nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
57 Commits 1 Branch 2 Tags
8a4cabf41ac284ca797cb0cc4b2f74ff3bdc9b62
Commit Graph

57 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Naoki Oketani
8a4cabf41a update version 2020-12-12 12:04:36 +00:00
Naoki Oketani
8851061b81 run npm run all 2020-12-12 12:01:55 +00:00
sgkiokas
c4cd169835 feat: add the ability to run with '--json' and output the result (#78) 
* addition-of-json-flag

* Set output of npn audit
 2020-12-12 20:56:05 +09:00
Naoki Oketani
3868af0215 update README & npm run all 2020-11-12 10:45:24 +00:00
Naoki Oketani
56422b6d5a 1.6.0 2020-11-12 10:39:09 +00:00
sgkiokas
42e6d27a29 feat: add the ability to run with '--production' (#75) 
* feat: add the ability to run with '--production'

Adding the config options to run npm audit with the --production flag.

Contributes to: #74

Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>

* fix: add tests

Adding the relevant tests for the new production flag.

Contributes to: #74

Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>
 2020-11-12 19:33:56 +09:00
dependabot[bot]
107a3c4a4a Bump @actions/core from 1.2.5 to 1.2.6 (#71) 
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-10-14 20:05:40 +09:00
Naoki Oketani
86587558c6 use v1.5.2 2020-09-11 13:08:07 +00:00
Naoki Oketani
69250ddba0 1.5.2 2020-09-11 13:05:56 +00:00
Naoki Oketani
7b23c85c0d npm audit fix & npm update (#70) 
* npm audit fix & modify eslint rules

* update axios, @types/jest, eslint-plugin-jest

* update @octokit/rest, @typescript-eslint/parser

* update @actions/github
 2020-09-11 22:04:02 +09:00
Naoki Oketani
75b171622a v1.5.1 (#68) 
* run `npm audit fix`

* run `npm run all`

* 1.5.1

* use v1.5.1
 2020-07-14 19:14:55 +09:00
Spencer Small
b0bc596f8e Catch errors thrown by Audit.run and increase child process buffer size (#67) 
* Audit.run does not need to be async

* Set max buffer size for npm audit subprocess to 10MiB
 2020-07-14 18:59:28 +09:00
Naoki Oketani
4adc177da9 add Dockerfile to use VSCode Remote Container 2020-06-06 11:02:15 +00:00
Naoki Oketani
f6ba9be9cf update example & daily scan to use v1.5.0 with dedupe_issues=true 2020-05-28 07:24:52 +09:00
Naoki Oketani
711840e936 1.5.0 2020-05-28 07:20:05 +09:00
Spencer Small
261cbab716 Support de-duping issues (#65) 
* De-dupe against open issues when dedupe_issues = true

* Update README

* Fix compile errors

* Add unit tests for issue.ts
 2020-05-28 07:18:45 +09:00
Naoki Oketani
1c3165e2f5 update action.yml to support working_directory 2020-05-23 16:26:33 +09:00
Naoki Oketani
94ec1a79c4 update README.md 2020-05-23 16:13:09 +09:00
Naoki Oketani
6ca4ad598e bump version to v1.4.0 2020-05-23 16:10:57 +09:00
Naoki Oketani
5209022168 support different working directory (#64) 
* support different working directory

* validate working_directory
 2020-05-23 15:59:51 +09:00
Naoki Oketani
277fc872da update dependencies (#63) 
* npm update

* npm i jest@26.0.1 jest-circus@26.0.1 ts-jest@26.0.0

* npm i @types/node@14.0.5

* npm i eslint@7.1.0 @typescript-eslint/parser@3.0.0
 2020-05-23 15:06:32 +09:00
Naoki Oketani
161485c040 update @octokit/rest from 16.43.1 to 17.9.2 (#62) 2020-05-23 14:46:31 +09:00
Naoki Oketani
49b1b8cc78 bump version to v1.3.1 2020-04-30 07:59:06 +09:00
Naoki Oketani
8e21576306 npm update dependencies (#59) 
* npm update

- @types/jest
- @types/node
- @typescript-eslint/parser
- @zeit/ncc jest
- jest-circus
- prettier
- ts-jest

* npm run all

* npm update graphql
 2020-04-30 07:43:27 +09:00
dependabot[bot]
081ab6e55a Bump @actions/http-client from 1.0.6 to 1.0.8 (#58) 
Bumps [@actions/http-client](https://github.com/actions/http-client) from 1.0.6 to 1.0.8.
- [Release notes](https://github.com/actions/http-client/releases)
- [Changelog](https://github.com/actions/http-client/blob/master/RELEASES.md)
- [Commits](https://github.com/actions/http-client/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-04-30 07:26:41 +09:00
Naoki Oketani
79bd1d007d npm update (#56) 
* npm update

