Compare commits
76 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 8dc52cdbed | |||
| ad34390f92 | |||
| 6c530dbedd | |||
| e5c6ae035a | |||
| 9c66f1b1b1 | |||
| 9add2f12fa | |||
| 079b962af9 | |||
| e6b5e83d4e | |||
| 3c40a50e4b | |||
| 886d1fcf5f | |||
| 615671754c | |||
| cd1bb8895d | |||
| 7095391667 | |||
| 6c5ccdad46 | |||
| 51da82b3f5 | |||
| ca13810d94 | |||
| 8447b31d38 | |||
| 85df23de2c | |||
| 5da6fdbdf9 | |||
| 92837b0ca8 | |||
| 35a52fd146 | |||
| bed9726f78 | |||
| e4d20ce9ad | |||
| bb0ca79fcd | |||
| 07f52ce621 | |||
| c7e8727af4 | |||
| 5e4b90e080 | |||
| 7d0e0f61e8 | |||
| ffaf251c92 | |||
| 726ffc8aa8 | |||
| fcef41f1e0 | |||
| e81e6e582f | |||
| 511675e747 | |||
| dcdbff2f84 | |||
| 29513b58ad | |||
| 347cb43687 | |||
| dfe37bb356 | |||
| ada103783f | |||
| abc80cf6a0 | |||
| 15e91a3980 | |||
| c7d2795410 | |||
| eb07c6d763 | |||
| 4d8fe1e464 | |||
| ee86529290 | |||
| c17dea4c51 | |||
| 727ca667a3 | |||
| 84cd472b61 | |||
| 366fffb717 | |||
| 62a1d2d370 | |||
| 42c2f7100f | |||
| 608049acca | |||
| 32037a1d97 | |||
| f6fff72a32 | |||
| 61ee12c097 | |||
| 7d5babfc38 | |||
| ddb1b9361c | |||
| 7c3177d3c2 | |||
| 31afeba06d | |||
| 7ef37f3853 | |||
| 2e59943778 | |||
| 902e86c6f5 | |||
| d3fa764646 | |||
| 1856a6de19 | |||
| 5573b58443 | |||
| c3c3c2e746 | |||
| f6f94a23a4 | |||
| 50954e6a9a | |||
| 66b6f67835 | |||
| 1644401f8d | |||
| 1a326fc7fa | |||
| a82096e68a | |||
| 90d3a94eb7 | |||
| 9dde5949a8 | |||
| cff142b535 | |||
| a4c5ac881a | |||
| d35955ebf6 |
@@ -21,7 +21,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set Node.js 18.x
|
||||
uses: actions/setup-node@v3
|
||||
|
||||
@@ -14,7 +14,7 @@ jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: 18
|
||||
@@ -27,7 +27,7 @@ jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: 18
|
||||
|
||||
@@ -9,6 +9,6 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
- name: Dependency Review
|
||||
uses: actions/dependency-review-action@main
|
||||
|
||||
+1
-1
@@ -79,7 +79,7 @@ Here are a few things you can do that will increase the likelihood of your pull
|
||||
|
||||
- Write tests.
|
||||
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
|
||||
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
|
||||
- Write a [good commit message](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
|
||||
|
||||
## Cutting a new release
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# dependency-review-action
|
||||
# dependency-review-action
|
||||
|
||||
This action scans your pull requests for dependency changes, and will
|
||||
raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions on your default branch.
|
||||
@@ -66,20 +66,22 @@ jobs:
|
||||
|
||||
Configure this action by either inlining these options in your workflow file, or by using an external configuration file. All configuration options are optional.
|
||||
|
||||
| Option | Usage | Possible values | Default value |
|
||||
|---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------|---------------|
|
||||
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
|
||||
| `allow-licenses`\* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
|
||||
| `deny-licenses`\* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
|
||||
| `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
|
||||
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
|
||||
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
|
||||
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
|
||||
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
|
||||
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
|
||||
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` |
|
||||
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
|
||||
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |
|
||||
| Option | Usage | Possible values | Default value |
|
||||
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------- |
|
||||
| `fail-on-severity` | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` |
|
||||
| `allow-licenses`\* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
|
||||
| `deny-licenses`\* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none |
|
||||
| `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `runtime`, `development`, `unknown` | `runtime` |
|
||||
| `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none |
|
||||
| `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `true` |
|
||||
| `vulnerability-check` | Enable or disable the vulnerability check performed by the action. | `true`, `false` | `true` |
|
||||
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
|
||||
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
|
||||
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `always`, `on-failure`, `never` | `never` |
|
||||
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
|
||||
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |
|
||||
| `retry-on-snapshot-warnings`\* | Enable or disable retrying the action every 10 seconds while waiting for dependency submission actions to complete. | `true`, `false` | `false` |
|
||||
| `retry-on-snapshot-warnings-timeout`\* | Maximum amount of time (in seconds) to retry the action while waiting for dependency submission actions to complete. | Any positive integer | 120 |
|
||||
|
||||
\*not supported for use with GitHub Enterprise Server
|
||||
|
||||
|
||||
@@ -171,3 +171,29 @@ describe('licenses that are not valid SPDX licenses', () => {
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
test('it parses the comment-summary-in-pr input', async () => {
|
||||
setInput('comment-summary-in-pr', 'true')
|
||||
let config = await readConfig()
|
||||
expect(config.comment_summary_in_pr).toBe('always')
|
||||
|
||||
clearInputs()
|
||||
setInput('comment-summary-in-pr', 'false')
|
||||
config = await readConfig()
|
||||
expect(config.comment_summary_in_pr).toBe('never')
|
||||
|
||||
clearInputs()
|
||||
setInput('comment-summary-in-pr', 'always')
|
||||
config = await readConfig()
|
||||
expect(config.comment_summary_in_pr).toBe('always')
|
||||
|
||||
clearInputs()
|
||||
setInput('comment-summary-in-pr', 'never')
|
||||
config = await readConfig()
|
||||
expect(config.comment_summary_in_pr).toBe('never')
|
||||
|
||||
clearInputs()
|
||||
setInput('comment-summary-in-pr', 'on-failure')
|
||||
config = await readConfig()
|
||||
expect(config.comment_summary_in_pr).toBe('on-failure')
|
||||
})
|
||||
|
||||
@@ -24,6 +24,7 @@ test('it properly catches RequestError type', async () => {
|
||||
headRef: 'refs/heads/master'
|
||||
})
|
||||
} catch (error) {
|
||||
expect(error).toBeInstanceOf(RequestError)
|
||||
const err = error as RequestError
|
||||
expect(err.status).toBe(401)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -26,7 +26,9 @@ const defaultConfig: ConfigurationOptions = {
|
||||
deny_licenses: [],
|
||||
deny_packages: [],
|
||||
deny_groups: [],
|
||||
comment_summary_in_pr: true
|
||||
comment_summary_in_pr: true,
|
||||
retry_on_snapshot_warnings: false,
|
||||
retry_on_snapshot_warnings_timeout: 120
|
||||
}
|
||||
|
||||
const changesWithEmptyManifests: Changes = [
|
||||
|
||||
+9
-1
@@ -45,7 +45,7 @@ inputs:
|
||||
description: A boolean to determine if vulnerability checks should be performed
|
||||
required: false
|
||||
comment-summary-in-pr:
|
||||
description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
|
||||
description: Determines if the summary is posted as a comment in the PR itself. Setting this to `always` or `on-failure` requires you to give the workflow the write permissions for pull-requests
|
||||
required: false
|
||||
deny-packages:
|
||||
description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
|
||||
@@ -53,6 +53,14 @@ inputs:
|
||||
deny-groups:
|
||||
description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
|
||||
required: false
|
||||
retry-on-snapshot-warnings:
|
||||
description: Whether to retry on snapshot warnings
|
||||
required: false
|
||||
default: false
|
||||
retry-on-snapshot-warnings-timeout:
|
||||
description: Number of seconds to wait before stopping snapshot retries.
