/ncc from 0.33.3 to 0.33.4
2022-05-05 14:31:16 +02:00
Federico Builes 58c9c8dc08 add sourcemap 2022-05-05 14:30:11 +02:00
dependabot[bot] 38015e8ba9 Bump @vercel/ncc from 0.33.3 to 0.33.4
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.33.3 to 0.33.4.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.33.3...0.33.4)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 12:28:30 +00:00
Federico Builes 55aad1c2ed Merge pull request #26 from actions/dependabot/github_actions/actions/upload-artifact-3
Bump actions/upload-artifact from 2 to 3
2022-05-05 14:27:27 +02:00
dependabot[bot] 132849cc93 Bump eslint-plugin-jest from 26.1.3 to 26.1.5
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.1.3 to 26.1.5.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.1.3...v26.1.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 02:49:57 +00:00
dependabot[bot] 52530a057c Bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 01:39:43 +00:00
Lane Seppala f7d534938a Merge pull request #20 from courtneycl/main
Update content
2022-04-06 14:11:01 -06:00
Courtney Claessens 27e65b9589 Update action.yml 2022-04-06 16:03:35 -04:00
Courtney Claessens 1d0829d84c Update README.md 2022-04-06 16:00:03 -04:00
Federico Builes e0e026c756 Merge pull request #18 from actions/update-codeowners
Updating CODEOWNERS.
2022-04-06 19:05:12 +02:00
Federico Builes 0e686847c0 Merge pull request #17 from actions/sarahkemi/update-readme
Update README copy
2022-04-06 10:13:48 +02:00
Sarah Aladetan 43afa84d78 update readme copy 2022-04-05 11:44:34 -07:00
Lane Seppala ac46ae2e5b Merge pull request #16 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.18.0
Bump @typescript-eslint/eslint-plugin from 5.17.0 to 5.18.0
2022-04-04 17:02:50 -06:00
dependabot[bot] ad9ad2d36d Bump @typescript-eslint/eslint-plugin from 5.17.0 to 5.18.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.17.0 to 5.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.18.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 22:59:44 +00:00
Lane Seppala be26556282 Merge pull request #13 from actions/dependabot/npm_and_yarn/prettier-2.6.2
Bump prettier from 2.6.1 to 2.6.2
2022-04-04 16:58:53 -06:00
Lane Seppala c083fa1499 Merge pull request #12 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.18.0
Bump @typescript-eslint/parser from 5.14.0 to 5.18.0
2022-04-04 16:58:37 -06:00
dependabot[bot] 157075c780 Bump @typescript-eslint/parser from 5.14.0 to 5.18.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.14.0 to 5.18.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.18.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 22:40:17 +00:00
dependabot[bot] 6ddfe40705 Bump prettier from 2.6.1 to 2.6.2
Bumps [prettier](https://github.com/prettier/prettier) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.6.1...2.6.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 22:40:15 +00:00
Lane Seppala ecf7f31121 Merge pull request #11 from actions/dependabot/npm_and_yarn/got-12.0.3
Bump got from 12.0.1 to 12.0.3
2022-04-04 16:39:27 -06:00
Lane Seppala 79799f95b1 Merge pull request #9 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.17.0
Bump @typescript-eslint/eslint-plugin from 5.14.0 to 5.17.0
2022-04-04 16:38:22 -06:00
Lane Seppala 20749a73f2 Merge pull request #8 from actions/dependabot/npm_and_yarn/ts-jest-27.1.4
Bump ts-jest from 27.1.3 to 27.1.4
2022-04-04 16:38:15 -06:00
Lane Seppala 047972e563 Merge pull request #7 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.1.3
Bump eslint-plugin-jest from 26.1.1 to 26.1.3
2022-04-04 16:38:05 -06:00
dependabot[bot] 1fcd0f0cda Bump got from 12.0.1 to 12.0.3
Bumps [got](https://github.com/sindresorhus/got) from 12.0.1 to 12.0.3.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.0.1...v12.0.3)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 01:33:11 +00:00
dependabot[bot] 11ad653c6c Bump @typescript-eslint/eslint-plugin from 5.14.0 to 5.17.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.14.0 to 5.17.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.17.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 01:32:54 +00:00
dependabot[bot] a7b1112790 Bump ts-jest from 27.1.3 to 27.1.4
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 27.1.3 to 27.1.4.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v27.1.3...v27.1.4)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 01:32:35 +00:00
dependabot[bot] b72e171434 Bump eslint-plugin-jest from 26.1.1 to 26.1.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.1.1 to 26.1.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.1.1...v26.1.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 01:32:28 +00:00
33 changed files with 15215 additions and 4939 deletions
+3
View File
@@ -9,3 +9,6 @@ updates:
directory: /
schedule:
interval: daily
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+1
View File
@@ -0,0 +1 @@
fail-on-severity: low
+1 -1
View File
@@ -46,7 +46,7 @@ jobs:
id: diff
# If index.js was different than expected, upload the expected version as an artifact
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist
+42
View File
@@ -0,0 +1,42 @@
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Test
run: |
npm test
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Check format
run: |
npm run format-check
- name: Lint
run: |
npm run lint
+3
View File
@@ -0,0 +1,3 @@
{
"recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
}
+13
View File
@@ -0,0 +1,13 @@
{
"version": "0.1.0",
"configurations": [
{
"name": "Debug Jest Tests",
"type": "node",
"request": "launch",
"runtimeArgs": ["--inspect-brk", "${workspaceRoot}/node_modules/.bin/jest", "--runInBand", "--coverage", "false"],
"console": "integratedTerminal",
"internalConsoleOptions": "neverOpen"
}
]
}
+4
View File
@@ -0,0 +1,4 @@
{
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
+39 -1
View File
@@ -40,7 +40,11 @@ npm run test
## Local Development
We have a script to scan a given PR for vulnerabilities, this will
help you test your local changes. Make sure to [grab a Personal Access Token (PAT)](https://github.com/settings/tokens) before proceeding!
