Add deprecation warning, fix lint issues

README.md

@@ -24,7 +24,6 @@ The action is available for:
 When the action runs, you can see the results on:
 
 - The **job logs** page.
-
   1. Go to the **Actions** tab for the repository and select the relevant workflow run.
   1. Then under "Jobs", click **dependency review**.
 
@@ -106,7 +105,7 @@ All configuration options are optional.
 | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------- |
 | `fail-on-severity`                     | Defines the threshold for the level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher.                                                                      | `low`, `moderate`, `high`, `critical`                                                                        | `low`         |
 | `allow-licenses`\*                     | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list.                                                                                          | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/)                                               | none          |
-| `deny-licenses`\*                      | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list.                                                                                              | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/)                                               | none          |
+| `deny-licenses`\*                      | ⚠️ Deprecated and will be removed in a future version. <br> Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list.                                  | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/)                                               | none          |
 | `fail-on-scopes`                       | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list.                                                         | `runtime`, `development`, `unknown`                                                                          | `runtime`     |
 | `allow-ghsas`                          | Contains a list of GitHub Advisory Database IDs that can be skipped during detection.                                                                                                                                                     | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories)                                 | none          |
 | `license-check`                        | Enable or disable the license check performed by the action.                                                                                                                                                                              | `true`, `false`                                                                                              | `true`        |

__tests__/summary.test.ts

@@ -1,5 +1,5 @@
 import {expect, jest, test} from '@jest/globals'
-import {Change, Changes, ConfigurationOptions, Scorecard} from '../src/schemas'
+import {Changes, ConfigurationOptions, Scorecard} from '../src/schemas'
 import * as summary from '../src/summary'
 import * as core from '@actions/core'
 import {createTestChange} from './fixtures/create-test-change'
@@ -109,10 +109,25 @@ test('prints headline as h1', () => {
   expect(text).toContain('<h1>Dependency Review</h1>')
 })
 
+test('adds deprecation warning for deny-licenses option', () => {
+  summary.addSummaryToSummary(
+    emptyChanges,
+    emptyInvalidLicenseChanges,
+    emptyChanges,
+    scorecard,
+    defaultConfig
+  )
+  const text = core.summary.stringify()
+
+  expect(text).toContain(
+    '⚠️ The <em>deny-licenses</em> option is deprecated and will be removed in a future version, use <em>allow-licenses</em> instead.'
+  )
+})
+
 test('returns minimal summary formatted for posting as a PR comment', () => {
   const OLD_ENV = process.env
 
-  let changes: Changes = [
+  const changes: Changes = [
     createTestChange({name: 'lodash', version: '1.2.3'}),
     createTestChange({name: 'colors', version: '2.3.4'}),
     createTestChange({name: '@foo/bar', version: '*'})
@@ -122,7 +137,7 @@ test('returns minimal summary formatted for posting as a PR comment', () => {
   process.env.GITHUB_REPOSITORY = 'owner/repo'
   process.env.GITHUB_RUN_ID = 'abc-123-xyz'
 
-  let minSummary: string = summary.addSummaryToSummary(
+  const minSummary: string = summary.addSummaryToSummary(
     changes,
     emptyInvalidLicenseChanges,
     emptyChanges,

src/summary.ts

@@ -30,6 +30,8 @@ export function addSummaryToSummary(
   core.summary.addHeading('Dependency Review', 1)
   out.push('# Dependency Review')
 
+  addDenyListsDeprecationWarningToSummary()
+
   if (
     vulnerableChanges.length === 0 &&
     licenseIssues === 0 &&
@@ -106,6 +108,12 @@ export function addSummaryToSummary(
   return out.join('\n')
 }
 
+function addDenyListsDeprecationWarningToSummary(): void {
+  core.summary.addRaw(
+    `${icons.warning} The <em>deny-licenses</em> option is deprecated and will be removed in a future version, use <em>allow-licenses</em> instead.<br>`
+  )
+}
+
 function countScorecardWarnings(
   scorecard: Scorecard,
   config: ConfigurationOptions