|
||||
required: false
|
||||
default: 120
|
||||
runs:
|
||||
using: 'node16'
|
||||
main: 'dist/index.js'
|
||||
|
||||
+177
-56
@@ -564,17 +564,47 @@ const git_refs_1 = __nccwpck_require__(1086);
|
||||
const utils_1 = __nccwpck_require__(918);
|
||||
const comment_pr_1 = __nccwpck_require__(5842);
|
||||
const deny_1 = __nccwpck_require__(2134);
|
||||
function delay(ms) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
return new Promise(resolve => setTimeout(resolve, ms));
|
||||
});
|
||||
}
|
||||
function getComparison(baseRef, headRef, retryOpts) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
const comparison = yield dependencyGraph.compare({
|
||||
owner: github.context.repo.owner,
|
||||
repo: github.context.repo.repo,
|
||||
baseRef,
|
||||
headRef
|
||||
});
|
||||
if (comparison.snapshot_warnings.trim() !== '') {
|
||||
core.info(comparison.snapshot_warnings);
|
||||
if (retryOpts !== undefined) {
|
||||
if (retryOpts.retryUntil < Date.now()) {
|
||||
core.info(`Retry timeout exceeded. Proceeding...`);
|
||||
return comparison;
|
||||
}
|
||||
else {
|
||||
core.info(`Retrying in ${retryOpts.retryDelay} seconds...`);
|
||||
yield delay(retryOpts.retryDelay * 1000);
|
||||
return getComparison(baseRef, headRef, retryOpts);
|
||||
}
|
||||
}
|
||||
}
|
||||
return comparison;
|
||||
});
|
||||
}
|
||||
function run() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
try {
|
||||
const config = yield (0, config_1.readConfig)();
|
||||
const refs = (0, git_refs_1.getRefs)(config, github.context);
|
||||
const comparison = yield dependencyGraph.compare({
|
||||
owner: github.context.repo.owner,
|
||||
repo: github.context.repo.repo,
|
||||
baseRef: refs.base,
|
||||
headRef: refs.head
|
||||
});
|
||||
const comparison = yield getComparison(refs.base, refs.head, config.retry_on_snapshot_warnings
|
||||
? {
|
||||
retryUntil: Date.now() + config.retry_on_snapshot_warnings_timeout * 1000,
|
||||
retryDelay: 10
|
||||
}
|
||||
: undefined);
|
||||
const changes = comparison.changes;
|
||||
const snapshot_warnings = comparison.snapshot_warnings;
|
||||
if (!changes) {
|
||||
@@ -597,7 +627,7 @@ function run() {
|
||||
const deniedChanges = yield (0, deny_1.getDeniedChanges)(filteredChanges, config.deny_packages, config.deny_groups);
|
||||
summary.addSummaryToSummary(vulnerableChanges, invalidLicenseChanges, deniedChanges, config);
|
||||
if (snapshot_warnings) {
|
||||
summary.addSnapshotWarnings(snapshot_warnings);
|
||||
summary.addSnapshotWarnings(config, snapshot_warnings);
|
||||
}
|
||||
if (config.vulnerability_check) {
|
||||
summary.addChangeVulnerabilitiesToSummary(vulnerableChanges, minSeverity);
|
||||
@@ -613,7 +643,9 @@ function run() {
|
||||
}
|
||||
summary.addScannedDependencies(changes);
|
||||
printScannedDependencies(changes);
|
||||
if (config.comment_summary_in_pr) {
|
||||
if (config.comment_summary_in_pr === 'always' ||
|
||||
(config.comment_summary_in_pr === 'on-failure' &&
|
||||
process.exitCode === core.ExitCode.Failure)) {
|
||||
yield (0, comment_pr_1.commentPr)(core.summary);
|
||||
}
|
||||
}
|
||||
@@ -816,7 +848,23 @@ exports.ConfigurationOptionsSchema = z
|
||||
config_file: z.string().optional(),
|
||||
base_ref: z.string().optional(),
|
||||
head_ref: z.string().optional(),
|
||||
comment_summary_in_pr: z.boolean().default(false)
|
||||
retry_on_snapshot_warnings: z.boolean().default(false),
|
||||
retry_on_snapshot_warnings_timeout: z.number().default(120),
|
||||
comment_summary_in_pr: z
|
||||
.union([
|
||||
z.preprocess(val => (val === 'true' ? true : val === 'false' ? false : val), z.boolean()),
|
||||
z.enum(['always', 'never', 'on-failure'])
|
||||
])
|
||||
.default('never')
|
||||
})
|
||||
.transform(config => {
|
||||
if (config.comment_summary_in_pr === true) {
|
||||
config.comment_summary_in_pr = 'always';
|
||||
}
|
||||
else if (config.comment_summary_in_pr === false) {
|
||||
config.comment_summary_in_pr = 'never';
|
||||
}
|
||||
return config;
|
||||
})
|
||||
.superRefine((config, context) => {
|
||||
if (config.allow_licenses && config.deny_licenses) {
|
||||
@@ -1044,18 +1092,26 @@ function addScannedDependencies(changes) {
|
||||
}
|
||||
}
|
||||
exports.addScannedDependencies = addScannedDependencies;
|
||||
function addSnapshotWarnings(warnings) {
|
||||
// For now, we want to ignore warnings that just complain
|
||||
// about missing snapshots on the head SHA. This is a product
|
||||
// decision to avoid presenting warnings to users who simply
|
||||
// don't use snapshots.
|
||||
const ignore_regex = new RegExp(/No.*snapshot.*found.*head.*/, 'i');
|
||||
if (ignore_regex.test(warnings)) {
|
||||
return;
|
||||
function snapshotWarningRecommendation(config, warnings) {
|
||||
const no_pr_snaps = warnings.includes('No snapshots were found for the head SHA');
|
||||
const retries_disabled = !config.retry_on_snapshot_warnings;
|
||||
if (no_pr_snaps && retries_disabled) {
|
||||
return 'Ensure that dependencies are being submitted on PR branches and consider enabling <em>retry-on-snapshot-warnings</em>.';
|
||||
}
|
||||
else if (no_pr_snaps) {
|
||||
return 'Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue.';
|
||||
}
|
||||
else if (retries_disabled) {
|
||||
return 'Consider enabling <em>retry-on-snapshot-warnings</em>.';
|
||||
}
|
||||
return 'Re-running this action after a short time may resolve the issue.';
|
||||
}
|
||||
function addSnapshotWarnings(config, warnings) {
|
||||
core.summary.addHeading('Snapshot Warnings', 2);
|
||||
core.summary.addQuote(`${icons.warning}: ${warnings}`);
|
||||
core.summary.addRaw('Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.');
|
||||
const recommendation = snapshotWarningRecommendation(config, warnings);
|
||||
const docsLink = 'See <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together">the documentation</a> for more information and troubleshooting advice.';
|
||||
core.summary.addRaw(`${recommendation} ${docsLink}`);
|
||||
}
|
||||
exports.addSnapshotWarnings = addSnapshotWarnings;
|
||||
function countLicenseIssues(invalidLicenseChanges) {
|
||||
@@ -44255,7 +44311,8 @@ class ParseStatus {
|
||||
status.dirty();
|
||||
if (value.status === "dirty")
|
||||
status.dirty();
|
||||
if (typeof value.value !== "undefined" || pair.alwaysSet) {
|
||||
if (key.value !== "__proto__" &&
|
||||
(typeof value.value !== "undefined" || pair.alwaysSet)) {
|
||||
finalObject[key.value] = value.value;
|
||||
}
|
||||
}
|
||||
@@ -44622,8 +44679,8 @@ exports["default"] = errorMap;
|
||||
"use strict";
|
||||
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.discriminatedUnion = exports.date = exports.boolean = exports.bigint = exports.array = exports.any = exports.coerce = exports.ZodFirstPartyTypeKind = exports.late = exports.ZodSchema = exports.Schema = exports.custom = exports.ZodPipeline = exports.ZodBranded = exports.BRAND = exports.ZodNaN = exports.ZodCatch = exports.ZodDefault = exports.ZodNullable = exports.ZodOptional = exports.ZodTransformer = exports.ZodEffects = exports.ZodPromise = exports.ZodNativeEnum = exports.ZodEnum = exports.ZodLiteral = exports.ZodLazy = exports.ZodFunction = exports.ZodSet = exports.ZodMap = exports.ZodRecord = exports.ZodTuple = exports.ZodIntersection = exports.ZodDiscriminatedUnion = exports.ZodUnion = exports.ZodObject = exports.ZodArray = exports.ZodVoid = exports.ZodNever = exports.ZodUnknown = exports.ZodAny = exports.ZodNull = exports.ZodUndefined = exports.ZodSymbol = exports.ZodDate = exports.ZodBoolean = exports.ZodBigInt = exports.ZodNumber = exports.ZodString = exports.ZodType = void 0;
|
||||
exports.NEVER = exports["void"] = exports.unknown = exports.union = exports.undefined = exports.tuple = exports.transformer = exports.symbol = exports.string = exports.strictObject = exports.set = exports.record = exports.promise = exports.preprocess = exports.pipeline = exports.ostring = exports.optional = exports.onumber = exports.oboolean = exports.object = exports.number = exports.nullable = exports["null"] = exports.never = exports.nativeEnum = exports.nan = exports.map = exports.literal = exports.lazy = exports.intersection = exports["instanceof"] = exports["function"] = exports["enum"] = exports.effect = void 0;
|
||||
