Compare commits

..

70 Commits

Author SHA1 Message Date
Federico Builes 23bc3cbcbc temp home for ghes-related logic 2022-06-09 07:59:36 +02:00
Federico Builes 1a7225bc91 Merge pull request #104 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.1
Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
2022-06-07 06:20:33 +02:00
Federico Builes 4ebaca3419 Merge pull request #105 from actions/dependabot/npm_and_yarn/yaml-2.1.1
Bump yaml from 2.1.0 to 2.1.1
2022-06-07 06:20:17 +02:00
Federico Builes a96d28f120 Remove configuration docs until we have a proper release. 2022-06-07 06:19:22 +02:00
dependabot[bot] 29b67f0a05 Bump @typescript-eslint/parser from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 04:16:25 +00:00
Federico Builes c187f6f12d Merge pull request #103 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.1
Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
2022-06-07 06:15:32 +02:00
dependabot[bot] 3b0a091baa Bump yaml from 2.1.0 to 2.1.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:33:07 +00:00
dependabot[bot] 3456819f12 Bump @typescript-eslint/eslint-plugin from 5.27.0 to 5.27.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.27.0 to 5.27.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 01:32:39 +00:00
Federico Builes 30c4549c8c Merge pull request #91 from actions/adding-config-file
Adding configuration options
2022-06-06 20:32:21 +02:00
Federico Builes 93c8cb2c8a Merge pull request #101 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.5.3
Bump eslint-plugin-jest from 26.4.6 to 26.5.3
2022-06-06 13:43:17 +02:00
Federico Builes d7c6d6203f Merge pull request #100 from actions/dependabot/npm_and_yarn/esbuild-register-3.3.3
Bump esbuild-register from 3.3.2 to 3.3.3
2022-06-06 13:34:38 +02:00
dependabot[bot] 92bcc5a0bf Bump esbuild-register from 3.3.2 to 3.3.3
Bumps esbuild-register from 3.3.2 to 3.3.3.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 11:32:09 +00:00
Federico Builes 545050ada5 Merge pull request #99 from actions/dependabot/npm_and_yarn/eslint-8.17.0
Bump eslint from 8.16.0 to 8.17.0
2022-06-06 13:31:00 +02:00
Federico Builes 2b674f0e26 Merge pull request #98 from actions/dependabot/npm_and_yarn/types/node-17.0.40
Bump @types/node from 17.0.38 to 17.0.40
2022-06-06 13:30:45 +02:00
Federico Builes 802525536f Merge pull request #97 from actions/dependabot/npm_and_yarn/typescript-4.7.3
Bump typescript from 4.7.2 to 4.7.3
2022-06-06 13:30:28 +02:00
dependabot[bot] 4eb9ad1d38 Bump eslint-plugin-jest from 26.4.6 to 26.5.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.6 to 26.5.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.6...v26.5.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:49:06 +00:00
dependabot[bot] 12cf02f216 Bump eslint from 8.16.0 to 8.17.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.16.0 to 8.17.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.16.0...v8.17.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:31 +00:00
dependabot[bot] c7ff505b05 Bump @types/node from 17.0.38 to 17.0.40
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.38 to 17.0.40.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:48:14 +00:00
dependabot[bot] 90221b23f7 Bump typescript from 4.7.2 to 4.7.3
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.2 to 4.7.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.2...v4.7.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 01:47:20 +00:00
Federico Builes 2f38c7e78c Add severity level to the vulns not found message. 2022-06-01 15:56:16 +02:00
Federico Builes c235374b9d Removing redundant test. 2022-06-01 13:42:22 +02:00
Federico Builes ae2949c9c1 Removing old file. 2022-06-01 13:40:09 +02:00
Federico Builes 3ae540bf96 Updating the README with config instructions. 2022-06-01 13:39:05 +02:00
Federico Builes 1c15a1745e Adding dependency-review.yml. 2022-06-01 13:38:42 +02:00
Federico Builes 19b36f0933 Use a more definitive name for the config file. 2022-06-01 13:28:03 +02:00
Federico Builes 0b9547aabf Adding more expectations for severities. 2022-06-01 13:14:32 +02:00
Federico Builes b327132e4b Remove state from the filtering function. 2022-06-01 13:10:58 +02:00
Federico Builes f9a13e70f4 Fixing circular reference, adding prettier. 2022-06-01 12:09:11 +02:00
Federico Builes db9f724163 Introduce a schema for ConfigurationOptions.
This commit illustrates an approach, but is currently
failing the tests.
