diff --git a/dist/index.js b/dist/index.js index ba5d534..9242b88 100644 --- a/dist/index.js +++ b/dist/index.js @@ -10497,9 +10497,7 @@ const util = __importStar(__nccwpck_require__(9180)); async function run() { const token = core.getInput('github-token'); if (!token) { - /* eslint-disable no-template-curly-in-string */ core.setFailed('github-token is not set! Please add \'github-token: "${{ secrets.GITHUB_TOKEN }}"\' to your workflow file.'); - /* eslint-enable no-template-curly-in-string */ return; } try { diff --git a/package-lock.json b/package-lock.json index 98d914a..80c87be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -943,6 +943,19 @@ "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, + "node_modules/@hono/node-server": { + "version": "1.19.7", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz", + "integrity": "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18.14.1" + }, + "peerDependencies": { + "hono": "^4" + } + }, "node_modules/@humanfs/core": { "version": "0.19.1", "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz", @@ -1411,25 +1424,88 @@ } }, "node_modules/@modelcontextprotocol/sdk": { - "version": "1.11.2", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.11.2.tgz", - "integrity": "sha512-H9vwztj5OAqHg9GockCQC06k1natgcxWQSRpQcPJf6i5+MWBzfKkRtxGbjQf0X2ihii0ffLZCRGbYV2f2bjNCQ==", + "version": "1.25.1", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.1.tgz", + "integrity": "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ==", "dev": true, "license": "MIT", "dependencies": { + "@hono/node-server": "^1.19.7", + "ajv": "^8.17.1", + "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", + "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", + "jose": "^6.1.1", + "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", - "zod": "^3.23.8", - "zod-to-json-schema": "^3.24.1" + "zod": "^3.25 || ^4.0", + "zod-to-json-schema": "^3.25.0" }, "engines": { "node": ">=18" + }, + "peerDependencies": { + "@cfworker/json-schema": "^4.1.1", + "zod": "^3.25 || ^4.0" + }, + "peerDependenciesMeta": { + "@cfworker/json-schema": { + "optional": true + }, + "zod": { + "optional": false + } + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.2.1.tgz", + "integrity": "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw==", + "dev": true, + "license": "MIT", + "peer": true, + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod-to-json-schema": { + "version": "3.25.0", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.0.tgz", + "integrity": "sha512-HvWtU2UG41LALjajJrML6uQejQhNJx+JBO9IflpSja4R03iNWfKXrj6W2h7ljuLyc1nKS+9yDyL/9tD1U/yBnQ==", + "dev": true, + "license": "ISC", + "peerDependencies": { + "zod": "^3.25 || ^4" } }, "node_modules/@mswjs/interceptors": { @@ -2131,6 +2207,48 @@ "url": "https://github.com/sponsors/epoberezkin" } }, + "node_modules/ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + } + }, + "node_modules/ajv-formats/node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, "node_modules/ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", @@ -3918,6 +4036,23 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, + "node_modules/fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" + }, "node_modules/fastq": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", @@ -4400,6 +4535,17 @@ "node": ">= 0.4" } }, + "node_modules/hono": { + "version": "4.11.1", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.1.tgz", + "integrity": "sha512-KsFcH0xxHes0J4zaQgWbYwmz3UPOOskdqZmItstUG93+Wk1ePBLkLGwbP9zlmh1BFUiL8Qp+Xfu9P7feJWpGNg==", + "dev": true, + "license": "MIT", + "peer": true, + "engines": { + "node": ">=16.9.0" + } + }, "node_modules/html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -5620,6 +5766,16 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, + "node_modules/jose": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz", + "integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -5670,6 +5826,13 @@ "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", "dev": true }, + "node_modules/json-schema-typed": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz", + "integrity": "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==", + "dev": true, + "license": "BSD-2-Clause" + }, "node_modules/json-stable-stringify-without-jsonify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", @@ -6621,6 +6784,16 @@ "node": ">=0.10.0" } }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/resolve": { "version": "1.22.8", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", @@ -7936,20 +8109,9 @@ "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", "dev": true, "license": "MIT", - "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } - }, - "node_modules/zod-to-json-schema": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.5.tgz", - "integrity": "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g==", - "dev": true, - "license": "ISC", - "peerDependencies": { - "zod": "^3.24.1" - } } }, "dependencies": { @@ -8636,6 +8798,13 @@ "levn": "^0.4.1" } }, + "@hono/node-server": { + "version": "1.19.7", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz", + "integrity": "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==", + "dev": true, + "requires": {} + }, "@humanfs/core": { "version": "0.19.1", "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz", @@ -9008,21 +9177,61 @@ } }, "@modelcontextprotocol/sdk": { - "version": "1.11.2", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.11.2.tgz", - "integrity": "sha512-H9vwztj5OAqHg9GockCQC06k1natgcxWQSRpQcPJf6i5+MWBzfKkRtxGbjQf0X2ihii0ffLZCRGbYV2f2bjNCQ==", + "version": "1.25.1", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.1.tgz", + "integrity": "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ==", "dev": true, "requires": { + "@hono/node-server": "^1.19.7", + "ajv": "^8.17.1", + "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", + "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", + "jose": "^6.1.1", + "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", - "zod": "^3.23.8", - "zod-to-json-schema": "^3.24.1" + "zod": "^3.25 || ^4.0", + "zod-to-json-schema": "^3.25.0" + }, + "dependencies": { + "ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + }, + "zod": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.2.1.tgz", + "integrity": "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw==", + "dev": true, + "peer": true + }, + "zod-to-json-schema": { + "version": "3.25.0", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.0.tgz", + "integrity": "sha512-HvWtU2UG41LALjajJrML6uQejQhNJx+JBO9IflpSja4R03iNWfKXrj6W2h7ljuLyc1nKS+9yDyL/9tD1U/yBnQ==", + "dev": true, + "requires": {} + } } }, "@mswjs/interceptors": { @@ -9584,6 +9793,35 @@ "uri-js": "^4.2.2" } }, + "ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", + "dev": true, + "requires": { + "ajv": "^8.0.0" + }, + "dependencies": { + "ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + } + } + }, "ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", @@ -10851,6 +11089,12 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, + "fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "dev": true + }, "fastq": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", @@ -11190,6 +11434,13 @@ "function-bind": "^1.1.2" } }, + "hono": { + "version": "4.11.1", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.1.tgz", + "integrity": "sha512-KsFcH0xxHes0J4zaQgWbYwmz3UPOOskdqZmItstUG93+Wk1ePBLkLGwbP9zlmh1BFUiL8Qp+Xfu9P7feJWpGNg==", + "dev": true, + "peer": true + }, "html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -12059,6 +12310,12 @@ } } }, + "jose": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz", + "integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==", + "dev": true + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -12099,6 +12356,12 @@ "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", "dev": true }, + "json-schema-typed": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz", + "integrity": "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==", + "dev": true + }, "json-stable-stringify-without-jsonify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", @@ -12764,6 +13027,12 @@ "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", "dev": true }, + "require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true + }, "resolve": { "version": "1.22.8", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", @@ -13658,15 +13927,7 @@ "version": "3.24.4", "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.4.tgz", "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", - "dev": true, - "peer": true - }, - "zod-to-json-schema": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.5.tgz", - "integrity": "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g==", - "dev": true, - "requires": {} + "dev": true } } } diff --git a/src/dependabot/output.test.ts b/src/dependabot/output.test.ts index 59e1e5f..2fbffb4 100644 --- a/src/dependabot/output.test.ts +++ b/src/dependabot/output.test.ts @@ -54,18 +54,18 @@ test('when given a single dependency it sets its values', async () => { expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', 'wwwroot') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '1.0.2') - expect(core.setOutput).toBeCalledWith('new-version', '1.1.3-beta') - expect(core.setOutput).toBeCalledWith('compatibility-score', 43) - expect(core.setOutput).toBeCalledWith('alert-state', 'FIXED') - expect(core.setOutput).toBeCalledWith('ghsa-id', 'VERY_LONG_ID') - expect(core.setOutput).toBeCalledWith('cvss', 4.6) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', 'wwwroot') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '1.0.2') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '1.1.3-beta') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 43) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', 'FIXED') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', 'VERY_LONG_ID') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 4.6) }) test('when given a multiple dependencies, it uses the highest values for types', async () => { @@ -100,18 +100,18 @@ test('when given a multiple dependencies, it uses the highest values for types', expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major') - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-major') + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('when the dependency has no update type', async () => { @@ -131,18 +131,18 @@ test('when the dependency has no update type', async () => { expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', null) - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', null) + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('when given a multiple dependencies, and some do not have update types', async () => { @@ -175,16 +175,16 @@ test('when given a multiple dependencies, and some do not have update types', as expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) diff --git a/src/dry-run.ts b/src/dry-run.ts index d36fd71..1ff65d9 100755 --- a/src/dry-run.ts +++ b/src/dry-run.ts @@ -1,4 +1,4 @@ -/* eslint-disable no-console, @typescript-eslint/no-var-requires, no-unused-expressions */ + import * as github from '@actions/github' import { Context } from '@actions/github/lib/context' import * as dotenv from 'dotenv' diff --git a/src/main.test.ts b/src/main.test.ts index 7fddb0c..88a5450 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -11,6 +11,19 @@ beforeEach(() => { jest.spyOn(core, 'setFailed').mockImplementation(jest.fn()) jest.spyOn(core, 'startGroup').mockImplementation(jest.fn()) jest.spyOn(core, 'getBooleanInput').mockReturnValue(false) + jest.spyOn(util, 'getBody').mockReturnValue(` +Bumps [fake/package](https://github.com/) from 0.0.0 to 0.0.1. +
+Release notes +
+

