dependency-review-action

actions/dependency-review-action

Fork 0

cdad98596a Merge pull request #273 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.1 Federico Builes 2022-10-06 13:18:40 +02:00
0a0eb39992 Bump eslint-plugin-jest from 27.1.0 to 27.1.1 dependabot[bot] 2022-10-06 01:41:12 +00:00
df3ceaf7f0 Merge pull request #269 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.39.0 Federico Builes 2022-10-05 13:17:37 +02:00
1997789b86 Bump @typescript-eslint/eslint-plugin from 5.38.1 to 5.39.0 dependabot[bot] 2022-10-05 11:01:03 +00:00
584e620d09 Merge pull request #270 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.39.0 Federico Builes 2022-10-05 13:00:23 +02:00
1fa34689ad Merge pull request #271 from actions/dependabot/npm_and_yarn/types/node-16.11.64 Federico Builes 2022-10-05 13:00:15 +02:00
de2814d20e Merge pull request #272 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.1.0 Federico Builes 2022-10-05 08:17:58 +02:00
eabc27054f Bump eslint-plugin-jest from 27.0.4 to 27.1.0 dependabot[bot] 2022-10-05 01:54:54 +00:00
b486e073e9 Bump @types/node from 16.11.63 to 16.11.64 dependabot[bot] 2022-10-05 01:54:43 +00:00
03321307df Bump @typescript-eslint/parser from 5.38.1 to 5.39.0 dependabot[bot] 2022-10-05 01:51:49 +00:00
cc2a6ab32f Merge pull request #268 from actions/dependabot/npm_and_yarn/yaml-2.1.2 Federico Builes 2022-10-03 11:32:30 +02:00
5de8be4c40 Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.1.2 Federico Builes 2022-10-03 11:31:02 +02:00
1b8bd021a3 adding dist Federico Builes 2022-10-03 11:29:46 +02:00
65d8cd176f Merge pull request #267 from actions/dependabot/npm_and_yarn/types/node-16.11.63 Federico Builes 2022-10-03 11:29:23 +02:00
6d500ff869 Merge pull request #266 from actions/dependabot/npm_and_yarn/actions/github-5.1.1 Federico Builes 2022-10-03 11:29:14 +02:00
0259ed8420 add dist Federico Builes 2022-10-03 11:28:16 +02:00
ec636f3d19 Bump yaml from 2.1.1 to 2.1.2 dependabot[bot] 2022-10-03 02:06:25 +00:00
367e85631b Bump @types/node from 16.11.62 to 16.11.63 dependabot[bot] 2022-10-03 02:05:36 +00:00
abf7b5a775 Bump @actions/github from 5.1.0 to 5.1.1 dependabot[bot] 2022-10-03 02:05:00 +00:00
ba85772f4b Merge pull request #265 from actions/dependabot/npm_and_yarn/actions/core-1.10.0 Federico Builes 2022-09-30 09:09:00 +02:00
8d812df813 adding dist Federico Builes 2022-09-30 09:07:38 +02:00
63e12b21ed Bump @actions/core from 1.9.1 to 1.10.0 dependabot[bot] 2022-09-30 01:45:02 +00:00
0385b5b162 Merge pull request #248 from actions/add-scanned-deps Federico Builes 2022-09-28 10:53:37 +02:00
8e053e0f5e Merge pull request #262 from actions/dependabot/npm_and_yarn/typescript-4.8.4 Federico Builes 2022-09-28 08:04:35 +02:00
e0ff0cf732 Merge pull request #261 from actions/dependabot/npm_and_yarn/got-12.5.1 Federico Builes 2022-09-28 08:04:26 +02:00
ea65cbfc18 Bump typescript from 4.8.3 to 4.8.4 dependabot[bot] 2022-09-28 01:29:19 +00:00
5bf43a89cd Bump got from 12.5.0 to 12.5.1 dependabot[bot] 2022-09-28 01:29:03 +00:00
468485fc8e Clean up the main script a bit. Federico Builes 2022-09-27 12:25:12 +02:00
46c9f79a1f Create utils.ts file for helper functions. Federico Builes 2022-09-27 12:23:05 +02:00
cd3f55e8f9 Add all the dependencies to the review summary too. Federico Builes 2022-09-27 11:52:15 +02:00
f832351766 Merge pull request #258 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.38.1 Federico Builes 2022-09-27 08:10:02 +02:00
