diff --git a/action.yml b/action.yml index 5c5cc3b42..3802d922e 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,13 @@ -# Avoid using default values for options here since they will -# end up overriding external configurations. +# IMPORTANT +# +# Avoid setting default values for configuration options in +# this file, they will overwrite external configurations. +# +# If you are trying to find out the default value for a config +# option please take a look at the README or src/schemas.ts. +# +# If you are adding an option, make sure the Zod definition +# contains a default value. name: 'Dependency Review' description: 'Prevent the introduction of dependencies with known vulnerabilities' author: 'GitHub' @@ -56,23 +64,18 @@ inputs: retry-on-snapshot-warnings: description: Whether to retry on snapshot warnings required: false - default: false retry-on-snapshot-warnings-timeout: description: Number of seconds to wait before stopping snapshot retries. required: false - default: 120 warn-only: description: When set to `true` this action will always complete with success, overriding the `fail-on-severity` parameter. required: false - default: false show-openssf-scorecard: description: Show a summary of the OpenSSF Scorecard scores. required: false - default: true warn-on-openssf-scorecard-level: description: Numeric threshold for the OpenSSF Scorecard score. If the score is below this threshold, the action will warn you. required: false - default: 3 outputs: comment-content: description: Prepared dependency report comment diff --git a/package-lock.json b/package-lock.json index 7dd9a6a78..432a5c9d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "dependency-review-action", - "version": "4.2.4", + "version": "4.2.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "dependency-review-action", - "version": "4.2.4", + "version": "4.2.5", "license": "MIT", "dependencies": { "@actions/core": "^1.10.1", @@ -33,7 +33,7 @@ "@typescript-eslint/parser": "^6.21.0", "@vercel/ncc": "^0.38.0", "esbuild-register": "^3.5.0", - "eslint": "^8.56.0", + "eslint": "^8.57.0", "eslint-plugin-github": "^4.10.1", "eslint-plugin-jest": "^27.9.0", "eslint-plugin-prettier": "^5.1.3", @@ -1096,9 +1096,9 @@ } }, "node_modules/@eslint/js": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.56.0.tgz", - "integrity": "sha512-gMsVel9D7f2HLkBma9VbtzZRehRogVRfbr++f06nL2vnCGCNlzOD+/MUov/F4p8myyAHspEhVobgjpX64q5m6A==", + "version": "8.57.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "integrity": "sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==", "dev": true, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -1119,13 +1119,13 @@ "dev": true }, "node_modules/@humanwhocodes/config-array": { - "version": "0.11.13", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.13.tgz", - "integrity": "sha512-JSBDMiDKSzQVngfRjOdFXgFfklaXI4K9nLF49Auh21lmBWRLIK3+xTErTWD4KU54pb6coM6ESE7Awz/FNU3zgQ==", + "version": "0.11.14", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "integrity": "sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==", "dev": true, "dependencies": { - "@humanwhocodes/object-schema": "^2.0.1", - "debug": "^4.1.1", + "@humanwhocodes/object-schema": "^2.0.2", + "debug": "^4.3.1", "minimatch": "^3.0.5" }, "engines": { @@ -1146,9 +1146,9 @@ } }, "node_modules/@humanwhocodes/object-schema": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.1.tgz", - "integrity": "sha512-dvuCeX5fC9dXgJn9t+X5atfmgQAzUOWqS1254Gh0m6i8wKd10ebXkfNKiRK+1GWi/yTvvLDHpoxLr0xxxeslWw==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.2.tgz", + "integrity": "sha512-6EwiSjwWYP7pTckG6I5eyFANjPhmPjUX9JRLUSfNPC7FX7zK9gyZAfUEaECL6ALTpGX5AjnBq3C9XmVWPitNpw==", "dev": true }, "node_modules/@istanbuljs/load-nyc-config": { @@ -3542,16 +3542,16 @@ } }, "node_modules/eslint": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.56.0.tgz", - "integrity": "sha512-Go19xM6T9puCOWntie1/P997aXxFsOi37JIHRWI514Hc6ZnaHGKY9xFhrU65RT6CcBEzZoGG1e6Nq+DT04ZtZQ==", + "version": "8.57.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", "@eslint/eslintrc": "^2.1.4", - "@eslint/js": "8.56.0", - "@humanwhocodes/config-array": "^0.11.13", + "@eslint/js": "8.57.0", + "@humanwhocodes/config-array": "^0.11.14", "@humanwhocodes/module-importer": "^1.0.1", "@nodelib/fs.walk": "^1.2.8", "@ungap/structured-clone": "^1.2.0", diff --git a/package.json b/package.json index 831a3bc1a..796c86355 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "dependency-review-action", - "version": "4.2.4", + "version": "4.2.5", "private": true, "description": "A GitHub Action for Dependency Review", "main": "lib/main.js", @@ -49,7 +49,7 @@ "@typescript-eslint/parser": "^6.21.0", "@vercel/ncc": "^0.38.0", "esbuild-register": "^3.5.0", - "eslint": "^8.56.0", + "eslint": "^8.57.0", "eslint-plugin-github": "^4.10.1", "eslint-plugin-jest": "^27.9.0", "eslint-plugin-prettier": "^5.1.3",