actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 0669e2939d Update CONTRIBUTING.md Jon Janego 2024-06-04 09:45:14 -05:00
  • fd46ab736e Update CONTRIBUTING.md Jon Janego 2024-06-04 09:01:11 -05:00
  • 551e0b82bd Update CONTRIBUTING.md Jon Janego 2024-06-04 08:59:20 -05:00
  • fbfa3f19c8 Update SECURITY.md Jon Janego 2024-06-03 16:59:30 -05:00
  • 89204de987 Create config.yml Jon Janego 2024-06-03 16:48:33 -05:00
  • 6d4e634e06 Create issue templates Jon Janego 2024-06-03 16:43:33 -05:00
  • 4c5eeccebb Update CONTRIBUTING.md Jon Janego 2024-06-03 16:18:38 -05:00
  • f6e67d2f8d Merge pull request #776 from ramann/patch-1 Jon Janego 2024-06-03 12:54:46 -05:00
  • eb0576373a fix show-openssf-scorecard-levels input robert 2024-06-03 12:20:08 -04:00
  • 981e960c8c Merge pull request #773 from am-stead/am-stead-patch-1 Jon Janego 2024-05-30 09:23:53 -05:00
  • 87b53ae475 add line break Anne-Marie 2024-05-30 11:10:36 +00:00
  • c601a5a741 combining Output notes Anne-Marie 2024-05-30 11:02:59 +00:00
  • 5751523f41 Update README.md Jon Janego 2024-05-29 13:21:44 -05:00
  • 3fe3159bb9 Indenting to match vulnerable-changes Anne-Marie 2024-05-27 09:15:58 +02:00
  • 2d3c93c0e0 Update README.md Anne-Marie 2024-05-27 09:14:01 +02:00
  • 9770b8da2c Update README.md Anne-Marie 2024-05-27 09:13:46 +02:00
  • d5b8317942 edits Anne-Marie 2024-05-24 07:35:18 +00:00
  • d3670a3e49 updating GHES links Anne-Marie 2024-05-23 10:38:06 +00:00
  • f38966fbec updating overview Anne-Marie 2024-05-23 10:26:42 +00:00
  • 9eb0dccbc9 editing configuration and remaining sections Anne-Marie 2024-05-23 10:03:57 +00:00
  • 258a2295c6 installation section Anne-Marie 2024-05-23 09:37:47 +00:00
  • 4c0a483c95 Update README.md Anne-Marie 2024-05-23 10:22:01 +02:00
  • 339e2e1bfc Merge pull request #741 from josieang/deps-dev-v3 Eli Reisman 2024-05-10 14:23:17 -07:00
  • 40cd879447 npm install && npm run build && npm run package Josie Anugerah 2024-05-07 08:11:58 +10:00
  • d11eeb39d8 Merge branch 'main' into deps-dev-v3 Josie Anugerah 2024-05-06 17:26:48 +10:00
  • 82ab8f69c7 Merge pull request #765 from actions/juxtin/allow-slashes-in-purls Justin Holguín 2024-05-02 13:30:20 -07:00
  • 432d8e7efe Allow slashes in purl package names Justin Holguín 2024-05-02 19:07:02 +00:00
  • 0c155c5e85 Merge pull request #762 from actions/juxtin/prepare-4.3.2 Justin Holguín 2024-04-30 09:39:04 -07:00
  • f3dac32d35 Merge pull request #761 from actions/juxtin/fix-allow-dependencies-licenses Justin Holguín 2024-04-30 09:38:44 -07:00
  • d0d5cc3ec4 Update version number to 4.3.2 Justin Holguín 2024-04-30 16:30:51 +00:00
  • 49fbbe0acb Fix package-url parsing for allow-dependencies-licenses Justin Holguín 2024-04-29 23:24:15 +00:00
  • e58c696e52 Merge pull request #758 from actions/juxtin/prepare-4.3.1 Justin Holguín 2024-04-29 10:48:18 -07:00
  • 9b7c72ddcd Change version to 4.3.1 Justin Holguín 2024-04-29 17:45:21 +00:00
  • 7dcfabfea2 Merge pull request #753 from actions/juxtin/debug-purl Justin Holguín 2024-04-29 10:43:30 -07:00
  • 5f0808ffb1 Validate that deny-packages purls are complete Justin Holguín 2024-04-29 16:46:21 +00:00
