Compare commits

...

64 Commits

Author SHA1 Message Date
Federico Builes 94145f3150 Bumping the version to 2.0.4.
Missed the version changes in the previous release.
2022-07-14 09:31:49 +02:00
Federico Builes af8d39d8a3 Bumping the version to 2.0.3. 2022-07-14 09:14:17 +02:00
Federico Builes b83777ffd0 Merge pull request #156 from actions/dependabot/npm_and_yarn/types/node-16.11.44
Bump @types/node from 16.11.43 to 16.11.44
2022-07-14 09:11:42 +02:00
Federico Builes 1dc503a722 Merge pull request #155 from kachick/fix-154
Ignore removed changes in license checker
2022-07-14 09:10:17 +02:00
dependabot[bot] 8975a27eeb Bump @types/node from 16.11.43 to 16.11.44
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.43 to 16.11.44.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-14 01:36:49 +00:00
Kenichi Kamiya c003e7f8fc Add more test for added and removed pattern 2022-07-13 19:07:12 +09:00
Kenichi Kamiya ae4118f8fa Update build files with npm run all 2022-07-13 18:11:55 +09:00
Kenichi Kamiya c5d7bdcf7f Ignore removed changes in license checker 2022-07-13 18:11:10 +09:00
Federico Builes bced8aa1b2 Merge pull request #153 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.6
Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
2022-07-12 09:07:41 +02:00
dependabot[bot] ba8e0b013b Bump @typescript-eslint/parser from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 07:04:11 +00:00
Federico Builes cfcdef93a4 Merge pull request #152 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.6
Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
2022-07-12 09:03:21 +02:00
dependabot[bot] 43b6f9fe4a Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.5 to 5.30.6.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.6/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-12 01:46:01 +00:00
Federico Builes 467931ed7e Merge pull request #151 from actions/dependabot/npm_and_yarn/octokit/request-error-3.0.0
Bump @octokit/request-error from 2.1.0 to 3.0.0
2022-07-11 10:52:17 +02:00
Federico Builes 29c7e47bc6 adding dist folder 2022-07-11 10:49:16 +02:00
dependabot[bot] aa4260f0b0 Bump @octokit/request-error from 2.1.0 to 3.0.0
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 2.1.0 to 3.0.0.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v2.1.0...v3.0.0)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-11 02:03:02 +00:00
Federico Builes f187f64fc9 Merge pull request #139 from actions/dependabot/npm_and_yarn/eslint-8.19.0
Bump eslint from 8.18.0 to 8.19.0
2022-07-06 11:09:37 +02:00
Federico Builes f3bcf122c7 Merge pull request #144 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.5
Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
2022-07-06 11:09:15 +02:00
dependabot[bot] c43f51429e Bump @typescript-eslint/eslint-plugin from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:16 +00:00
dependabot[bot] c9027d07d6 Bump eslint from 8.18.0 to 8.19.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.18.0 to 8.19.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.18.0...v8.19.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 09:02:10 +00:00
Federico Builes c316251843 Merge pull request #146 from kachick/add-vscode-workspace-configs
Enable prettier and recommend eslint in vscode workspace config
2022-07-06 11:01:23 +02:00
Federico Builes d8e436b2d5 Merge pull request #143 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.5
Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
2022-07-06 11:01:06 +02:00
Federico Builes 82d4814150 Merge pull request #142 from kachick/fix-lint-errors-and-add-ci
Add CI workflow and fix lint errors
2022-07-06 11:00:13 +02:00
Federico Builes 89de8ab245 Merge pull request #148 from actions/dependabot/npm_and_yarn/nodemon-2.0.19
Bump nodemon from 2.0.18 to 2.0.19
2022-07-06 10:41:04 +02:00
dependabot[bot] 3e74bf2266 Bump @typescript-eslint/parser from 5.30.0 to 5.30.5
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.30.0 to 5.30.5.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.5/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 08:40:11 +00:00
Federico Builes 1ea517b3fa Merge pull request #141 from kachick/use-fixed-major-version-for-node-types
Use fixed major version for node types
2022-07-06 10:38:56 +02:00
Federico Builes 2aef88c152 Merge pull request #145 from kachick/fix-typo-dangerouns
Fix a typo s/dangerouns/dangerous/
2022-07-06 10:26:18 +02:00
Kenichi Kamiya 51d1824002 Focus only on the node issue
https://github.com/actions/dependency-review-action/pull/141#discussion_r914526073

https://github.com/actions/dependency-review-action/pull/141#discussion_r914537222

Co-authored-by: Federico Builes <febuiles@github.com>
2022-07-06 17:13:18 +09:00
dependabot[bot] 94edc9c394 Bump nodemon from 2.0.18 to 2.0.19
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.18 to 2.0.19.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.18...v2.0.19)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-06 02:07:14 +00:00
Kenichi Kamiya 7219e93649 Enable prettier and recommend eslint in vscode workspace config 2022-07-05 20:32:34 +09:00
Kenichi Kamiya 08074685be Fix a typo s/dangerouns/dangerous/ 2022-07-05 18:32:34 +09:00
Kenichi Kamiya 3efca1e3dd Update build files with npm run all 2022-07-04 20:13:08 +09:00
Kenichi Kamiya 9fdc2574b8 Fix rest eslint errors manually 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 6e9189a5c1 npx eslint --fix src/**/*.ts 2022-07-04 20:12:07 +09:00
Kenichi Kamiya c6f347d470 npm run format 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 40346e9340 Run test and linter in CI 2022-07-04 20:12:07 +09:00
Kenichi Kamiya 7f576504ed Stop dependabot PRs for different major version of types
It is possible to make a mismatch with actual logic.
