From 43c5083e6ccf131f9b1ec482f094c052800a653e Mon Sep 17 00:00:00 2001 From: cnagadya Date: Fri, 28 Oct 2022 09:40:46 +0000 Subject: [PATCH 1/3] Node 18 --- .github/workflows/check-dist.yml | 4 ++-- .github/workflows/ci.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 85325f0..6926a2e 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -23,10 +23,10 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set Node.js 16.x + - name: Set Node.js 18.x uses: actions/setup-node@v3 with: - node-version: 16.x + node-version: 18.x - name: Install dependencies run: npm ci diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ae8071..d6a9da8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: 16 + node-version: 18 cache: npm - name: Install dependencies run: npm ci --ignore-scripts @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: - node-version: 16 + node-version: 18 cache: npm - name: Install dependencies run: npm ci --ignore-scripts From 516e8497acda8e921a96cf3fe7bc4ec341f2a8c9 Mon Sep 17 00:00:00 2001 From: cnagadya Date: Fri, 28 Oct 2022 09:45:19 +0000 Subject: [PATCH 2/3] Add codespace defaults --- .devcontainer/devcontainer.json | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..a258fd4 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,9 @@ +{ + "name": "Dependency Review Action", + "image": "mcr.microsoft.com/devcontainers/typescript-node:18", + "postCreateCommand": "npm install", + "remoteUser": "node", + "features": { + "ghcr.io/devcontainers/features/ruby:1": {} + } +} From cc6d25165234285d9c90e5b837cb41457d382273 Mon Sep 17 00:00:00 2001 From: cnagadya Date: Fri, 28 Oct 2022 09:54:53 +0000 Subject: [PATCH 3/3] Update contributing guide --- CONTRIBUTING.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 67c17e3..42c5100 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -38,6 +38,7 @@ _Note_: We don't have any useful tests yet, contributions are welcome! ## Local Development +It is recommended to have atleast [Node 18](https://nodejs.org/en/) installed. We have a script to scan a given PR for vulnerabilities, this will help you test your local changes. Make sure to [grab a Personal Access Token (PAT)](https://github.com/settings/tokens) before proceeding (you'll need `repo` permissions for private repos): @@ -56,11 +57,11 @@ $ GITHUB_TOKEN=my-secret-token ./scripts/scan_pr https://github.com/actions/depe ``` [Configuration options](README.md#configuration-options) can be set by -passing an external YAML [configuration file](README.md#configuration-file) to the +passing an external YAML [configuration file](README.md#configuration-file) to the `scan_pr` script with the `-c`/`--config-file` option: ```sh -$ GITHUB_TOKEN= ./scripts/scan_pr --config-file my_custom_config.yml +$ GITHUB_TOKEN= ./scripts/scan_pr --config-file my_custom_config.yml ``` ## Submitting a pull request