help you test your local changes. Make sure to [grab a Personal Access Token (PAT)](https://github.com/settings/tokens) before proceeding (you'll need `repo` permissions for private repos):
<img width="480" alt="Screenshot 2022-05-12 at 10 22 21" src="https://user-images.githubusercontent.com/2161/168026161-16788a0a-b6c8-428e-bb6a-83ea2a403070.png">
The syntax of the script is:
```sh
$ GITHUB_TOKEN=<token> ./scripts/scan_pr <pr_url>
@@ -69,6 +73,40 @@ Here are a few things you can do that will increase the likelihood of your pull
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Cutting a new release
1. Update the version number in [package.json](https://github.com/actions/dependency-review-action/blob/main/package.json).
1. Go to [Draft a new
release](https://github.com/actions/dependency-review-action/releases/new)
in the Releases page.
2. Make sure that the `Publish this Action to the GitHub Marketplace`
checkbox is enabled
<img width="481" alt="Screenshot 2022-06-15 at 12 08 19" src="https://user-images.githubusercontent.com/2161/173822484-4b60d8b4-c674-4bff-b5ff-b0c4a3650ab7.png">
3. Click "Choose a tag" and then "Create new tag", where the tag name
will be your version prefixed by a `v` (e.g. `v1.2.3`).
4. Use a version number for the release title (e.g. "1.2.3").
<img width="700" alt="Screenshot 2022-06-15 at 12 08 36" src="https://user-images.githubusercontent.com/2161/173822548-33ab3432-d679-4dc1-adf8-b50fdaf47de3.png">
5. Add your release notes. If this is a major version make sure to
include a small description of the biggest changes in the new version.
6. Click "Publish Release".
You now have a tag and release using the semver version you used
above. The last remaining thing to do is to move the dynamic version
identifier to match the current SHA. This allows users to adopt a
major version number (e.g. `v1`) in their workflows while
automatically getting all the
minor/patch updates.
To do this just checkout `main`, force-create a new annotated tag, and push it:
```
git tag -fa v2 -m "Updating v2 to 2.3.4"
git push origin v2 --force
```
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+251 -5
View File
@@ -1,14 +1,22 @@
# dependency-review-action
This Action scans your pull requests for vulnerabilities introduced
when adding or updating your project's dependencies. A check in your
Pull Requests will let notify you of the results.
This action scans your pull requests for dependency changes, and will
raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions.
The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
You can see the results on the job logs
<img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
or on the job summary
<img src="https://user-images.githubusercontent.com/7847935/182871416-50332bbb-b279-4621-a136-ca72a4314301.png">
## Installation
**Please keep in mind that you need a [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security) license if you're running this action on private repositories.**
1. Add a new YAML workflow to your `.github/workflows` folder:
```yaml
@@ -25,9 +33,246 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v1
uses: actions/dependency-review-action@v2
```
### GitHub Enterprise Server
This action is available in Enterprise Server starting with version 3.6. Make sure
[GitHub Advanced
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
and [GitHub
Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
are enabled.
You can use the same workflow as above, replacing the `runs-on` value
with the label of any of your runners (the default label
is `self-hosted`):
```yaml
# ...
jobs:
dependency-review:
runs-on: self-hosted
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v2
```
## Configuration
Configure this action by either using an external configuration file,
or by inlining these options in your workflow file.
### Options
#### config-file
A string representing the path to an external configuraton file. By
default external configuration files are not used.
**Possible values**: A string representing the absolute path to the
configuration file.
**Example**: `config-file: ./.github/dependency-review-config.yml`.
#### fail-on-severity
Configure the severity level for alerting. See "[Vulnerability Severity](https://github.com/actions/dependency-review-action#vulnerability-severity)".
**Possible values**: `critical`, `high`, `moderate`, `low`.
**Example**: `fail-on-severity: moderate`.
#### fail-on-scopes
A list of strings representing the build environments you want to
support. The default value is `development, runtime`.
**Possible values**: `development`, `runtime`, `unknown`
**Inline example**: `fail-on-scopes: development, runtime`
**YAML example**:
```yaml
# this prevents scanning development dependencies
fail-on-scopes:
- runtime
```
#### allow-licenses
Only allow the licenses in this list. See "[Licenses](https://github.com/actions/dependency-review-action#licenses)".
**Possible values**: Any `spdx_id` value(s) from
https://docs.github.com/en/rest/licenses.
**Inline example**: `allow-licenses: BSD-3-Clause, MIT`
**YAML example**:
```yaml
allow-licenses:
- BSD-3-Clause
- MIT
```
#### deny-licenses
Add a custom list of licenses you want to block. See
"[Licenses](https://github.com/actions/dependency-review-action#licenses)".