2022-07-04 11:25:57 +09:00
Kenichi Kamiya 09100640b0 Adjust types of node to 16.x again
`npm uninstall @types/node && npm install --save-dev "@types/node@^16.11.43"`
2022-07-04 11:23:37 +09:00
Federico Builes 26b7908701 Merge pull request #136 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.30.0
Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
2022-06-28 08:04:16 +02:00
dependabot[bot] b564b42423 Bump @typescript-eslint/eslint-plugin from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 05:56:11 +00:00
Federico Builes 2ceda66c21 Merge pull request #135 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.30.0
Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
2022-06-28 07:55:08 +02:00
dependabot[bot] 49a36aa04e Bump @typescript-eslint/parser from 5.29.0 to 5.30.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.29.0 to 5.30.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.30.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 01:40:44 +00:00
Brandyn Phelps 17b8abf3bb Merge pull request #132 from kachick/fix-typo
docs: Fix a typo
2022-06-24 14:17:17 -07:00
Kenichi Kamiya c699fc9e3e docs: Fix a typo 2022-06-25 01:18:31 +09:00
Federico Builes 24ab96e8b8 Merge pull request #128 from actions/dependabot/npm_and_yarn/nodemon-2.0.18
Bump nodemon from 2.0.16 to 2.0.18
2022-06-24 08:37:57 +02:00
dependabot[bot] 04f86c1583 Bump nodemon from 2.0.16 to 2.0.18
Bumps [nodemon](https://github.com/remy/nodemon) from 2.0.16 to 2.0.18.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](https://github.com/remy/nodemon/compare/v2.0.16...v2.0.18)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 01:41:25 +00:00
Federico Builes 81b5cbd111 Merge pull request #127 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.29.0
Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
2022-06-21 07:50:03 +02:00
dependabot[bot] 4b88091897 Bump @typescript-eslint/parser from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 05:49:04 +00:00
Federico Builes febb822f26 Merge pull request #126 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.29.0
Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
2022-06-21 07:48:11 +02:00
dependabot[bot] ea91d29cdf Bump @typescript-eslint/eslint-plugin from 5.28.0 to 5.29.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.28.0 to 5.29.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.29.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-21 01:51:23 +00:00
Federico Builes a9539be12a Merge pull request #123 from actions/dependabot/npm_and_yarn/typescript-4.7.4
Bump typescript from 4.7.3 to 4.7.4
2022-06-20 08:14:45 +02:00
Federico Builes 9c688a568f Merge pull request #124 from actions/dependabot/npm_and_yarn/eslint-8.18.0
Bump eslint from 8.17.0 to 8.18.0
2022-06-20 08:14:26 +02:00
dependabot[bot] ff449a1296 Bump eslint from 8.17.0 to 8.18.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.17.0 to 8.18.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.17.0...v8.18.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:47:10 +00:00
dependabot[bot] 2a961b0169 Bump typescript from 4.7.3 to 4.7.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.7.3 to 4.7.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.7.3...v4.7.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 01:46:55 +00:00
Federico Builes 879687b22c Merge pull request #122 from actions/dependabot/npm_and_yarn/prettier-2.7.1
Bump prettier from 2.7.0 to 2.7.1
2022-06-17 07:40:15 +02:00
dependabot[bot] cb52804670 Bump prettier from 2.7.0 to 2.7.1
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.7.0...2.7.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-17 01:54:43 +00:00
Federico Builes 17187536c0 Merge pull request #120 from actions/dependabot/npm_and_yarn/types/node-18.0.0
Bump @types/node from 17.0.43 to 18.0.0
2022-06-16 07:18:52 +02:00
Federico Builes c0faf55fe4 Merge pull request #119 from actions/dependabot/npm_and_yarn/actions/core-1.9.0
Bump @actions/core from 1.8.2 to 1.9.0
2022-06-16 07:18:37 +02:00