2022-06-01 06:36:02 +02:00
Federico Builes 7db11574b7 Make vulnerabilities be [] by default. 2022-06-01 05:36:46 +02:00
Federico Builes 7063d0ca45 Don't modify array in place. 2022-06-01 05:32:50 +02:00
Federico Builes 2dd55385c1 Use let instead of var, fix failing test. 2022-06-01 05:31:33 +02:00
Federico Builes 48729e4e38 Merge pull request #96 from actions/dependabot/npm_and_yarn/types/node-17.0.38
Bump @types/node from 17.0.36 to 17.0.38
2022-06-01 04:48:28 +02:00
dependabot[bot] 230442bc30 Bump @types/node from 17.0.36 to 17.0.38
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.36 to 17.0.38.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-01 01:54:46 +00:00
Federico Builes 4235242818 adding dist files 2022-05-31 17:09:21 +02:00
Federico Builes 731e67eca2 Add filtering by low severity as the default. 2022-05-31 17:08:22 +02:00
Federico Builes b601c09c4e Merge branch 'main' into adding-config-file 2022-05-31 16:59:33 +02:00
Federico Builes 982e1d16cb Whitespace and newlines. 2022-05-31 16:54:59 +02:00
Federico Builes f0a04841ce Adding logic to filter by vulnerability severity. 2022-05-31 16:50:39 +02:00
Federico Builes e622e72c6f Export Change schema. 2022-05-31 06:06:19 +02:00
Federico Builes 92e40d7290 Move printing function out. 2022-05-31 06:03:42 +02:00
Federico Builes 21763d05e0 Merge pull request #94 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.6
Bump eslint-plugin-jest from 26.4.5 to 26.4.6
2022-05-31 05:25:05 +02:00
Federico Builes 2c245d1aba Merge pull request #93 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.27.0
Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
2022-05-31 05:24:37 +02:00
dependabot[bot] d6fb424a28 Bump @typescript-eslint/parser from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 03:22:15 +00:00
Federico Builes 088fc4d4e8 Merge pull request #92 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.27.0
Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
2022-05-31 05:21:37 +02:00
dependabot[bot] 132427b4bc Bump eslint-plugin-jest from 26.4.5 to 26.4.6
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.4.5 to 26.4.6.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.4.5...v26.4.6)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:59 +00:00
dependabot[bot] 5f0449f13c Bump @typescript-eslint/eslint-plugin from 5.26.0 to 5.27.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.26.0 to 5.27.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.27.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 01:28:15 +00:00
Federico Builes 0b73ead548 Merge branch 'main' into adding-config-file 2022-05-30 06:37:29 +02:00
Federico Builes 67a046c994 Merge pull request #89 from actions/dependabot/npm_and_yarn/types/node-17.0.36
Bump @types/node from 17.0.35 to 17.0.36
2022-05-30 06:30:17 +02:00
Federico Builes 64c25ba2f4 Merge pull request #90 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.4.5
Bump eslint-plugin-jest from 26.2.2 to 26.4.5
2022-05-30 06:30:05 +02:00
dependabot[bot] f3682c87a7 Bump eslint-plugin-jest from 26.2.2 to 26.4.5
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.2.2 to 26.4.5.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.2.2...v26.4.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:47:42 +00:00
dependabot[bot] fc7745e42a Bump @types/node from 17.0.35 to 17.0.36
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.35 to 17.0.36.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 01:46:36 +00:00
Federico Builes a8dcc6b774 Adding basic config file parsing and some test scaffolding. 2022-05-26 15:54:59 -07:00
Federico Builes d09b96a7b1 Updating YAML deps. 2022-05-26 14:49:02 -07:00
Federico Builes 243561faa0 Merge pull request #87 from actions/dependabot/npm_and_yarn/vercel/ncc-0.34.0
Bump @vercel/ncc from 0.33.4 to 0.34.0
2022-05-26 10:47:33 -07:00
Federico Builes 860cc21fc2 Merge pull request #86 from actions/dependabot/npm_and_yarn/got-12.1.0
Bump got from 12.0.4 to 12.1.0
2022-05-26 10:47:20 -07:00
dependabot[bot] 98f8200aaa Bump @vercel/ncc from 0.33.4 to 0.34.0
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.33.4 to 0.34.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.33.4...0.34.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:41 +00:00
dependabot[bot] b3375e0be4 Bump got from 12.0.4 to 12.1.0
Bumps [got](https://github.com/sindresorhus/got) from 12.0.4 to 12.1.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.0.4...v12.1.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-26 03:00:11 +00:00
Federico Builes 737f9b3a71 Merge pull request #85 from actions/dependabot/npm_and_yarn/typescript-4.7.2
Bump typescript from 4.6.4 to 4.7.2
2022-05-25 10:57:24 -07:00
dependabot[bot] 91660a5ad1 Bump typescript from 4.6.4 to 4.7.2
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.4 to 4.7.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.4...v4.7.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 01:46:29 +00:00
Federico Builes 2b78124491 Merge pull request #83 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.26.0
Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
2022-05-24 16:21:37 -07:00
Federico Builes 365fad2034 Merge pull request #82 from actions/dependabot/npm_and_yarn/zod-3.17.3
Bump zod from 3.17.2 to 3.17.3
2022-05-24 14:54:41 -07:00
Federico Builes 31314537ae adding dist files 2022-05-24 14:52:45 -07:00
dependabot[bot] c893395cf8 Bump @typescript-eslint/eslint-plugin from 5.25.0 to 5.26.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.25.0 to 5.26.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.26.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:43:26 +00:00
dependabot[bot] 93e4466112 Bump zod from 3.17.2 to 3.17.3
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.2 to 3.17.3.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.2...v3.17.3)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 02:42:32 +00:00
Federico Builes 0e2b63f1f4 Cleaning up errors. 2022-05-12 18:07:14 +02:00
Federico Builes 0e9a322413 Move config into its own file. 2022-05-12 18:05:14 +02:00
Federico Builes fdcc204dbb Adding a YAML parser. 2022-05-12 18:04:51 +02:00
Federico Builes 871c00fde8 adding dist files 2022-05-12 11:44:25 +02:00
Federico Builes 52795b8e93 Print config files. 2022-05-12 11:43:08 +02:00
15 changed files with 9090 additions and 482 deletions
+8
View File
@@ -0,0 +1,8 @@
fail_on_severity: low
allow_licenses:
- 'GPL 3.0'
- 'BSD 3 Clause'
- 'MIT'
#deny_licenses:
# - "LGPL 2.0"
# - "BSD 2 Clause"
+18
View File
@@ -0,0 +1,18 @@
import {expect, test} from '@jest/globals'
import {readConfigFile} from '../src/config'
test('reads the config file', async () => {
let options = readConfigFile('./__tests__/fixtures/config-allow-sample.yml')
expect(options.fail_on_severity).toEqual('critical')
expect(options.allow_licenses).toEqual(['BSD', 'GPL 2'])
})
test('the default config path handles .yml and .yaml', async () => {
expect(true).toEqual(true)
})
test('returns a default config when the config file was not found', async () => {
let options = readConfigFile('fixtures/i-dont-exist')
expect(options.fail_on_severity).toEqual('low')
expect(options.allow_licenses).toEqual([])
})
+59
View File
@@ -0,0 +1,59 @@
import {expect, test} from '@jest/globals'
import {Change, Changes} from '../src/schemas'
import {filterChangesBySeverity} from '../src/filter'
let npmChange: Change = {
manifest: 'package.json',
change_type: 'added',
ecosystem: 'npm',
name: 'Reeuhq',
version: '1.0.2',
package_url: 'somepurl',
license: 'MIT',
source_repository_url: 'github.com/some-repo',
vulnerabilities: [
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerouns',
advisory_url: 'github.com/future-funk'
}
]
}
let rubyChange: Change = {
change_type: 'added',
manifest: 'Gemfile.lock',
ecosystem: 'rubygems',
name: 'actionsomething',
version: '3.2.0',
package_url: 'somerubypurl',
license: 'BSD',
source_repository_url: 'github.com/some-repo',
vulnerabilities: [
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerouns',
advisory_url: 'github.com/future-funk'
},
{
severity: 'low',
advisory_ghsa_id: 'third-random_string',
advisory_summary: 'dont page me',
advisory_url: 'github.com/future-funk'
}
]
}
test('it properly filters changes by severity', async () => {
const changes = [npmChange, rubyChange]
let result = filterChangesBySeverity('high', changes)
expect(result).toEqual([npmChange])
result = filterChangesBySeverity('low', changes)
expect(changes).toEqual([npmChange, rubyChange])
result = filterChangesBySeverity('critical', changes)
expect(changes).toEqual([npmChange, rubyChange])
})
@@ -0,0 +1,4 @@
fail_on_severity: critical
allow_licenses:
- "BSD"
- "GPL 2"
-5
View File
@@ -1,5 +0,0 @@
import {expect, test} from '@jest/globals'
test('tests things', async () => {
expect(true).toEqual(true)
})
Generated Vendored
+8571 -101
View File
File diff suppressed because it is too large Load Diff
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+17
View File
@@ -684,6 +684,23 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
yaml
ISC
Copyright Eemeli Aro <eemeli@gmail.com>
Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.