exports.date = exports.boolean = exports.bigint = exports.array = exports.any = exports.coerce = exports.ZodFirstPartyTypeKind = exports.late = exports.ZodSchema = exports.Schema = exports.custom = exports.ZodReadonly = exports.ZodPipeline = exports.ZodBranded = exports.BRAND = exports.ZodNaN = exports.ZodCatch = exports.ZodDefault = exports.ZodNullable = exports.ZodOptional = exports.ZodTransformer = exports.ZodEffects = exports.ZodPromise = exports.ZodNativeEnum = exports.ZodEnum = exports.ZodLiteral = exports.ZodLazy = exports.ZodFunction = exports.ZodSet = exports.ZodMap = exports.ZodRecord = exports.ZodTuple = exports.ZodIntersection = exports.ZodDiscriminatedUnion = exports.ZodUnion = exports.ZodObject = exports.ZodArray = exports.ZodVoid = exports.ZodNever = exports.ZodUnknown = exports.ZodAny = exports.ZodNull = exports.ZodUndefined = exports.ZodSymbol = exports.ZodDate = exports.ZodBoolean = exports.ZodBigInt = exports.ZodNumber = exports.ZodString = exports.ZodType = void 0;
|
||||
exports.NEVER = exports["void"] = exports.unknown = exports.union = exports.undefined = exports.tuple = exports.transformer = exports.symbol = exports.string = exports.strictObject = exports.set = exports.record = exports.promise = exports.preprocess = exports.pipeline = exports.ostring = exports.optional = exports.onumber = exports.oboolean = exports.object = exports.number = exports.nullable = exports["null"] = exports.never = exports.nativeEnum = exports.nan = exports.map = exports.literal = exports.lazy = exports.intersection = exports["instanceof"] = exports["function"] = exports["enum"] = exports.effect = exports.discriminatedUnion = void 0;
|
||||
const errors_1 = __nccwpck_require__(9566);
|
||||
const errorUtil_1 = __nccwpck_require__(2513);
|
||||
const parseUtil_1 = __nccwpck_require__(888);
|
||||
@@ -44713,6 +44770,7 @@ class ZodType {
|
||||
this.catch = this.catch.bind(this);
|
||||
this.describe = this.describe.bind(this);
|
||||
this.pipe = this.pipe.bind(this);
|
||||
this.readonly = this.readonly.bind(this);
|
||||
this.isNullable = this.isNullable.bind(this);
|
||||
this.isOptional = this.isOptional.bind(this);
|
||||
}
|
||||
@@ -44929,6 +44987,9 @@ class ZodType {
|
||||
pipe(target) {
|
||||
return ZodPipeline.create(this, target);
|
||||
}
|
||||
readonly() {
|
||||
return ZodReadonly.create(this);
|
||||
}
|
||||
isOptional() {
|
||||
return this.safeParse(undefined).success;
|
||||
}
|
||||
@@ -44942,8 +45003,8 @@ exports.ZodSchema = ZodType;
|
||||
const cuidRegex = /^c[^\s-]{8,}$/i;
|
||||
const cuid2Regex = /^[a-z][a-z0-9]*$/;
|
||||
const ulidRegex = /[0-9A-HJKMNP-TV-Z]{26}/;
|
||||
const uuidRegex = /^([a-f0-9]{8}-[a-f0-9]{4}-[1-5][a-f0-9]{3}-[a-f0-9]{4}-[a-f0-9]{12}|00000000-0000-0000-0000-000000000000)$/i;
|
||||
const emailRegex = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\])|(\[IPv6:(([a-f0-9]{1,4}:){7}|::([a-f0-9]{1,4}:){0,6}|([a-f0-9]{1,4}:){1}:([a-f0-9]{1,4}:){0,5}|([a-f0-9]{1,4}:){2}:([a-f0-9]{1,4}:){0,4}|([a-f0-9]{1,4}:){3}:([a-f0-9]{1,4}:){0,3}|([a-f0-9]{1,4}:){4}:([a-f0-9]{1,4}:){0,2}|([a-f0-9]{1,4}:){5}:([a-f0-9]{1,4}:){0,1})([a-f0-9]{1,4}|(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2})))\])|([A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])*(\.[A-Za-z]{2,})+))$/;
|
||||
const uuidRegex = /^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$/i;
|
||||
const emailRegex = /^([A-Z0-9_+-]+\.?)*[A-Z0-9_+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$/i;
|
||||
const emojiRegex = /^(\p{Extended_Pictographic}|\p{Emoji_Component})+$/u;
|
||||
const ipv4Regex = /^(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))$/;
|
||||
const ipv6Regex = /^(([a-f0-9]{1,4}:){7}|::([a-f0-9]{1,4}:){0,6}|([a-f0-9]{1,4}:){1}:([a-f0-9]{1,4}:){0,5}|([a-f0-9]{1,4}:){2}:([a-f0-9]{1,4}:){0,4}|([a-f0-9]{1,4}:){3}:([a-f0-9]{1,4}:){0,3}|([a-f0-9]{1,4}:){4}:([a-f0-9]{1,4}:){0,2}|([a-f0-9]{1,4}:){5}:([a-f0-9]{1,4}:){0,1})([a-f0-9]{1,4}|(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2})))$/;
|
||||
@@ -46919,6 +46980,12 @@ class ZodRecord extends ZodType {
|
||||
}
|
||||
exports.ZodRecord = ZodRecord;
|
||||
class ZodMap extends ZodType {
|
||||
get keySchema() {
|
||||
return this._def.keyType;
|
||||
}
|
||||
get valueSchema() {
|
||||
return this._def.valueType;
|
||||
}
|
||||
_parse(input) {
|
||||
const { status, ctx } = this._processInputParams(input);
|
||||
if (ctx.parsedType !== util_1.ZodParsedType.map) {
|
||||
@@ -47117,16 +47184,17 @@ class ZodFunction extends ZodType {
|
||||
const params = { errorMap: ctx.common.contextualErrorMap };
|
||||
const fn = ctx.data;
|
||||
if (this._def.returns instanceof ZodPromise) {
|
||||
return (0, parseUtil_1.OK)(async (...args) => {
|
||||
const me = this;
|
||||
return (0, parseUtil_1.OK)(async function (...args) {
|
||||
const error = new ZodError_1.ZodError([]);
|
||||
const parsedArgs = await this._def.args
|
||||
const parsedArgs = await me._def.args
|
||||
.parseAsync(args, params)
|
||||
.catch((e) => {
|
||||
error.addIssue(makeArgsIssue(args, e));
|
||||
throw error;
|
||||
});
|
||||
const result = await fn(...parsedArgs);
|
||||
const parsedReturns = await this._def.returns._def.type
|
||||
const result = await Reflect.apply(fn, this, parsedArgs);
|
||||
const parsedReturns = await me._def.returns._def.type
|
||||
.parseAsync(result, params)
|
||||
.catch((e) => {
|
||||
error.addIssue(makeReturnsIssue(result, e));
|
||||
@@ -47136,13 +47204,14 @@ class ZodFunction extends ZodType {
|
||||
});
|
||||
}
|
||||
else {
|
||||
return (0, parseUtil_1.OK)((...args) => {
|
||||
const parsedArgs = this._def.args.safeParse(args, params);
|
||||
const me = this;
|
||||
return (0, parseUtil_1.OK)(function (...args) {
|
||||
const parsedArgs = me._def.args.safeParse(args, params);
|
||||
if (!parsedArgs.success) {
|
||||
throw new ZodError_1.ZodError([makeArgsIssue(args, parsedArgs.error)]);
|
||||
}
|
||||
const result = fn(...parsedArgs.data);
|
||||
const parsedReturns = this._def.returns.safeParse(result, params);
|
||||
const result = Reflect.apply(fn, this, parsedArgs.data);
|
||||
const parsedReturns = me._def.returns.safeParse(result, params);
|
||||
if (!parsedReturns.success) {
|
||||
throw new ZodError_1.ZodError([makeReturnsIssue(result, parsedReturns.error)]);
|
||||
}
|
||||
@@ -47233,7 +47302,7 @@ ZodLiteral.create = (value, params) => {
|
||||
};
|
||||
function createZodEnum(values, params) {
|
||||
return new ZodEnum({
|
||||
values: values,
|
||||
values,
|
||||
typeName: ZodFirstPartyTypeKind.ZodEnum,
|
||||
...processCreateParams(params),
|
||||
});
|
||||
@@ -47378,8 +47447,29 @@ class ZodEffects extends ZodType {
|
||||
_parse(input) {
|
||||
const { status, ctx } = this._processInputParams(input);
|
||||
const effect = this._def.effect || null;
|
||||
const checkCtx = {
|
||||
addIssue: (arg) => {
|
||||
(0, parseUtil_1.addIssueToContext)(ctx, arg);
|
||||
if (arg.fatal) {
|
||||
status.abort();
|
||||
}
|
||||
else {
|
||||
status.dirty();
|
||||
}
|
||||
},
|
||||
get path() {
|
||||
return ctx.path;
|
||||
},
|
||||
};
|
||||
checkCtx.addIssue = checkCtx.addIssue.bind(checkCtx);
|
||||
if (effect.type === "preprocess") {
|
||||
const processed = effect.transform(ctx.data);
|
||||
const processed = effect.transform(ctx.data, checkCtx);
|
||||
if (ctx.common.issues.length) {
|
||||
return {
|
||||
status: "dirty",
|
||||
value: ctx.data,
|
||||
};
|
||||
}
|
||||
if (ctx.common.async) {
|
||||
return Promise.resolve(processed).then((processed) => {
|
||||
return this._def.schema._parseAsync({
|
||||
@@ -47397,21 +47487,6 @@ class ZodEffects extends ZodType {
|
||||
});
|
||||
}
|
||||
}
|
||||
const checkCtx = {
|
||||
addIssue: (arg) => {
|
||||
(0, parseUtil_1.addIssueToContext)(ctx, arg);
|
||||
if (arg.fatal) {
|
||||
status.abort();
|
||||
}
|
||||
else {
|
||||
status.dirty();
|
||||
}
|
||||
},
|
||||
get path() {
|
||||
return ctx.path;
|
||||
},
|
||||
};
|
||||
checkCtx.addIssue = checkCtx.addIssue.bind(checkCtx);
|
||||
if (effect.type === "refinement") {
|
||||
const executeRefinement = (acc) => {
|
||||
const result = effect.refinement(acc, checkCtx);
|
||||
@@ -47720,6 +47795,23 @@ class ZodPipeline extends ZodType {
|
||||
}
|
||||
}
|
||||
exports.ZodPipeline = ZodPipeline;
|
||||
class ZodReadonly extends ZodType {
|
||||
_parse(input) {
|
||||