**Possible values**: Any `spdx_id` value(s) from
https://docs.github.com/en/rest/licenses.
**Inline example**: `deny-licenses: LGPL-2.0, BSD-2-Clause`
**YAML example**:
```yaml
deny-licenses:
- LGPL-2.0
- BSD-2-Clause
```
#### base-ref/head-ref
Provide custom git references for the git base/head when performing
the comparison. If you are using pull requests, or
`pull_request_target` events you do not need to worry about setting
this. The values need to be specified for all other event types.
**Possible values**: Any valid git ref(s) in your project.
**Example**:
```yaml
base-ref: 8bb8a58d6a4028b6c2e314d5caaf273f57644896
head-ref: 69af5638bf660cf218aad5709a4c100e42a2f37b
```
### Configuration File
You can use an external configuration file to specify the settings for
this Action.
Start by specifying that you will be using an external configuration
file:
```yaml
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
config-file: "./.github/dependency-review-config.yml"
```
And then create the file in the path you just specified. **All of these fields are
optional**:
```yaml
fail-on-severity: "critical"
allow-licenses:
- "GPL-3.0"
- "BSD-3-Clause"
- "MIT"
```
### Inline Configuration
You can pass options to the Dependency Review
Action using your workflow file. Here's an example of what the full
file would look like:
```yaml
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
fail-on-severity: moderate
# Use comma-separated names to pass list arguments:
deny-licenses: LGPL-2.0, BSD-2-Clause
```
### Vulnerability Severity
By default the action will fail on any pull request that contains a
vulnerable dependency, regardless of the severity level. You can override this behavior by
using the `fail-on-severity` option, which will cause a failure on any pull requests that introduce vulnerabilities of the specified severity level or higher. The possible values are: `critical`, `high`, `moderate`, or `low`. The
action defaults to `low`.
This example will only fail on pull requests with `critical` and `high` vulnerabilities:
```yaml
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
fail-on-severity: high
```
### Dependency Scoping
By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on Enterprise Server just yet, as the REST API's introduction of `scope` will be released in an upcoming Enterprise Server version. We will treat all dependencies on Enterprise Server as having a `runtime` scope and thus will not be filtered away.
```yaml
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
fail-on-scopes: runtime, development
```
### Licenses
You can set the action to fail on pull requests based on the licenses of the dependencies
they introduce. With `allow-licenses` you can define the list of licenses
your repository will accept. Alternatively, you can use `deny-licenses` to only
forbid a subset of licenses. These options are not supported on Enterprise Server.
You can use the [Licenses
API](https://docs.github.com/en/rest/licenses) to see the full list of
supported licenses. Use the `spdx_id` field for every license you want
to filter. A couple of examples:
```yaml
# only allow MIT-licensed dependents
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
allow-licenses: MIT
```
```yaml
# Block Apache 1.1 and 2.0 licensed dependents
- name: Dependency Review
uses: actions/dependency-review-action@v2
with:
deny-licenses: Apache-1.1, Apache-2.0
```
### Considerations
- Checking for licenses is not supported on Enterprise Server.
- The action will only accept one of the two parameters; an error will
be raised if you provide both.
- By default both parameters are empty (no license checking is
performed).
- We don't have license information for all of your dependents. If we
can't detect the license for a dependency **we will inform you, but the
action won't fail**.
## Blocking pull requests
The Dependency Review GitHub Action check will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see the [documentation on protected branches](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging).
## Getting help
If you have bug reports, questions or suggestions please [create a new
@@ -35,9 +280,10 @@ issue](https://github.com/actions/dependency-review-action/issues/new/choose).
## Contributing
We are grateful for any contributions made to this project.
We are grateful for any contributions made to this project.
Please read [CONTRIBUTING.MD](https://github.com/actions/dependency-review-action/blob/main/CONTRIBUTING.md) to get started.
## License
This project is released under the [MIT License](https://github.com/actions/dependency-review-action/blob/main/LICENSE).
+162
View File
@@ -0,0 +1,162 @@
import {expect, test, beforeEach} from '@jest/globals'
import {readConfig, readConfigFile} from '../src/config'
import {getRefs} from '../src/git-refs'
// GitHub Action inputs come in the form of environment variables
// with an INPUT prefix (e.g. INPUT_FAIL-ON-SEVERITY)
function setInput(input: string, value: string) {
process.env[`INPUT_${input.toUpperCase()}`] = value
}
// We want a clean ENV before each test. We use `delete`
// since we want `undefined` values and not empty strings.
