Compare commits

...

151 Commits

Author SHA1 Message Date
Federico Builes 9f2f2d8aa6 Merge pull request #200 from actions/willdasilva-fork
Support user-provided base/head refs & non-PR workflows
2022-08-18 15:30:04 +02:00
Federico Builes d2018420d8 Clean up mock data setup. 2022-08-18 15:03:11 +02:00
Federico Builes 54af7c7fbe Merge branch 'main' into WillDaSilva-main.
Took the time to tweak the README.

# Conflicts:
#	README.md
#	dist/index.js.map
2022-08-18 14:56:08 +02:00
Federico Builes f2e57a19af Merge pull request #196 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.1
Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
2022-08-16 07:50:18 +02:00
dependabot[bot] fb59017069 Bump @typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:46:37 +00:00
Federico Builes 3d5f077fa9 Merge pull request #195 from actions/dependabot/npm_and_yarn/types/node-16.11.49
Bump @types/node from 16.11.48 to 16.11.49
2022-08-16 07:45:40 +02:00
dependabot[bot] cb1474859d Bump @types/node from 16.11.48 to 16.11.49
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.48 to 16.11.49.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 05:44:24 +00:00
Federico Builes 5f53719ca3 Merge pull request #197 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.3
Bump eslint-plugin-jest from 26.8.2 to 26.8.3
2022-08-16 07:44:12 +02:00
Federico Builes 193b31de81 Merge pull request #198 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.1
Bump @octokit/request-error from 3.0.0 to 3.0.1
2022-08-16 07:43:59 +02:00
Federico Builes 92e8b8da75 Merge pull request #199 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.1
Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
2022-08-16 07:43:43 +02:00
dependabot[bot] 625da714f5 Bump @typescript-eslint/parser from 5.33.0 to 5.33.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.33.0 to 5.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:20 +00:00
dependabot[bot] 0794c6c280 Bump @octokit/request-error from 3.0.0 to 3.0.1
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:42:07 +00:00
dependabot[bot] d12f30b747 Bump eslint-plugin-jest from 26.8.2 to 26.8.3
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.8.2 to 26.8.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.8.2...v26.8.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-16 01:41:59 +00:00
Federico Builes dbafdf9b30 Merge pull request #194 from actions/dependabot/npm_and_yarn/eslint-8.22.0
Bump eslint from 8.21.0 to 8.22.0
2022-08-15 09:18:00 +02:00
dependabot[bot] 3f3ba6e567 Bump eslint from 8.21.0 to 8.22.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.21.0 to 8.22.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.21.0...v8.22.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 01:55:22 +00:00
Federico Builes e2e1913ee9 Merge pull request #192 from actions/dependabot/npm_and_yarn/zod-3.18.0
Bump zod from 3.17.10 to 3.18.0
2022-08-12 18:19:08 +02:00
Federico Builes 2122cb87dc Merge branch 'main' into dependabot/npm_and_yarn/zod-3.18.0
# Conflicts:
#	dist/index.js.map
2022-08-12 18:17:01 +02:00
Federico Builes 694e9af6c9 Merge pull request #193 from actions/dependabot/npm_and_yarn/types/node-16.11.48
Bump @types/node from 16.11.47 to 16.11.48
2022-08-12 18:14:26 +02:00
Federico Builes 96dcfbbcd4 adding dist 2022-08-12 18:14:15 +02:00
dependabot[bot] c77018cec1 Bump @types/node from 16.11.47 to 16.11.48
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.47 to 16.11.48.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:07:54 +00:00
Federico Builes 36a493b367 Merge pull request #189 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.33.0
Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
2022-08-12 18:05:11 +02:00
dependabot[bot] 11e4eca6c1 Bump zod from 3.17.10 to 3.18.0
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.10 to 3.18.0.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.10...v3.18.0)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:04:10 +00:00
dependabot[bot] e9f051f098 Bump @typescript-eslint/eslint-plugin from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-12 16:03:51 +00:00
Federico Builes f59ac52391 Merge pull request #186 from actions/dependabot/npm_and_yarn/got-12.3.1
Bump got from 12.3.0 to 12.3.1
2022-08-12 18:03:34 +02:00
Federico Builes 5391a8b654 Merge pull request #190 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.33.0
Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
2022-08-12 18:02:56 +02:00
Federico Builes 531da4bab3 Merge pull request #191 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.8.2
Bump eslint-plugin-jest from 26.7.0 to 26.8.2
2022-08-12 18:02:28 +02:00
Federico Builes a059506842 Merge pull request #188 from actions/dependabot/npm_and_yarn/actions/core-1.9.1
Bump @actions/core from 1.9.0 to 1.9.1
2022-08-12 18:01:43 +02:00
Federico Builes d8aff4cfce adding dist 2022-08-12 18:00:10 +02:00
dependabot[bot] 1069034a80 Bump eslint-plugin-jest from 26.7.0 to 26.8.2
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.7.0 to 26.8.2.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.7.0...v26.8.2)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-10 01:22:58 +00:00
dependabot[bot] 424d622090 Bump @typescript-eslint/parser from 5.32.0 to 5.33.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.32.0 to 5.33.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.33.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:36:41 +00:00