zod
MIT
MIT License
+150 -350
View File
@@ -14,25 +14,26 @@
"@octokit/plugin-retry": "^3.0.9",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.1.0",
"got": "^12.0.4",
"got": "^12.1.0",
"nodemon": "^2.0.16",
"zod": "^3.17.2"
"yaml": "^2.1.1",
"zod": "^3.17.3"
},
"devDependencies": {
"@types/node": "^17.0.35",
"@typescript-eslint/eslint-plugin": "^5.25.0",
"@typescript-eslint/parser": "^5.26.0",
"@vercel/ncc": "^0.33.4",
"esbuild-register": "^3.3.2",
"eslint": "^8.16.0",
"@types/node": "^17.0.40",
"@typescript-eslint/eslint-plugin": "^5.27.1",
"@typescript-eslint/parser": "^5.27.1",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.3.3",
"eslint": "^8.17.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.2.2",
"eslint-plugin-jest": "^26.5.3",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.16",
"prettier": "2.6.2",
"ts-jest": "^27.1.4",
"typescript": "^4.6.4"
"typescript": "^4.7.3"
}
},
"node_modules/@actions/core": {
@@ -1365,9 +1366,9 @@
}
},
"node_modules/@types/node": {
"version": "17.0.35",
"resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.35.tgz",
"integrity": "sha512-vu1SrqBjbbZ3J6vwY17jBs8Sr/BKA+/a/WtjRG+whKg1iuLFOosq872EXS0eXWILdO36DHQQeku/ZcL6hz2fpg=="
"version": "17.0.40",
"resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.40.tgz",
"integrity": "sha512-UXdBxNGqTMtm7hCwh9HtncFVLrXoqA3oJW30j6XWp5BH/wu3mVeaxo7cq5benFdBw34HB3XDT2TRPI7rXZ+mDg=="
},
"node_modules/@types/prettier": {
"version": "2.4.4",
@@ -1405,14 +1406,14 @@
"dev": true
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.25.0.tgz",
"integrity": "sha512-icYrFnUzvm+LhW0QeJNKkezBu6tJs9p/53dpPLFH8zoM9w1tfaKzVurkPotEpAqQ8Vf8uaFyL5jHd0Vs6Z0ZQg==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.1.tgz",
"integrity": "sha512-6dM5NKT57ZduNnJfpY81Phe9nc9wolnMCnknb1im6brWi1RYv84nbMS3olJa27B6+irUVV1X/Wb+Am0FjJdGFw==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.25.0",
"@typescript-eslint/type-utils": "5.25.0",
"@typescript-eslint/utils": "5.25.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/type-utils": "5.27.1",
"@typescript-eslint/utils": "5.27.1",
"debug": "^4.3.4",
"functional-red-black-tree": "^1.0.1",
"ignore": "^5.2.0",
@@ -1437,53 +1438,6 @@
}
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
"integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
"integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
"integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.25.0",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/semver": {
"version": "7.3.7",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
@@ -1500,14 +1454,14 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.26.0.tgz",
"integrity": "sha512-n/IzU87ttzIdnAH5vQ4BBDnLPly7rC5VnjN3m0xBG82HK6rhRxnCb3w/GyWbNDghPd+NktJqB/wl6+YkzZ5T5Q==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.1.tgz",
"integrity": "sha512-7Va2ZOkHi5NP+AZwb5ReLgNF6nWLGTeUJfxdkVUAPPSaAdbWNnFZzLZ4EGGmmiCTg+AwlbE1KyUYTBglosSLHQ==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "5.26.0",
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/typescript-estree": "5.26.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/typescript-estree": "5.27.1",
"debug": "^4.3.4"
},
"engines": {
@@ -1527,13 +1481,13 @@
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.26.0.tgz",
"integrity": "sha512-gVzTJUESuTwiju/7NiTb4c5oqod8xt5GhMbExKsCTp6adU3mya6AGJ4Pl9xC7x2DX9UYFsjImC0mA62BCY22Iw==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.1.tgz",
"integrity": "sha512-fQEOSa/QroWE6fAEg+bJxtRZJTH8NTskggybogHt4H9Da8zd4cJji76gA5SBlR0MgtwF7rebxTbDKB49YUCpAg==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/visitor-keys": "5.26.0"
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/visitor-keys": "5.27.1"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1544,12 +1498,12 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.25.0.tgz",
"integrity": "sha512-B6nb3GK3Gv1Rsb2pqalebe/RyQoyG/WDy9yhj8EE0Ikds4Xa8RR28nHz+wlt4tMZk5bnAr0f3oC8TuDAd5CPrw==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.1.tgz",
"integrity": "sha512-+UC1vVUWaDHRnC2cQrCJ4QtVjpjjCgjNFpg8b03nERmkHv9JV9X5M19D7UFMd+/G7T/sgFwX2pGmWK38rqyvXw==",
"dev": true,
"dependencies": {
"@typescript-eslint/utils": "5.25.0",
"@typescript-eslint/utils": "5.27.1",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
},
@@ -1570,9 +1524,9 @@
}
},
"node_modules/@typescript-eslint/types": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.26.0.tgz",
"integrity": "sha512-8794JZFE1RN4XaExLWLI2oSXsVImNkl79PzTOOWt9h0UHROwJedNOD2IJyfL0NbddFllcktGIO2aOu10avQQyA==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.1.tgz",
"integrity": "sha512-LgogNVkBhCTZU/m8XgEYIWICD6m4dmEDbKXESCbqOXfKZxRKeqpiJXQIErv66sdopRKZPo5l32ymNqibYEH/xg==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1583,13 +1537,13 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.26.0.tgz",
"integrity": "sha512-EyGpw6eQDsfD6jIqmXP3rU5oHScZ51tL/cZgFbFBvWuCwrIptl+oueUZzSmLtxFuSOQ9vDcJIs+279gnJkfd1w==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.1.tgz",