function clearInputs() {
const allowedOptions = [
'FAIL-ON-SEVERITY',
'FAIL-ON-SCOPES',
'ALLOW-LICENSES',
'DENY-LICENSES',
'CONFIG-FILE',
'BASE-REF',
'HEAD-REF'
]
allowedOptions.forEach(option => {
delete process.env[`INPUT_${option.toUpperCase()}`]
})
}
beforeEach(() => {
clearInputs()
})
test('it defaults to low severity', async () => {
const options = readConfig()
expect(options.fail_on_severity).toEqual('low')
})
test('it reads custom configs', async () => {
setInput('fail-on-severity', 'critical')
setInput('allow-licenses', ' BSD, GPL 2')
const options = readConfig()
expect(options.fail_on_severity).toEqual('critical')
expect(options.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('it defaults to empty allow/deny lists ', async () => {
const options = readConfig()
expect(options.allow_licenses).toEqual(undefined)
expect(options.deny_licenses).toEqual(undefined)
})
test('it raises an error if both an allow and denylist are specified', async () => {
setInput('allow-licenses', 'MIT')
setInput('deny-licenses', 'BSD')
expect(() => readConfig()).toThrow()
})
test('it raises an error when given an unknown severity', async () => {
setInput('fail-on-severity', 'zombies')
expect(() => readConfig()).toThrow()
})
test('it uses the given refs when the event is not a pull request', async () => {
setInput('base-ref', 'a-custom-base-ref')
setInput('head-ref', 'a-custom-head-ref')
const refs = getRefs(readConfig(), {
payload: {},
eventName: 'workflow_dispatch'
})
expect(refs.base).toEqual('a-custom-base-ref')
expect(refs.head).toEqual('a-custom-head-ref')
})
test('it raises an error when no refs are provided and the event is not a pull request', async () => {
const options = readConfig()
expect(() =>
getRefs(options, {
payload: {},
eventName: 'workflow_dispatch'
})
).toThrow()
})
test('it reads an external config file', async () => {
let options = readConfigFile('./__tests__/fixtures/config-allow-sample.yml')
expect(options.fail_on_severity).toEqual('critical')
expect(options.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('raises an error when the the config file was not found', async () => {
expect(() => readConfigFile('fixtures/i-dont-exist')).toThrow()
})
test('it parses options from both sources', async () => {
setInput('config-file', './__tests__/fixtures/config-allow-sample.yml')
let options = readConfig()
expect(options.fail_on_severity).toEqual('critical')
setInput('base-ref', 'a-custom-base-ref')
options = readConfig()
expect(options.base_ref).toEqual('a-custom-base-ref')
})
test('in case of conflicts, the external config is the source of truth', async () => {
setInput('config-file', './__tests__/fixtures/config-allow-sample.yml') // this will set fail-on-severity to 'critical'
let options = readConfig()
expect(options.fail_on_severity).toEqual('critical')
// this should not overwite the previous value
setInput('fail-on-severity', 'low')
options = readConfig()
expect(options.fail_on_severity).toEqual('critical')
})
test('it uses the default values when loading external files', async () => {
setInput('config-file', './__tests__/fixtures/no-licenses-config.yml')
let options = readConfig()
expect(options.allow_licenses).toEqual(undefined)
expect(options.deny_licenses).toEqual(undefined)
setInput('config-file', './__tests__/fixtures/license-config-sample.yml')
options = readConfig()
expect(options.fail_on_severity).toEqual('low')
})
test('it accepts an external configuration filename', async () => {
setInput('config-file', './__tests__/fixtures/no-licenses-config.yml')
const options = readConfig()
expect(options.fail_on_severity).toEqual('critical')
})
test('it raises an error when given an unknown severity in an external config file', async () => {
setInput('config-file', './__tests__/fixtures/invalid-severity-config.yml')
expect(() => readConfig()).toThrow()
})
test('it defaults to runtime scope', async () => {
const options = readConfig()
expect(options.fail_on_scopes).toEqual(['runtime'])
})
test('it parses custom scopes preference', async () => {
setInput('fail-on-scopes', 'runtime, development')
let options = readConfig()
expect(options.fail_on_scopes).toEqual(['runtime', 'development'])
clearInputs()
setInput('fail-on-scopes', 'development')
options = readConfig()
expect(options.fail_on_scopes).toEqual(['development'])
})
test('it raises an error when given invalid scope', async () => {
setInput('fail-on-scopes', 'runtime, zombies')
expect(() => readConfig()).toThrow()
})
+74
View File
@@ -0,0 +1,74 @@
import {expect, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
import {filterChangesBySeverity, filterChangesByScopes} from '../src/filter'
let npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
let rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'development',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
test('it properly filters changes by severity', async () => {
const changes = [npmChange, rubyChange]
let result = filterChangesBySeverity('high', changes)
expect(result).toEqual([npmChange])
result = filterChangesBySeverity('low', changes)
expect(changes).toEqual([npmChange, rubyChange])
result = filterChangesBySeverity('critical', changes)
expect(changes).toEqual([npmChange, rubyChange])
})
test('it properly filters changes by scope', async () => {
const changes = [npmChange, rubyChange]
let result = filterChangesByScopes(['runtime'], changes)
expect(result).toEqual([npmChange])
result = filterChangesByScopes(['development'], changes)
expect(result).toEqual([rubyChange])
result = filterChangesByScopes(['runtime', 'development'], changes)
expect(result).toEqual([npmChange, rubyChange])
})
@@ -0,0 +1,4 @@
fail_on_severity: critical
allow_licenses:
- "BSD"
- "GPL 2"
@@ -0,0 +1,2 @@
allow_licenses: []
deny_licenses: []
@@ -0,0 +1,3 @@
fail-on-severity: 'so many zombies'
deny-licenses:
- MIT
@@ -0,0 +1 @@
allow_licenses: ['MIT', 'GPL 2']
@@ -0,0 +1 @@
fail_on_severity: critical
+100
View File
@@ -0,0 +1,100 @@
import {expect, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
import {getDeniedLicenseChanges} from '../src/licenses'
let npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'pkg:npm/reeuhq@1.0.2',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
}
let rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'pkg:gem/actionsomething@3.2.0',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
scope: 'runtime',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
test('it fails if a license outside the allow list is found', async () => {
const changes: Changes = [npmChange, rubyChange]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges[0]).toBe(npmChange)
})
test('it fails if a license inside the deny list is found', async () => {
const changes: Changes = [npmChange, rubyChange]
const [invalidChanges] = getDeniedLicenseChanges(changes, {deny: ['BSD']})
expect(invalidChanges[0]).toBe(rubyChange)
})
// This is more of a "here's a behavior that might be surprising" than an actual
// thing we want in the system. Please remove this test after refactoring.