dependabot[bot] 979fe8f031 Bump @actions/core from 1.9.0 to 1.9.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-09 01:35:43 +00:00
dependabot[bot] ea4b93e2db Bump got from 12.3.0 to 12.3.1
Bumps [got](https://github.com/sindresorhus/got) from 12.3.0 to 12.3.1.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.3.0...v12.3.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 01:50:21 +00:00
Federico Builes 415088b56e Merge pull request #180 from actions/enterprise-docs
Adding instructions for installing in GHES
2022-08-03 17:28:05 +02:00
Federico Builes be18317f94 Update README.md
Co-authored-by: Courtney Claessens <courtneycl@github.com>
2022-08-03 17:27:39 +02:00
Courtney Claessens e20b197c93 adding info on licenses not supported for GHES 2022-08-03 10:46:47 -04:00
Federico Builes e66fd91484 Point to the 3.6 docs for Connect. 2022-08-03 11:29:50 +02:00
Federico Builes ea815ebddb Add link for GHAS. 2022-08-03 11:25:03 +02:00
Federico Builes bb3e014e0a Adding instructions for GHES 3.6. 2022-08-03 11:22:48 +02:00
Federico Builes 4317da3e38 Merge pull request #179 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.32.0
Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
2022-08-02 10:46:34 +02:00
dependabot[bot] 2aa2a269c4 Bump @typescript-eslint/parser from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 08:45:25 +00:00
Federico Builes 67562b4c74 Merge pull request #178 from actions/dependabot/npm_and_yarn/eslint-8.21.0
Bump eslint from 8.20.0 to 8.21.0
2022-08-02 10:44:48 +02:00
Federico Builes fe523440bc Merge pull request #177 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.32.0
Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
2022-08-02 10:44:39 +02:00
dependabot[bot] bddb4f4ac8 Bump eslint from 8.20.0 to 8.21.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.20.0 to 8.21.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.20.0...v8.21.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:32:02 +00:00
dependabot[bot] 951c4b6b47 Bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.31.0 to 5.32.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.32.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-02 01:31:50 +00:00
Federico Builes 90edb6f286 Merge pull request #174 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.7.0
Bump eslint-plugin-jest from 26.6.0 to 26.7.0
2022-08-01 17:33:21 +02:00
Federico Builes 76cb47a13a Merge pull request #175 from actions/dependabot/npm_and_yarn/types/node-16.11.47
Bump @types/node from 16.11.46 to 16.11.47
2022-08-01 17:33:11 +02:00
dependabot[bot] 8c65c50f8e Bump @types/node from 16.11.46 to 16.11.47
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.46 to 16.11.47.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:27 +00:00
dependabot[bot] 15dae1771a Bump eslint-plugin-jest from 26.6.0 to 26.7.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.6.0 to 26.7.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.6.0...v26.7.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 01:56:18 +00:00
Will Da Silva 15d18576a5 Merge branch 'upstream/main' into main 2022-07-30 00:44:27 -04:00
Federico Builes 0517f5ae3d Merge pull request #172 from actions/dependabot/npm_and_yarn/types/node-16.11.46
Bump @types/node from 16.11.45 to 16.11.46
2022-07-29 14:32:13 +02:00
Federico Builes a7ed04cb6d Merge pull request #173 from actions/dependabot/npm_and_yarn/got-12.3.0
Bump got from 12.2.0 to 12.3.0
2022-07-29 14:23:49 +02:00
dependabot[bot] 5956ba4d37 Bump got from 12.2.0 to 12.3.0
Bumps [got](https://github.com/sindresorhus/got) from 12.2.0 to 12.3.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.2.0...v12.3.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:53 +00:00
dependabot[bot] ee739211c3 Bump @types/node from 16.11.45 to 16.11.46
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.45 to 16.11.46.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-29 01:27:43 +00:00
Federico Builes 2427b83fb6 Merge pull request #171 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.31.0
Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
2022-07-26 12:45:30 +02:00
dependabot[bot] e004499203 Bump @typescript-eslint/parser from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 09:30:36 +00:00
Federico Builes 15e8301141 Merge pull request #170 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.31.0
Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
2022-07-26 11:29:43 +02:00
dependabot[bot] 074e15f1d2 Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 01:49:44 +00:00
Federico Builes 28bd35e115 Merge pull request #167 from actions/dependabot/npm_and_yarn/zod-3.17.10
Bump zod from 3.17.9 to 3.17.10
2022-07-26 03:00:59 +02:00
Federico Builes 1a8b866371 adding dist 2022-07-26 02:59:21 +02:00
dependabot[bot] 7414ae2b68 Bump zod from 3.17.9 to 3.17.10
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-26 00:54:13 +00:00
Federico Builes 25a2578e41 Merge pull request #169 from actions/dependabot/npm_and_yarn/got-12.2.0
Bump got from 12.1.0 to 12.2.0
2022-07-26 02:53:24 +02:00
Federico Builes 5a348f087a Merge pull request #168 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.3.7
Bump eslint-plugin-github from 4.3.6 to 4.3.7
2022-07-26 02:53:05 +02:00
dependabot[bot] 4d7937d9b8 Bump got from 12.1.0 to 12.2.0
Bumps [got](https://github.com/sindresorhus/got) from 12.1.0 to 12.2.0.