const result = this._def.innerType._parse(input);
|
||||
if ((0, parseUtil_1.isValid)(result)) {
|
||||
result.value = Object.freeze(result.value);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
exports.ZodReadonly = ZodReadonly;
|
||||
ZodReadonly.create = (type, params) => {
|
||||
return new ZodReadonly({
|
||||
innerType: type,
|
||||
typeName: ZodFirstPartyTypeKind.ZodReadonly,
|
||||
...processCreateParams(params),
|
||||
});
|
||||
};
|
||||
const custom = (check, params = {}, fatal) => {
|
||||
if (check)
|
||||
return ZodAny.create().superRefine((data, ctx) => {
|
||||
@@ -47778,6 +47870,7 @@ var ZodFirstPartyTypeKind;
|
||||
ZodFirstPartyTypeKind["ZodPromise"] = "ZodPromise";
|
||||
ZodFirstPartyTypeKind["ZodBranded"] = "ZodBranded";
|
||||
ZodFirstPartyTypeKind["ZodPipeline"] = "ZodPipeline";
|
||||
ZodFirstPartyTypeKind["ZodReadonly"] = "ZodReadonly";
|
||||
})(ZodFirstPartyTypeKind = exports.ZodFirstPartyTypeKind || (exports.ZodFirstPartyTypeKind = {}));
|
||||
class Class {
|
||||
constructor(..._) { }
|
||||
@@ -47951,7 +48044,9 @@ function readInlineConfig() {
|
||||
const vulnerability_check = getOptionalBoolean('vulnerability-check');
|
||||
const base_ref = getOptionalInput('base-ref');
|
||||
const head_ref = getOptionalInput('head-ref');
|
||||
const comment_summary_in_pr = getOptionalBoolean('comment-summary-in-pr');
|
||||
const comment_summary_in_pr = getOptionalInput('comment-summary-in-pr');
|
||||
const retry_on_snapshot_warnings = getOptionalBoolean('retry-on-snapshot-warnings');
|
||||
const retry_on_snapshot_warnings_timeout = getOptionalNumber('retry-on-snapshot-warnings-timeout');
|
||||
validatePURL(allow_dependencies_licenses);
|
||||
validateLicenses('allow-licenses', allow_licenses);
|
||||
validateLicenses('deny-licenses', deny_licenses);
|
||||
@@ -47968,10 +48063,17 @@ function readInlineConfig() {
|
||||
vulnerability_check,
|
||||
base_ref,
|
||||
head_ref,
|
||||
comment_summary_in_pr
|
||||
comment_summary_in_pr,
|
||||
retry_on_snapshot_warnings,
|
||||
retry_on_snapshot_warnings_timeout
|
||||
};
|
||||
return Object.fromEntries(Object.entries(keys).filter(([_, value]) => value !== undefined));
|
||||
}
|
||||
function getOptionalNumber(name) {
|
||||
const value = core.getInput(name);
|
||||
const parsed = z.string().regex(/^\d+$/).transform(Number).safeParse(value);
|
||||
return parsed.success ? parsed.data : undefined;
|
||||
}
|
||||
function getOptionalBoolean(name) {
|
||||
const value = core.getInput(name);
|
||||
return value.length > 0 ? core.getBooleanInput(name) : undefined;
|
||||
@@ -48255,7 +48357,23 @@ exports.ConfigurationOptionsSchema = z
|
||||
config_file: z.string().optional(),
|
||||
base_ref: z.string().optional(),
|
||||
head_ref: z.string().optional(),
|
||||
comment_summary_in_pr: z.boolean().default(false)
|
||||
retry_on_snapshot_warnings: z.boolean().default(false),
|
||||
retry_on_snapshot_warnings_timeout: z.number().default(120),
|
||||
comment_summary_in_pr: z
|
||||
.union([
|
||||
z.preprocess(val => (val === 'true' ? true : val === 'false' ? false : val), z.boolean()),
|
||||
z.enum(['always', 'never', 'on-failure'])
|
||||
])
|
||||
.default('never')
|
||||
})
|
||||
.transform(config => {
|
||||
if (config.comment_summary_in_pr === true) {
|
||||
config.comment_summary_in_pr = 'always';
|
||||
}
|
||||
else if (config.comment_summary_in_pr === false) {
|
||||
config.comment_summary_in_pr = 'never';
|
||||
}
|
||||
return config;
|
||||
})
|
||||
.superRefine((config, context) => {
|
||||
if (config.allow_licenses && config.deny_licenses) {
|
||||
@@ -52541,6 +52659,8 @@ function debug(logLevel, ...messages) {
|
||||
}
|
||||
function warn(logLevel, warning) {
|
||||
if (logLevel === 'debug' || logLevel === 'warn') {
|
||||
// https://github.com/typescript-eslint/typescript-eslint/issues/7478
|
||||
// eslint-disable-next-line @typescript-eslint/prefer-optional-chain
|
||||
if (typeof process !== 'undefined' && process.emitWarning)
|
||||
process.emitWarning(warning);
|
||||
else
|
||||
@@ -53322,7 +53442,7 @@ function stringifyKey(key, jsKey, ctx) {
|
||||
return '';
|
||||
if (typeof jsKey !== 'object')
|
||||
return String(jsKey);
|
||||
if (identity.isNode(key) && ctx && ctx.doc) {
|
||||
if (identity.isNode(key) && ctx?.doc) {
|
||||
const strCtx = stringify.createStringifyContext(ctx.doc, {});
|
||||
strCtx.anchors = new Set();
|
||||
for (const node of ctx.anchors.keys())
|
||||
@@ -56701,8 +56821,9 @@ function createPairs(schema, iterable, ctx) {
|
||||
key = keys[0];
|
||||
value = it[key];
|
||||
}
|
||||
else
|
||||
throw new TypeError(`Expected { key: value } tuple: ${it}`);
|
||||
else {
|
||||
throw new TypeError(`Expected tuple with one key, not ${keys.length} keys`);
|
||||
}
|
||||
}
|
||||
else {
|
||||
key = it;
|
||||
@@ -57377,7 +57498,7 @@ function stringifyFlowCollection({ comment, items }, ctx, { flowChars, itemInden
|
||||
if (iv.commentBefore)
|
||||
reqNewline = true;
|
||||
}
|
||||
else if (item.value == null && ik && ik.comment) {
|
||||
else if (item.value == null && ik?.comment) {
|
||||
comment = ik.comment;
|
||||
}
|
||||
}
|
||||
@@ -58003,7 +58124,7 @@ function blockString({ comment, type, value }, ctx, onComment, onChompKeep) {
|
||||
function plainString(item, ctx, onComment, onChompKeep) {
|
||||
const { type, value } = item;
|
||||
const { actualString, implicitKey, indent, indentStep, inFlow } = ctx;
|
||||
if ((implicitKey && /[\n[\]{},]/.test(value)) ||
|
||||
if ((implicitKey && value.includes('\n')) ||
|
||||
(inFlow && /[[\]{},]/.test(value))) {
|
||||
return quotedString(value, ctx);
|
||||
}
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
+43
-7
@@ -83,7 +83,7 @@ jobs:
|
||||
config-file: './.github/dependency-review-config.yml'
|
||||
```
|
||||
|
||||
## Using a configuration file from a external repository
|
||||
## Using a configuration file from an external repository
|
||||
|
||||
The following example will use a configuration file from an external public GitHub repository to configure the action.
|
||||
|
||||
@@ -110,7 +110,7 @@ jobs:
|
||||
config-file: 'github/octorepo/dependency-review-config.yml@main'
|
||||
```
|
||||
|
||||
## Using a configuration file from a external repository with a personal access token
|
||||
## Using a configuration file from an external repository with a personal access token
|
||||
|
||||
The following example will use a configuration file from an external private GtiHub repository to configure the action.
|
||||
|
||||
@@ -135,7 +135,7 @@ jobs:
|
||||
uses: actions/dependency-review-action@v3
|
||||
with:
|
||||
config-file: 'github/octorepo-private/dependency-review-config.yml@main'
|
||||
config-file-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
|
||||
external-repo-token: ${{ secrets.GITHUB_TOKEN }} # or a personal access token
|
||||
```
|
||||
|
||||
## Getting the results of the action in the PR as a comment
|
||||
@@ -161,7 +161,7 @@ jobs:
|
||||
with:
|
||||
fail-on-severity: critical
|
||||
deny-licenses: LGPL-2.0, BSD-2-Clause
|
||||
comment-summary-in-pr: true
|
||||
comment-summary-in-pr: always
|
||||
```
|
||||
|
||||
## Exclude dependencies from the license check
|
||||
@@ -189,7 +189,7 @@ jobs:
|
||||
with:
|
||||
fail-on-severity: critical
|
||||
deny-licenses: LGPL-2.0, BSD-2-Clause
|
||||
comment-summary-in-pr: true
|
||||
comment-summary-in-pr: always
|
||||
allow-dependencies-licenses: 'pkg:npm/loadash, pkg:pip/requests'
|
||||
```
|
||||
|
||||
@@ -227,7 +227,7 @@ jobs:
|
||||
uses: actions/dependency-review-action@v3
|
||||
with:
|
||||
fail-on-severity: critical
|
||||
comment-summary-in-pr: true
|
||||
comment-summary-in-pr: always
|
||||
license-check: false
|
||||
```
|
||||
|
||||
@@ -257,4 +257,40 @@ jobs:
|
||||
with:
|
||||
deny-packages: 'pkg:maven/org.apache.logging.log4j/log4j-api,pkg:maven/org.apache.logging.log4j/log4j-core'
|
||||
deny-groups: 'pkg:maven/com.bazaarvoice.jolt'
|
||||
```
|
||||
```
|
||||
|
||||
## Waiting for dependency submission jobs to complete
|
||||
|
||||
When possible, this action will [include dependencies submitted through the dependency submission API][DSAPI]. In this case,
|
||||
it's important for the action not to complete until all of the relevant dependencies have been submitted for both the base
|
||||
and head commits.