Federico Builes b6f6142660 adding dist files 2022-06-16 07:07:13 +02:00
Federico Builes 333e7ce17e Merge branch 'main' into dependabot/npm_and_yarn/actions/core-1.9.0 2022-06-16 07:06:25 +02:00
Federico Builes 4e9a45ca5b Merge pull request #121 from kachick/fix-duplicate-words
Fix duplicate words in README
2022-06-16 06:58:18 +02:00
dependabot[bot] 32a1ef9487 Bump @actions/core from 1.8.2 to 1.9.0
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.2 to 1.9.0.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 04:57:11 +00:00
Federico Builes 83be5f6c90 bumping version 2022-06-16 06:56:22 +02:00
Kenichi Kamiya 70f41926ca Fix duplicate words in README 2022-06-16 13:06:54 +09:00
dependabot[bot] ba0681f88b Bump @types/node from 17.0.43 to 18.0.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.43 to 18.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 01:32:41 +00:00
15 changed files with 516 additions and 1265 deletions
+3
View File
@@ -9,3 +9,6 @@ updates:
directory: /
schedule:
interval: daily
ignore:
- dependency-name: '@types/node'
update-types: ['version-update:semver-major']
+42
View File
@@ -0,0 +1,42 @@
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Test
run: |
npm test
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 16
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Check format
run: |
npm run format-check
- name: Lint
run: |
npm run lint
+3
View File
@@ -0,0 +1,3 @@
{
"recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
}
+4
View File
@@ -0,0 +1,4 @@
{
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode"
}
+1 -1
View File
@@ -52,7 +52,7 @@ jobs:
# Possible values: "critical", "high", "moderate", "low"
# fail-on-severity: critical
#
# You can only can only include one of these two options: `allow-licenses` and `deny-licences`
# You can only include one of these two options: `allow-licenses` and `deny-licenses`
#
# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
# allow-licenses: GPL-3.0, BSD-3-Clause, MIT
+2 -2
View File
@@ -15,7 +15,7 @@ let npmChange: Change = {
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerouns',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
@@ -34,7 +34,7 @@ let rubyChange: Change = {
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerouns',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
+30 -2
View File
@@ -15,7 +15,7 @@ let npmChange: Change = {
{
severity: 'critical',
advisory_ghsa_id: 'first-random_string',
advisory_summary: 'very dangerouns',
advisory_summary: 'very dangerous',
advisory_url: 'github.com/future-funk'
}
]
@@ -34,7 +34,7 @@ let rubyChange: Change = {
{
severity: 'moderate',
advisory_ghsa_id: 'second-random_string',
advisory_summary: 'not so dangerouns',
advisory_summary: 'not so dangerous',
advisory_url: 'github.com/future-funk'
},
{
@@ -68,3 +68,31 @@ test('it fails all license checks when allow is provided an empty array', async
})
expect(invalidChanges.length).toBe(2)
})
test('it does not fail if a license outside the allow list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it does not fail if a license inside the deny list is found in removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {deny: ['BSD']})
expect(invalidChanges).toStrictEqual([])
})
test('it fails if a license outside the allow list is found in both of added and removed changes', async () => {
const changes: Changes = [
{...npmChange, change_type: 'removed'},
npmChange,
{...rubyChange, change_type: 'removed'}
]
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges).toStrictEqual([npmChange])
})
Generated Vendored
+174 -18
View File
@@ -81,11 +81,14 @@ exports.getDeniedLicenseChanges = void 0;
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
function getDeniedLicenseChanges(changes, licenses) {
let { allow, deny } = licenses;
let disallowed = [];
let unknown = [];
const { allow, deny } = licenses;
const disallowed = [];
const unknown = [];
for (const change of changes) {
let license = change.license;
if (change.change_type === 'removed') {