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](https://github.com/sindresorhus/got/compare/v12.1.0...v12.2.0)

---
updated-dependencies:
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:54:31 +00:00
dependabot[bot] 4b57fa2745 Bump eslint-plugin-github from 4.3.6 to 4.3.7
Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.6 to 4.3.7.
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.6...v4.3.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-25 01:53:49 +00:00
Will Da Silva 388b1a309d Support user-provided base/head refs & non-PR workflows 2022-07-21 15:47:05 -04:00
Federico Builes b15d68a617 Merge pull request #163 from actions/dependabot/npm_and_yarn/zod-3.17.9
Bump zod from 3.17.4 to 3.17.9
2022-07-19 13:29:36 +02:00
Federico Builes 86ba360860 updating dist 2022-07-19 05:28:23 -06:00
dependabot[bot] 1c643b69e3 Bump zod from 3.17.4 to 3.17.9
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.4 to 3.17.9.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.4...v3.17.9)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:26:12 +00:00
Federico Builes cc90e94fd7 Merge pull request #162 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.7
Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
2022-07-19 13:13:51 +02:00
dependabot[bot] ca03cb626b Bump @typescript-eslint/parser from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 11:12:11 +00:00
Federico Builes 0c672b9f6f Merge pull request #161 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.7
Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
2022-07-19 13:11:11 +02:00
dependabot[bot] 9b38d34b70 Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.6 to 5.30.7.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.7/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 01:53:55 +00:00
Federico Builes bd0f0459f8 Merge pull request #160 from actions/dependabot/npm_and_yarn/eslint-8.20.0
Bump eslint from 8.19.0 to 8.20.0
2022-07-18 15:02:44 +02:00
Federico Builes ace98b5898 Merge pull request #159 from actions/dependabot/npm_and_yarn/types/node-16.11.45
Bump @types/node from 16.11.44 to 16.11.45
2022-07-18 15:02:24 +02:00
dependabot[bot] 79aa012b58 Bump @types/node from 16.11.44 to 16.11.45
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.44 to 16.11.45.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:01:56 +00:00
Federico Builes 264bf85801 Merge pull request #158 from actions/dependabot/npm_and_yarn/zod-3.17.4
Bump zod from 3.17.3 to 3.17.4
2022-07-18 15:01:30 +02:00
Federico Builes 0e2da932f6 updating dist files 2022-07-18 07:00:33 -06:00
dependabot[bot] 0a8934fb6a Bump eslint from 8.19.0 to 8.20.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.19.0 to 8.20.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.19.0...v8.20.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 13:00:14 +00:00
Federico Builes f83d7f264c Merge branch 'main' into dependabot/npm_and_yarn/zod-3.17.4 2022-07-18 07:00:01 -06:00
Federico Builes d0e46c9613 Merge pull request #157 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-26.6.0
Bump eslint-plugin-jest from 26.5.3 to 26.6.0
2022-07-18 14:59:20 +02:00
dependabot[bot] 22bb279ab1 Bump zod from 3.17.3 to 3.17.4
Bumps [zod](https://github.com/colinhacks/zod) from 3.17.3 to 3.17.4.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.17.3...v3.17.4)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:53:03 +00:00
dependabot[bot] d33c19c38d Bump eslint-plugin-jest from 26.5.3 to 26.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 26.5.3 to 26.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v26.5.3...v26.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-18 01:52:43 +00:00
Federico Builes 2ef513a94a Update example tag text. 2022-07-14 09:39:56 +02:00
Federico Builes abd8ae5da7 Make CONTRIBUTING.md examples easier to copy/paste. 2022-07-14 09:35:44 +02:00
Federico Builes 94145f3150 Bumping the version to 2.0.4.
Missed the version changes in the previous release.