  • fcc66c23b3 Refine purl parsing and tests Justin Holguín 2024-04-28 20:33:37 +00:00
  • 1dd418bcb3 Basic tests for PURL validation in config Justin Holguín 2024-04-27 22:10:57 +00:00
  • 640617990f Replace packageurl-js with our own implementation Justin Holguín 2024-04-27 20:54:20 +00:00
  • 2034babb6b Bypass purls (mostly) for deny checks Justin Holguín 2024-04-26 22:13:45 +00:00
  • 7e773b1e98 Log offending purl Justin Holguín 2024-04-26 21:50:12 +00:00
  • a3460920cc Parse purls cautiously in getDeniedChanges Justin Holguín 2024-04-26 21:28:24 +00:00
  • 0659a74c94 Merge pull request #751 from actions/juxtin/release Justin Holguín 2024-04-26 10:26:45 -07:00
  • 28facf5722 Update release instructions Justin Holguín 2024-04-26 17:11:57 +00:00
  • 5ab7b74146 Update package-lock.json Justin Holguín 2024-04-26 17:11:46 +00:00
  • 2a28e93881 Merge branch 'main' into deps-dev-v3 Josie Anugerah 2024-04-26 14:10:34 +10:00
  • 95b6fa4e6b Update version to 4.3.0 Justin Holguín 2024-04-25 22:41:44 +00:00
  • 2dba7fdde1 Merge pull request #733 from actions/deny-list-version Brandon Teng 2024-04-24 20:38:16 -05:00
  • 7d44c7c392 building package with latest typescript version Brandon Teng 2024-04-24 20:36:47 -05:00
  • ce31ee8325 Merge branch 'main' into deny-list-version Brandon Teng 2024-04-24 18:16:35 -05:00
  • df1b3661fd Merge pull request #750 from actions/juxtin/fix-deny-icon Justin Holguín 2024-04-24 15:37:25 -07:00
  • 71c57a6108 Merge branch 'main' into deny-list-version Brandon Teng 2024-04-24 17:19:53 -05:00
  • 7e2c3c347b Show denied packages with red X Justin Holguín 2024-04-24 22:11:24 +00:00
  • f456418f6a Merge pull request #737 from actions/dependabot/npm_and_yarn/eslint-plugin-github-4.10.2 Justin Holguín 2024-04-24 14:59:31 -07:00
  • 19bd35e07b Merge pull request #744 from actions/dependabot/npm_and_yarn/typescript-5.4.5 Justin Holguín 2024-04-24 14:57:23 -07:00
  • ff97293707 Update dist Justin Holguín 2024-04-24 21:55:26 +00:00
  • 5498b6c4c3 Bump typescript from 5.3.3 to 5.4.5 dependabot[bot] 2024-04-24 21:39:33 +00:00
  • 80116a4564 Merge branch 'main' into deny-list-version Brandon Teng 2024-04-24 16:35:05 -05:00
  • 68488bcecb Merge pull request #748 from actions/issue-738 Justin Holguín 2024-04-24 13:54:40 -07:00
  • 16a0212a77 Build source Justin Hutchings 2024-04-23 17:31:55 +00:00
  • 6d3fba9bf2 Remove extra https:// Justin Hutchings 2024-04-23 17:26:55 +00:00
  • 671683931a run npm run all Josie Anugerah 2024-04-17 13:31:49 -07:00
  • c6cc8585a0 building and packaging action Brandon Teng 2024-04-16 16:25:58 -05:00
  • c32a0148b3 throwing parsing error up instead of swallowing it Brandon Teng 2024-04-16 16:25:28 -05:00
  • 67d0214607 simplifying tests Brandon Teng 2024-04-16 16:04:25 -05:00
  • 3ca15314ff transforming package URLs during zod parsing Brandon Teng 2024-04-16 16:04:11 -05:00
  • a318e62c6c using packageurl-js to parse packages and groups from config Brandon Teng 2024-04-16 12:44:51 -05:00
  • b0986c2fe0 use the v3 version of the deps.dev API Josie Anugerah 2024-04-09 16:11:32 +10:00
  • 061f471b83 updating docs Brandon Teng 2024-04-04 15:45:43 -05:00