"integrity": "sha512-DnZvvq3TAJ5ke+hk0LklvxwYsnXpRdqUY5gaVS0D4raKtbznPz71UJGnPTHEFo0GDxqLOLdMkkmVZjSpET1hFw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/visitor-keys": "5.26.0",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/visitor-keys": "5.27.1",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -1625,15 +1579,15 @@
}
},
"node_modules/@typescript-eslint/utils": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.25.0.tgz",
"integrity": "sha512-qNC9bhnz/n9Kba3yI6HQgQdBLuxDoMgdjzdhSInZh6NaDnFpTUlwNGxplUFWfY260Ya0TRPvkg9dd57qxrJI9g==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.1.tgz",
"integrity": "sha512-mZ9WEn1ZLDaVrhRaYgzbkXBkTPghPFsup8zDbbsYTxC5OmqrFE7skkKS/sraVsLP3TcT3Ki5CSyEFBRkLH/H/w==",
"dev": true,
"dependencies": {
"@types/json-schema": "^7.0.9",
"@typescript-eslint/scope-manager": "5.25.0",
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/typescript-estree": "5.25.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/typescript-estree": "5.27.1",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0"
},
@@ -1648,102 +1602,13 @@
"eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
}
},
"node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
"integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
"integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA==",
"dev": true,
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.25.0.tgz",
"integrity": "sha512-MrPODKDych/oWs/71LCnuO7NyR681HuBly2uLnX3r5i4ME7q/yBqC4hW33kmxtuauLTM0OuBOhhkFaxCCOjEEw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
"semver": "^7.3.7",
"tsutils": "^3.21.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependenciesMeta": {
"typescript": {
"optional": true
}
}
},
"node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
"integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.25.0",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/typescript-eslint"
}
},
"node_modules/@typescript-eslint/utils/node_modules/semver": {
"version": "7.3.7",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
"integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
"dev": true,
"dependencies": {
"lru-cache": "^6.0.0"
},
"bin": {
"semver": "bin/semver.js"
},
"engines": {
"node": ">=10"
}
},
"node_modules/@typescript-eslint/visitor-keys": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.26.0.tgz",
"integrity": "sha512-wei+ffqHanYDOQgg/fS6Hcar6wAWv0CUPQ3TZzOWd2BLfgP539rb49bwua8WRAs7R6kOSLn82rfEu2ro6Llt8Q==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.1.tgz",
"integrity": "sha512-xYs6ffo01nhdJgPieyk7HAOpjhTsx7r/oB9LWEhwAXgwn33tkr+W8DI2ChboqhZlC4q3TC6geDYPoiX8ROqyOQ==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/types": "5.27.1",
"eslint-visitor-keys": "^3.3.0"
},
"engines": {
@@ -1755,9 +1620,9 @@
}
},
"node_modules/@vercel/ncc": {
"version": "0.33.4",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.33.4.tgz",
"integrity": "sha512-ln18hs7dMffelP47tpkaR+V5Tj6coykNyxJrlcmCormPqRQjB/Gv4cu2FfBG+PMzIfdZp2CLDsrrB1NPU22Qhg==",
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
"integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
"dev": true,
"bin": {
"ncc": "dist/ncc/cli.js"
@@ -2885,9 +2750,9 @@
}
},
"node_modules/esbuild-register": {
"version": "3.3.2",
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.3.2.tgz",
"integrity": "sha512-jceAtTO6zxPmCfSD5cBb3rgIK1vmuqCKYwgylHiS1BF4pq0jJiJb4K2QMuqF4BEw7XDBRatYzip0upyTzfkgsQ==",
"version": "3.3.3",
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.3.3.tgz",
"integrity": "sha512-eFHOkutgIMJY5gc8LUp/7c+LLlDqzNi9T6AwCZ2WKKl3HmT+5ef3ZRyPPxDOynInML0fgaC50yszPKfPnjC0NQ==",
"dev": true,
"peerDependencies": {
"esbuild": ">=0.12 <1"
@@ -2952,9 +2817,9 @@
}
},
"node_modules/eslint": {
"version": "8.16.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
"integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
"version": "8.17.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.17.0.tgz",
"integrity": "sha512-gq0m0BTJfci60Fz4nczYxNAlED+sMcihltndR8t9t1evnU/azx53x3t2UHXC/uRjcbvRw/XctpaNygSTcQD+Iw==",
"dev": true,
"dependencies": {
"@eslint/eslintrc": "^1.3.0",
@@ -3194,9 +3059,9 @@
"dev": true
},
"node_modules/eslint-plugin-jest": {
"version": "26.2.2",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-26.2.2.tgz",
"integrity": "sha512-etSFZ8VIFX470aA6kTqDPhIq7YWe0tjBcboFNV3WeiC18PJ/AVonGhuTwlmuz2fBkH8FJHA7JQ4k7GsQIj1Gew==",
"version": "26.5.3",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-26.5.3.tgz",
"integrity": "sha512-sICclUqJQnR1bFRZGLN2jnSVsYOsmPYYnroGCIMVSvTS3y8XR3yjzy1EcTQmk6typ5pRgyIWzbjqxK6cZHEZuQ==",
"dev": true,
"dependencies": {
"@typescript-eslint/utils": "^5.10.0"
@@ -3860,9 +3725,9 @@
}
},
"node_modules/got": {
"version": "12.0.4",
"resolved": "https://registry.npmjs.org/got/-/got-12.0.4.tgz",
"integrity": "sha512-2Eyz4iU/ktq7wtMFXxzK7g5p35uNYLLdiZarZ5/Yn3IJlNEpBd5+dCgcAyxN8/8guZLszffwe3wVyw+DEVrpBg==",
"version": "12.1.0",
"resolved": "https://registry.npmjs.org/got/-/got-12.1.0.tgz",