test('it fails all license checks when allow is provided an empty array', async () => {
const changes: Changes = [npmChange, rubyChange]
let [invalidChanges, _] = getDeniedLicenseChanges(changes, {
allow: [],
deny: ['BSD']
})
expect(invalidChanges.length).toBe(2)
})
test('it does not fail if a license outside the allow list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it does not fail if a license inside the deny list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {deny: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it fails if a license outside the allow list is found in both of added and removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
npmChange,
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([npmChange])
})
-5
View File
@@ -1,5 +0,0 @@
import {expect, test} from '@jest/globals'
test('tests things', async () => {
expect(true).toEqual(true)
})
+25 -2
View File
@@ -1,11 +1,34 @@
name: 'Dependency Review'
description: 'GitHub Action for Dependency Review'
description: 'Prevent the introduction of dependencies with known vulnerabilities'
author: 'GitHub'
inputs:
repo-token:
description: 'Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.'
description: Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
required: false
default: ${{ github.token }}
fail-on-severity:
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
required: false
default: 'low'
fail-on-scopes:
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
required: false
default: 'runtime'
base-ref:
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
head-ref:
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
config-file:
description: A filepath to the configuration file for the action.
required: false
allow-licenses:
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
deny-licenses:
description: Comma-separated list of forbidden licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
runs:
using: 'node16'
main: 'dist/index.js'
Generated Vendored
+12549 -2922
View File
File diff suppressed because it is too large Load Diff
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+30
View File
@@ -624,6 +624,19 @@ Permission to use, copy, modify, and/or distribute this software for any purpose
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
uuid
MIT
The MIT License (MIT)
Copyright (c) 2010-2020 Robert Kieffer and other contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
webidl-conversions
BSD-2-Clause
# The BSD 2-Clause License
@@ -684,6 +697,23 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
yaml
ISC
Copyright Eemeli Aro <eemeli@gmail.com>
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.
zod
MIT
MIT License
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+1345 -1942
View File
File diff suppressed because it is too large Load Diff
+21 -20
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "0.0.1",
"version": "2.2.0",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -25,29 +25,30 @@
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.6.0",
"@actions/github": "^5.0.0",
"@actions/core": "^1.9.1",
"@actions/github": "^5.0.3",
"@octokit/plugin-retry": "^3.0.9",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.1.0",
"got": "^12.0.1",
"nodemon": "^2.0.15",
"zod": "^3.13.4"
"@octokit/request-error": "^3.0.1",
"ansi-styles": "^6.1.1",
"got": "^12.5.0",
"nodemon": "^2.0.20",
"yaml": "^2.1.1",
"zod": "^3.19.1"
},
"devDependencies": {
"@types/node": "^17.0.23",
"@typescript-eslint/eslint-plugin": "^5.14.0",
"@typescript-eslint/parser": "^5.14.0",
"@vercel/ncc": "^0.33.3",
"esbuild-register": "^3.3.2",
"eslint": "^8.12.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.1.1",
"@types/node": "^16.11.59",
"@typescript-eslint/eslint-plugin": "^5.38.0",
"@typescript-eslint/parser": "^5.38.0",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.3.3",
"eslint": "^8.23.1",
"eslint-plugin-github": "^4.3.7",
"eslint-plugin-jest": "^27.0.4",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.15",
"prettier": "2.6.1",
"ts-jest": "^27.1.3",
"typescript": "^4.6.3"
"nodemon": "^2.0.20",
"prettier": "2.7.1",
"ts-jest": "^27.1.4",
"typescript": "^4.8.3"
}
}
+15 -7
View File
@@ -32,17 +32,25 @@ event_file = Tempfile.new
event_file.write("{ \"pull_request\": #{pr.to_h.to_json}}")
event_file.close
dev_cmd_env = {
"INPUT_REPO-TOKEN" => github_token,
"GITHUB_REPOSITORY" => repo_nwo,
"GITHUB_EVENT_NAME" => "pull_request",
"GITHUB_EVENT_PATH" => event_file.path
action_inputs = {
"repo-token" => github_token
}
dev_cmd = "./node_modules/.bin/nodemon --exec \"node -r esbuild-register\" src/main.ts"
dev_cmd_env = {
"GITHUB_REPOSITORY" => repo_nwo,
"GITHUB_EVENT_NAME" => "pull_request",
"GITHUB_EVENT_PATH" => event_file.path,
"GITHUB_STEP_SUMMARY" => "/dev/null"