|
||||
|
||||
When this action runs before one or more of the dependency submission actions, there will be an unequal number of dependency
|
||||
snapshots between the base and head commits. For example, there may be one snapshot available for the tip of `main` and none
|
||||
for the PR branch. In that case, the API response will contain a "snapshot warning" explaining the discrepancy.
|
||||
|
||||
In this example, when the action encounters one of these warnings it will retry every 10 seconds after that for 60 seconds
|
||||
or until there is no warning in the response.
|
||||
|
||||
```yaml
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@v3
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@v3
|
||||
with:
|
||||
retry-on-snapshot-warnings: true
|
||||
retry-on-snapshot-warnings-timeout: 60
|
||||
```
|
||||
|
||||
[DSAPI]: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together
|
||||
|
||||
Generated
+127
-121
@@ -1,44 +1,44 @@
|
||||
{
|
||||
"name": "dependency-review-action",
|
||||
"version": "3.0.7",
|
||||
"version": "3.1.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "dependency-review-action",
|
||||
"version": "3.0.7",
|
||||
"version": "3.1.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.0",
|
||||
"@actions/github": "^5.1.1",
|
||||
"@octokit/plugin-retry": "^5.0.4",
|
||||
"@octokit/request-error": "^2.1.0",
|
||||
"@octokit/request-error": "^5.0.1",
|
||||
"ansi-styles": "^6.2.1",
|
||||
"got": "^13.0.0",
|
||||
"octokit": "^2.1.0",
|
||||
"packageurl-js": "^1.0.2",
|
||||
"spdx-expression-parse": "^3.0.1",
|
||||
"spdx-satisfies": "^5.0.1",
|
||||
"yaml": "^2.3.1",
|
||||
"zod": "^3.21.4"
|
||||
"yaml": "^2.3.2",
|
||||
"zod": "^3.22.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/jest": "^27.5.2",
|
||||
"@types/node": "^16.18.38",
|
||||
"@types/node": "^16.18.48",
|
||||
"@types/spdx-expression-parse": "^3.0.2",
|
||||
"@types/spdx-satisfies": "^0.1.0",
|
||||
"@typescript-eslint/eslint-plugin": "^6.2.0",
|
||||
"@typescript-eslint/parser": "^6.2.1",
|
||||
"@typescript-eslint/eslint-plugin": "^6.7.2",
|
||||
"@typescript-eslint/parser": "^6.6.0",
|
||||
"@vercel/ncc": "^0.36.1",
|
||||
"esbuild-register": "^3.4.2",
|
||||
"eslint": "^8.44.0",
|
||||
"esbuild-register": "^3.5.0",
|
||||
"eslint": "^8.48.0",
|
||||
"eslint-plugin-github": "^4.8.0",
|
||||
"eslint-plugin-jest": "^27.2.2",
|
||||
"eslint-plugin-prettier": "^5.0.0",
|
||||
"jest": "^27.5.1",
|
||||
"js-yaml": "^4.1.0",
|
||||
"nodemon": "^3.0.1",
|
||||
"prettier": "3.0.1",
|
||||
"prettier": "3.0.2",
|
||||
"ts-jest": "^27.1.4",
|
||||
"typescript": "^4.9.5"
|
||||
}
|
||||
@@ -132,6 +132,16 @@
|
||||
"universal-user-agent": "^6.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/github/node_modules/@octokit/request-error": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
|
||||
"integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^6.0.3",
|
||||
"deprecation": "^2.0.0",
|
||||
"once": "^1.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/github/node_modules/@octokit/types": {
|
||||
"version": "6.41.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
|
||||
@@ -1122,9 +1132,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@eslint/eslintrc": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.1.tgz",
|
||||
"integrity": "sha512-9t7ZA7NGGK8ckelF0PQCfcxIUzs1Md5rrO6U/c+FIQNanea5UZC0wqKXH4vHBccmu4ZJgZ2idtPeW7+Q2npOEA==",
|
||||
"version": "2.1.2",
|
||||
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
|
||||
"integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"ajv": "^6.12.4",
|
||||
@@ -1145,9 +1155,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@eslint/js": {
|
||||
"version": "8.46.0",
|
||||
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.46.0.tgz",
|
||||
"integrity": "sha512-a8TLtmPi8xzPkCbp/OGFUo5yhRkHM2Ko9kOWP4znJr0WAhWyThaw3PnwX4vOTWOAMsV2uRt32PPDcEz63esSaA==",
|
||||
"version": "8.48.0",
|
||||
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.48.0.tgz",
|
||||
"integrity": "sha512-ZSjtmelB7IJfWD2Fvb7+Z+ChTIKWq6kjda95fLcQKNS5aheVHn4IkfgRQE3sIIzTcSLwLcLZUD9UBt+V7+h+Pw==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
|
||||
@@ -2015,26 +2025,29 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request-error": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
|
||||
"integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
|
||||
"version": "5.0.1",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.0.1.tgz",
|
||||
"integrity": "sha512-X7pnyTMV7MgtGmiXBwmO6M5kIPrntOXdyKZLigNfQWSEQzVxR4a4vo49vJjTWX70mPndj8KhfT4Dx+2Ng3vnBQ==",
|
||||
"dependencies": {
|
||||
"@octokit/types": "^6.0.3",
|
||||
"@octokit/types": "^12.0.0",
|
||||
"deprecation": "^2.0.0",
|
||||
"once": "^1.4.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
|
||||
"version": "12.11.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
|
||||
"integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
|
||||
"version": "19.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.0.0.tgz",
|
||||
"integrity": "sha512-PclQ6JGMTE9iUStpzMkwLCISFn/wDeRjkZFIKALpvJQNBGwDoYYi2fFvuHwssoQ1rXI5mfh6jgTgWuddeUzfWw=="
|
||||
},
|
||||
"node_modules/@octokit/request-error/node_modules/@octokit/types": {
|
||||
"version": "6.41.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
|
||||
"integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
|
||||
"version": "12.0.0",
|
||||
"resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.0.0.tgz",
|
||||
"integrity": "sha512-EzD434aHTFifGudYAygnFlS1Tl6KhbTynEWELQXIbTY8Msvb5nEqTZIm7sbPEt4mQYLZwu3zPKVdeIrw0g7ovg==",
|
||||
"dependencies": {
|
||||
"@octokit/openapi-types": "^12.11.0"
|
||||
"@octokit/openapi-types": "^19.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@octokit/request/node_modules/@octokit/request-error": {
|
||||
@@ -2292,9 +2305,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@types/node": {
|
||||
"version": "16.18.39",
|
||||
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.39.tgz",
|
||||
"integrity": "sha512-8q9ZexmdYYyc5/cfujaXb4YOucpQxAV4RMG0himLyDUOEr8Mr79VrqsFI+cQ2M2h89YIuy95lbxuYjxT4Hk4kQ=="
|
||||
"version": "16.18.48",
|
||||
"resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.48.tgz",
|
||||
"integrity": "sha512-mlaecDKQ7rIZrYD7iiKNdzFb6e/qD5I9U1rAhq+Fd+DWvYVs+G2kv74UFHmSOlg5+i/vF3XxuR522V4u8BqO+Q=="
|
||||
},
|
||||
"node_modules/@types/prettier": {
|
||||
"version": "2.7.3",
|
||||
@@ -2342,21 +2355,20 @@
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/@typescript-eslint/eslint-plugin": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.2.0.tgz",
|
||||
"integrity": "sha512-rClGrMuyS/3j0ETa1Ui7s6GkLhfZGKZL3ZrChLeAiACBE/tRc1wq8SNZESUuluxhLj9FkUefRs2l6bCIArWBiQ==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.7.2.tgz",
|
||||
"integrity": "sha512-ooaHxlmSgZTM6CHYAFRlifqh1OAr3PAQEwi7lhYhaegbnXrnh7CDcHmc3+ihhbQC7H0i4JF0psI5ehzkF6Yl6Q==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@eslint-community/regexpp": "^4.5.1",
|
||||
"@typescript-eslint/scope-manager": "6.2.0",
|
||||
"@typescript-eslint/type-utils": "6.2.0",
|
||||
"@typescript-eslint/utils": "6.2.0",
|
||||
"@typescript-eslint/visitor-keys": "6.2.0",
|
||||
"@typescript-eslint/scope-manager": "6.7.2",
|
||||
"@typescript-eslint/type-utils": "6.7.2",
|
||||
"@typescript-eslint/utils": "6.7.2",
|
||||
"@typescript-eslint/visitor-keys": "6.7.2",
|
||||
"debug": "^4.3.4",
|
||||
"graphemer": "^1.4.0",
|
||||
"ignore": "^5.2.4",
|
||||
"natural-compare": "^1.4.0",
|
||||
"natural-compare-lite": "^1.4.0",
|
||||
"semver": "^7.5.4",
|
||||
