dependabot[bot]
8bb64491be
chore(deps): bump github/codeql-action in the github-actions group ( #43 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.30.5 to 3.30.6
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...64d10c1313 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.30.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 21:26:17 +00:00
dependabot[bot]
d518ded23c
chore(deps): bump github/codeql-action in the github-actions group ( #42 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.30.3 to 3.30.5
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...3599b3baa1 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.30.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-30 00:55:45 +00:00
dependabot[bot]
9155739faa
chore(deps-dev): bump the npm-dependencies group with 2 updates ( #41 )
...
Bumps the npm-dependencies group with 2 updates: [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest ) and [lint-staged](https://github.com/lint-staged/lint-staged ).
Updates `jest` from 30.1.3 to 30.2.0
- [Release notes](https://github.com/jestjs/jest/releases )
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest )
Updates `lint-staged` from 16.2.0 to 16.2.3
- [Release notes](https://github.com/lint-staged/lint-staged/releases )
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.2.0...v16.2.3 )
---
updated-dependencies:
- dependency-name: jest
dependency-version: 30.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: lint-staged
dependency-version: 16.2.3
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 22:02:16 +00:00
dependabot[bot]
c8b67a85f1
chore(deps-dev): bump the npm-dependencies group with 3 updates ( #40 )
...
Bumps the npm-dependencies group with 3 updates: [@vercel/ncc](https://github.com/vercel/ncc ), [eslint](https://github.com/eslint/eslint ) and [lint-staged](https://github.com/lint-staged/lint-staged ).
Updates `@vercel/ncc` from 0.38.3 to 0.38.4
- [Release notes](https://github.com/vercel/ncc/releases )
- [Commits](https://github.com/vercel/ncc/compare/0.38.3...0.38.4 )
Updates `eslint` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.35.0...v9.36.0 )
Updates `lint-staged` from 16.1.6 to 16.2.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases )
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.6...v16.2.0 )
---
updated-dependencies:
- dependency-name: "@vercel/ncc"
dependency-version: 0.38.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: eslint
dependency-version: 9.36.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: lint-staged
dependency-version: 16.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 21:36:03 +00:00
dependabot[bot]
dd166b1f6d
chore(deps): bump the github-actions group with 2 updates ( #39 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ec9f2d5744...f4a75cfd61 )
Updates `github/codeql-action` from 3.30.1 to 3.30.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-version: 3.30.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 21:26:42 +00:00
dependabot[bot]
53f6497105
chore(deps): bump the github-actions group with 3 updates ( #38 )
...
Bumps the github-actions group with 3 updates: [actions/setup-node](https://github.com/actions/setup-node ), [actions/setup-go](https://github.com/actions/setup-go ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v4...v5 )
Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v5...v6 )
Updates `github/codeql-action` from 3.29.11 to 3.30.1
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3c3833e0f8...f1f6e5f6af )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: actions/setup-go
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-version: 3.30.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 21:39:16 +00:00
dependabot[bot]
6af55a285f
chore(deps-dev): bump the npm-dependencies group with 3 updates ( #37 )
...
Bumps the npm-dependencies group with 3 updates: [eslint](https://github.com/eslint/eslint ), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest ) and [lint-staged](https://github.com/lint-staged/lint-staged ).
Updates `eslint` from 9.34.0 to 9.35.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.35.0 )
Updates `jest` from 30.0.5 to 30.1.3
- [Release notes](https://github.com/jestjs/jest/releases )
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jestjs/jest/commits/v30.1.3/packages/jest )
Updates `lint-staged` from 16.1.5 to 16.1.6
- [Release notes](https://github.com/lint-staged/lint-staged/releases )
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.5...v16.1.6 )
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.35.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: jest
dependency-version: 30.1.3
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: lint-staged
dependency-version: 16.1.6
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 21:37:41 +00:00
dependabot[bot]
ecd7b44b44
chore(deps-dev): bump eslint in the npm-dependencies group ( #36 )
...
Bumps the npm-dependencies group with 1 update: [eslint](https://github.com/eslint/eslint ).