"integrity": "sha512-hBv2ty9QN2RdbJJMK3hesmSkFTjVIHyIDDbssCKnSmq62edGgImJWD10Eb1k77TiV1bxloxqcFAVK8+9pkhOig==",
"dependencies": {
"@sindresorhus/is": "^4.6.0",
"@szmarczak/http-timer": "^5.0.1",
@@ -7193,9 +7058,9 @@
}
},
"node_modules/typescript": {
"version": "4.6.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz",
"integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==",
"version": "4.7.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
"integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==",
"dev": true,
"bin": {
"tsc": "bin/tsc",
@@ -7571,6 +7436,14 @@
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
"dev": true
},
"node_modules/yaml": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz",
"integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==",
"engines": {
"node": ">= 14"
}
},
"node_modules/yargs": {
"version": "16.2.0",
"resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -7599,9 +7472,9 @@
}
},
"node_modules/zod": {
"version": "3.17.2",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.17.2.tgz",
"integrity": "sha512-L8UPS2J/F3dIA8gsPTvGjd8wSRuwR1Td4AqR2Nw8r8BgcLIbZZ5/tCII7hbTLXTQDhxUnnsFdHwpETGajt5i3A==",
"version": "3.17.3",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.17.3.tgz",
"integrity": "sha512-4oKP5zvG6GGbMlqBkI5FESOAweldEhSOZ6LI6cG+JzUT7ofj1ZOC0PJudpQOpT1iqOFpYYtX5Pw0+o403y4bcg==",
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
@@ -8682,9 +8555,9 @@
}
},
"@types/node": {
"version": "17.0.35",
"resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.35.tgz",
"integrity": "sha512-vu1SrqBjbbZ3J6vwY17jBs8Sr/BKA+/a/WtjRG+whKg1iuLFOosq872EXS0eXWILdO36DHQQeku/ZcL6hz2fpg=="
"version": "17.0.40",
"resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.40.tgz",
"integrity": "sha512-UXdBxNGqTMtm7hCwh9HtncFVLrXoqA3oJW30j6XWp5BH/wu3mVeaxo7cq5benFdBw34HB3XDT2TRPI7rXZ+mDg=="
},
"@types/prettier": {
"version": "2.4.4",
@@ -8722,14 +8595,14 @@
"dev": true
},
"@typescript-eslint/eslint-plugin": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.25.0.tgz",
"integrity": "sha512-icYrFnUzvm+LhW0QeJNKkezBu6tJs9p/53dpPLFH8zoM9w1tfaKzVurkPotEpAqQ8Vf8uaFyL5jHd0Vs6Z0ZQg==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.27.1.tgz",
"integrity": "sha512-6dM5NKT57ZduNnJfpY81Phe9nc9wolnMCnknb1im6brWi1RYv84nbMS3olJa27B6+irUVV1X/Wb+Am0FjJdGFw==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.25.0",
"@typescript-eslint/type-utils": "5.25.0",
"@typescript-eslint/utils": "5.25.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/type-utils": "5.27.1",
"@typescript-eslint/utils": "5.27.1",
"debug": "^4.3.4",
"functional-red-black-tree": "^1.0.1",
"ignore": "^5.2.0",
@@ -8738,32 +8611,6 @@
"tsutils": "^3.21.0"
},
"dependencies": {
"@typescript-eslint/scope-manager": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
"integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0"
}
},
"@typescript-eslint/types": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
"integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA==",
"dev": true
},
"@typescript-eslint/visitor-keys": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
"integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.25.0",
"eslint-visitor-keys": "^3.3.0"
}
},
"semver": {
"version": "7.3.7",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
@@ -8776,52 +8623,52 @@
}
},
"@typescript-eslint/parser": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.26.0.tgz",
"integrity": "sha512-n/IzU87ttzIdnAH5vQ4BBDnLPly7rC5VnjN3m0xBG82HK6rhRxnCb3w/GyWbNDghPd+NktJqB/wl6+YkzZ5T5Q==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.27.1.tgz",
"integrity": "sha512-7Va2ZOkHi5NP+AZwb5ReLgNF6nWLGTeUJfxdkVUAPPSaAdbWNnFZzLZ4EGGmmiCTg+AwlbE1KyUYTBglosSLHQ==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "5.26.0",
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/typescript-estree": "5.26.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/typescript-estree": "5.27.1",
"debug": "^4.3.4"
}
},
"@typescript-eslint/scope-manager": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.26.0.tgz",
"integrity": "sha512-gVzTJUESuTwiju/7NiTb4c5oqod8xt5GhMbExKsCTp6adU3mya6AGJ4Pl9xC7x2DX9UYFsjImC0mA62BCY22Iw==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.27.1.tgz",
"integrity": "sha512-fQEOSa/QroWE6fAEg+bJxtRZJTH8NTskggybogHt4H9Da8zd4cJji76gA5SBlR0MgtwF7rebxTbDKB49YUCpAg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/visitor-keys": "5.26.0"
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/visitor-keys": "5.27.1"
}
},
"@typescript-eslint/type-utils": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.25.0.tgz",
"integrity": "sha512-B6nb3GK3Gv1Rsb2pqalebe/RyQoyG/WDy9yhj8EE0Ikds4Xa8RR28nHz+wlt4tMZk5bnAr0f3oC8TuDAd5CPrw==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.27.1.tgz",
"integrity": "sha512-+UC1vVUWaDHRnC2cQrCJ4QtVjpjjCgjNFpg8b03nERmkHv9JV9X5M19D7UFMd+/G7T/sgFwX2pGmWK38rqyvXw==",
"dev": true,
"requires": {
"@typescript-eslint/utils": "5.25.0",
