nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
78 Commits 1 Branch 2 Tags
9d3f4c87087e2ddf745726e415556fdf203ef3f6
Commit Graph

78 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Naoki Oketani
9d3f4c8708 Bump patch verstion to 1.8.1 2021-10-08 21:21:58 +09:00
Naoki Oketani
1595df392b chore: format by prettier 2021-10-08 21:20:06 +09:00
Pavish Kumar
9e9a90b41e Retain spaces within label (#95) 2021-10-08 21:17:46 +09:00
Naoki Oketani
b279a61c36 Bump minor version to 1.8.0 2021-10-03 09:28:58 +09:00
Naoki Oketani
47dbb726b6 feature: support create_issues, create_pr_comments flag (#93) 
* doc: support new parameter create_issues, create_pr_comments

* feature: support create_pr_comments flag

* feature: support create_issues flag
 2021-10-03 09:26:16 +09:00
Naoki Oketani
2d35348be4 chore: fix a broken link in README (#92) 
* chore: fix a broken link in README

* chore: fix branch name
 2021-10-02 21:51:01 +09:00
Naoki Oketani
cf7f895e0d Bump patch version to 1.7.4 2021-09-26 21:36:59 +09:00
Naoki Oketani
5b1038c826 update dependencies (#89) 
* Bump ansi-regex from 5.0.0 to 5.0.1 (fix CVE-2021-3807)

* Bump tmpl from 1.0.4 to 1.0.5 (fix CVE-2021-3777)

* update: eslint related dependencies

* chore: replace deprecated @zeit/ncc with @vercel/ncc
 2021-09-26 21:33:48 +09:00
dependabot[bot]
e285e411e1 Bump axios from 0.21.1 to 0.21.2 (#88) 
Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-26 20:14:36 +09:00
Joshua Nelson
dc855337b2 Fix name of github_token parameter (#87) 
It was correctly `github_token` in the code and examples, but it was shown as `token` in the docs.
 2021-08-20 21:04:20 +09:00
Naoki Oketani
5d4cffea6d fix dependencies' vulnerabilities (#86) 
* [fix] `npm audit fix`

* [fix] `npm update`

* [fix] update jest, jest-circus, ts-jest

* 1.7.3
 2021-06-03 07:45:50 +09:00
Naoki Oketani
47ffa59342 update: scan v1.7.2 2021-05-09 17:25:00 +09:00
Naoki Oketani
1f505b760c 1.7.2 2021-05-09 17:24:03 +09:00
Naoki Oketani
9ceef494c8 chore: run npm update (#83) 2021-05-03 14:36:46 +09:00
Naoki Oketani
9cc679ca2e upgrade(modules): npm update $module 2021-01-06 14:57:25 +09:00
Naoki Oketani
6410ad94e8 upgrade(modules): run npm run all 2021-01-06 13:49:28 +09:00
Naoki Oketani
5838edf6c1 upgrade(package.json): npm version 1.7.1 2021-01-06 13:49:13 +09:00
Naoki Oketani
ddca8d247d docs: use 1.7.1 in the sample 2021-01-06 13:21:27 +09:00
dependabot[bot]
c2f20e6961 Bump axios from 0.20.0 to 0.21.1 (#81) 
Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-01-06 13:19:17 +09:00
dependabot[bot]
c533e58b0c Bump node-notifier from 8.0.0 to 8.0.1 (#79) 
Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1.
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](https://github.com/mikaelbr/node-notifier/compare/v8.0.0...v8.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-12-22 20:50:31 +09:00
Naoki Oketani
7589e29148 1.7.0 2020-12-12 12:06:19 +00:00
Naoki Oketani
8a4cabf41a update version 2020-12-12 12:04:36 +00:00
Naoki Oketani
8851061b81 run npm run all 2020-12-12 12:01:55 +00:00
sgkiokas
c4cd169835 feat: add the ability to run with '--json' and output the result (#78) 
* addition-of-json-flag

* Set output of npn audit
 2020-12-12 20:56:05 +09:00
Naoki Oketani
3868af0215 update README & npm run all 2020-11-12 10:45:24 +00:00
Naoki Oketani
56422b6d5a 1.6.0 2020-11-12 10:39:09 +00:00
sgkiokas
42e6d27a29 feat: add the ability to run with '--production' (#75) 
* feat: add the ability to run with '--production'

Adding the config options to run npm audit with the --production flag.

Contributes to: #74

Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>

* fix: add tests

Adding the relevant tests for the new production flag.