"ts-api-utils": "^1.0.1"
|
||||
},
|
||||
@@ -2378,15 +2390,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser": {
|
||||
"version": "6.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.2.1.tgz",
|
||||
"integrity": "sha512-Ld+uL1kYFU8e6btqBFpsHkwQ35rw30IWpdQxgOqOh4NfxSDH6uCkah1ks8R/RgQqI5hHPXMaLy9fbFseIe+dIg==",
|
||||
"version": "6.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.6.0.tgz",
|
||||
"integrity": "sha512-setq5aJgUwtzGrhW177/i+DMLqBaJbdwGj2CPIVFFLE0NCliy5ujIdLHd2D1ysmlmsjdL2GWW+hR85neEfc12w==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/scope-manager": "6.2.1",
|
||||
"@typescript-eslint/types": "6.2.1",
|
||||
"@typescript-eslint/typescript-estree": "6.2.1",
|
||||
"@typescript-eslint/visitor-keys": "6.2.1",
|
||||
"@typescript-eslint/scope-manager": "6.6.0",
|
||||
"@typescript-eslint/types": "6.6.0",
|
||||
"@typescript-eslint/typescript-estree": "6.6.0",
|
||||
"@typescript-eslint/visitor-keys": "6.6.0",
|
||||
"debug": "^4.3.4"
|
||||
},
|
||||
"engines": {
|
||||
@@ -2406,13 +2418,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
|
||||
"version": "6.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.2.1.tgz",
|
||||
"integrity": "sha512-UCqBF9WFqv64xNsIEPfBtenbfodPXsJ3nPAr55mGPkQIkiQvgoWNo+astj9ZUfJfVKiYgAZDMnM6dIpsxUMp3Q==",
|
||||
"version": "6.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.6.0.tgz",
|
||||
"integrity": "sha512-pT08u5W/GT4KjPUmEtc2kSYvrH8x89cVzkA0Sy2aaOUIw6YxOIjA8ilwLr/1fLjOedX1QAuBpG9XggWqIIfERw==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.1",
|
||||
"@typescript-eslint/visitor-keys": "6.2.1"
|
||||
"@typescript-eslint/types": "6.6.0",
|
||||
"@typescript-eslint/visitor-keys": "6.6.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^16.0.0 || >=18.0.0"
|
||||
@@ -2423,9 +2435,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
|
||||
"version": "6.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.2.1.tgz",
|
||||
"integrity": "sha512-528bGcoelrpw+sETlyM91k51Arl2ajbNT9L4JwoXE2dvRe1yd8Q64E4OL7vHYw31mlnVsf+BeeLyAZUEQtqahQ==",
|
||||
"version": "6.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.6.0.tgz",
|
||||
"integrity": "sha512-CB6QpJQ6BAHlJXdwUmiaXDBmTqIE2bzGTDLADgvqtHWuhfNP3rAOK7kAgRMAET5rDRr9Utt+qAzRBdu3AhR3sg==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": "^16.0.0 || >=18.0.0"
|
||||
@@ -2436,13 +2448,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
|
||||
"version": "6.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.2.1.tgz",
|
||||
"integrity": "sha512-G+UJeQx9AKBHRQBpmvr8T/3K5bJa485eu+4tQBxFq0KoT22+jJyzo1B50JDT9QdC1DEmWQfdKsa8ybiNWYsi0Q==",
|
||||
"version": "6.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.6.0.tgz",
|
||||
"integrity": "sha512-hMcTQ6Al8MP2E6JKBAaSxSVw5bDhdmbCEhGW/V8QXkb9oNsFkA4SBuOMYVPxD3jbtQ4R/vSODBsr76R6fP3tbA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.1",
|
||||
"@typescript-eslint/visitor-keys": "6.2.1",
|
||||
"@typescript-eslint/types": "6.6.0",
|
||||
"@typescript-eslint/visitor-keys": "6.6.0",
|
||||
"debug": "^4.3.4",
|
||||
"globby": "^11.1.0",
|
||||
"is-glob": "^4.0.3",
|
||||
@@ -2463,12 +2475,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
|
||||
"version": "6.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.2.1.tgz",
|
||||
"integrity": "sha512-iTN6w3k2JEZ7cyVdZJTVJx2Lv7t6zFA8DCrJEHD2mwfc16AEvvBWVhbFh34XyG2NORCd0viIgQY1+u7kPI0WpA==",
|
||||
"version": "6.6.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.6.0.tgz",
|
||||
"integrity": "sha512-L61uJT26cMOfFQ+lMZKoJNbAEckLe539VhTxiGHrWl5XSKQgA0RTBZJW2HFPy5T0ZvPVSD93QsrTKDkfNwJGyQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.1",
|
||||
"@typescript-eslint/types": "6.6.0",
|
||||
"eslint-visitor-keys": "^3.4.1"
|
||||
},
|
||||
"engines": {
|
||||
@@ -2480,13 +2492,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/scope-manager": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.2.0.tgz",
|
||||
"integrity": "sha512-1ZMNVgm5nnHURU8ZSJ3snsHzpFeNK84rdZjluEVBGNu7jDymfqceB3kdIZ6A4xCfEFFhRIB6rF8q/JIqJd2R0Q==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.7.2.tgz",
|
||||
"integrity": "sha512-bgi6plgyZjEqapr7u2mhxGR6E8WCzKNUFWNh6fkpVe9+yzRZeYtDTbsIBzKbcxI+r1qVWt6VIoMSNZ4r2A+6Yw==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.0",
|
||||
"@typescript-eslint/visitor-keys": "6.2.0"
|
||||
"@typescript-eslint/types": "6.7.2",
|
||||
"@typescript-eslint/visitor-keys": "6.7.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^16.0.0 || >=18.0.0"
|
||||
@@ -2497,13 +2509,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/type-utils": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.2.0.tgz",
|
||||
"integrity": "sha512-DnGZuNU2JN3AYwddYIqrVkYW0uUQdv0AY+kz2M25euVNlujcN2u+rJgfJsBFlUEzBB6OQkUqSZPyuTLf2bP5mw==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.7.2.tgz",
|
||||
"integrity": "sha512-36F4fOYIROYRl0qj95dYKx6kybddLtsbmPIYNK0OBeXv2j9L5nZ17j9jmfy+bIDHKQgn2EZX+cofsqi8NPATBQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/typescript-estree": "6.2.0",
|
||||
"@typescript-eslint/utils": "6.2.0",
|
||||
"@typescript-eslint/typescript-estree": "6.7.2",
|
||||
"@typescript-eslint/utils": "6.7.2",
|
||||
"debug": "^4.3.4",
|
||||
"ts-api-utils": "^1.0.1"
|
||||
},
|
||||
@@ -2524,9 +2536,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/types": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.2.0.tgz",
|
||||
"integrity": "sha512-1nRRaDlp/XYJQLvkQJG5F3uBTno5SHPT7XVcJ5n1/k2WfNI28nJsvLakxwZRNY5spuatEKO7d5nZWsQpkqXwBA==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.7.2.tgz",
|
||||
"integrity": "sha512-flJYwMYgnUNDAN9/GAI3l8+wTmvTYdv64fcH8aoJK76Y+1FCZ08RtI5zDerM/FYT5DMkAc+19E4aLmd5KqdFyg==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": "^16.0.0 || >=18.0.0"
|
||||
@@ -2537,13 +2549,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/typescript-estree": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.2.0.tgz",
|
||||
"integrity": "sha512-Mts6+3HQMSM+LZCglsc2yMIny37IhUgp1Qe8yJUYVyO6rHP7/vN0vajKu3JvHCBIy8TSiKddJ/Zwu80jhnGj1w==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.7.2.tgz",
|
||||
"integrity": "sha512-kiJKVMLkoSciGyFU0TOY0fRxnp9qq1AzVOHNeN1+B9erKFCJ4Z8WdjAkKQPP+b1pWStGFqezMLltxO+308dJTQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.0",
|
||||
"@typescript-eslint/visitor-keys": "6.2.0",
|
||||
"@typescript-eslint/types": "6.7.2",
|
||||
"@typescript-eslint/visitor-keys": "6.7.2",
|
||||
"debug": "^4.3.4",
|
||||
"globby": "^11.1.0",
|
||||
"is-glob": "^4.0.3",
|
||||
@@ -2564,17 +2576,17 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/utils": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.2.0.tgz",
|
||||
"integrity": "sha512-RCFrC1lXiX1qEZN8LmLrxYRhOkElEsPKTVSNout8DMzf8PeWoQG7Rxz2SadpJa3VSh5oYKGwt7j7X/VRg+Y3OQ==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.7.2.tgz",
|
||||
"integrity": "sha512-ZCcBJug/TS6fXRTsoTkgnsvyWSiXwMNiPzBUani7hDidBdj1779qwM1FIAmpH4lvlOZNF3EScsxxuGifjpLSWQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@eslint-community/eslint-utils": "^4.4.0",
|
||||
"@types/json-schema": "^7.0.12",
|
||||
"@types/semver": "^7.5.0",
|
||||
"@typescript-eslint/scope-manager": "6.2.0",
|
||||
"@typescript-eslint/types": "6.2.0",
|
||||
"@typescript-eslint/typescript-estree": "6.2.0",
|
||||
"@typescript-eslint/scope-manager": "6.7.2",
|
||||
"@typescript-eslint/types": "6.7.2",
|
||||
"@typescript-eslint/typescript-estree": "6.7.2",
|
||||
"semver": "^7.5.4"
|
||||
},
|
||||
"engines": {
|
||||
@@ -2589,12 +2601,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/visitor-keys": {
|
||||
