nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
106 Commits 1 Branch 2 Tags
a836f2ae99a2b3da7f57651faa812829d30e2b93
Commit Graph

106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Naoki Oketani
a836f2ae99 Merge pull request #131 from oke-py/deprecated-command 
update @actions/core not to use deprecated commands
 2022-12-10 22:02:30 +09:00
Naoki Oketani
0dd0e42c47 build: npm run all 2022-12-10 21:58:11 +09:00
Naoki Oketani
c9382a0fb4 update @actions/core not to use deprecated commands 
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2022-12-10 21:53:13 +09:00
Snyk bot
317d6dc36c fix: package.json & package-lock.json to reduce vulnerabilities (#129) 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ACTIONSCORE-2980270
 2022-08-15 12:02:11 +09:00
Snyk bot
e311295dda fix: Dockerfile to reduce vulnerabilities (#128) 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-2940554
- https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-2940555
- https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-2940555
- https://snyk.io/vuln/SNYK-DEBIAN10-ZLIB-2976149
- https://snyk.io/vuln/SNYK-DEBIAN10-ZLIB-2976149
 2022-08-13 13:10:53 +09:00
Naoki Oketani
c2ee44bdb9 update dependencies (#126) 
* update dependencies

* update devDependencies
 2022-07-09 18:36:20 +09:00
Naoki Oketani
e90fd04eb5 npm run all 2022-07-09 18:13:18 +09:00
Naoki Oketani
fb1ae3934f 2.3.0 2022-07-09 18:12:31 +09:00
William Barnes
5b91df5581 updating production flag to --omit=dev (#125) 
* updating production flag to --omit=dev

* fixing readme comment
 2022-07-09 18:08:36 +09:00
Naoki Oketani
3e3735791c update npm globally at an earlier step of each job (#124) 
* update npm globally at an earlier step of each job

* execute `npm update` with sudo

* seprate windows jobs from linux,mac jobs

* upgrade npm to latest on windows

* upgrade npm to latest on windows
 2022-07-01 07:16:46 +09:00
Naoki Oketani
2f9b156c84 npm run all 2022-05-12 07:47:12 +09:00
Naoki Oketani
b3151e9e51 2.2.0 2022-05-12 07:45:34 +09:00
Shaid Khan
33a41db91d Fix Commit - Committing fix whereby NPM Audit Actions Fails when running on Windows OS (#122) 
- This commit is to fix an issue when running the 'npm-audit-action' on the 'windows-latest'
- Integrated the 'spawnSync' to use the right 'npm' script based upon the OS used
 2022-05-12 07:45:03 +09:00
Naoki Oketani
c0410c237f Adds 'info', 'none' as a valid argument for audit-level (#120) 
* Adds 'info', 'none' as a valid argument for audit-level

* 2.1.0
 2022-04-12 08:19:34 +09:00
Naoki Oketani
e3662da326 Update default runtime to node16 (#118) 
* Update default runtime to node16

* update dependencies

* 2.0.0
 2022-03-26 15:31:24 +09:00
Naoki Oketani
6818f639a6 npm audit fix (#117) 2022-03-24 17:40:08 +09:00
dependabot[bot]
e0cb327868 Bump actions/checkout from 2 to 3 (#114) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-06 20:10:33 +09:00
Naoki Oketani
276d321c3b enable dependabot to update github-actions 2022-03-06 20:08:39 +09:00
Naoki Oketani
01882980c1 npm audit fix to fix CVE-2022-0536 (#111) 
* `npm audit fix` to fix CVE-2022-0536

* `npm run all` to apply the updates of dependencies
 2022-02-20 19:45:25 +09:00
Naoki Oketani
02cb9c4d3b fix CVE-2022-0235 (#108) 
* npm audit fix

* npm run all

* 1.8.4

* update README and daily action to use v1.8.4
 2022-01-25 12:30:57 +09:00
Naoki Oketani
8196a9cc90 Release v1.8.3 (#105) 
* 1.8.3

* update README and daily action to use v1.8.3
 2022-01-15 18:33:23 +09:00
Naoki Oketani
f03c7d976f fix CVE-2022-0155 (#104) 
* `npm audit fix` to fix CVE-2022-0155

* `npm run all` to apply the updates of dependencies
 2022-01-15 18:28:01 +09:00
Naoki Oketani
b58fe17512 Release v1.8.2 (#101) 
* 1.8.2

* update README and daily action to use v1.8.2
 2021-10-16 18:26:12 +09:00
Naoki Oketani
303bff6b61 Bump axios from 0.21.4 to 0.23.0 (#100) 2021-10-16 18:21:41 +09:00
Naoki Oketani
5d929bbe92 update devDependencies (#99) 
* Bump jest, jest-circus from 27.2.2 to 27.2.5