0.0.1

+

Summary

+

This is a fake description for a fake update

+

What's Changed

+* Nothing +
+
+`) }) test('it early exits with an error if github-token is not set', async () => { @@ -22,10 +35,10 @@ test('it early exits with an error if github-token is not set', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('github-token is not set!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getMessage).not.toHaveBeenCalled expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it does nothing if the PR is not verified as from Dependabot', async () => { @@ -40,9 +53,9 @@ test('it does nothing if the PR is not verified as from Dependabot', async () => expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('PR is not from Dependabot, nothing to do.') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it does nothing if there is no metadata in the commit', async () => { @@ -57,9 +70,9 @@ test('it does nothing if there is no metadata in the commit', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('PR does not contain metadata, nothing to do.') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it sets the updated dependency as an output for subsequent actions when given a commit message for application', async () => { @@ -120,20 +133,20 @@ test('it sets the updated dependency as an output for subsequent actions when gi ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it sets the updated dependency as an output for subsequent actions when there is a leading v in the commit message version', async () => { @@ -193,20 +206,20 @@ test('it sets the updated dependency as an output for subsequent actions when th ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', 'v4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', 'v4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', 'v4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', 'v4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it supports returning information about grouped updates', async () => { @@ -377,20 +390,20 @@ test('it sets the updated dependency as an output for subsequent actions when gi ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rubocop') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'bundler') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '1.30.1') - expect(core.setOutput).toBeCalledWith('new-version', '1.31.0') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rubocop') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'bundler') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '1.30.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '1.31.0') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('if there are multiple dependencies, it summarizes them', async () => { @@ -471,20 +484,20 @@ test('if there are multiple dependencies, it summarizes them', async () => { ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails, coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major') - expect(core.setOutput).toBeCalledWith('directory', '/api/main') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'npm_and_yarn') - expect(core.setOutput).toBeCalledWith('target-branch', 'trunk') - expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 34) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails, coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-major') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/api/main') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'npm_and_yarn') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'trunk') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 34) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it sets the action to failed if there is an unexpected exception', async () => { @@ -499,9 +512,9 @@ test('it sets the action to failed if there is an unexpected exception', async ( expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('Something bad happened!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it sets the action to failed if there is a request error', async () => { @@ -525,7 +538,7 @@ test('it sets the action to failed if there is a request error', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('(500) Something bad happened!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) diff --git a/src/main.ts b/src/main.ts index f05bc1f..4cd488f 100644 --- a/src/main.ts +++ b/src/main.ts @@ -10,11 +10,11 @@ export async function run (): Promise { const token = core.getInput('github-token') if (!token) { - /* eslint-disable no-template-curly-in-string */ + core.setFailed( 'github-token is not set! Please add \'github-token: "${{ secrets.GITHUB_TOKEN }}"\' to your workflow file.' ) - /* eslint-enable no-template-curly-in-string */ + return }