2022-07-14 09:31:49 +02:00
Federico Builes af8d39d8a3 Bumping the version to 2.0.3. 2022-07-14 09:14:17 +02:00
Federico Builes b83777ffd0 Merge pull request #156 from actions/dependabot/npm_and_yarn/types/node-16.11.44
Bump @types/node from 16.11.43 to 16.11.44
2022-07-14 09:11:42 +02:00
Federico Builes 1dc503a722 Merge pull request #155 from kachick/fix-154
Ignore removed changes in license checker
2022-07-14 09:10:17 +02:00
dependabot[bot] 8975a27eeb Bump @types/node from 16.11.43 to 16.11.44
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.43 to 16.11.44.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 01:36:49 +00:00
Kenichi Kamiya c003e7f8fc Add more test for added and removed pattern 2022-07-13 19:07:12 +09:00
Kenichi Kamiya ae4118f8fa Update build files with npm run all 2022-07-13 18:11:55 +09:00
Kenichi Kamiya c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Federico Builes bced8aa1b2 Merge pull request #153 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.6
Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
2022-07-12 09:07:41 +02:00
dependabot[bot] ba8e0b013b Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 07:04:11 +00:00
Federico Builes cfcdef93a4 Merge pull request #152 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.6
Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
2022-07-12 09:03:21 +02:00
dependabot[bot] 43b6f9fe4a Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 01:46:01 +00:00
Federico Builes 467931ed7e Merge pull request #151 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.0
Bump @octokit/request-error from 2.1.0 to 3.0.0
2022-07-11 10:52:17 +02:00
Federico Builes 29c7e47bc6 adding dist folder 2022-07-11 10:49:16 +02:00
dependabot[bot] aa4260f0b0 Bump @octokit/request-error from 2.1.0 to 3.0.0
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v3.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 02:03:02 +00:00
Federico Builes f187f64fc9 Merge pull request #139 from actions/dependabot/npm_and_yarn/eslint-8.19.0
Bump eslint from 8.18.0 to 8.19.0
2022-07-06 11:09:37 +02:00
Federico Builes f3bcf122c7 Merge pull request #144 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.5
Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
2022-07-06 11:09:15 +02:00
dependabot[bot] c43f51429e Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:16 +00:00
dependabot[bot] c9027d07d6 Bump eslint from 8.18.0 to 8.19.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.18.0 to 8.19.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.18.0...v8.19.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:10 +00:00
Federico Builes c316251843 Merge pull request #146 from kachick/add-vscode-workspace-configs
Enable prettier and recommend eslint in vscode workspace config
2022-07-06 11:01:23 +02:00
Federico Builes d8e436b2d5 Merge pull request #143 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.5
Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
2022-07-06 11:01:06 +02:00
Federico Builes 82d4814150 Merge pull request #142 from kachick/fix-lint-errors-and-add-ci
Add CI workflow and fix lint errors
2022-07-06 11:00:13 +02:00
Federico Builes 89de8ab245 Merge pull request #148 from actions/dependabot/npm_and_yarn/nodemon-2.0.19
Bump nodemon from 2.0.18 to 2.0.19
2022-07-06 10:41:04 +02:00
dependabot[bot] 3e74bf2266 Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 08:40:11 +00:00
Federico Builes 1ea517b3fa Merge pull request #141 from kachick/use-fixed-major-version-for-node-types
Use fixed major version for node types
2022-07-06 10:38:56 +02:00
Federico Builes 2aef88c152 Merge pull request #145 from kachick/fix-typo-dangerouns
Fix a typo s/dangerouns/dangerous/
2022-07-06 10:26:18 +02:00
Kenichi Kamiya 51d1824002 Focus only on the node issue
https://github.com/actions/dependency-review-action/pull/141#discussion_r914526073

https://github.com/actions/dependency-review-action/pull/141#discussion_r914537222

Co-authored-by: Federico Builes <febuiles@github.com>
2022-07-06 17:13:18 +09:00
dependabot[bot] 94edc9c394 Bump nodemon from 2.0.18 to 2.0.19
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.18...v2.0.19)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 02:07:14 +00:00
Kenichi Kamiya 7219e93649 Enable prettier and recommend eslint in vscode workspace config 2022-07-05 20:32:34 +09:00
Kenichi Kamiya 08074685be Fix a typo s/dangerouns/dangerous/ 2022-07-05 18:32:34 +09:00
Kenichi Kamiya 3efca1e3dd Update build files with npm run all 2022-07-04 20:13:08 +09:00
Kenichi Kamiya 9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 40346e9340 Run test and linter in CI 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 7f576504ed Stop dependabot PRs for different major version of types
It is possible to make a mismatch with actual logic.
