Merge branch 'main' into adding-config-file

2022-05-30 06:37:29 +02:00
parent a8dcc6b774 67a046c994
commit 0b73ead548
6 changed files with 961 additions and 888 deletions
--- a/README.md
+++ b/README.md
@@ -28,6 +28,8 @@ jobs:
        uses: actions/dependency-review-action@v1
 ```

+Please keep in mind that you need a GitHub Advanced Security license if you're running this Action on private repos.
+
 ## Getting help

 If you have bug reports, questions or suggestions please [create a new
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -25,30 +25,30 @@
  "author": "GitHub",
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^1.8.0",
-    "@actions/github": "^5.0.1",
+    "@actions/core": "^1.8.2",
+    "@actions/github": "^5.0.3",
    "@octokit/plugin-retry": "^3.0.9",
    "@octokit/request-error": "^2.1.0",
    "ansi-styles": "^6.1.0",
-    "got": "^12.0.4",
+    "got": "^12.1.0",
    "nodemon": "^2.0.16",
    "yaml": "^2.1.0",
-    "zod": "^3.15.1"
+    "zod": "^3.17.3"
  },
  "devDependencies": {
-    "@types/node": "^17.0.31",
-    "@typescript-eslint/eslint-plugin": "^5.22.0",
-    "@typescript-eslint/parser": "^5.22.0",
-    "@vercel/ncc": "^0.33.4",
+    "@types/node": "^17.0.36",
+    "@typescript-eslint/eslint-plugin": "^5.26.0",
+    "@typescript-eslint/parser": "^5.26.0",
+    "@vercel/ncc": "^0.34.0",
    "esbuild-register": "^3.3.2",
-    "eslint": "^8.15.0",
+    "eslint": "^8.16.0",
    "eslint-plugin-github": "^4.3.6",
-    "eslint-plugin-jest": "^26.1.5",
+    "eslint-plugin-jest": "^26.4.5",
    "jest": "^27.5.1",
    "js-yaml": "^4.1.0",
    "nodemon": "^2.0.16",
    "prettier": "2.6.2",
    "ts-jest": "^27.1.4",
-    "typescript": "^4.6.4"
+    "typescript": "^4.7.2"
  }
-}
+}
--- a/src/main.ts
+++ b/src/main.ts
@@ -53,11 +53,19 @@ async function run(): Promise<void> {
    }
  } catch (error) {
    if (error instanceof RequestError && error.status === 404) {
+      core.setFailed(
+        `Dependency review could not obtain dependency data for the specified owner, repository, or revision range.`
+      )
+    } else if (error instanceof RequestError && error.status === 403) {
      core.setFailed(
        `Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/${github.context.repo.owner}/${github.context.repo.repo}/settings/security_analysis`
      )
-    } else if (error instanceof Error) {
-      core.setFailed(error.message)
+    } else {
+      if (error instanceof Error) {
+        core.setFailed(error.message)
+      } else {
+        core.setFailed('Unexpected fatal error')
+      }
    }
  }
 }