continue;
}
const license = change.license;
if (license === null) {
unknown.push(change);
continue;
@@ -171,14 +174,14 @@ function run() {
baseRef: pull_request.base.sha,
headRef: pull_request.head.sha
});
let config = (0, config_1.readConfig)();
let minSeverity = config.fail_on_severity;
const config = (0, config_1.readConfig)();
const minSeverity = config.fail_on_severity;
let failed = false;
let licenses = {
const licenses = {
allow: config.allow_licenses,
deny: config.deny_licenses
};
let filteredChanges = (0, filter_1.filterChangesBySeverity)(minSeverity, changes);
const filteredChanges = (0, filter_1.filterChangesBySeverity)(minSeverity, changes);
for (const change of filteredChanges) {
if (change.change_type === 'added' &&
change.vulnerabilities !== undefined &&
@@ -187,9 +190,9 @@ function run() {
failed = true;
}
}
let [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
const [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses);
printLicensesError(licenseErrors);
core.setFailed('Dependency review detected incompatible licenses.');
}
printNullLicenses(unknownLicenses);
@@ -233,11 +236,10 @@ function renderSeverity(severity) {
}[severity];
return `${ansi_styles_1.default.color[color].open}(${severity} severity)${ansi_styles_1.default.color[color].close}`;
}
function printLicensesError(changes, licenses) {
if (changes.length == 0) {
function printLicensesError(changes) {
if (changes.length === 0) {
return;
}
let { allow = [], deny = [] } = licenses;
core.info('\nThe following dependencies have incompatible licenses:\n');
for (const change of changes) {
core.info(`${ansi_styles_1.default.bold.open}${change.manifest} » ${change.name}@${change.version}${ansi_styles_1.default.bold.close} License: ${ansi_styles_1.default.color.red.open}${change.license}${ansi_styles_1.default.color.red.close}`);
@@ -320,7 +322,7 @@ exports.ConfigurationOptionsSchema = z
deny_licenses: z.array(z.string()).default([])
})
.partial()
.refine(obj => !(obj.allow_licenses && obj.deny_licenses), "Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.");
.refine(obj => !(obj.allow_licenses && obj.deny_licenses), 'Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.');
exports.ChangesSchema = z.array(exports.ChangeSchema);
@@ -750,6 +752,13 @@ Object.defineProperty(exports, "summary", ({ enumerable: true, get: function ()
*/
var summary_2 = __nccwpck_require__(1327);
Object.defineProperty(exports, "markdownSummary", ({ enumerable: true, get: function () { return summary_2.markdownSummary; } }));
/**
* Path exports
*/
var path_utils_1 = __nccwpck_require__(2981);
Object.defineProperty(exports, "toPosixPath", ({ enumerable: true, get: function () { return path_utils_1.toPosixPath; } }));
Object.defineProperty(exports, "toWin32Path", ({ enumerable: true, get: function () { return path_utils_1.toWin32Path; } }));
Object.defineProperty(exports, "toPlatformPath", ({ enumerable: true, get: function () { return path_utils_1.toPlatformPath; } }));
//# sourceMappingURL=core.js.map
/***/ }),
@@ -887,6 +896,71 @@ exports.OidcClient = OidcClient;
/***/ }),
/***/ 2981:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = void 0;
const path = __importStar(__nccwpck_require__(1017));
/**
* toPosixPath converts the given path to the posix form. On Windows, \\ will be
* replaced with /.
*
* @param pth. Path to transform.
* @return string Posix path.
*/
function toPosixPath(pth) {
return pth.replace(/[\\]/g, '/');
}
exports.toPosixPath = toPosixPath;
/**
* toWin32Path converts the given path to the win32 form. On Linux, / will be
* replaced with \\.
*
* @param pth. Path to transform.
* @return string Win32 path.
*/
function toWin32Path(pth) {
return pth.replace(/[/]/g, '\\');
}
exports.toWin32Path = toWin32Path;
/**
* toPlatformPath converts the given path to a platform-specific path. It does
* this by replacing instances of / and \ with the platform-specific path
* separator.
*
* @param pth The path to platformize.
* @return string The platform-specific path.