2022-07-04 11:25:57 +09:00
Kenichi Kamiya 09100640b0 Adjust types of node to 16.x again
`npm uninstall @types/node && npm install --save-dev "@types/node@^16.11.43"`
2022-07-04 11:23:37 +09:00
Federico Builes 26b7908701 Merge pull request #136 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.0
Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
2022-06-28 08:04:16 +02:00
dependabot[bot] b564b42423 Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 05:56:11 +00:00
Federico Builes 2ceda66c21 Merge pull request #135 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.0
Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
2022-06-28 07:55:08 +02:00
dependabot[bot] 49a36aa04e Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 01:40:44 +00:00
Brandyn Phelps 17b8abf3bb Merge pull request #132 from kachick/fix-typo
docs: Fix a typo
2022-06-24 14:17:17 -07:00
Kenichi Kamiya c699fc9e3e docs: Fix a typo 2022-06-25 01:18:31 +09:00
Federico Builes 24ab96e8b8 Merge pull request #128 from actions/dependabot/npm_and_yarn/nodemon-2.0.18
Bump nodemon from 2.0.16 to 2.0.18
2022-06-24 08:37:57 +02:00
dependabot[bot] 04f86c1583 Bump nodemon from 2.0.16 to 2.0.18
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.16 to 2.0.18.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.16...v2.0.18)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 01:41:25 +00:00
Federico Builes 81b5cbd111 Merge pull request #127 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.29.0
Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
2022-06-21 07:50:03 +02:00
dependabot[bot] 4b88091897 Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 05:49:04 +00:00
Federico Builes febb822f26 Merge pull request #126 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.29.0
Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
2022-06-21 07:48:11 +02:00
dependabot[bot] ea91d29cdf Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 01:51:23 +00:00
Federico Builes a9539be12a Merge pull request #123 from actions/dependabot/npm_and_yarn/typescript-4.7.4
Bump typescript from 4.7.3 to 4.7.4
2022-06-20 08:14:45 +02:00
Federico Builes 9c688a568f Merge pull request #124 from actions/dependabot/npm_and_yarn/eslint-8.18.0
Bump eslint from 8.17.0 to 8.18.0
2022-06-20 08:14:26 +02:00
dependabot[bot] ff449a1296 Bump eslint from 8.17.0 to 8.18.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.17.0 to 8.18.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.17.0...v8.18.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:47:10 +00:00
dependabot[bot] 2a961b0169 Bump typescript from 4.7.3 to 4.7.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.3 to 4.7.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.3...v4.7.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:46:55 +00:00
Federico Builes 879687b22c Merge pull request #122 from actions/dependabot/npm_and_yarn/prettier-2.7.1
Bump prettier from 2.7.0 to 2.7.1
2022-06-17 07:40:15 +02:00
dependabot[bot] cb52804670 Bump prettier from 2.7.0 to 2.7.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.0...2.7.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-17 01:54:43 +00:00
Federico Builes 17187536c0 Merge pull request #120 from actions/dependabot/npm_and_yarn/types/node-18.0.0
Bump @types/node from 17.0.43 to 18.0.0
2022-06-16 07:18:52 +02:00
Federico Builes c0faf55fe4 Merge pull request #119 from actions/dependabot/npm_and_yarn/actions/core-1.9.0
Bump @actions/core from 1.8.2 to 1.9.0
2022-06-16 07:18:37 +02:00
Federico Builes b6f6142660 adding dist files 2022-06-16 07:07:13 +02:00
Federico Builes 333e7ce17e Merge branch 'main' into dependabot/npm_and_yarn/actions/core-1.9.0 2022-06-16 07:06:25 +02:00
Federico Builes 4e9a45ca5b Merge pull request #121 from kachick/fix-duplicate-words
Fix duplicate words in README
2022-06-16 06:58:18 +02:00
dependabot[bot] 32a1ef9487 Bump @actions/core from 1.8.2 to 1.9.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 04:57:11 +00:00
Federico Builes 83be5f6c90 bumping version 2022-06-16 06:56:22 +02:00
Kenichi Kamiya 70f41926ca Fix duplicate words in README 2022-06-16 13:06:54 +09:00
Federico Builes 1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
dependabot[bot] ba0681f88b Bump @types/node from 17.0.43 to 18.0.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.43 to 18.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 01:32:41 +00:00
Federico Builes 29fc7a23bd Merge pull request #117 from actions/readme-capitalisation
Fixing branding in the readme
2022-06-15 15:40:19 +02:00
Courtney Claessens 903977c63a branding! 2022-06-15 09:32:17 -04:00
21 changed files with 2378 additions and 1508 deletions
+3
View File
@@ -9,3 +9,6 @@ updates:
directory: /
schedule:
interval: daily
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+42
View File
@@ -0,0 +1,42 @@
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Test
run: |
npm test
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Check format
run: |
npm run format-check
- name: Lint
run: |
npm run lint
+3
View File
@@ -0,0 +1,3 @@
{
"recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
}
+4
View File
@@ -0,0 +1,4 @@
{
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
+2 -2
View File
@@ -102,8 +102,8 @@ minor/patch updates.
To do this just force-create a new annotated tag and push it:
```
git tag -fa v1 -m "Updating v1 tag"
git push origin v1 --force
git tag -fa v2 -m "Updating v2 to 2.3.4"
git push origin v2 --force
```
## Resources
+55 -6
View File
@@ -1,14 +1,16 @@
# dependency-review-action
This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions.
This action scans your pull requests for dependency changes, and will
raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions.
The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.
The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
<img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
## Installation
**Please keep in mind that you need a [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security) license if you're running this action on private repositories.**
1. Add a new YAML workflow to your `.github/workflows` folder:
```yaml
@@ -28,9 +30,35 @@ jobs:
uses: actions/dependency-review-action@v2
```
Please keep in mind that you need a GitHub Advanced Security license if you're running this action on private repos.