Updates `eslint` from 9.33.0 to 9.34.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.33.0...v9.34.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.34.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-26 14:25:38 +00:00
dependabot[bot]
59143cf290
chore(deps): bump github/codeql-action in the github-actions group ( #35 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.29.10 to 3.29.11
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.11
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-26 13:31:24 +00:00
dependabot[bot]
bbaf540798
chore(deps): bump github/codeql-action in the github-actions group ( #34 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.29.8 to 3.29.10
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...96f518a34f )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.10
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-19 07:30:55 +00:00
dependabot[bot]
8590c82c7a
chore(deps): bump the github-actions group with 2 updates ( #33 )
...
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
Updates `github/codeql-action` from 3.29.7 to 3.29.8
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-version: 3.29.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-12 06:40:30 +00:00
dependabot[bot]
831f6a106c
chore(deps-dev): bump the npm-dependencies group with 2 updates ( #32 )
...
Bumps the npm-dependencies group with 2 updates: [eslint](https://github.com/eslint/eslint ) and [lint-staged](https://github.com/lint-staged/lint-staged ).
Updates `eslint` from 9.32.0 to 9.33.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.32.0...v9.33.0 )
Updates `lint-staged` from 16.1.4 to 16.1.5
- [Release notes](https://github.com/lint-staged/lint-staged/releases )
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.4...v16.1.5 )
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.33.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: lint-staged
dependency-version: 16.1.5
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-12 06:10:27 +00:00
dependabot[bot]
0364208e90
chore(deps-dev): bump lint-staged in the npm-dependencies group ( #31 )
...
Bumps the npm-dependencies group with 1 update: [lint-staged](https://github.com/lint-staged/lint-staged ).
Updates `lint-staged` from 16.1.2 to 16.1.4
- [Release notes](https://github.com/lint-staged/lint-staged/releases )
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md )
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.2...v16.1.4 )
---
updated-dependencies:
- dependency-name: lint-staged
dependency-version: 16.1.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-05 03:23:57 +00:00
dependabot[bot]
5cb6fb26c4
chore(deps-dev): bump the npm-dependencies group with 2 updates ( #30 )
...
Bumps the npm-dependencies group with 2 updates: [eslint](https://github.com/eslint/eslint ) and [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest ).
Updates `eslint` from 9.30.0 to 9.32.0
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v9.30.0...v9.32.0 )
Updates `jest` from 30.0.3 to 30.0.5
- [Release notes](https://github.com/jestjs/jest/releases )
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jestjs/jest/commits/v30.0.5/packages/jest )
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.32.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: jest
dependency-version: 30.0.5
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-30 19:39:25 +00:00
dependabot[bot]
83275caf2a
chore(deps): bump the github-actions group with 2 updates ( #29 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.12.2 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](6c439dc8bd...ec9f2d5744 )
Updates `github/codeql-action` from 3.29.2 to 3.29.5
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](181d5eefc2...51f77329af )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-version: 3.29.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-30 19:38:44 +00:00
Jason Hall
20a2712c88
Merge pull request #28 from imjasonh/batch-dependabot-updates
...
Enable grouped updates for Dependabot
2025-07-30 15:37:28 -04:00
Jason Hall
6cffc1b161
Enable grouped updates for Dependabot
...
Configure Dependabot to batch updates by package ecosystem:
- GitHub Actions updates grouped together
- npm dependencies grouped together
This reduces PR noise by combining multiple dependency updates into single PRs per ecosystem.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-30 15:36:21 -04:00
Jason Hall
949c644a48
Merge pull request #27 from imjasonh/add-dependabot-auto-merge
...
Add Dependabot auto-merge workflow
2025-07-30 15:35:24 -04:00
Jason Hall
84fba33b7b
Add Dependabot auto-merge workflow
...
This workflow automatically enables auto-merge for pull requests created by Dependabot, using squash merge strategy to maintain a clean commit history.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-30 15:34:22 -04:00
Jason Hall
294e12fa6f
Merge pull request #14 from imjasonh/dependabot/npm_and_yarn/jest-30.0.3
...
chore(deps-dev): bump jest from 30.0.0 to 30.0.3
2025-07-05 13:37:44 -04:00
Jason Hall
cd89e94a04
Merge pull request #16 from imjasonh/dependabot/github_actions/github/codeql-action-3.29.2
...