"@typescript-eslint/utils": "5.27.1",
"debug": "^4.3.4",
"tsutils": "^3.21.0"
}
},
"@typescript-eslint/types": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.26.0.tgz",
"integrity": "sha512-8794JZFE1RN4XaExLWLI2oSXsVImNkl79PzTOOWt9h0UHROwJedNOD2IJyfL0NbddFllcktGIO2aOu10avQQyA==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.27.1.tgz",
"integrity": "sha512-LgogNVkBhCTZU/m8XgEYIWICD6m4dmEDbKXESCbqOXfKZxRKeqpiJXQIErv66sdopRKZPo5l32ymNqibYEH/xg==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.26.0.tgz",
"integrity": "sha512-EyGpw6eQDsfD6jIqmXP3rU5oHScZ51tL/cZgFbFBvWuCwrIptl+oueUZzSmLtxFuSOQ9vDcJIs+279gnJkfd1w==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.27.1.tgz",
"integrity": "sha512-DnZvvq3TAJ5ke+hk0LklvxwYsnXpRdqUY5gaVS0D4raKtbznPz71UJGnPTHEFo0GDxqLOLdMkkmVZjSpET1hFw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/visitor-keys": "5.26.0",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/visitor-keys": "5.27.1",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -8841,85 +8688,33 @@
}
},
"@typescript-eslint/utils": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.25.0.tgz",
"integrity": "sha512-qNC9bhnz/n9Kba3yI6HQgQdBLuxDoMgdjzdhSInZh6NaDnFpTUlwNGxplUFWfY260Ya0TRPvkg9dd57qxrJI9g==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.27.1.tgz",
"integrity": "sha512-mZ9WEn1ZLDaVrhRaYgzbkXBkTPghPFsup8zDbbsYTxC5OmqrFE7skkKS/sraVsLP3TcT3Ki5CSyEFBRkLH/H/w==",
"dev": true,
"requires": {
"@types/json-schema": "^7.0.9",
"@typescript-eslint/scope-manager": "5.25.0",
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/typescript-estree": "5.25.0",
"@typescript-eslint/scope-manager": "5.27.1",
"@typescript-eslint/types": "5.27.1",
"@typescript-eslint/typescript-estree": "5.27.1",
"eslint-scope": "^5.1.1",
"eslint-utils": "^3.0.0"
},
"dependencies": {
"@typescript-eslint/scope-manager": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.25.0.tgz",
"integrity": "sha512-p4SKTFWj+2VpreUZ5xMQsBMDdQ9XdRvODKXN4EksyBjFp2YvQdLkyHqOffakYZPuWJUDNu3jVXtHALDyTv3cww==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0"
}
},
"@typescript-eslint/types": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.25.0.tgz",
"integrity": "sha512-7fWqfxr0KNHj75PFqlGX24gWjdV/FDBABXL5dyvBOWHpACGyveok8Uj4ipPX/1fGU63fBkzSIycEje4XsOxUFA==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.25.0.tgz",
"integrity": "sha512-MrPODKDych/oWs/71LCnuO7NyR681HuBly2uLnX3r5i4ME7q/yBqC4hW33kmxtuauLTM0OuBOhhkFaxCCOjEEw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.25.0",
"@typescript-eslint/visitor-keys": "5.25.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
"semver": "^7.3.7",
"tsutils": "^3.21.0"
}
},
"@typescript-eslint/visitor-keys": {
"version": "5.25.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.25.0.tgz",
"integrity": "sha512-yd26vFgMsC4h2dgX4+LR+GeicSKIfUvZREFLf3DDjZPtqgLx5AJZr6TetMNwFP9hcKreTTeztQYBTNbNoOycwA==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.25.0",
"eslint-visitor-keys": "^3.3.0"
}
},
"semver": {
"version": "7.3.7",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
"integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
"dev": true,
"requires": {
"lru-cache": "^6.0.0"
}
}
}
},
"@typescript-eslint/visitor-keys": {
"version": "5.26.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.26.0.tgz",
"integrity": "sha512-wei+ffqHanYDOQgg/fS6Hcar6wAWv0CUPQ3TZzOWd2BLfgP539rb49bwua8WRAs7R6kOSLn82rfEu2ro6Llt8Q==",
"version": "5.27.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.27.1.tgz",
"integrity": "sha512-xYs6ffo01nhdJgPieyk7HAOpjhTsx7r/oB9LWEhwAXgwn33tkr+W8DI2ChboqhZlC4q3TC6geDYPoiX8ROqyOQ==",
"dev": true,
"requires": {
"@typescript-eslint/types": "5.26.0",
"@typescript-eslint/types": "5.27.1",
"eslint-visitor-keys": "^3.3.0"
}
},
"@vercel/ncc": {
"version": "0.33.4",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.33.4.tgz",
"integrity": "sha512-ln18hs7dMffelP47tpkaR+V5Tj6coykNyxJrlcmCormPqRQjB/Gv4cu2FfBG+PMzIfdZp2CLDsrrB1NPU22Qhg==",
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
"integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
"dev": true
},
"abab": {
@@ -9770,9 +9565,9 @@
"peer": true
},
"esbuild-register": {
"version": "3.3.2",
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.3.2.tgz",
"integrity": "sha512-jceAtTO6zxPmCfSD5cBb3rgIK1vmuqCKYwgylHiS1BF4pq0jJiJb4K2QMuqF4BEw7XDBRatYzip0upyTzfkgsQ==",
"version": "3.3.3",
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.3.3.tgz",
"integrity": "sha512-eFHOkutgIMJY5gc8LUp/7c+LLlDqzNi9T6AwCZ2WKKl3HmT+5ef3ZRyPPxDOynInML0fgaC50yszPKfPnjC0NQ==",
"dev": true,
"requires": {}
},
@@ -9816,9 +9611,9 @@
}
},
"eslint": {
"version": "8.16.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.16.0.tgz",
"integrity": "sha512-MBndsoXY/PeVTDJeWsYj7kLZ5hQpJOfMYLsF6LicLHQWbRDG19lK5jOix4DPl8yY4SUFcE3txy86OzFLWT+yoA==",
"version": "8.17.0",
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.17.0.tgz",
"integrity": "sha512-gq0m0BTJfci60Fz4nczYxNAlED+sMcihltndR8t9t1evnU/azx53x3t2UHXC/uRjcbvRw/XctpaNygSTcQD+Iw==",