### GitHub Enterprise Server
This action is available in GHES starting with version 3.6. Make sure
[GitHub Advanced
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
and [GitHub
Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
are enabled.
You can use the same workflow as above, replacing the `runs-on` value
with the label of any of your runners (the default label
is `self-hosted`):
```yaml
# ...
jobs:
dependency-review:
runs-on: self-hosted
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v2
```
## Configuration
You can pass additional options to the Dependency Review
Action using your workflow file. Here's an example workflow with
all the possible configurations:
@@ -52,7 +80,11 @@ jobs:
# Possible values: "critical", "high", "moderate", "low"
# fail-on-severity: critical
#
# You can only can only include one of these two options: `allow-licenses` and `deny-licences`
# Possible values: Any available git ref
# base-ref: ${{ github.event.pull_request.base.ref }}
# head-ref: ${{ github.event.pull_request.head.ref }}
#
# You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on GHES.
#
# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
# allow-licenses: GPL-3.0, BSD-3-Clause, MIT
@@ -61,6 +93,11 @@ jobs:
# deny-licenses: LGPL-2.0, BSD-2-Clause
```
When the workflow with this action is caused by a `pull_request` or `pull_request_target` event,
the `base-ref` and `head-ref` values have the defaults as shown above. If the workflow is caused by
any other event, the `base-ref` and `head-ref` options must be
explicitly set in the configuration file.
### Vulnerability Severity
By default the action will fail on any pull request that contains a
@@ -82,7 +119,7 @@ This example will only fail on pull requests with `critical` and `high` vulnerab
You can set the action to fail on pull requests based on the licenses of the dependencies
they introduce. With `allow-licenses` you can define the list of licenses
your repository will accept. Alternatively, you can use `deny-licenses` to only
forbid a subset of licenses.
forbid a subset of licenses. These options are not supported on GHES.
You can use the [Licenses
API](https://docs.github.com/en/rest/licenses) to see the full list of
@@ -107,6 +144,16 @@ to filter. A couple of examples:
**Important**
<<<<<<< HEAD
- The action will only accept one of the two parameters; an error will
be raised if you provide both.
- By default both parameters are empty (no license checking is
performed).
- We don't have license information for all of your dependents. If we
can't detect the license for a dependency **we will inform you, but the
action won't fail**.
=======
* Checking for licenses is not supported on GHES.
* The action will only accept one of the two parameters; an error will
be raised if you provide both.
* By default both parameters are empty (no license checking is
@@ -114,6 +161,7 @@ performed).
* We don't have license information for all of your dependents. If we
can't detect the license for a dependency **we will inform you, but the
action won't fail**.
>>>>>>> main
## Blocking pull requests
@@ -131,4 +179,5 @@ We are grateful for any contributions made to this project.
Please read [CONTRIBUTING.MD](https://github.com/actions/dependency-review-action/blob/main/CONTRIBUTING.md) to get started.
## License
This project is released under the [MIT License](https://github.com/actions/dependency-review-action/blob/main/LICENSE).
+34 -3
View File
@@ -1,5 +1,6 @@
import {expect, test, beforeEach} from '@jest/globals'
import {readConfig} from '../src/config'
import {getRefs} from '../src/git-refs'
// GitHub Action inputs come in the form of environment variables
// with an INPUT prefix (e.g. INPUT_FAIL-ON-SEVERITY)
@@ -10,9 +11,17 @@ function setInput(input: string, value: string) {
// We want a clean ENV before each test. We use `delete`
// since we want `undefined` values and not empty strings.
