nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
111 Commits 1 Branch 2 Tags
7bba30322134385364ba3f5509e00a4e1b1e2591
Commit Graph

52 Commits

Author SHA1 Message Date
Naoki Oketani
c9382a0fb4 update @actions/core not to use deprecated commands 
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2022-12-10 21:53:13 +09:00
Snyk bot
317d6dc36c fix: package.json & package-lock.json to reduce vulnerabilities (#129) 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ACTIONSCORE-2980270
 2022-08-15 12:02:11 +09:00
Naoki Oketani
c2ee44bdb9 update dependencies (#126) 
* update dependencies

* update devDependencies
 2022-07-09 18:36:20 +09:00
Naoki Oketani
fb1ae3934f 2.3.0 2022-07-09 18:12:31 +09:00
Naoki Oketani
b3151e9e51 2.2.0 2022-05-12 07:45:34 +09:00
Naoki Oketani
c0410c237f Adds 'info', 'none' as a valid argument for audit-level (#120) 
* Adds 'info', 'none' as a valid argument for audit-level

* 2.1.0
 2022-04-12 08:19:34 +09:00
Naoki Oketani
e3662da326 Update default runtime to node16 (#118) 
* Update default runtime to node16

* update dependencies

* 2.0.0
 2022-03-26 15:31:24 +09:00
Naoki Oketani
02cb9c4d3b fix CVE-2022-0235 (#108) 
* npm audit fix

* npm run all

* 1.8.4

* update README and daily action to use v1.8.4
 2022-01-25 12:30:57 +09:00
Naoki Oketani
8196a9cc90 Release v1.8.3 (#105) 
* 1.8.3

* update README and daily action to use v1.8.3
 2022-01-15 18:33:23 +09:00
Naoki Oketani
b58fe17512 Release v1.8.2 (#101) 
* 1.8.2

* update README and daily action to use v1.8.2
 2021-10-16 18:26:12 +09:00
Naoki Oketani
303bff6b61 Bump axios from 0.21.4 to 0.23.0 (#100) 2021-10-16 18:21:41 +09:00
Naoki Oketani
5d929bbe92 update devDependencies (#99) 
* Bump jest, jest-circus from 27.2.2 to 27.2.5

* Bump ts-jest from 27.0.5 to 27.0.6

* Bump graphql from 15.5.0 to 15.6.1

* Bump eslint-plugin-github from 4.3.0 to 4.3.2

* Bump eslint-plugin-jest from 24.4.2 to 25.2.1

* Bump typescript from 3.9.7 to 3.9.10

* Bump @types/node from 14.14.20 to 14.17.27
 2021-10-16 18:15:34 +09:00
Naoki Oketani
e3228ef09e Bump axios from 0.21.2 to 0.21.4 (#97) 2021-10-10 12:36:10 +09:00
Naoki Oketani
e434d1ce70 update dependencies (#96) 
* Bump @actions/core from 1.3.0 to 1.6.0

* Bump @actions/github from 4.0.0 to 5.0.0

* Bump @octokit/rest from 18.5.6 to 18.12.0

* Bump strip-ansi from 6.0.0 to 6.0.1
 2021-10-09 12:22:18 +09:00
Naoki Oketani
9d3f4c8708 Bump patch verstion to 1.8.1 2021-10-08 21:21:58 +09:00
Naoki Oketani
b279a61c36 Bump minor version to 1.8.0 2021-10-03 09:28:58 +09:00
Naoki Oketani
cf7f895e0d Bump patch version to 1.7.4 2021-09-26 21:36:59 +09:00
Naoki Oketani
5b1038c826 update dependencies (#89) 
* Bump ansi-regex from 5.0.0 to 5.0.1 (fix CVE-2021-3807)

* Bump tmpl from 1.0.4 to 1.0.5 (fix CVE-2021-3777)

* update: eslint related dependencies

* chore: replace deprecated @zeit/ncc with @vercel/ncc
 2021-09-26 21:33:48 +09:00
dependabot[bot]
e285e411e1 Bump axios from 0.21.1 to 0.21.2 (#88) 
Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-26 20:14:36 +09:00
Naoki Oketani
5d4cffea6d fix dependencies' vulnerabilities (#86) 
* [fix] `npm audit fix`

* [fix] `npm update`

* [fix] update jest, jest-circus, ts-jest

* 1.7.3
 2021-06-03 07:45:50 +09:00
Naoki Oketani
1f505b760c 1.7.2 2021-05-09 17:24:03 +09:00
Naoki Oketani
9cc679ca2e upgrade(modules): npm update $module 2021-01-06 14:57:25 +09:00
Naoki Oketani
5838edf6c1 upgrade(package.json): npm version 1.7.1 2021-01-06 13:49:13 +09:00
dependabot[bot]
c2f20e6961 Bump axios from 0.20.0 to 0.21.1 (#81) 
Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-01-06 13:19:17 +09:00
Naoki Oketani
7589e29148 1.7.0 2020-12-12 12:06:19 +00:00
Naoki Oketani
56422b6d5a 1.6.0 2020-11-12 10:39:09 +00:00
dependabot[bot]
107a3c4a4a Bump @actions/core from 1.2.5 to 1.2.6 (#71) 
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-10-14 20:05:40 +09:00
Naoki Oketani
69250ddba0 1.5.2 2020-09-11 13:05:56 +00:00
Naoki Oketani
7b23c85c0d npm audit fix & npm update (#70) 
* npm audit fix & modify eslint rules