}
# bash does not like variable names with dashes like the ones Actions
# uses (e.g. INPUT_REPO-TOKEN). Passing them through `env` instead of
# manually setting them does the job.
action_inputs_env_str = action_inputs.map { |name, value| "\"INPUT_#{name.upcase}=#{value}\"" }.join(" ")
dev_cmd = "./node_modules/.bin/nodemon --exec \"env #{action_inputs_env_str} node -r esbuild-register\" src/main.ts"
Open3.popen2e(dev_cmd_env, dev_cmd) do |stdin, out|
while line = out.gets
puts line
puts line.gsub(github_token, "<REDACTED>")
end
end
+89
View File
@@ -0,0 +1,89 @@
import * as fs from 'fs'
import path from 'path'
import YAML from 'yaml'
import * as core from '@actions/core'
import * as z from 'zod'
import {
ConfigurationOptions,
ConfigurationOptionsSchema,
SeveritySchema,
SCOPES
} from './schemas'
function getOptionalInput(name: string): string | undefined {
const value = core.getInput(name)
return value.length > 0 ? value : undefined
}
function parseList(list: string | undefined): string[] | undefined {
if (list === undefined) {
return list
} else {
return list.split(',').map(x => x.trim())
}
}
export function readConfig(): ConfigurationOptions {
const externalConfig = getOptionalInput('config-file')
if (externalConfig !== undefined) {
const config = readConfigFile(externalConfig)
// the reasoning behind reading the inline config when an external
// config file is provided is that we still want to allow users to
// pass inline options in the presence of an external config file.
const inlineConfig = readInlineConfig()
// the external config takes precedence
return Object.assign({}, inlineConfig, config)
} else {
return readInlineConfig()
}
}
export function readInlineConfig(): ConfigurationOptions {
const fail_on_severity = SeveritySchema.parse(
getOptionalInput('fail-on-severity')
)
const fail_on_scopes = z
.array(z.enum(SCOPES))
.default(['runtime'])
.parse(parseList(getOptionalInput('fail-on-scopes')))
const allow_licenses = getOptionalInput('allow-licenses')
const deny_licenses = getOptionalInput('deny-licenses')
if (allow_licenses !== undefined && deny_licenses !== undefined) {
throw new Error("Can't specify both allow_licenses and deny_licenses")
}
const base_ref = getOptionalInput('base-ref')
const head_ref = getOptionalInput('head-ref')
return {
fail_on_severity,
fail_on_scopes,
allow_licenses: parseList(allow_licenses),
deny_licenses: parseList(deny_licenses),
base_ref,
head_ref
}
}
export function readConfigFile(filePath: string): ConfigurationOptions {
let data
try {
data = fs.readFileSync(path.resolve(filePath), 'utf-8')
} catch (error: unknown) {
throw error
}
data = YAML.parse(data)
// get rid of the ugly dashes from the actions conventions
for (const key of Object.keys(data)) {
if (key.includes('-')) {
data[key.replace(/-/g, '_')] = data[key]
delete data[key]
}
}
const values = ConfigurationOptionsSchema.parse(data)
return values
}
+48
View File
@@ -0,0 +1,48 @@
import {Changes, Severity, SEVERITIES, Scope} from './schemas'
export function filterChangesBySeverity(
severity: Severity,
changes: Changes
): Changes {
const severityIdx = SEVERITIES.indexOf(severity)
let filteredChanges = []
for (const change of changes) {
if (
change === undefined ||
change.vulnerabilities === undefined ||
change.vulnerabilities.length === 0
) {
continue
}
const fChange = {
...change,
vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = SEVERITIES.indexOf(vuln.severity)
if (vulnIdx <= severityIdx) {
return true
}
})
}
filteredChanges.push(fChange)
}
// don't want to deal with changes with no vulnerabilities
filteredChanges = filteredChanges.filter(
change => change.vulnerabilities.length > 0
)
return filteredChanges
}
export function filterChangesByScopes(
scopes: Scope[],
changes: Changes
): Changes {
const filteredChanges = changes.filter(change => {
// if there is no scope on the change (Enterprise Server API for now), we will assume it is a runtime scope
const scope = change.scope || 'runtime'
return scopes.includes(scope)
})
return filteredChanges
}
+42
View File
@@ -0,0 +1,42 @@
import {PullRequestSchema, ConfigurationOptions} from './schemas'
export function getRefs(
config: ConfigurationOptions,
context: {payload: {pull_request?: unknown}; eventName: string}
): {base: string; head: string} {
let base_ref = config.base_ref
let head_ref = config.head_ref
// If possible, source default base & head refs from the GitHub event.
// The base/head ref from the config take priority, if provided.
if (
context.eventName === 'pull_request' ||
context.eventName === 'pull_request_target'
) {
const pull_request = PullRequestSchema.parse(context.payload.pull_request)
base_ref = base_ref || pull_request.base.sha
head_ref = head_ref || pull_request.head.sha
}
if (!base_ref && !head_ref) {
throw new Error(
'Both a base ref and head ref must be provided, either via the `base_ref`/`head_ref` ' +
'config options, or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!base_ref) {
throw new Error(
'A base ref must be provided, either via the `base_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!head_ref) {
throw new Error(
'A head ref must be provided, either via the `head_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
}
return {
base: base_ref,
head: head_ref
}
}
+49
View File
@@ -0,0 +1,49 @@
import {Change} from './schemas'
/**
* Loops through a list of changes, filtering and returning the
* ones that don't conform to the licenses allow/deny lists.
*
* Keep in mind that we don't let users specify both an allow and a deny
* list in their config files, so this code works under the assumption that
* one of the two list parameters will be empty. If both lists are provided,
* we will ignore the deny list.