* update prettier to ^2.0.2

* npm run all

* update @zeit/ncc to ^0.22.0
 2020-03-29 19:57:04 +09:00
Naoki Oketani
ad3449ef9c filter vulnerabilities by audit_level (#55) 
* filter vulnerabilities by audit_level

* update README.md

* fix test cases

* restrict audit_level value

* update dist/index.js
 2020-03-21 07:08:53 +09:00
Naoki Oketani
4d8769971b Refactor (#54) 
* run `npm ci` instead of `npm install` for PR build

* bump version

* return Promise for test mock
 2020-03-19 17:46:36 +09:00
Naoki Oketani
f654b1dd0a fresh install jest, eslint (#53) 
* fresh install jest, eslint

* npm run all
 2020-03-19 17:35:08 +09:00
Naoki Oketani
6ffbb041ac npm audit fix (#52) 2020-03-19 06:47:39 +09:00
Naoki Oketani
3b7b95bf4a update npm-audit-action to v1.2.0 (#50) 2020-03-14 20:35:30 +09:00
Naoki Oketani
56cc033b69 update eslint-plugin-github (#48) 
* update eslint-plugin-github

* remove non-existent eslint rules

* fix a lint error
 2020-03-14 19:21:06 +09:00
Naoki Oketani
7f304403a6 update eslint-plugin-jest (#47) 2020-03-14 18:56:55 +09:00
Naoki Oketani
dcb39c0a56 update @actions/github and @octokit/rest (#46) 2020-03-14 18:04:03 +09:00
Naoki Oketani
a0e0b47fa7 update outdated dependencies(yellow) except for @actions/github, eslint-plugin-* (#45) 2020-03-14 17:17:25 +09:00
Naoki Oketani
4df977494a update outdated dependencies(red) except for @octokit/rest (#44) 2020-03-14 16:50:32 +09:00
Naoki Oketani
a908d1f578 update eslint to 6.8.0 to fix vulnerabilities (#42) 
* update eslint to 6.8.0 to fix vulnerabilities

* npm install --save-dev jest@25.1.0

* npm install --save-dev @types/jest@25.1.4
 2020-03-14 16:16:42 +09:00
Naoki Oketani
ba4e9c22fd Action should fail if child_process causes an error (#41) 2020-03-14 15:46:51 +09:00
Naoki Oketani
6c003b8ee4 update actions/checkout to v2 (#37) 2020-01-27 20:48:43 +09:00
Naoki Oketani
02cdae80b6 Action fails always if vulnerabilities are found (#35) 2020-01-09 18:59:40 +09:00
Naoki Oketani
4894ae0aad Update README (#33) 2019-12-15 10:49:06 +09:00
Naoki Oketani
a6b5113465 Correct test case 2019-12-14 21:08:54 +09:00
Naoki Oketani
0e9661d4a3 Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00
Naoki Oketani
a0a6093710 add unit test and cleanup (#28) 
* remove unnessary import

* use mock for child_process.spawnSync()

* document useful resources

* use v1.1.0 for daily scan
 2019-12-13 16:09:10 +09:00
Naoki Oketani
3e659c8c99 use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
Naoki Oketani
ac19a7500b set branding (#23) 
* echo $GITHUB_CONTEXT

* set branding
 2019-12-10 18:48:15 +09:00
Naoki Oketani
2e5ad3c2cf Creates an issue even if inputs.issue_labels is not given (#21) 
* Creates an issue even if inputs.issue_labels is not given

* 1.0.0

* Use v1.0.0 in example, daily scan
 2019-12-09 22:49:41 +09:00
Naoki Oketani
be0cdcbe10 add test for issue option (#20) 2019-12-09 21:31:55 +09:00
Naoki Oketani
4b8e261c55 Execute daily scan (#19) 
* Update README.md

* run `npm audit` daily
 2019-12-09 19:59:47 +09:00
Naoki Oketani
8b1b45628f Measure test coverage (#16) 
* define npm run coverage

* Revert "define npm run coverage"

This reverts commit 32133d33412105d167226ac31c4f7875f85716ab.

* use coverallsapp/github-action@master

* Give --coverage option to npm test

* Add coveralls badge
 2019-12-09 16:00:28 +09:00