  • 012eca3d4d building and packaging action Brandon Teng 2024-04-04 15:35:28 -05:00
  • 8739aa4bb3 Merge branch 'main' into deny-list-version Brandon Teng 2024-04-04 15:26:19 -05:00
  • a323510dae more refactoring for getDeniedChanges Brandon Teng 2024-04-04 15:18:51 -05:00
  • 7cebd9d64d refactoring getDeniedChanges Brandon Teng 2024-04-04 15:04:45 -05:00
  • f8ca44e2de updating README Brandon Teng 2024-04-04 13:26:08 -05:00
  • 411e5ec44f updating deny-packages config option to deny exact version or wildcard Brandon Teng 2024-04-04 13:25:54 -05:00
  • 72aedfc147 Bump eslint-plugin-github from 4.10.1 to 4.10.2 dependabot[bot] 2024-04-01 01:25:22 +00:00
  • 2ce029c676 Fix another incidence of the OpenSSF config name. Federico Builes 2024-03-28 06:54:16 +01:00
  • 1c949fbe77 Merge pull request #735 from StacklokLabs/rename-openssf-scorecard Federico Builes 2024-03-28 06:52:47 +01:00
  • bddd13d857 Readme action variable name for scorecard is wrong Luke Hinds 2024-03-27 17:18:17 -07:00
  • 0e665bf3ac Adding a failing test. Federico Builes 2024-03-27 15:04:38 +01:00
  • 5bbc3ba658 bumping version Federico Builes 2024-03-26 08:04:16 +01:00
  • c59184aa7f Merge pull request #722 from actions/remove-warn-default Federico Builes 2024-03-26 07:55:00 +01:00
  • 54c06574f4 Merge pull request #728 from actions/dependabot/npm_and_yarn/eslint-8.57.0 Federico Builes 2024-03-25 06:27:19 +01:00
  • 21941b530b Bump eslint from 8.56.0 to 8.57.0 dependabot[bot] 2024-03-25 01:27:32 +00:00
  • 733dd5d4a5 bumping to 4.2.4 Federico Builes 2024-03-24 14:59:17 +01:00
  • 9093495859 Merge pull request #725 from actions/issue-718 Federico Builes 2024-03-24 14:56:57 +01:00
  • 35b83b4207 Fix prettier issues Justin Hutchings 2024-03-22 21:59:08 +00:00
  • e057056594 Add packaged code update Justin Hutchings 2024-03-22 21:31:00 +00:00
  • d684d038b2 Add trailing slash to tests Justin Hutchings 2024-03-22 21:21:52 +00:00
  • 2b0aaf1638 Fix extra slash issue Justin Hutchings 2024-03-22 21:20:15 +00:00
  • d9209374af Fix repositoryUrl issues around GitHub Actions Justin Hutchings 2024-03-22 21:00:38 +00:00
  • 651d22c5d5 Revert default values in action.yml to fix external configs. Federico Builes 2024-03-22 08:29:26 +01:00
  • 02b13f6b52 Merge pull request #721 from sporkmonger/patch-1 Eli Reisman 2024-03-21 17:18:11 -07:00
  • 6e0fa26ac3 Typo fixes Bob Aman 2024-03-21 16:37:36 -07:00
  • 0fa40c3c10 bumping to 4.2.3. Federico Builes 2024-03-20 17:57:26 +01:00
  • 1f6240f54c Merge pull request #707 from laughedelic/feat/data-outputs Federico Builes 2024-03-20 17:47:40 +01:00
  • b751d41e7e Merge pull request #702 from actions/dependabot/npm_and_yarn/nodemon-3.1.0 Federico Builes 2024-03-20 06:48:20 +01:00
  • 6183eb9d2b Merge pull request #703 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-27.9.0 Federico Builes 2024-03-20 06:48:14 +01:00
  • 6585cc5f01 fix run syntax laughedelic 2024-03-19 21:23:25 +01:00
  • 218a76cbd5 add clarification about output usage hygiene laughedelic 2024-03-19 21:22:12 +01:00
  • d78d095945 revert changes in CI laughedelic 2024-03-19 19:48:45 +01:00