* @param {Change[]} changes The list of changes to filter.
* @param { { allow?: string[], deny?: string[]}} licenses An object with `allow`/`deny` keys, each containing a list of licenses.
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
export function getDeniedLicenseChanges(
changes: Change[],
licenses: {
allow?: string[]
deny?: string[]
}
): [Change[], Change[]] {
const {allow, deny} = licenses
const disallowed: Change[] = []
const unknown: Change[] = []
for (const change of changes) {
if (change.change_type === 'removed') {
continue
}
const license = change.license
if (license === null) {
unknown.push(change)
continue
}
if (allow !== undefined) {
if (!allow.includes(license)) {
disallowed.push(change)
}
} else if (deny !== undefined) {
if (deny.includes(license)) {
disallowed.push(change)
}
}
}
return [disallowed, unknown]
}
+104 -30
View File
@@ -3,62 +3,110 @@ import * as dependencyGraph from './dependency-graph'
import * as github from '@actions/github'
import styles from 'ansi-styles'
import {RequestError} from '@octokit/request-error'
import {PullRequestSchema} from './schemas'
import {Change, Severity, Scope} from './schemas'
import {readConfig} from '../src/config'
import {filterChangesBySeverity, filterChangesByScopes} from '../src/filter'
import {getDeniedLicenseChanges} from './licenses'
import * as summary from './summary'
import {getRefs} from './git-refs'
async function run(): Promise<void> {
try {
if (github.context.eventName !== 'pull_request') {
throw new Error(
`This run was triggered by the "${github.context.eventName}" event, which is unsupported. Please ensure you are using the "pull_request" event for this workflow.`
)
}
const pull_request = PullRequestSchema.parse(
github.context.payload.pull_request
)
const config = readConfig()
const refs = getRefs(config, github.context)
const changes = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef: pull_request.base.sha,
headRef: pull_request.head.sha
baseRef: refs.base,
headRef: refs.head
})
const minSeverity = config.fail_on_severity
let failed = false
for (const change of changes) {
if (
const licenses = {
allow: config.allow_licenses,
deny: config.deny_licenses
}
const scopes = config.fail_on_scopes
const scopedChanges = filterChangesByScopes(scopes as Scope[], changes)
const addedChanges = filterChangesBySeverity(
minSeverity as Severity,
scopedChanges
).filter(
change =>
change.change_type === 'added' &&
change.vulnerabilities !== undefined &&
change.vulnerabilities.length > 0
) {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
failed = true
)
const [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
scopedChanges,
licenses
)
summary.addSummaryToSummary(addedChanges, licenseErrors, unknownLicenses)
if (addedChanges.length > 0) {
for (const change of addedChanges) {
printChangeVulnerabilities(change)
}
failed = true
}
summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity || '')
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors)
core.setFailed('Dependency review detected incompatible licenses.')
}
printNullLicenses(unknownLicenses)
summary.addLicensesToSummary(licenseErrors, unknownLicenses, config)
if (failed) {
throw new Error('Dependency review detected vulnerable packages.')
core.setFailed('Dependency review detected vulnerable packages.')
} else {
core.info('Dependency review did not detect any vulnerable packages.')
core.info(
`Dependency review did not detect any vulnerable packages with severity level "${minSeverity}" or higher.`
)
}
} catch (error) {
if (error instanceof RequestError && error.status === 404) {
core.setFailed(
`Dependency review could not obtain dependency data for the specified owner, repository, or revision range.`
)
} else if (error instanceof RequestError && error.status === 403) {
core.setFailed(
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
)
} else if (error instanceof Error) {
core.setFailed(error.message)
} else {
if (error instanceof Error) {
core.setFailed(error.message)
} else {
core.setFailed('Unexpected fatal error')
}
}
} finally {
await core.summary.write()
}
}
function printChangeVulnerabilities(change: Change): void {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
}
@@ -76,4 +124,30 @@ function renderSeverity(
return `${styles.color[color].open}(${severity} severity)${styles.color[color].close}`
}
function printLicensesError(changes: Change[]): void {
if (changes.length === 0) {
return
}
core.info('\nThe following dependencies have incompatible licenses:\n')
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close} License: ${styles.color.red.open}${change.license}${styles.color.red.close}`
)
}
}
function printNullLicenses(changes: Change[]): void {
if (changes.length === 0) {
return
}
core.info('\nWe could not detect a license for the following dependencies:\n')
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close}`
)
}
}
run()
+29 -2
View File
@@ -1,6 +1,11 @@
import * as z from 'zod'
const ChangeSchema = z.object({
export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const
export const SCOPES = ['unknown', 'runtime', 'development'] as const
export const SeveritySchema = z.enum(SEVERITIES).default('low')
export const ChangeSchema = z.object({
change_type: z.enum(['added', 'removed']),
manifest: z.string(),
ecosystem: z.string(),
@@ -9,16 +14,18 @@ const ChangeSchema = z.object({
package_url: z.string(),
license: z.string().nullable(),
source_repository_url: z.string().nullable(),
scope: z.enum(SCOPES).optional(),
vulnerabilities: z
.array(
z.object({
severity: z.enum(['critical', 'high', 'moderate', 'low']),
severity: SeveritySchema,
advisory_ghsa_id: z.string(),
advisory_summary: z.string(),
advisory_url: z.string()
})
)
.optional()
.default([])
})
export const PullRequestSchema = z.object({
@@ -27,6 +34,26 @@ export const PullRequestSchema = z.object({
head: z.object({sha: z.string()})
})
export const ConfigurationOptionsSchema = z
.object({
fail_on_severity: SeveritySchema,
fail_on_scopes: z.array(z.enum(SCOPES)).default(['runtime']),
allow_licenses: z.array(z.string()).default([]),
deny_licenses: z.array(z.string()).default([]),
config_file: z.string().optional().default('false'),
base_ref: z.string(),
head_ref: z.string()
})
.partial()
.refine(
obj => !(obj.allow_licenses && obj.deny_licenses),
'Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.'