"version": "6.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.2.0.tgz",
|
||||
"integrity": "sha512-QbaYUQVKKo9bgCzpjz45llCfwakyoxHetIy8CAvYCtd16Zu1KrpzNHofwF8kGkpPOxZB2o6kz+0nqH8ZkIzuoQ==",
|
||||
"version": "6.7.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.7.2.tgz",
|
||||
"integrity": "sha512-uVw9VIMFBUTz8rIeaUT3fFe8xIUx8r4ywAdlQv1ifH+6acn/XF8Y6rwJ7XNmkNMDrTW+7+vxFFPIF40nJCVsMQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "6.2.0",
|
||||
"@typescript-eslint/types": "6.7.2",
|
||||
"eslint-visitor-keys": "^3.4.1"
|
||||
},
|
||||
"engines": {
|
||||
@@ -4043,9 +4055,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/esbuild-register": {
|
||||
"version": "3.4.2",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.4.2.tgz",
|
||||
"integrity": "sha512-kG/XyTDyz6+YDuyfB9ZoSIOOmgyFCH+xPRtsCa8W85HLRV5Csp+o3jWVbOSHgSLfyLc5DmP+KFDNwty4mEjC+Q==",
|
||||
"version": "3.5.0",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.5.0.tgz",
|
||||
"integrity": "sha512-+4G/XmakeBAsvJuDugJvtyF1x+XJT4FMocynNpxrvEBViirpfUn2PgNpCHedfWhF4WokNsO/OvMKrmJOIJsI5A==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"debug": "^4.3.4"
|
||||
@@ -4097,15 +4109,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/eslint": {
|
||||
"version": "8.46.0",
|
||||
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.46.0.tgz",
|
||||
"integrity": "sha512-cIO74PvbW0qU8e0mIvk5IV3ToWdCq5FYG6gWPHHkx6gNdjlbAYvtfHmlCMXxjcoVaIdwy/IAt3+mDkZkfvb2Dg==",
|
||||
"version": "8.48.0",
|
||||
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.48.0.tgz",
|
||||
"integrity": "sha512-sb6DLeIuRXxeM1YljSe1KEx9/YYeZFQWcV8Rq9HfigmdDEugjLEVEa1ozDjL6YDjBpQHPJxJzze+alxi4T3OLg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@eslint-community/eslint-utils": "^4.2.0",
|
||||
"@eslint-community/regexpp": "^4.6.1",
|
||||
"@eslint/eslintrc": "^2.1.1",
|
||||
"@eslint/js": "^8.46.0",
|
||||
"@eslint/eslintrc": "^2.1.2",
|
||||
"@eslint/js": "8.48.0",
|
||||
"@humanwhocodes/config-array": "^0.11.10",
|
||||
"@humanwhocodes/module-importer": "^1.0.1",
|
||||
"@nodelib/fs.walk": "^1.2.8",
|
||||
@@ -4116,7 +4128,7 @@
|
||||
"doctrine": "^3.0.0",
|
||||
"escape-string-regexp": "^4.0.0",
|
||||
"eslint-scope": "^7.2.2",
|
||||
"eslint-visitor-keys": "^3.4.2",
|
||||
"eslint-visitor-keys": "^3.4.3",
|
||||
"espree": "^9.6.1",
|
||||
"esquery": "^1.4.2",
|
||||
"esutils": "^2.0.2",
|
||||
@@ -4615,9 +4627,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/eslint-visitor-keys": {
|
||||
"version": "3.4.2",
|
||||
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.2.tgz",
|
||||
"integrity": "sha512-8drBzUEyZ2llkpCA67iYrgEssKDUu68V8ChqqOfFupIaG/LCVPUT+CoGJpT77zJprs4T/W7p07LP7zAIMuweVw==",
|
||||
"version": "3.4.3",
|
||||
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
|
||||
"integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
|
||||
@@ -5079,9 +5091,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/globals": {
|
||||
"version": "13.20.0",
|
||||
"resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
|
||||
"integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
|
||||
"version": "13.21.0",
|
||||
"resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
|
||||
"integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"type-fest": "^0.20.2"
|
||||
@@ -6924,12 +6936,6 @@
|
||||
"integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==",
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/natural-compare-lite": {
|
||||
"version": "1.4.0",
|
||||
"resolved": "https://registry.npmjs.org/natural-compare-lite/-/natural-compare-lite-1.4.0.tgz",
|
||||
"integrity": "sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g==",
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/node-fetch": {
|
||||
"version": "2.6.12",
|
||||
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.12.tgz",
|
||||
@@ -7560,9 +7566,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/prettier": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.1.tgz",
|
||||
"integrity": "sha512-fcOWSnnpCrovBsmFZIGIy9UqK2FaI7Hqax+DIO0A9UxeVoY4iweyaFjS5TavZN97Hfehph0nhsZnjlVKzEQSrQ==",
|
||||
"version": "3.0.2",
|
||||
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.2.tgz",
|
||||
"integrity": "sha512-o2YR9qtniXvwEZlOKbveKfDQVyqxbEIWn48Z8m3ZJjBjcCmUy3xZGIv+7AkaeuaTr6yPXJjwv07ZWlsWbEy1rQ==",
|
||||
"dev": true,
|
||||
"bin": {
|
||||
"prettier": "bin/prettier.cjs"
|
||||
@@ -9054,9 +9060,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/yaml": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
|
||||
"integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
|
||||
"version": "2.3.2",
|
||||
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.2.tgz",
|
||||
"integrity": "sha512-N/lyzTPaJasoDmfV7YTrYCI0G/3ivm/9wdG0aHuheKowWQwGTsK0Eoiw6utmzAnI6pkJa0DUVygvp3spqqEKXg==",
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
@@ -9101,9 +9107,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/zod": {
|
||||
"version": "3.21.4",
|
||||
"resolved": "https://registry.npmjs.org/zod/-/zod-3.21.4.tgz",
|
||||
"integrity": "sha512-m46AKbrzKVzOzs/DZgVnG5H55N1sv1M8qZU3A8RIKbs3mrACDNeIOeilDymVb2HdmP8uwshOCF4uJ8uM9rCqJw==",
|
||||
"version": "3.22.2",
|
||||
"resolved": "https://registry.npmjs.org/zod/-/zod-3.22.2.tgz",
|
||||
"integrity": "sha512-wvWkphh5WQsJbVk1tbx1l1Ly4yg+XecD+Mq280uBGt9wa5BKSWf4Mhp6GmrkPixhMxmabYY7RbzlwVP32pbGCg==",
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/colinhacks"
|
||||
}
|
||||
|
||||
+10
-10
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "dependency-review-action",
|
||||
"version": "3.0.7",
|
||||
"version": "3.1.0",
|
||||
"private": true,
|
||||
"description": "A GitHub Action for Dependency Review",
|
||||
"main": "lib/main.js",
|
||||
@@ -28,33 +28,33 @@
|
||||
"@actions/core": "^1.10.0",
|
||||
"@actions/github": "^5.1.1",
|
||||
"@octokit/plugin-retry": "^5.0.4",
|
||||
"@octokit/request-error": "^2.1.0",
|
||||
"@octokit/request-error": "^5.0.1",
|
||||
"ansi-styles": "^6.2.1",
|
||||
"got": "^13.0.0",
|
||||
"octokit": "^2.1.0",
|
||||
"packageurl-js": "^1.0.2",
|
||||
"spdx-expression-parse": "^3.0.1",
|
||||
"spdx-satisfies": "^5.0.1",
|
||||
"yaml": "^2.3.1",
|
||||
"zod": "^3.21.4"
|
||||
"yaml": "^2.3.2",
|
||||
"zod": "^3.22.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/jest": "^27.5.2",
|
||||
"@types/node": "^16.18.38",
|
||||
"@types/node": "^16.18.48",
|
||||
"@types/spdx-expression-parse": "^3.0.2",
|
||||
"@types/spdx-satisfies": "^0.1.0",
|
||||
"@typescript-eslint/eslint-plugin": "^6.2.0",
|
||||
"@typescript-eslint/parser": "^6.2.1",
|
||||
"@typescript-eslint/eslint-plugin": "^6.7.2",
|
||||
"@typescript-eslint/parser": "^6.6.0",
|
||||
"@vercel/ncc": "^0.36.1",
|
||||
"esbuild-register": "^3.4.2",
|
||||
"eslint": "^8.44.0",
|
||||
"esbuild-register": "^3.5.0",
|
||||
"eslint": "^8.48.0",
|
||||
"eslint-plugin-github": "^4.8.0",
|
||||
"eslint-plugin-jest": "^27.2.2",
|
||||
"eslint-plugin-prettier": "^5.0.0",
|
||||
"jest": "^27.5.1",
|
||||
"js-yaml": "^4.1.0",
|
||||
"nodemon": "^3.0.1",
|
||||
"prettier": "3.0.1",
|
||||
"prettier": "3.0.2",
|
||||
"ts-jest": "^27.1.4",
|
||||
"typescript": "^4.9.5"
|
||||
}
|
||||
|
||||
@@ -30,7 +30,9 @@ const defaultConfig: ConfigurationOptions = {
|
||||
'pkg:pip/certifi',
|
||||
'pkg:pip/pycrypto@2.6.1'
|
||||
],
|
||||
comment_summary_in_pr: true
|
||||
comment_summary_in_pr: true,
|
||||
retry_on_snapshot_warnings: false,
|
||||
retry_on_snapshot_warnings_timeout: 120
|
||||
}
|
||||
|
||||
const tmpDir = path.resolve(__dirname, '../tmp')
|
||||
|
||||
+16
-2