"dev": true,
"requires": {
"@eslint/eslintrc": "^1.3.0",
@@ -10096,9 +9891,9 @@
}
},
"eslint-plugin-jest": {
"version": "26.2.2",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-26.2.2.tgz",
"integrity": "sha512-etSFZ8VIFX470aA6kTqDPhIq7YWe0tjBcboFNV3WeiC18PJ/AVonGhuTwlmuz2fBkH8FJHA7JQ4k7GsQIj1Gew==",
"version": "26.5.3",
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-26.5.3.tgz",
"integrity": "sha512-sICclUqJQnR1bFRZGLN2jnSVsYOsmPYYnroGCIMVSvTS3y8XR3yjzy1EcTQmk6typ5pRgyIWzbjqxK6cZHEZuQ==",
"dev": true,
"requires": {
"@typescript-eslint/utils": "^5.10.0"
@@ -10492,9 +10287,9 @@
}
},
"got": {
"version": "12.0.4",
"resolved": "https://registry.npmjs.org/got/-/got-12.0.4.tgz",
"integrity": "sha512-2Eyz4iU/ktq7wtMFXxzK7g5p35uNYLLdiZarZ5/Yn3IJlNEpBd5+dCgcAyxN8/8guZLszffwe3wVyw+DEVrpBg==",
"version": "12.1.0",
"resolved": "https://registry.npmjs.org/got/-/got-12.1.0.tgz",
"integrity": "sha512-hBv2ty9QN2RdbJJMK3hesmSkFTjVIHyIDDbssCKnSmq62edGgImJWD10Eb1k77TiV1bxloxqcFAVK8+9pkhOig==",
"requires": {
"@sindresorhus/is": "^4.6.0",
"@szmarczak/http-timer": "^5.0.1",
@@ -12969,9 +12764,9 @@
}
},
"typescript": {
"version": "4.6.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz",
"integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==",
"version": "4.7.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.3.tgz",
"integrity": "sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==",
"dev": true
},
"unbox-primitive": {
@@ -13260,6 +13055,11 @@
"integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
"dev": true
},
"yaml": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz",
"integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw=="
},
"yargs": {
"version": "16.2.0",
"resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
@@ -13282,9 +13082,9 @@
"dev": true
},
"zod": {
"version": "3.17.2",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.17.2.tgz",
"integrity": "sha512-L8UPS2J/F3dIA8gsPTvGjd8wSRuwR1Td4AqR2Nw8r8BgcLIbZZ5/tCII7hbTLXTQDhxUnnsFdHwpETGajt5i3A=="
"version": "3.17.3",
"resolved": "https://registry.npmjs.org/zod/-/zod-3.17.3.tgz",
"integrity": "sha512-4oKP5zvG6GGbMlqBkI5FESOAweldEhSOZ6LI6cG+JzUT7ofj1ZOC0PJudpQOpT1iqOFpYYtX5Pw0+o403y4bcg=="
}
}
}
+12 -11
View File
@@ -30,24 +30,25 @@
"@octokit/plugin-retry": "^3.0.9",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.1.0",
"got": "^12.0.4",
"got": "^12.1.0",
"nodemon": "^2.0.16",
"zod": "^3.17.2"
"yaml": "^2.1.1",
"zod": "^3.17.3"
},
"devDependencies": {
"@types/node": "^17.0.35",
"@typescript-eslint/eslint-plugin": "^5.25.0",
"@typescript-eslint/parser": "^5.26.0",
"@vercel/ncc": "^0.33.4",
"esbuild-register": "^3.3.2",
"eslint": "^8.16.0",
"@types/node": "^17.0.40",
"@typescript-eslint/eslint-plugin": "^5.27.1",
"@typescript-eslint/parser": "^5.27.1",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.3.3",
"eslint": "^8.17.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.2.2",
"eslint-plugin-jest": "^26.5.3",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.16",
"prettier": "2.6.2",
"ts-jest": "^27.1.4",
"typescript": "^4.6.4"
"typescript": "^4.7.3"
}
}
}
+33
View File
@@ -0,0 +1,33 @@
import * as fs from 'fs'
import YAML from 'yaml'
import {ConfigurationOptions, ConfigurationOptionsSchema} from './schemas'
import path from 'path'
export const CONFIG_FILEPATH = './.github/dependency-review.yml'
export function readConfigFile(
filePath: string = CONFIG_FILEPATH
): ConfigurationOptions {
// By default we want to fail on all severities and allow all licenses.
const defaultOptions: ConfigurationOptions = {
fail_on_severity: 'low',
allow_licenses: []
}
let data
try {
data = fs.readFileSync(path.resolve(filePath), 'utf-8')
} catch (error: any) {
if (error.code && error.code === 'ENOENT') {
return defaultOptions
} else {
throw error
}
}
const values = YAML.parse(data)
const parsed = ConfigurationOptionsSchema.parse(values)
return parsed
}
+36
View File
@@ -0,0 +1,36 @@
import {Changes} from './schemas'
import {Severity, SEVERITIES} from './schemas'
export function filterChangesBySeverity(
severity: Severity,
changes: Changes
): Changes {
const severityIdx = SEVERITIES.indexOf(severity)
let filteredChanges = []
for (let change of changes) {
if (
change === undefined ||
change.vulnerabilities === undefined ||
change.vulnerabilities.length === 0
) {
continue
}
let fChange = {
...change,
vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = SEVERITIES.indexOf(vuln.severity)
if (vulnIdx <= severityIdx) {
return true
}
})
}
filteredChanges.push(fChange)
}
// don't want to deal with changes with no vulnerabilities
filteredChanges = filteredChanges.filter(
change => change.vulnerabilities.length > 0
)
return filteredChanges
}
+134
View File
@@ -0,0 +1,134 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
exports.__esModule = true;
exports.parseGitHubUrl = exports.getApiClient = exports.getPlatform = exports.GITHUB_DOTCOM_URL = exports.Platform = void 0;
// Tons of code lifted from https://github.com/github/codeql-action!