function clearInputs() {
delete process.env['INPUT_FAIL-ON-SEVERITY']
delete process.env['INPUT_ALLOW-LICENSES']
delete process.env['INPUT_DENY-LICENSES']
const allowedOptions = [
'FAIL-ON-SEVERITY',
'ALLOW-LICENSES',
'DENY-LICENSES',
'BASE-REF',
'HEAD-REF'
]
allowedOptions.forEach(option => {
delete process.env[`INPUT_${option.toUpperCase()}`]
})
}
beforeEach(() => {
@@ -51,3 +60,25 @@ test('it raises an error when given an unknown severity', async () => {
setInput('fail-on-severity', 'zombies')
expect(() => readConfig()).toThrow()
})
test('it uses the given refs when the event is not a pull request', async () => {
setInput('base-ref', 'a-custom-base-ref')
setInput('head-ref', 'a-custom-head-ref')
const refs = getRefs(readConfig(), {
payload: {},
eventName: 'workflow_dispatch'
})
expect(refs.base).toEqual('a-custom-base-ref')
expect(refs.head).toEqual('a-custom-head-ref')
})
test('it raises an error when no refs are provided and the event is not a pull request', async () => {
const options = readConfig()
expect(() =>
getRefs(options, {
payload: {},
eventName: 'workflow_dispatch'
})
).toThrow()
})
+2 -2
View File
@@ -15,7 +15,7 @@ let npmChange: Change = {
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerouns',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
@@ -34,7 +34,7 @@ let rubyChange: Change = {
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerouns',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
+30 -2
View File
@@ -15,7 +15,7 @@ let npmChange: Change = {
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerouns',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
@@ -34,7 +34,7 @@ let rubyChange: Change = {
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerouns',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
@@ -68,3 +68,31 @@ test('it fails all license checks when allow is provided an empty array', async
})
expect(invalidChanges.length).toBe(2)
})
test('it does not fail if a license outside the allow list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it does not fail if a license inside the deny list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {deny: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it fails if a license outside the allow list is found in both of added and removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
npmChange,
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([npmChange])
})
+6
View File
@@ -10,6 +10,12 @@ inputs:
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
required: false
default: 'low'
base-ref:
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
head-ref:
description: The head git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
required: false
allow-licenses:
description: Comma-separated list of allowed licenses (e.g. "MIT, GPL 3.0, BSD 2 Clause")
required: false
Generated Vendored
+1092 -59
View File
File diff suppressed because it is too large Load Diff
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+13
View File
@@ -624,6 +624,19 @@ Permission to use, copy, modify, and/or distribute this software for any purpose
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
uuid
MIT
The MIT License (MIT)
Copyright (c) 2010-2020 Robert Kieffer and other contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
webidl-conversions
BSD-2-Clause
# The BSD 2-Clause License
+989 -1372
View File
File diff suppressed because it is too large Load Diff
+15 -15
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "2.0.1",
"version": "2.0.4",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -25,30 +25,30 @@
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.8.2",
"@actions/core": "^1.9.1",
"@actions/github": "^5.0.3",
"@octokit/plugin-retry": "^3.0.9",
"@octokit/request-error": "^2.1.0",
"@octokit/request-error": "^3.0.1",
"ansi-styles": "^6.1.0",
"got": "^12.1.0",
"nodemon": "^2.0.16",
"got": "^12.3.1",
"nodemon": "^2.0.19",
"yaml": "^2.1.1",
"zod": "^3.17.3"
"zod": "^3.18.0"
},
"devDependencies": {
"@types/node": "^17.0.43",
"@typescript-eslint/eslint-plugin": "^5.28.0",
"@typescript-eslint/parser": "^5.28.0",
"@types/node": "^16.11.49",
"@typescript-eslint/eslint-plugin": "^5.33.1",
"@typescript-eslint/parser": "^5.33.1",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.3.3",
"eslint": "^8.17.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.5.3",
"eslint": "^8.22.0",
"eslint-plugin-github": "^4.3.7",
"eslint-plugin-jest": "^26.8.3",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.16",
"prettier": "2.7.0",
"nodemon": "^2.0.19",
"prettier": "2.7.1",
"ts-jest": "^27.1.4",
"typescript": "^4.7.3"
"typescript": "^4.7.4"
}
}
+6 -1
View File
@@ -19,9 +19,14 @@ export function readConfig(): ConfigurationOptions {
throw new Error("Can't specify both allow_licenses and deny_licenses")
}
const base_ref = getOptionalInput('base-ref')
const head_ref = getOptionalInput('head-ref')
return {
fail_on_severity,
allow_licenses: allow_licenses?.split(',').map(x => x.trim()),
deny_licenses: deny_licenses?.split(',').map(x => x.trim())
deny_licenses: deny_licenses?.split(',').map(x => x.trim()),
base_ref,
head_ref
}
}
+3 -4
View File
@@ -1,5 +1,4 @@
import {Changes} from './schemas'
import {Severity, SEVERITIES} from './schemas'
import {Changes, Severity, SEVERITIES} from './schemas'
export function filterChangesBySeverity(
severity: Severity,
@@ -7,7 +6,7 @@ export function filterChangesBySeverity(
): Changes {
const severityIdx = SEVERITIES.indexOf(severity)
let filteredChanges = []
for (let change of changes) {
for (const change of changes) {
if (
change === undefined ||
change.vulnerabilities === undefined ||
@@ -16,7 +15,7 @@ export function filterChangesBySeverity(
continue
}
let fChange = {
const fChange = {
...change,
vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = SEVERITIES.indexOf(vuln.severity)
+42
View File
@@ -0,0 +1,42 @@
import {PullRequestSchema, ConfigurationOptions} from './schemas'
export function getRefs(
config: ConfigurationOptions,
context: {payload: {pull_request?: unknown}; eventName: string}
): {base: string; head: string} {
let base_ref = config.base_ref
let head_ref = config.head_ref
// If possible, source default base & head refs from the GitHub event.
