Compare commits

...

47 Commits

Author SHA1 Message Date
Federico Builes c77673abe0 Merge branch 'main' into fix-request-error-handling 2023-01-09 08:07:02 +01:00
Federico Builes efd78809f9 Merge pull request #375 from actions/dependabot/npm_and_yarn/octokit-2.0.11
Bump octokit from 2.0.10 to 2.0.11
2023-01-09 08:02:36 +01:00
Federico Builes e91b527bcb add json5 too 2023-01-09 08:02:24 +01:00
Federico Builes f508195cbc Merge pull request #374 from actions/dependabot/npm_and_yarn/prettier-2.8.2
Bump prettier from 2.8.1 to 2.8.2
2023-01-09 08:00:58 +01:00
Federico Builes ef8bfcec89 linter suggestions 2023-01-09 07:59:55 +01:00
Federico Builes 31cb4e05f7 Merge branch 'main' into dependabot/npm_and_yarn/prettier-2.8.2 2023-01-09 07:57:09 +01:00
Federico Builes 7920884bc8 Merge pull request #373 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.2.1
Bump eslint-plugin-jest from 27.1.7 to 27.2.1
2023-01-09 07:56:01 +01:00
dependabot[bot] aae0422a7f Bump eslint-plugin-jest from 27.1.7 to 27.2.1
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.7 to 27.2.1.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.7...v27.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 06:55:47 +00:00
Federico Builes 46d2ba8805 Merge pull request #372 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.48.0
Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
2023-01-09 07:55:20 +01:00
Federico Builes 7c07c1da42 Merge pull request #371 from actions/dependabot/npm_and_yarn/eslint-8.31.0
Bump eslint from 8.30.0 to 8.31.0
2023-01-09 07:54:56 +01:00
dependabot[bot] 6e3a1cfe9e Bump octokit from 2.0.10 to 2.0.11
Bumps [octokit](https://github.com/octokit/octokit.js) from 2.0.10 to 2.0.11.
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](https://github.com/octokit/octokit.js/compare/v2.0.10...v2.0.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:43:52 +00:00
dependabot[bot] 3190101729 Bump prettier from 2.8.1 to 2.8.2
Bumps [prettier](https://github.com/prettier/prettier) from 2.8.1 to 2.8.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.8.1...2.8.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:42:48 +00:00
dependabot[bot] 3576f26c76 Bump @typescript-eslint/parser from 5.47.1 to 5.48.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.1 to 5.48.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.48.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:54 +00:00
dependabot[bot] 97fef8f979 Bump eslint from 8.30.0 to 8.31.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.30.0 to 8.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.30.0...v8.31.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 01:41:16 +00:00
Chad Bentz 60e20b95c9 npm run build && npm run package 2023-01-05 17:41:37 +00:00
Chad Bentz e6aba92fb0 Enhance failure message to include GHAS note 2023-01-05 17:26:46 +00:00
Chad Bentz 4b2cf01947 integration test to ensure RequestError catch 2023-01-05 17:22:27 +00:00
Chad Bentz 33b11b63b3 downgrade octokit/request-error to ^2.1.0
- supported by actions/core ^1.10.0
2023-01-04 20:55:58 +00:00
Federico Builes 90014ebf46 Merge pull request #368 from actions/dependabot/npm_and_yarn/yaml-2.2.1
Bump yaml from 2.1.3 to 2.2.1
2023-01-02 05:36:29 -05:00
Federico Builes c0fcb40fb5 dist 2023-01-02 11:35:30 +01:00
Federico Builes 6213daabf8 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.2.1 2023-01-02 11:34:56 +01:00
Federico Builes 6c62d64ea3 Merge pull request #366 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.47.1
Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
2023-01-02 05:32:26 -05:00
Federico Builes 6154af02da updating dist files 2023-01-02 11:23:18 +01:00
Federico Builes df40ce1edc fixing package.json conflict 2023-01-02 11:21:05 +01:00
dependabot[bot] a033837e12 Bump yaml from 2.1.3 to 2.2.1
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.3 to 2.2.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.3...v2.2.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 10:20:01 +00:00
Federico Builes d79457303f adding dist 2023-01-02 11:19:49 +01:00
Federico Builes b2f83f35c7 adding dist 2023-01-02 11:17:39 +01:00
Federico Builes 389b38eb1a Merge pull request #367 from actions/dependabot/npm_and_yarn/zod-3.20.2
Bump zod from 3.19.1 to 3.20.2
2023-01-02 05:17:04 -05:00
Federico Builes e3926a59f5 adding dist 2023-01-02 11:16:52 +01:00
Federico Builes 54656aadd8 Merge pull request #365 from actions/dependabot/npm_and_yarn/esbuild-register-3.4.2
Bump esbuild-register from 3.4.1 to 3.4.2
2023-01-02 05:13:23 -05:00
Federico Builes f02b9fb886 Merge pull request #364 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.1
Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
2023-01-02 05:12:50 -05:00
dependabot[bot] 6587f9feee Bump zod from 3.19.1 to 3.20.2
Bumps [zod](https://github.com/colinhacks/zod) from 3.19.1 to 3.20.2.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colinhacks/zod/compare/v3.19.1...v3.20.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:52 +00:00
dependabot[bot] cab2d5f36f Bump @typescript-eslint/eslint-plugin from 5.45.0 to 5.47.1
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.45.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:18:14 +00:00
dependabot[bot] ef411f3a4c Bump esbuild-register from 3.4.1 to 3.4.2
Bumps esbuild-register from 3.4.1 to 3.4.2.