@@ -40,7 +40,13 @@ function readInlineConfig(): ConfigurationOptionsPartial {
|
||||
const vulnerability_check = getOptionalBoolean('vulnerability-check')
|
||||
const base_ref = getOptionalInput('base-ref')
|
||||
const head_ref = getOptionalInput('head-ref')
|
||||
const comment_summary_in_pr = getOptionalBoolean('comment-summary-in-pr')
|
||||
const comment_summary_in_pr = getOptionalInput('comment-summary-in-pr')
|
||||
const retry_on_snapshot_warnings = getOptionalBoolean(
|
||||
'retry-on-snapshot-warnings'
|
||||
)
|
||||
const retry_on_snapshot_warnings_timeout = getOptionalNumber(
|
||||
'retry-on-snapshot-warnings-timeout'
|
||||
)
|
||||
|
||||
validatePURL(allow_dependencies_licenses)
|
||||
validateLicenses('allow-licenses', allow_licenses)
|
||||
@@ -59,7 +65,9 @@ function readInlineConfig(): ConfigurationOptionsPartial {
|
||||
vulnerability_check,
|
||||
base_ref,
|
||||
head_ref,
|
||||
comment_summary_in_pr
|
||||
comment_summary_in_pr,
|
||||
retry_on_snapshot_warnings,
|
||||
retry_on_snapshot_warnings_timeout
|
||||
}
|
||||
|
||||
return Object.fromEntries(
|
||||
@@ -67,6 +75,12 @@ function readInlineConfig(): ConfigurationOptionsPartial {
|
||||
)
|
||||
}
|
||||
|
||||
function getOptionalNumber(name: string): number | undefined {
|
||||
const value = core.getInput(name)
|
||||
const parsed = z.string().regex(/^\d+$/).transform(Number).safeParse(value)
|
||||
return parsed.success ? parsed.data : undefined
|
||||
}
|
||||
|
||||
function getOptionalBoolean(name: string): boolean | undefined {
|
||||
const value = core.getInput(name)
|
||||
return value.length > 0 ? core.getBooleanInput(name) : undefined
|
||||
|
||||
+54
-8
@@ -18,18 +18,60 @@ import {groupDependenciesByManifest} from './utils'
|
||||
import {commentPr} from './comment-pr'
|
||||
import {getDeniedChanges} from './deny'
|
||||
|
||||
async function delay(ms: number): Promise<void> {
|
||||
return new Promise(resolve => setTimeout(resolve, ms))
|
||||
}
|
||||
|
||||
async function getComparison(
|
||||
baseRef: string,
|
||||
headRef: string,
|
||||
retryOpts?: {
|
||||
retryUntil: number
|
||||
retryDelay: number
|
||||
}
|
||||
): ReturnType<typeof dependencyGraph.compare> {
|
||||
const comparison = await dependencyGraph.compare({
|
||||
owner: github.context.repo.owner,
|
||||
repo: github.context.repo.repo,
|
||||
baseRef,
|
||||
headRef
|
||||
})
|
||||
|
||||
if (comparison.snapshot_warnings.trim() !== '') {
|
||||
core.info(comparison.snapshot_warnings)
|
||||
if (retryOpts !== undefined) {
|
||||
if (retryOpts.retryUntil < Date.now()) {
|
||||
core.info(`Retry timeout exceeded. Proceeding...`)
|
||||
return comparison
|
||||
} else {
|
||||
core.info(`Retrying in ${retryOpts.retryDelay} seconds...`)
|
||||
await delay(retryOpts.retryDelay * 1000)
|
||||
return getComparison(baseRef, headRef, retryOpts)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return comparison
|
||||
}
|
||||
|
||||
async function run(): Promise<void> {
|
||||
try {
|
||||
const config = await readConfig()
|
||||
|
||||
const refs = getRefs(config, github.context)
|
||||
|
||||
const comparison = await dependencyGraph.compare({
|
||||
owner: github.context.repo.owner,
|
||||
repo: github.context.repo.repo,
|
||||
baseRef: refs.base,
|
||||
headRef: refs.head
|
||||
})
|
||||
const comparison = await getComparison(
|
||||
refs.base,
|
||||
refs.head,
|
||||
config.retry_on_snapshot_warnings
|
||||
? {
|
||||
retryUntil:
|
||||
Date.now() + config.retry_on_snapshot_warnings_timeout * 1000,
|
||||
retryDelay: 10
|
||||
}
|
||||
: undefined
|
||||
)
|
||||
|
||||
const changes = comparison.changes
|
||||
const snapshot_warnings = comparison.snapshot_warnings
|
||||
|
||||
@@ -81,7 +123,7 @@ async function run(): Promise<void> {
|
||||
)
|
||||
|
||||
if (snapshot_warnings) {
|
||||
summary.addSnapshotWarnings(snapshot_warnings)
|
||||
summary.addSnapshotWarnings(config, snapshot_warnings)
|
||||
}
|
||||
|
||||
if (config.vulnerability_check) {
|
||||
@@ -99,7 +141,11 @@ async function run(): Promise<void> {
|
||||
|
||||
summary.addScannedDependencies(changes)
|
||||
printScannedDependencies(changes)
|
||||
if (config.comment_summary_in_pr) {
|
||||
if (
|
||||
config.comment_summary_in_pr === 'always' ||
|
||||
(config.comment_summary_in_pr === 'on-failure' &&
|
||||
process.exitCode === core.ExitCode.Failure)
|
||||
) {
|
||||
await commentPr(core.summary)
|
||||
}
|
||||
} catch (error) {
|
||||
|
||||
+19
-1
@@ -49,7 +49,25 @@ export const ConfigurationOptionsSchema = z
|
||||
config_file: z.string().optional(),
|
||||
base_ref: z.string().optional(),
|
||||
head_ref: z.string().optional(),
|
||||
comment_summary_in_pr: z.boolean().default(false)
|
||||
retry_on_snapshot_warnings: z.boolean().default(false),
|
||||
retry_on_snapshot_warnings_timeout: z.number().default(120),
|
||||
comment_summary_in_pr: z
|
||||
.union([
|
||||
z.preprocess(
|
||||
val => (val === 'true' ? true : val === 'false' ? false : val),
|
||||
z.boolean()
|
||||
),
|
||||
z.enum(['always', 'never', 'on-failure'])
|
||||
])
|
||||
.default('never')
|
||||
})
|
||||
.transform(config => {
|
||||
if (config.comment_summary_in_pr === true) {
|
||||
config.comment_summary_in_pr = 'always'
|
||||
} else if (config.comment_summary_in_pr === false) {
|
||||
config.comment_summary_in_pr = 'never'
|
||||
}
|
||||
return config
|
||||
})
|
||||
.superRefine((config, context) => {
|
||||
if (config.allow_licenses && config.deny_licenses) {
|
||||
|
||||
+24
-11
@@ -231,21 +231,34 @@ export function addScannedDependencies(changes: Changes): void {
|
||||
}
|
||||
}
|
||||
|
||||
export function addSnapshotWarnings(warnings: string): void {
|
||||
// For now, we want to ignore warnings that just complain
|
||||
// about missing snapshots on the head SHA. This is a product
|
||||
// decision to avoid presenting warnings to users who simply
|
||||
// don't use snapshots.
|
||||
const ignore_regex = new RegExp(/No.*snapshot.*found.*head.*/, 'i')
|
||||
if (ignore_regex.test(warnings)) {
|
||||
return
|
||||
function snapshotWarningRecommendation(
|
||||
config: ConfigurationOptions,
|
||||
warnings: string
|
||||
): string {
|
||||
const no_pr_snaps = warnings.includes(
|
||||
'No snapshots were found for the head SHA'
|
||||
)
|
||||
const retries_disabled = !config.retry_on_snapshot_warnings
|
||||
if (no_pr_snaps && retries_disabled) {
|
||||
return 'Ensure that dependencies are being submitted on PR branches and consider enabling <em>retry-on-snapshot-warnings</em>.'
|
||||
} else if (no_pr_snaps) {
|
||||
return 'Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue.'
|
||||
} else if (retries_disabled) {
|
||||
return 'Consider enabling <em>retry-on-snapshot-warnings</em>.'
|
||||
}
|
||||
return 'Re-running this action after a short time may resolve the issue.'
|
||||
}
|
||||
|
||||
export function addSnapshotWarnings(
|
||||
config: ConfigurationOptions,
|
||||
warnings: string
|
||||
): void {
|
||||
core.summary.addHeading('Snapshot Warnings', 2)
|
||||
core.summary.addQuote(`${icons.warning}: ${warnings}`)
|
||||
core.summary.addRaw(
|
||||
'Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.'
|
||||
)
|
||||
const recommendation = snapshotWarningRecommendation(config, warnings)
|
||||
const docsLink =
|
||||
'See <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together">the documentation</a> for more information and troubleshooting advice.'
|
||||
core.summary.addRaw(`${recommendation} ${docsLink}`)
|
||||
}
|
||||
|
||||
function countLicenseIssues(
|
||||
|
||||
Reference in New Issue
Block a user