Releases: oke-py/npm-audit-action
Releases · oke-py/npm-audit-action
v3.0.0
npm-audit-action v3.0.0 Release Notes
Major Changes
Runtime Environment
- Node.js 20 Support: Updated minimum Node.js version from 16 to 20
- ES Modules Migration: Converted codebase from CommonJS to ES Modules
- Modern JavaScript: Modernized code to ES2020 standards
Development Infrastructure
- Testing Framework: Migrated from Jest to Vitest
- Linting: Upgraded to ESLint 9 with updated configurations
- Build Process: Updated TypeScript configuration and build pipeline
Dependencies
- Core Dependencies:
- Updated @actions/core from 1.10.1 to 1.11.1
- Updated @actions/github to v6.0.0
- Updated @octokit/rest to v21.1.1
- Replaced axios calls with Octokit
- Updated strip-ansi to v7.1.0
GitHub Actions
- Action Dependencies:
- Bumped actions/checkout from v3 to v4
- Bumped actions/setup-node from v3 to v4
- Bumped stefanzweifel/git-auto-commit-action from v4 to v5
Breaking Changes
The upgrade to Node.js 20 may require users to update their GitHub Actions workflows if they're currently pinned to older Node.js versions. Update your workflow files to use a compatible runner that supports Node.js 20.
How to Upgrade
Update your GitHub Actions workflow to use the new version:
- uses: oke-py/npm-audit-action@v3
with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: your-username
issue_labels: vulnerability,security
dedupe_issues: trueFull Changelog
For a complete list of changes, see the full changelog.
v2.4.4
Contributors
oke-py
Assets 2
v2.4.3
What's Changed
No changes for production code.
Other Changes
- [skip ci] docs: update inputs description by @oke-py in #160
- docs: fix an error by @oke-py in #162
- chore(release): exclude release pr from release note by @oke-py in #161
- chore(build): remove unused branch from trigger by @oke-py in #163
Full Changelog: v2.4.2...v2.4.3
Contributors
oke-py
Assets 2
v2.4.2
Contributors
oke-py
Assets 2
v2.4.1
What's Changed
Production code updates
- chore(package): bump typescript from 3.9.10 to 4.9.4 by @oke-py in #138
- chore(package): bump axios from 0.27.2 to 1.2.1 by @oke-py in #139
- chore(package): bump @actions/github from 5.0.3 to 5.1.1 by @oke-py in #142
- chore(package): bump @octokit/rest from 18.12.0 to 19.0.5 by @oke-py in #152
Other Changes
- chore(test): run tests on node 16 & 18 by @oke-py in #149
- chore(package): bump jest from 27.2.5 to 29.3.1 by @oke-py in #150
- chore(package): bump eslint from 8.19.0 to 8.30.0 by @oke-py in #151
- patch release: 2.4.1 by @oke-py in #154
Full Changelog: v2.4.0...v2.4.1
Contributors
oke-py
Assets 2
v2.4.0
What's Changed
- [Snyk] Security upgrade node from 16 to 16-bullseye-slim by @snyk-bot in #128
- update @actions/core not to use deprecated commands by @oke-py in #131
- test: fix CVE-2022-24999 in testdata to avoid failure unit test by @oke-py in #134
- test: PR build will not create a new issue to report vulnerabilities by @oke-py in #135
- docs: update actions/checkout by @oke-py in #136
New Contributors
Full Changelog: v2.3.0...v2.4.0
Contributors
oke-py and snyk-bot
Assets 2
v2.3.0
What's Changed
- update npm globally at an earlier step of each job by @oke-py in #124
- updating production flag to --omit=dev by @Williamgbarnes in #125
- update dependencies by @oke-py in #126
New Contributors
- @Williamgbarnes made their first contribution in #125
Full Changelog: v2...v2.3.0
Contributors
oke-py and Williamgbarnes
Assets 2
v2.2.0
What's Changed
- Fix Commit - Committing fix whereby NPM Audit Actions Fails when running on Window OS by @ShaidK in #122
New Contributors
Full Changelog: v2.1.0...v2.2.0
Contributors
ShaidK
Assets 2
v2.1.0
What's Changed
Full Changelog: v2.0.0...v2.1.0
Contributors
oke-py
Assets 2
v2.0.0
What's Changed
- npm audit fix to fix CVE-2022-0536 by @oke-py in #111
- Bump actions/checkout from 2 to 3 by @dependabot in #114
- npm audit fix by @oke-py in #117
- Update default runtime to node16 by @oke-py in #118
Full Changelog: v1.8.4...v2.0.0
Contributors
oke-py and dependabot