*/
function toPlatformPath(pth) {
return pth.replace(/[/\\]/g, path.sep);
}
exports.toPlatformPath = toPlatformPath;
//# sourceMappingURL=path-utils.js.map
/***/ }),
/***/ 1327:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
@@ -4416,7 +4490,7 @@ var endpoint = __nccwpck_require__(9440);
var universalUserAgent = __nccwpck_require__(5030);
var isPlainObject = __nccwpck_require__(3287);
var nodeFetch = _interopDefault(__nccwpck_require__(467));
var requestError = __nccwpck_require__(537);
var requestError = __nccwpck_require__(13);
const VERSION = "5.6.3";
@@ -4585,6 +4659,88 @@ exports.request = request;
//# sourceMappingURL=index.js.map
/***/ }),
/***/ 13:
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
var deprecation = __nccwpck_require__(8932);
var once = _interopDefault(__nccwpck_require__(1223));
const logOnceCode = once(deprecation => console.warn(deprecation));
const logOnceHeaders = once(deprecation => console.warn(deprecation));
/**
* Error with extra properties to help with debugging
*/
class RequestError extends Error {
constructor(message, statusCode, options) {
super(message); // Maintains proper stack trace (only available on V8)
/* istanbul ignore next */
if (Error.captureStackTrace) {
Error.captureStackTrace(this, this.constructor);
}
this.name = "HttpError";
this.status = statusCode;
let headers;
if ("headers" in options && typeof options.headers !== "undefined") {
headers = options.headers;
}
if ("response" in options) {
this.response = options.response;
headers = options.response.headers;
} // redact request credentials without mutating original request options
const requestCopy = Object.assign({}, options.request);
if (options.request.headers.authorization) {
requestCopy.headers = Object.assign({}, options.request.headers, {
authorization: options.request.headers.authorization.replace(/ .*$/, " [REDACTED]")
});
}
requestCopy.url = requestCopy.url // client_id & client_secret can be passed as URL query parameters to increase rate limit
// see https://developer.github.com/v3/#increasing-the-unauthenticated-rate-limit-for-oauth-applications
.replace(/\bclient_secret=\w+/g, "client_secret=[REDACTED]") // OAuth tokens can be passed as URL query parameters, although it is not recommended
// see https://developer.github.com/v3/#oauth2-token-sent-in-a-header
.replace(/\baccess_token=\w+/g, "access_token=[REDACTED]");
this.request = requestCopy; // deprecations
Object.defineProperty(this, "code", {
get() {
logOnceCode(new deprecation.Deprecation("[@octokit/request-error] `error.code` is deprecated, use `error.status`."));
return statusCode;
}
});
Object.defineProperty(this, "headers", {
get() {
logOnceHeaders(new deprecation.Deprecation("[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`."));
return headers || {};
}
});
}
}
exports.RequestError = RequestError;
//# sourceMappingURL=index.js.map
/***/ }),
/***/ 3682:
@@ -13742,13 +13898,13 @@ const schemas_1 = __nccwpck_require__(1129);
function filterChangesBySeverity(severity, changes) {
const severityIdx = schemas_1.SEVERITIES.indexOf(severity);
let filteredChanges = [];
for (let change of changes) {
for (const change of changes) {
if (change === undefined ||
change.vulnerabilities === undefined ||
change.vulnerabilities.length === 0) {
continue;
}
let fChange = Object.assign(Object.assign({}, change), { vulnerabilities: change.vulnerabilities.filter(vuln => {
const fChange = Object.assign(Object.assign({}, change), { vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = schemas_1.SEVERITIES.indexOf(vuln.severity);
if (vulnIdx <= severityIdx) {
return true;
@@ -13828,7 +13984,7 @@ exports.ConfigurationOptionsSchema = z
deny_licenses: z.array(z.string()).default([])
})
.partial()
.refine(obj => !(obj.allow_licenses && obj.deny_licenses), "Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.");
.refine(obj => !(obj.allow_licenses && obj.deny_licenses), 'Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.');
exports.ChangesSchema = z.array(exports.ChangeSchema);
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+218 -1198
View File
File diff suppressed because it is too large Load Diff
+11 -11
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "2.0.1",
"version": "2.0.4",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -25,30 +25,30 @@
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.8.2",
"@actions/core": "^1.9.0",
"@actions/github": "^5.0.3",
"@octokit/plugin-retry": "^3.0.9",
"@octokit/request-error": "^2.1.0",
"@octokit/request-error": "^3.0.0",
"ansi-styles": "^6.1.0",
"got": "^12.1.0",