Contributes to: #74

Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>
 2020-11-12 19:33:56 +09:00
dependabot[bot]
107a3c4a4a Bump @actions/core from 1.2.5 to 1.2.6 (#71) 
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-10-14 20:05:40 +09:00
Naoki Oketani
86587558c6 use v1.5.2 2020-09-11 13:08:07 +00:00
Naoki Oketani
69250ddba0 1.5.2 2020-09-11 13:05:56 +00:00
Naoki Oketani
7b23c85c0d npm audit fix & npm update (#70) 
* npm audit fix & modify eslint rules

* update axios, @types/jest, eslint-plugin-jest

* update @octokit/rest, @typescript-eslint/parser

* update @actions/github
 2020-09-11 22:04:02 +09:00
Naoki Oketani
75b171622a v1.5.1 (#68) 
* run `npm audit fix`

* run `npm run all`

* 1.5.1

* use v1.5.1
 2020-07-14 19:14:55 +09:00
Spencer Small
b0bc596f8e Catch errors thrown by Audit.run and increase child process buffer size (#67) 
* Audit.run does not need to be async

* Set max buffer size for npm audit subprocess to 10MiB
 2020-07-14 18:59:28 +09:00
Naoki Oketani
4adc177da9 add Dockerfile to use VSCode Remote Container 2020-06-06 11:02:15 +00:00
Naoki Oketani
f6ba9be9cf update example & daily scan to use v1.5.0 with dedupe_issues=true 2020-05-28 07:24:52 +09:00
Naoki Oketani
711840e936 1.5.0 2020-05-28 07:20:05 +09:00
Spencer Small
261cbab716 Support de-duping issues (#65) 
* De-dupe against open issues when dedupe_issues = true

* Update README

* Fix compile errors

* Add unit tests for issue.ts
 2020-05-28 07:18:45 +09:00
Naoki Oketani
1c3165e2f5 update action.yml to support working_directory 2020-05-23 16:26:33 +09:00
Naoki Oketani
94ec1a79c4 update README.md 2020-05-23 16:13:09 +09:00
Naoki Oketani
6ca4ad598e bump version to v1.4.0 2020-05-23 16:10:57 +09:00
Naoki Oketani
5209022168 support different working directory (#64) 
* support different working directory

* validate working_directory
 2020-05-23 15:59:51 +09:00
Naoki Oketani
277fc872da update dependencies (#63) 
* npm update

* npm i jest@26.0.1 jest-circus@26.0.1 ts-jest@26.0.0

* npm i @types/node@14.0.5

* npm i eslint@7.1.0 @typescript-eslint/parser@3.0.0
 2020-05-23 15:06:32 +09:00
Naoki Oketani
161485c040 update @octokit/rest from 16.43.1 to 17.9.2 (#62) 2020-05-23 14:46:31 +09:00
Naoki Oketani
49b1b8cc78 bump version to v1.3.1 2020-04-30 07:59:06 +09:00
Naoki Oketani
8e21576306 npm update dependencies (#59) 
* npm update

- @types/jest
- @types/node
- @typescript-eslint/parser
- @zeit/ncc jest
- jest-circus
- prettier
- ts-jest

* npm run all

* npm update graphql
 2020-04-30 07:43:27 +09:00
dependabot[bot]
081ab6e55a Bump @actions/http-client from 1.0.6 to 1.0.8 (#58) 
Bumps [@actions/http-client](https://github.com/actions/http-client) from 1.0.6 to 1.0.8.
- [Release notes](https://github.com/actions/http-client/releases)
- [Changelog](https://github.com/actions/http-client/blob/master/RELEASES.md)
- [Commits](https://github.com/actions/http-client/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-04-30 07:26:41 +09:00
Naoki Oketani
79bd1d007d npm update (#56) 
* npm update

* update prettier to ^2.0.2

* npm run all

* update @zeit/ncc to ^0.22.0
 2020-03-29 19:57:04 +09:00
Naoki Oketani
ad3449ef9c filter vulnerabilities by audit_level (#55) 
* filter vulnerabilities by audit_level

* update README.md

* fix test cases

* restrict audit_level value

* update dist/index.js
 2020-03-21 07:08:53 +09:00
Naoki Oketani
4d8769971b Refactor (#54) 
* run `npm ci` instead of `npm install` for PR build

* bump version

* return Promise for test mock
 2020-03-19 17:46:36 +09:00
Naoki Oketani
f654b1dd0a fresh install jest, eslint (#53) 
* fresh install jest, eslint

* npm run all
 2020-03-19 17:35:08 +09:00