var path = require("path");
var core = require("@actions/core");
var githubUtils = require("@actions/github/lib/utils");
var retry = require("@octokit/plugin-retry");
var Platform;
(function (Platform) {
Platform[Platform["DOTCOM"] = 0] = "DOTCOM";
Platform[Platform["GHES"] = 1] = "GHES";
Platform[Platform["GHAE"] = 2] = "GHAE";
})(Platform = exports.Platform || (exports.Platform = {}));
exports.GITHUB_DOTCOM_URL = 'https://github.com';
var GITHUB_ENTERPRISE_VERSION_HEADER = 'x-github-enterprise-version';
function getPlatform(url) {
return __awaiter(this, void 0, void 0, function () {
var apiClient, response;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
// We can avoid making an API request in the standard dotcom case
if (parseGitHubUrl(url) === exports.GITHUB_DOTCOM_URL) {
return [2 /*return*/, Platform.DOTCOM];
}
apiClient = (0, exports.getApiClient)(url);
return [4 /*yield*/, apiClient.rest.meta.get()];
case 1:
response = _a.sent();
if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === 'GitHub AE') {
return [2 /*return*/, Platform.GHAE];
}
return [2 /*return*/, Platform.GHES];
}
});
});
}
exports.getPlatform = getPlatform;
var getApiClient = function (url) {
var auth = core.getInput('repo-token', { required: true });
var retryingOctokit = githubUtils.GitHub.plugin(retry.retry);
return new retryingOctokit(githubUtils.getOctokitOptions(auth, {
baseUrl: getApiUrl(url)
}));
};
exports.getApiClient = getApiClient;
function getApiUrl(githubUrl) {
var url = new URL(githubUrl);
// If we detect this is trying to connect to github.com
// then return with a fixed canonical URL.
if (url.hostname === 'github.com' || url.hostname === 'api.github.com') {
return 'https://api.github.com';
}
// Add the /api/v3 API prefix
url.pathname = path.join(url.pathname, 'api', 'v3');
return url.toString();
}
/**
* Parses user input of a github.com or GHES URL to a canonical form.
* Removes any API prefix or suffix if one is present.
*/
function parseGitHubUrl(inputUrl) {
var originalUrl = inputUrl;
if (inputUrl.indexOf('://') === -1) {
inputUrl = "https://".concat(inputUrl);
}
if (!inputUrl.startsWith('http://') && !inputUrl.startsWith('https://')) {
throw new Error("\"".concat(originalUrl, "\" is not a http or https URL"));
}
var url;
try {
url = new URL(inputUrl);
}
catch (e) {
throw new Error("\"".concat(originalUrl, "\" is not a valid URL"));
}
// If we detect this is trying to be to github.com
// then return with a fixed canonical URL.
if (url.hostname === 'github.com' || url.hostname === 'api.github.com') {
return exports.GITHUB_DOTCOM_URL;
}
// Remove the API prefix if it's present
if (url.pathname.indexOf('/api/v3') !== -1) {
url.pathname = url.pathname.substring(0, url.pathname.indexOf('/api/v3'));
}
// Also consider subdomain isolation on GHES
if (url.hostname.startsWith('api.')) {
url.hostname = url.hostname.substring(4);
}
// Normalise path to having a trailing slash for consistency
if (!url.pathname.endsWith('/')) {
url.pathname = "".concat(url.pathname, "/");
}
return url.toString();
}
exports.parseGitHubUrl = parseGitHubUrl;
getPlatform(exports.GITHUB_DOTCOM_URL);
+28 -13
View File
@@ -3,7 +3,9 @@ import * as dependencyGraph from './dependency-graph'
import * as github from '@actions/github'
import styles from 'ansi-styles'
import {RequestError} from '@octokit/request-error'
import {PullRequestSchema} from './schemas'
import {Change, PullRequestSchema, Severity} from './schemas'
import {readConfigFile} from '../src/config'
import {filterChangesBySeverity} from '../src/filter'
async function run(): Promise<void> {
try {
@@ -24,24 +26,22 @@ async function run(): Promise<void> {
headRef: pull_request.head.sha
})
let config = readConfigFile()
let minSeverity = config.fail_on_severity
let failed = false
for (const change of changes) {
let filteredChanges = filterChangesBySeverity(
minSeverity as Severity,
changes
)
for (const change of filteredChanges) {
if (
change.change_type === 'added' &&
change.vulnerabilities !== undefined &&
change.vulnerabilities.length > 0
) {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
printChangeVulnerabilities(change)
failed = true
}
}
@@ -49,7 +49,9 @@ async function run(): Promise<void> {
if (failed) {
throw new Error('Dependency review detected vulnerable packages.')
} else {
core.info('Dependency review did not detect any vulnerable packages.')
core.info(
`Dependency review did not detect any vulnerable packages with severity level "${minSeverity}" or above.`
)
}
} catch (error) {
if (error instanceof RequestError && error.status === 404) {
@@ -70,6 +72,19 @@ async function run(): Promise<void> {
}
}
function printChangeVulnerabilities(change: Change) {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
change.version
}${styles.bold.close} ${vuln.advisory_summary} ${renderSeverity(
vuln.severity
)}`
)
core.info(`${vuln.advisory_url}`)
}
}
function renderSeverity(
severity: 'critical' | 'high' | 'moderate' | 'low'
): string {
+19 -1
View File
@@ -1,6 +1,8 @@
import * as z from 'zod'
const ChangeSchema = z.object({
export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const
export const ChangeSchema = z.object({
change_type: z.enum(['added', 'removed']),
manifest: z.string(),
ecosystem: z.string(),
@@ -19,6 +21,7 @@ const ChangeSchema = z.object({
})
)
.optional()
.default([])
})
export const PullRequestSchema = z.object({
@@ -27,6 +30,21 @@ export const PullRequestSchema = z.object({
head: z.object({sha: z.string()})
})
export const ConfigurationOptionsSchema = z
.object({
fail_on_severity: z.enum(SEVERITIES).default('low'),
allow_licenses: z.array(z.string()).default([]),
deny_licenses: z.array(z.string()).default([])
})
.partial()
.refine(
obj => !(obj.allow_licenses && obj.deny_licenses),
"Can't specify both allow_licenses and deny_licenses"
)
export const ChangesSchema = z.array(ChangeSchema)
export type Change = z.infer<typeof ChangeSchema>
export type Changes = z.infer<typeof ChangesSchema>
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
export type Severity = typeof SEVERITIES[number]