* update axios, @types/jest, eslint-plugin-jest

* update @octokit/rest, @typescript-eslint/parser

* update @actions/github
 2020-09-11 22:04:02 +09:00
Naoki Oketani
75b171622a v1.5.1 (#68) 
* run `npm audit fix`

* run `npm run all`

* 1.5.1

* use v1.5.1
 2020-07-14 19:14:55 +09:00
Naoki Oketani
711840e936 1.5.0 2020-05-28 07:20:05 +09:00
Naoki Oketani
6ca4ad598e bump version to v1.4.0 2020-05-23 16:10:57 +09:00
Naoki Oketani
277fc872da update dependencies (#63) 
* npm update

* npm i jest@26.0.1 jest-circus@26.0.1 ts-jest@26.0.0

* npm i @types/node@14.0.5

* npm i eslint@7.1.0 @typescript-eslint/parser@3.0.0
 2020-05-23 15:06:32 +09:00
Naoki Oketani
161485c040 update @octokit/rest from 16.43.1 to 17.9.2 (#62) 2020-05-23 14:46:31 +09:00
Naoki Oketani
49b1b8cc78 bump version to v1.3.1 2020-04-30 07:59:06 +09:00
Naoki Oketani
8e21576306 npm update dependencies (#59) 
* npm update

- @types/jest
- @types/node
- @typescript-eslint/parser
- @zeit/ncc jest
- jest-circus
- prettier
- ts-jest

* npm run all

* npm update graphql
 2020-04-30 07:43:27 +09:00
Naoki Oketani
79bd1d007d npm update (#56) 
* npm update

* update prettier to ^2.0.2

* npm run all

* update @zeit/ncc to ^0.22.0
 2020-03-29 19:57:04 +09:00
Naoki Oketani
ad3449ef9c filter vulnerabilities by audit_level (#55) 
* filter vulnerabilities by audit_level

* update README.md

* fix test cases

* restrict audit_level value

* update dist/index.js
 2020-03-21 07:08:53 +09:00
Naoki Oketani
4d8769971b Refactor (#54) 
* run `npm ci` instead of `npm install` for PR build

* bump version

* return Promise for test mock
 2020-03-19 17:46:36 +09:00
Naoki Oketani
56cc033b69 update eslint-plugin-github (#48) 
* update eslint-plugin-github

* remove non-existent eslint rules

* fix a lint error
 2020-03-14 19:21:06 +09:00
Naoki Oketani
7f304403a6 update eslint-plugin-jest (#47) 2020-03-14 18:56:55 +09:00
Naoki Oketani
dcb39c0a56 update @actions/github and @octokit/rest (#46) 2020-03-14 18:04:03 +09:00
Naoki Oketani
a0e0b47fa7 update outdated dependencies(yellow) except for @actions/github, eslint-plugin-* (#45) 2020-03-14 17:17:25 +09:00
Naoki Oketani
4df977494a update outdated dependencies(red) except for @octokit/rest (#44) 2020-03-14 16:50:32 +09:00
Naoki Oketani
a908d1f578 update eslint to 6.8.0 to fix vulnerabilities (#42) 
* update eslint to 6.8.0 to fix vulnerabilities

* npm install --save-dev jest@25.1.0

* npm install --save-dev @types/jest@25.1.4
 2020-03-14 16:16:42 +09:00
Naoki Oketani
3e659c8c99 use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
Naoki Oketani
2e5ad3c2cf Creates an issue even if inputs.issue_labels is not given (#21) 
* Creates an issue even if inputs.issue_labels is not given

* 1.0.0

* Use v1.0.0 in example, daily scan
 2019-12-09 22:49:41 +09:00
Naoki Oketani
8b1b45628f Measure test coverage (#16) 
* define npm run coverage

* Revert "define npm run coverage"

This reverts commit 32133d33412105d167226ac31c4f7875f85716ab.

* use coverallsapp/github-action@master

* Give --coverage option to npm test

* Add coveralls badge
 2019-12-09 16:00:28 +09:00
Naoki Oketani
dcded27633 0.1.0 2019-12-09 13:12:46 +09:00
Naoki Oketani
02e2cee4ed Open a GitHub Issue if vulnerabilities are found (#8) 
* Get GitHub access token from input

* install npm package

* fix TypeScript error to successfully build

ref: https://github.com/actions/toolkit/issues/199

* npm i strip-ansi to remove control characters

* create an issue

* use template literal to pass lint

* npm run format; npm run lint

* use inputs.issue_title as issue title

* document inputs.issue_title

* add inputs.issue_title
 2019-12-09 08:51:14 +09:00