f96ed229f4 Bump @typescript-eslint/eslint-plugin from 5.38.0 to 5.38.1 dependabot[bot] 2022-09-27 06:08:27 +00:00
629703a27b Merge pull request #260 from actions/dependabot/npm_and_yarn/types/node-16.11.62 Federico Builes 2022-09-27 08:08:06 +02:00
d05bfb69a5 Merge pull request #259 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.38.1 Federico Builes 2022-09-27 08:07:40 +02:00
02bcebdd6e Bump @types/node from 16.11.60 to 16.11.62 dependabot[bot] 2022-09-27 01:30:25 +00:00
fbeabf7e29 Bump @typescript-eslint/parser from 5.38.0 to 5.38.1 dependabot[bot] 2022-09-27 01:30:16 +00:00
0515f5cb39 Adding a skeleton for scanned dependencies in the summary. Federico Builes 2022-09-26 19:14:04 +02:00
2d1d679f58 Move manifest grouping outside main.ts Federico Builes 2022-09-26 19:13:25 +02:00
a3563a05bc Use a set instead of raw JS objects. Federico Builes 2022-09-26 12:41:16 +02:00
8a20ddbf25 try adding 3 sections Federico Builes 2022-09-26 12:21:24 +02:00
2a646668d9 adding dist Federico Builes 2022-09-26 12:03:34 +02:00
60be833ffd Update manifest formatting in output. Federico Builes 2022-09-26 12:01:39 +02:00
edc501a219 adding dist Federico Builes 2022-09-26 11:41:40 +02:00
000837f2ac Don't nest groups. Federico Builes 2022-09-26 11:41:02 +02:00
89f99d150a adding colors to the dep output Federico Builes 2022-09-26 11:35:05 +02:00
0ed41eff02 Merge branch 'main' into add-scanned-deps Federico Builes 2022-09-26 11:34:43 +02:00
dbe70eb550 updating gitignore Federico Builes 2022-09-26 11:29:22 +02:00
78c7c01396 Merge branch 'main' into add-scanned-deps Federico Builes 2022-09-26 08:47:23 +02:00
89a5c76329 Merge pull request #254 from actions/dependabot/npm_and_yarn/actions/github-5.1.0 Federico Builes 2022-09-26 08:46:18 +02:00
4a6d691283 adding dist Federico Builes 2022-09-26 08:45:09 +02:00
b58d457243 Merge pull request #253 from actions/dependabot/npm_and_yarn/types/node-16.11.60 Federico Builes 2022-09-26 08:42:47 +02:00
cc033856be Merge pull request #255 from actions/dependabot/npm_and_yarn/eslint-8.24.0 Federico Builes 2022-09-26 08:04:38 +02:00
8595e805a5 Bump eslint from 8.23.1 to 8.24.0 dependabot[bot] 2022-09-26 01:55:41 +00:00
fa10a7f0d6 Bump @actions/github from 5.0.3 to 5.1.0 dependabot[bot] 2022-09-26 01:54:35 +00:00
6755d8aa71 Bump @types/node from 16.11.59 to 16.11.60 dependabot[bot] 2022-09-26 01:54:19 +00:00
375c537008 Updating to 2.4.0 Sarah Aladetan 2022-09-23 13:07:20 -07:00
98f28ebe06 Merge pull request #251 from actions/sarahkemi/ghsa-allowlist Sarah Aladetan 2022-09-23 13:06:41 -07:00
716b322ec9 add allow-ghsas input to action.yml Sarah Aladetan 2022-09-23 19:59:39 +00:00
12ae1bd550 Update wording in README.md Sarah Aladetan 2022-09-23 12:32:46 -07:00
bcb52636bd build and package allow-ghsas Sarah Aladetan 2022-09-22 22:45:27 +00:00
241ff73141 add doc on allow-ghsas to readme Sarah Aladetan 2022-09-22 22:44:17 +00:00
062b749663 revise ghsa filter Sarah Aladetan 2022-09-22 22:36:34 +00:00
4f00b72b84 filter allowed ghsas in action flow Sarah Aladetan 2022-09-22 22:25:21 +00:00
602f968ea2 create a filter for vulns that are on the allowlist Sarah Aladetan 2022-09-22 21:36:26 +00:00
bd61ea0d9e create config option for ghsa allowlist Sarah Aladetan 2022-09-22 21:34:18 +00:00
8ec13c1f01 adding dist Federico Builes 2022-09-22 16:52:03 +02:00
723ec8c0d3 Try showing information about the scanned dependencies. Federico Builes 2022-09-22 16:49:45 +02:00