)
export const ChangesSchema = z.array(ChangeSchema)
export type Change = z.infer<typeof ChangeSchema>
export type Changes = z.infer<typeof ChangesSchema>
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
export type Severity = z.infer<typeof SeveritySchema>
export type Scope = typeof SCOPES[number]
+163
View File
@@ -0,0 +1,163 @@
import * as core from '@actions/core'
import {ConfigurationOptions, Change, Changes} from './schemas'
import {SummaryTableRow} from '@actions/core/lib/summary'
export function addSummaryToSummary(
addedPackages: Changes,
licenseErrors: Change[],
unknownLicenses: Change[]
): void {
core.summary
.addHeading('Dependency Review')
.addRaw(
`We found ${addedPackages.length} vulnerable package(s), ${licenseErrors.length} package(s) with incompatible licenses, and ${unknownLicenses.length} package(s) with unknown licenses.`
)
}
export function addChangeVulnerabilitiesToSummary(
addedPackages: Changes,
severity: string
): void {
const rows: SummaryTableRow[] = []
const manifests = getManifests(addedPackages)
core.summary
.addHeading('Vulnerabilities')
.addQuote(
`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`
)
if (addedPackages.length === 0) {
core.summary.addQuote('No vulnerabilities found in added packages.')
return
}
for (const manifest of manifests) {
for (const change of addedPackages.filter(
pkg => pkg.manifest === manifest
)) {
let previous_package = ''
let previous_version = ''
for (const vuln of change.vulnerabilities) {
const sameAsPrevious =
previous_package === change.name &&
previous_version === change.version
if (!sameAsPrevious) {
rows.push([
renderUrl(change.source_repository_url, change.name),
change.version,
renderUrl(vuln.advisory_url, vuln.advisory_summary),
vuln.severity
])
} else {
rows.push([
{data: '', colspan: '2'},
renderUrl(vuln.advisory_url, vuln.advisory_summary),
vuln.severity
])
}
previous_package = change.name
previous_version = change.version
}
}
core.summary.addHeading(`<em>${manifest}</em>`, 3).addTable([
[
{data: 'Name', header: true},
{data: 'Version', header: true},
{data: 'Vulnerability', header: true},
{data: 'Severity', header: true}
],
...rows
])
}
}
export function addLicensesToSummary(
licenseErrors: Change[],
unknownLicenses: Change[],
config: ConfigurationOptions
): void {
core.summary.addHeading('Licenses')
if (config.allow_licenses && config.allow_licenses.length > 0) {
core.summary.addQuote(
`<strong>Allowed Licenses</strong>: ${config.allow_licenses.join(', ')}`
)
}
if (config.deny_licenses && config.deny_licenses.length > 0) {
core.summary.addQuote(
`<strong>Denied Licenses</strong>: ${config.deny_licenses.join(', ')}`
)
}
if (licenseErrors.length === 0 && unknownLicenses.length === 0) {
core.summary.addQuote('No license violations detected.')
return
}
if (licenseErrors.length > 0) {
const rows: SummaryTableRow[] = []
const manifests = getManifests(licenseErrors)
core.summary.addHeading('Incompatible Licenses', 3).addSeparator()
for (const manifest of manifests) {
core.summary.addHeading(`<em>${manifest}</em>`, 4)
for (const change of licenseErrors.filter(
pkg => pkg.manifest === manifest
)) {
rows.push([
renderUrl(change.source_repository_url, change.name),
change.version,
change.license || ''
])
}
core.summary.addTable([['Package', 'Version', 'License'], ...rows])
}
} else {
core.summary.addQuote('No license violations detected.')
}
core.debug(`found ${unknownLicenses.length} unknown licenses`)
if (unknownLicenses.length > 0) {
const rows: SummaryTableRow[] = []
const manifests = getManifests(unknownLicenses)
core.debug(
`found ${manifests.entries.length} manifests for unknown licenses`
)
core.summary.addHeading('Unknown Licenses', 3).addSeparator()
for (const manifest of manifests) {
core.summary.addHeading(`<em>${manifest}</em>`, 4)
for (const change of unknownLicenses.filter(
pkg => pkg.manifest === manifest
)) {
rows.push([
renderUrl(change.source_repository_url, change.name),
change.version
])
}
core.summary.addTable([['Package', 'Version'], ...rows])
}
}
}
function getManifests(changes: Changes): Set<string> {
return new Set(changes.flatMap(c => c.manifest))
}
function renderUrl(url: string | null, text: string): string {
if (url) {
return `<a href="${url}">${text}</a>`
} else {
return text
}
}