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2
2025-07-05 13:37:38 -04:00
Jason Hall
595aead66a
Merge pull request #15 from imjasonh/dependabot/npm_and_yarn/prettier-3.6.2
...
chore(deps-dev): bump prettier from 3.5.3 to 3.6.2
2025-07-05 13:37:32 -04:00
Jason Hall
0f96576639
Merge pull request #17 from imjasonh/dependabot/github_actions/step-security/harden-runner-2.12.2
...
chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2
2025-07-05 13:37:27 -04:00
Jason Hall
ea5103ac46
Merge pull request #18 from imjasonh/dependabot/npm_and_yarn/eslint-9.30.0
...
chore(deps-dev): bump eslint from 9.29.0 to 9.30.0
2025-07-05 13:37:21 -04:00
dependabot[bot]
40b2cfab7c
chore(deps-dev): bump eslint from 9.29.0 to 9.30.0
...
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.30.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:58:54 +00:00
dependabot[bot]
59a09c0d20
chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.12.1 to 2.12.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](002fdce3c6...6c439dc8bd )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.12.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:53:22 +00:00
dependabot[bot]
82d46df1f5
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...181d5eefc2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:53:18 +00:00
dependabot[bot]
9efbeb21b0
chore(deps-dev): bump prettier from 3.5.3 to 3.6.2
...
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.6.2
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:47:36 +00:00
dependabot[bot]
3b444171fd
chore(deps-dev): bump jest from 30.0.0 to 30.0.3
...
---
updated-dependencies:
- dependency-name: jest
dependency-version: 30.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-07-01 00:45:34 +00:00
Jason Hall
4a56657ec3
Merge pull request #9 from imjasonh/dependabot/npm_and_yarn/jest-30.0.0
...
chore(deps-dev): bump jest from 29.7.0 to 30.0.0
2025-06-17 14:34:32 -04:00
dependabot[bot]
db6833340d
chore(deps-dev): bump jest from 29.7.0 to 30.0.0
...
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest ) from 29.7.0 to 30.0.0.
- [Release notes](https://github.com/jestjs/jest/releases )
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jestjs/jest/commits/v30.0.0/packages/jest )
---
updated-dependencies:
- dependency-name: jest
dependency-version: 30.0.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-06-17 18:25:28 +00:00
Jason Hall
360c8a2df4
Merge pull request #11 from imjasonh/pre-commit
...
set up pre-commit
2025-06-17 14:23:56 -04:00
Jason Hall
e846b15dea
Add pre-commit setup with husky, eslint, and prettier
...
- Install husky, lint-staged, eslint, and prettier dev dependencies
- Configure ESLint with basic Node.js rules
- Configure Prettier for consistent code formatting
- Set up husky pre-commit hook to run lint-staged
- Fix build script to use correct path (index.js not src/index.js)
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-17 14:21:49 -04:00
Jason Hall
5cf63fb3ad
set up pre-commit
...
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-17 14:14:55 -04:00
Jason Hall
8f41db0dda
Merge pull request #10 from imjasonh/mal
...
add malcontent-action
2025-06-17 14:11:57 -04:00
Jason Hall
12ea9dee98
add malcontent-action
...
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-17 14:10:16 -04:00
Jason Hall
ff94b3a2ee
Merge pull request #8 from imjasonh/v01
...
prepare for v0.1
2025-06-07 02:33:11 -04:00
Jason Hall
c8672cd458
prepare for v0.1
...
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 02:32:17 -04:00
Jason Hall
aa67f46806
Merge pull request #6 from imjasonh/test
...
Fix: Parser fails to detect vulnerabilities in multi-line JSON output
2025-06-07 02:31:51 -04:00
Jason Hall
fe5af5345a
Fix: Parser fails to detect vulnerabilities in multi-line JSON output
...
## Problem
The govulncheck action was incorrectly reporting "no vulnerabilities found" even when
vulnerabilities were present. This was happening because govulncheck outputs pretty-printed
JSON (multi-line format) rather than JSON lines format.