2843194510 Updating version. Federico Builes 2022-09-22 14:27:24 +02:00
6944531f76 Update README.md Federico Builes 2022-09-22 14:26:27 +02:00
29cdbbed37 Merge pull request #228 from actions/external-config Federico Builes 2022-09-22 14:22:39 +02:00
88502badc9 Update README.md Federico Builes 2022-09-22 08:03:23 +02:00
ff7c97a976 adding dist Federico Builes 2022-09-21 17:03:01 +02:00
4d3b8e5269 Clarify code a bit. Federico Builes 2022-09-21 17:01:00 +02:00
38ee6e8360 Improve scopes example in new docs. Federico Builes 2022-09-21 16:53:20 +02:00
54cd9a7cba Merge branch 'main' into external-config Federico Builes 2022-09-21 16:50:02 +02:00
c4693c00ac Raise errors for invalid values in the external config. Federico Builes 2022-09-21 16:30:05 +02:00
e89f113be2 add callout to checkout main when updating major version tag Sarah Aladetan 2022-09-20 13:21:38 -07:00
2b96ea7f03 Bump version to 2.2.0 Sarah Aladetan 2022-09-20 13:06:20 -07:00
4300ce8d38 Merge pull request #243 from actions/sarahkemi/filter-dev-deps Sarah Aladetan 2022-09-20 16:05:19 -04:00
de48c615a3 build and package scope filtering Sarah Aladetan 2022-09-19 17:57:08 +00:00
eef7e39202 Accept options from both sources, prioritize external config. Federico Builes 2022-09-20 15:52:34 +02:00
37dc32836b Merge branch 'main' into external-config Federico Builes 2022-09-20 15:29:28 +02:00
890361387d Updating dist. Federico Builes 2022-09-20 15:16:25 +02:00
61f19e6447 Let the users set the path for the config file. Federico Builes 2022-09-20 15:15:14 +02:00
fd959624bf Merge pull request #245 from actions/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-5.38.0 Federico Builes 2022-09-20 07:59:56 +02:00
11dd186eb0 Merge pull request #246 from actions/dependabot/npm_and_yarn/got-12.5.0 Federico Builes 2022-09-20 07:59:44 +02:00
1ab05cf855 Bump @typescript-eslint/eslint-plugin from 5.37.0 to 5.38.0 dependabot[bot] 2022-09-20 05:54:32 +00:00
7d7d5e7c84 Bump got from 12.4.1 to 12.5.0 dependabot[bot] 2022-09-20 05:54:28 +00:00
8a8fa8bd07 Merge pull request #244 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-5.38.0 Federico Builes 2022-09-20 07:53:39 +02:00
06daf8e801 Bump @typescript-eslint/parser from 5.37.0 to 5.38.0 dependabot[bot] 2022-09-20 01:31:24 +00:00
aeb9ff5438 adding dist Federico Builes 2022-09-19 17:34:53 +02:00
1ef21ab130 Leave a failing test for tomorrow! Federico Builes 2022-09-19 17:34:12 +02:00
3c95902dd6 Adding more tests for the config file. Federico Builes 2022-09-19 17:29:25 +02:00
4b4ec08f7b Make sure we get rid of the ridiculous dashes in the names. Federico Builes 2022-09-19 17:28:59 +02:00
a91c3ac205 Split reading inline/external configuration options. Federico Builes 2022-09-19 17:28:44 +02:00
bf0cb7fac4 Add a default config file. Federico Builes 2022-09-19 17:28:20 +02:00
07a7056819 Update README to include config-file option. Federico Builes 2022-09-19 16:46:42 +02:00
b93fcee7ff Raise an error if the config file is not found. Federico Builes 2022-09-19 16:36:45 +02:00
8bac022bfd Merge branch 'main' into external-config Federico Builes 2022-09-19 16:14:41 +02:00
fc4fb55b25 Merge pull request #241 from actions/dependabot/npm_and_yarn/nodemon-2.0.20 Federico Builes 2022-09-19 07:38:12 +02:00

Commit Graph Select branches Hide Pull Requests main Mono Color

Commit Graph

Select branches

Hide Pull Requests

main