"nodemon": "^2.0.16",
"nodemon": "^2.0.19",
"yaml": "^2.1.1",
"zod": "^3.17.3"
},
"devDependencies": {
"@types/node": "^17.0.43",
"@typescript-eslint/eslint-plugin": "^5.28.0",
"@typescript-eslint/parser": "^5.28.0",
"@types/node": "^16.11.44",
"@typescript-eslint/eslint-plugin": "^5.30.6",
"@typescript-eslint/parser": "^5.30.6",
"@vercel/ncc": "^0.34.0",
"esbuild-register": "^3.3.3",
"eslint": "^8.17.0",
"eslint": "^8.19.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-jest": "^26.5.3",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.16",
"prettier": "2.7.0",
"nodemon": "^2.0.19",
"prettier": "2.7.1",
"ts-jest": "^27.1.4",
"typescript": "^4.7.3"
"typescript": "^4.7.4"
}
}
+3 -4
View File
@@ -1,5 +1,4 @@
import {Changes} from './schemas'
import {Severity, SEVERITIES} from './schemas'
import {Changes, Severity, SEVERITIES} from './schemas'
export function filterChangesBySeverity(
severity: Severity,
@@ -7,7 +6,7 @@ export function filterChangesBySeverity(
): Changes {
const severityIdx = SEVERITIES.indexOf(severity)
let filteredChanges = []
for (let change of changes) {
for (const change of changes) {
if (
change === undefined ||
change.vulnerabilities === undefined ||
@@ -16,7 +15,7 @@ export function filterChangesBySeverity(
continue
}
let fChange = {
const fChange = {
...change,
vulnerabilities: change.vulnerabilities.filter(vuln => {
const vulnIdx = SEVERITIES.indexOf(vuln.severity)
+13 -9
View File
@@ -1,4 +1,4 @@
import {Change, ChangeSchema} from './schemas'
import {Change} from './schemas'
/**
* Loops through a list of changes, filtering and returning the
@@ -13,19 +13,23 @@ import {Change, ChangeSchema} from './schemas'
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
export function getDeniedLicenseChanges(
changes: Array<Change>,
changes: Change[],
licenses: {
allow?: Array<string>
deny?: Array<string>
allow?: string[]
deny?: string[]
}
): [Array<Change>, Array<Change>] {
let {allow, deny} = licenses
): [Change[], Change[]] {
const {allow, deny} = licenses
let disallowed: Change[] = []
let unknown: Change[] = []
const disallowed: Change[] = []
const unknown: Change[] = []
for (const change of changes) {
let license = change.license
if (change.change_type === 'removed') {
continue
}
const license = change.license
if (license === null) {
unknown.push(change)
continue
+10 -18
View File
@@ -27,16 +27,16 @@ async function run(): Promise<void> {
headRef: pull_request.head.sha
})
let config = readConfig()
let minSeverity = config.fail_on_severity
const config = readConfig()
const minSeverity = config.fail_on_severity
let failed = false
let licenses = {
const licenses = {
allow: config.allow_licenses,
deny: config.deny_licenses
}
let filteredChanges = filterChangesBySeverity(
const filteredChanges = filterChangesBySeverity(
minSeverity as Severity,
changes
)
@@ -52,13 +52,13 @@ async function run(): Promise<void> {
}
}
let [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
const [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
changes,
licenses
)
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
printLicensesError(licenseErrors)
core.setFailed('Dependency review detected incompatible licenses.')
}
@@ -90,7 +90,7 @@ async function run(): Promise<void> {
}
}
function printChangeVulnerabilities(change: Change) {
function printChangeVulnerabilities(change: Change): void {
for (const vuln of change.vulnerabilities) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${
@@ -117,19 +117,11 @@ function renderSeverity(
return `${styles.color[color].open}(${severity} severity)${styles.color[color].close}`
}
function printLicensesError(
changes: Array<Change>,
licenses: {
allow?: Array<string>
deny?: Array<string>
}
): void {
if (changes.length == 0) {
function printLicensesError(changes: Change[]): void {
if (changes.length === 0) {
return
}
let {allow = [], deny = []} = licenses
core.info('\nThe following dependencies have incompatible licenses:\n')
for (const change of changes) {
core.info(
@@ -138,7 +130,7 @@ function printLicensesError(
}
}
function printNullLicenses(changes: Array<Change>): void {
function printNullLicenses(changes: Change[]): void {
if (changes.length === 0) {
return
}
+1 -1
View File
@@ -39,7 +39,7 @@ export const ConfigurationOptionsSchema = z
.partial()
.refine(
obj => !(obj.allow_licenses && obj.deny_licenses),
"Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other."
'Your workflow file has both an allow_licenses list and deny_licenses list, but you can only set one or the other.'
)
export const ChangesSchema = z.array(ChangeSchema)