---
updated-dependencies:
- dependency-name: esbuild-register
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:17:15 +00:00
dependabot[bot] 589f46e5a2 Bump @typescript-eslint/parser from 5.47.0 to 5.47.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.47.0 to 5.47.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 01:16:48 +00:00
Federico Builes a482eabd84 Merge pull request #362 from actions/dependabot/npm_and_yarn/types/node-16.18.11
Bump @types/node from 16.18.8 to 16.18.11
2022-12-27 09:42:24 -05:00
Federico Builes c63a70f2bb Merge pull request #358 from actions/dependabot/npm_and_yarn/typescript-4.9.4
Bump typescript from 4.9.3 to 4.9.4
2022-12-27 09:41:58 -05:00
Federico Builes ea081cab93 Merge pull request #357 from actions/dependabot/npm_and_yarn/eslint-8.30.0
Bump eslint from 8.29.0 to 8.30.0
2022-12-27 09:41:47 -05:00
dependabot[bot] 78231376d4 Bump typescript from 4.9.3 to 4.9.4
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.3...v4.9.4)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:46 +00:00
Federico Builes ea38797bf9 Merge pull request #359 from jongwooo/chore/use-cache-in-check-dist
Use cache in check-dist.yml
2022-12-27 09:40:44 -05:00
dependabot[bot] 383b34b013 Bump eslint from 8.29.0 to 8.30.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.29.0 to 8.30.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.29.0...v8.30.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:40:20 +00:00
Federico Builes 234f1c3e6b Merge pull request #355 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.7
Bump eslint-plugin-jest from 27.1.6 to 27.1.7
2022-12-27 09:39:34 -05:00
dependabot[bot] 1aca439347 Bump @types/node from 16.18.8 to 16.18.11
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.18.8 to 16.18.11.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-27 14:37:29 +00:00
Federico Builes f5231a7139 Merge pull request #361 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.47.0
Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
2022-12-27 09:36:32 -05:00
dependabot[bot] 872c5e3689 Bump @typescript-eslint/parser from 5.46.0 to 5.47.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.46.0 to 5.47.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.47.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-26 01:43:00 +00:00
Jongwoo Han 86e4c38e88 Use cache in check-dist.yml
Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2022-12-20 03:17:46 +09:00
dependabot[bot] 70a13ae7e3 Bump eslint-plugin-jest from 27.1.6 to 27.1.7
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.1.6 to 27.1.7.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.1.6...v27.1.7)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-19 01:42:28 +00:00
9 changed files with 21200 additions and 4906 deletions
+1
View File
@@ -27,6 +27,7 @@ jobs:
uses: actions/setup-node@v3
with:
node-version: 18.x
cache: npm
- name: Install dependencies
run: npm ci
+29
View File
@@ -0,0 +1,29 @@
import {RequestError} from '@octokit/request-error'
import * as dependencyGraph from '../src/dependency-graph'
import * as core from '@actions/core'
// mock call to core.getInput('repo-token'.. to avoid environment setup - Input required and not supplied: repo-token
jest.mock('@actions/core', () => ({
getInput: (input: string) => {
if (input === 'repo-token') {
return 'gh_testtoken'
}
}
}))
test('it properly catches RequestError type', async () => {
const token = core.getInput('repo-token', {required: true})
expect(token).toBe('gh_testtoken')
//Integration test to make an API request using current dependencies and ensure response can parse into RequestError
try {
await dependencyGraph.compare({
owner: 'actions',
repo: 'dependency-review-action',
baseRef: 'refs/heads/master',
headRef: 'refs/heads/master'
})
} catch (error) {
expect(error).toBeInstanceOf(RequestError)
}
})
Generated Vendored
+20667 -3703
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+3 -234
View File
@@ -1175,240 +1175,9 @@ FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TOR
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.includes
lodash
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isboolean
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isinteger
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isnumber
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.isplainobject
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/lodash/lodash
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
Copyright and related rights for sample code are waived via CC0. Sample
code is defined as all source code displayed within the prose of the
documentation.