// The base/head ref from the config take priority, if provided.
if (
context.eventName === 'pull_request' ||
context.eventName === 'pull_request_target'
) {
const pull_request = PullRequestSchema.parse(context.payload.pull_request)
base_ref = base_ref || pull_request.base.sha
head_ref = head_ref || pull_request.head.sha
}
if (!base_ref && !head_ref) {
throw new Error(
'Both a base ref and head ref must be provided, either via the `base_ref`/`head_ref` ' +
'config options, or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!base_ref) {
throw new Error(
'A base ref must be provided, either via the `base_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
} else if (!head_ref) {
throw new Error(
'A head ref must be provided, either via the `head_ref` config option, ' +
'or by running a `pull_request`/`pull_request_target` workflow.'
)
}
return {
base: base_ref,
head: head_ref
}
}
+13 -9
View File
@@ -1,4 +1,4 @@
import {Change, ChangeSchema} from './schemas'
import {Change} from './schemas'
/**
* Loops through a list of changes, filtering and returning the
@@ -13,19 +13,23 @@ import {Change, ChangeSchema} from './schemas'
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
export function getDeniedLicenseChanges(
changes: Array<Change>,
changes: Change[],
licenses: {
allow?: Array<string>
deny?: Array<string>
allow?: string[]
deny?: string[]
}
): [Array<Change>, Array<Change>] {
let {allow, deny} = licenses
): [Change[], Change[]] {
const {allow, deny} = licenses
let disallowed: Change[] = []
let unknown: Change[] = []
const disallowed: Change[] = []
const unknown: Change[] = []
for (const change of changes) {
let license = change.license
if (change.change_type === 'removed') {
continue
}
const license = change.license
if (license === null) {
unknown.push(change)
continue
+19 -30
View File
@@ -3,40 +3,33 @@ import * as dependencyGraph from './dependency-graph'
import * as github from '@actions/github'
import styles from 'ansi-styles'
import {RequestError} from '@octokit/request-error'
import {Change, PullRequestSchema, Severity} from './schemas'
import {Change, Severity} from './schemas'
import {readConfig} from '../src/config'
import {filterChangesBySeverity} from '../src/filter'
import {getDeniedLicenseChanges} from './licenses'
import {getRefs} from './git-refs'
async function run(): Promise<void> {
try {
if (github.context.eventName !== 'pull_request') {
throw new Error(
`This run was triggered by the "${github.context.eventName}" event, which is unsupported. Please ensure you are using the "pull_request" event for this workflow.`
)
}
const pull_request = PullRequestSchema.parse(
github.context.payload.pull_request
)
const config = readConfig()
const refs = getRefs(config, github.context)
const changes = await dependencyGraph.compare({
owner: github.context.repo.owner,
repo: github.context.repo.repo,
baseRef: pull_request.base.sha,
headRef: pull_request.head.sha
baseRef: refs.base,
headRef: refs.head
})
let config = readConfig()
let minSeverity = config.fail_on_severity
const minSeverity = config.fail_on_severity
let failed = false
let licenses = {
const licenses = {
allow: config.allow_licenses,
deny: config.deny_licenses
}
let filteredChanges = filterChangesBySeverity(
const filteredChanges = filterChangesBySeverity(
minSeverity as Severity,
changes
)
@@ -52,13 +45,13 @@ async function run(): Promise<void> {
}
}
let [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
const [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
changes,
licenses
)
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
printLicensesError(licenseErrors)
core.setFailed('Dependency review detected incompatible licenses.')
}
@@ -90,7 +83,7 @@ async function run(): Promise<void> {
}
}
function printChangeVulnerabilities(change: Change) {
function printChangeVulnerabilities(change: Change): void {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
@@ -117,19 +110,11 @@ function renderSeverity(
return `${styles.color[color].open}(${severity} severity)${styles.color[color].close}`
}
function printLicensesError(
changes: Array<Change>,
licenses: {
allow?: Array<string>
deny?: Array<string>
}
): void {
if (changes.length == 0) {
function printLicensesError(changes: Change[]): void {
if (changes.length === 0) {
return
}
let {allow = [], deny = []} = licenses
core.info('\nThe following dependencies have incompatible licenses:\n')
for (const change of changes) {
core.info(
@@ -138,7 +123,11 @@ function printLicensesError(
}
}
function printNullLicenses(changes: Array<Change>): void {
function printNullLicenses(changes: Change[]): void {
if (changes.length === 0) {
return
}
core.info('\nWe could not detect a license for the following dependencies:\n')
for (const change of changes) {
core.info(
+4 -2
View File
@@ -34,12 +34,14 @@ export const ConfigurationOptionsSchema = z
.object({
fail_on_severity: z.enum(SEVERITIES).default('low'),
allow_licenses: z.array(z.string()).default([]),
deny_licenses: z.array(z.string()).default([])
deny_licenses: z.array(z.string()).default([]),
base_ref: z.string(),
head_ref: z.string()
})
.partial()
.refine(
obj => !(obj.allow_licenses && obj.deny_licenses),
"Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other."
'Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.'
)
export const ChangesSchema = z.array(ChangeSchema)