* Bump ts-jest from 27.0.5 to 27.0.6

* Bump graphql from 15.5.0 to 15.6.1

* Bump eslint-plugin-github from 4.3.0 to 4.3.2

* Bump eslint-plugin-jest from 24.4.2 to 25.2.1

* Bump typescript from 3.9.7 to 3.9.10

* Bump @types/node from 14.14.20 to 14.17.27
 2021-10-16 18:15:34 +09:00
Naoki Oketani
e3228ef09e Bump axios from 0.21.2 to 0.21.4 (#97) 2021-10-10 12:36:10 +09:00
Naoki Oketani
e434d1ce70 update dependencies (#96) 
* Bump @actions/core from 1.3.0 to 1.6.0

* Bump @actions/github from 4.0.0 to 5.0.0

* Bump @octokit/rest from 18.5.6 to 18.12.0

* Bump strip-ansi from 6.0.0 to 6.0.1
 2021-10-09 12:22:18 +09:00
Naoki Oketani
901e62d952 chore: format by prettier (js) 2021-10-08 21:23:15 +09:00
Naoki Oketani
9d3f4c8708 Bump patch verstion to 1.8.1 2021-10-08 21:21:58 +09:00
Naoki Oketani
1595df392b chore: format by prettier 2021-10-08 21:20:06 +09:00
Pavish Kumar
9e9a90b41e Retain spaces within label (#95) 2021-10-08 21:17:46 +09:00
Naoki Oketani
b279a61c36 Bump minor version to 1.8.0 2021-10-03 09:28:58 +09:00
Naoki Oketani
47dbb726b6 feature: support create_issues, create_pr_comments flag (#93) 
* doc: support new parameter create_issues, create_pr_comments

* feature: support create_pr_comments flag

* feature: support create_issues flag
 2021-10-03 09:26:16 +09:00
Naoki Oketani
2d35348be4 chore: fix a broken link in README (#92) 
* chore: fix a broken link in README

* chore: fix branch name
 2021-10-02 21:51:01 +09:00
Naoki Oketani
cf7f895e0d Bump patch version to 1.7.4 2021-09-26 21:36:59 +09:00
Naoki Oketani
5b1038c826 update dependencies (#89) 
* Bump ansi-regex from 5.0.0 to 5.0.1 (fix CVE-2021-3807)

* Bump tmpl from 1.0.4 to 1.0.5 (fix CVE-2021-3777)

* update: eslint related dependencies

* chore: replace deprecated @zeit/ncc with @vercel/ncc
 2021-09-26 21:33:48 +09:00
dependabot[bot]
e285e411e1 Bump axios from 0.21.1 to 0.21.2 (#88) 
Bumps [axios](https://github.com/axios/axios) from 0.21.1 to 0.21.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-26 20:14:36 +09:00
Joshua Nelson
dc855337b2 Fix name of github_token parameter (#87) 
It was correctly `github_token` in the code and examples, but it was shown as `token` in the docs.
 2021-08-20 21:04:20 +09:00
Naoki Oketani
5d4cffea6d fix dependencies' vulnerabilities (#86) 
* [fix] `npm audit fix`

* [fix] `npm update`

* [fix] update jest, jest-circus, ts-jest

* 1.7.3
 2021-06-03 07:45:50 +09:00
Naoki Oketani
47ffa59342 update: scan v1.7.2 2021-05-09 17:25:00 +09:00
Naoki Oketani
1f505b760c 1.7.2 2021-05-09 17:24:03 +09:00
Naoki Oketani
9ceef494c8 chore: run npm update (#83) 2021-05-03 14:36:46 +09:00
Naoki Oketani
9cc679ca2e upgrade(modules): npm update $module 2021-01-06 14:57:25 +09:00
Naoki Oketani
6410ad94e8 upgrade(modules): run npm run all 2021-01-06 13:49:28 +09:00
Naoki Oketani
5838edf6c1 upgrade(package.json): npm version 1.7.1 2021-01-06 13:49:13 +09:00
Naoki Oketani
ddca8d247d docs: use 1.7.1 in the sample 2021-01-06 13:21:27 +09:00
dependabot[bot]
c2f20e6961 Bump axios from 0.20.0 to 0.21.1 (#81) 
Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-01-06 13:19:17 +09:00
dependabot[bot]
c533e58b0c Bump node-notifier from 8.0.0 to 8.0.1 (#79) 
Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1.
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](https://github.com/mikaelbr/node-notifier/compare/v8.0.0...v8.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-12-22 20:50:31 +09:00
Naoki Oketani
7589e29148 1.7.0 2020-12-12 12:06:19 +00:00
Naoki Oketani
8a4cabf41a update version 2020-12-12 12:04:36 +00:00