CC0: http://creativecommons.org/publicdomain/zero/1.0/
====
Files located in the node_modules and vendor directories are externally
maintained libraries used by this software which have their own
licenses; we recommend you read them, as their terms may differ from the
terms above.
lodash.isstring
MIT
Copyright 2012-2016 The Dojo Foundation <http://dojofoundation.org/>
Based on Underscore.js, copyright 2009-2016 Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
lodash.once
MIT
Copyright jQuery Foundation and other contributors <https://jquery.org/>
Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
Based on Underscore.js, copyright Jeremy Ashkenas,
DocumentCloud and Investigative Reporters & Editors <http://underscorejs.org/>
@@ -1531,7 +1300,7 @@ octokit
MIT
The MIT License
Copyright (c) 2018 Octokit contributors
Copyright (c) 2023 Octokit contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
+484 -955
View File
File diff suppressed because it is too large Load Diff
+13 -11
View File
@@ -28,33 +28,35 @@
"@actions/core": "^1.10.0",
"@actions/github": "^5.1.1",
"@octokit/plugin-retry": "^4.0.3",
"@octokit/request-error": "^3.0.2",
"@octokit/request-error": "^2.1.0",
"ansi-styles": "^6.2.1",
"got": "^12.5.3",
"nodemon": "^2.0.20",
"octokit": "^2.0.10",
"octokit": "^2.0.11",
"spdx-expression-parse": "^3.0.1",
"spdx-satisfies": "^5.0.1",
"yaml": "^2.1.3",
"zod": "^3.19.1"
"yaml": "^2.2.1",
"zod": "^3.20.2"
},
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "^16.18.8",
"@types/node": "^16.18.11",
"@typescript-eslint/eslint-plugin": "^5.45.0",
"@typescript-eslint/parser": "^5.46.0",
"@typescript-eslint/parser": "^5.48.0",
"@types/spdx-expression-parse": "^3.0.2",
"@types/spdx-satisfies": "^0.1.0",
"@typescript-eslint/eslint-plugin": "^5.45.0",
"@typescript-eslint/parser": "^5.47.1",
"@vercel/ncc": "^0.36.0",
"esbuild-register": "^3.4.1",
"eslint": "^8.29.0",
"esbuild-register": "^3.4.2",
"eslint": "^8.31.0",
"eslint-plugin-github": "^4.6.0",
"eslint-plugin-jest": "^27.1.6",
"eslint-plugin-jest": "^27.2.1",
"jest": "^27.5.1",
"js-yaml": "^4.1.0",
"nodemon": "^2.0.20",
"prettier": "2.8.1",
"prettier": "2.8.2",
"ts-jest": "^27.1.4",
"typescript": "^4.9.3"
"typescript": "^4.9.4"
}
}
+1 -1
View File
@@ -76,7 +76,7 @@ async function run(): Promise<void> {
)
} else if (error instanceof RequestError && error.status === 403) {
core.setFailed(
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
`Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled along with GitHub Advanced Security on private repositories, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
)
} else {
if (error instanceof Error) {
+1 -1
View File
@@ -77,4 +77,4 @@ export type Change = z.infer<typeof ChangeSchema>
export type Changes = z.infer<typeof ChangesSchema>
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
export type Severity = z.infer<typeof SeveritySchema>
export type Scope = typeof SCOPES[number]
export type Scope = (typeof SCOPES)[number]