## Root Cause
The parser had a logic bug where it would set `parsedAsJsonLines = true` whenever it
encountered ANY valid JSON line, including trivial ones like `{`. This prevented the
multi-line JSON parser from ever running, causing all findings to be missed.
## Solution
Changed the parser to only skip multi-line parsing if it actually found meaningful data
(OSV details or findings) in JSON lines format. Now it correctly falls back to multi-line
JSON parsing when needed.
## Additional Changes
Updated the example workflow to fail if no vulnerabilities are detected, since we know
the example code contains vulnerabilities. This serves as a regression test to ensure
the parser continues to work correctly.
## Testing
- Verified the parser now correctly identifies 8 vulnerabilities in the example code
- The action now properly reports vulnerabilities instead of false negatives
- CI checks are now working correctly
- Example workflow now fails if the parser bug resurfaces
This is a critical bug fix that prevents false "no vulnerabilities" reports.
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 02:30:32 -04:00
Jason Hall
572a8153e6
Merge pull request #7 from imjasonh/fix-gosum-error-detection
...
Fix: Detect and fail on missing go.sum dependencies
2025-06-07 02:10:31 -04:00
Jason Hall
24718a7114
Detect and fail on missing go.sum dependencies
...
Previously, if go.sum was out of date or missing, govulncheck would fail
to analyze the code but the action would report "no vulnerabilities found"
which is misleading and dangerous.
This change:
- Detects specific error patterns in govulncheck stderr that indicate
missing dependencies (missing go.sum entry, could not import, invalid package name)
- Throws a clear error message telling users to run 'go mod tidy'
- Prevents false "no vulnerabilities" reports when govulncheck can't analyze the code
Added tests to verify the behavior for both missing go.sum and import errors.
Fixes the issue where vulnerabilities could be missed due to dependency problems.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-07 02:08:43 -04:00
Jason Hall
8007311738
Merge pull request #5 from imjasonh/readme
...
add to readme
2025-06-07 01:56:13 -04:00
Jason Hall
5ed11072e3
add to readme
...
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 01:55:17 -04:00
Jason Hall
f71237bd63
add to readme
...
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-07 01:54:53 -04:00
Jason Hall
10b8c83796
Merge pull request #4 from imjasonh/improve-test-coverage
...
Add CLAUDE.md for AI assistant guidance
2025-06-07 01:53:04 -04:00
Jason Hall
e8e99fffa4
Add CLAUDE.md for AI assistant guidance
...
This file provides essential context and guidance for Claude Code (claude.ai/code)
when working with this repository. It includes:
- Common development commands and how to run specific tests
- High-level architecture overview showing how components interact
- Key design patterns like dependency injection and mock-friendly design
- Testing strategy and coverage requirements
- Important operational notes about the action's behavior
This will help future AI assistants be more productive by understanding
the codebase structure and development workflow without having to
rediscover these patterns.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-07 01:51:47 -04:00
Jason Hall
7951a93c64
Merge pull request #3 from imjasonh/improve-test-coverage
...
Improve test coverage to 99.64%
2025-06-07 01:47:07 -04:00
Jason Hall
b5f6823914
Update coverage thresholds to 95% for functions, lines, and statements
2025-06-07 01:44:53 -04:00
Jason Hall
6f111796c8
Improve test coverage to 99.64%
...
Added comprehensive test cases to achieve near-perfect test coverage:
## Coverage Improvements
- **Statements**: 99.65% (from 76.2%)
- **Branches**: 81.06% (from 55.02%)
- **Functions**: 100% (from 78.57%)
- **Lines**: 99.64% (from 76.97%)
## New Test Files
- `test/summary.test.js`: Complete test suite for summary generation
- `test/index-main.test.js`: Test for main module execution
## Enhanced Test Cases
- Added tests for large output truncation
- Added tests for OSV details with CVE aliases
- Added tests for vulnerabilities without OSV IDs
- Added tests for fixed version recommendations
- Added tests for module call sites and suggested edits
- Added tests for multi-line JSON parsing
- Added tests for error handling edge cases
The only remaining uncovered line is the main module execution check,
which is inherently difficult to test in a unit testing environment.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-07 01:44:32 -04:00