From 44908716abf723baa1e7ce8e2df7f982548a3fd6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 19:58:24 +0000 Subject: [PATCH 1/8] chore: bump @npmcli/template-oss from 4.14.1 to 4.15.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.14.1 to 4.15.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.14.1...v4.15.1) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 815c7f3..f0a3ca6 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.15.1", "tap": "^16.0.1" }, "engines": { From 42bd1649d3ad214a2fff8224d414ca4e70bb1ada Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 31 May 2023 10:43:47 -0700 Subject: [PATCH 2/8] chore: postinstall for dependabot template-oss PR --- .github/settings.yml | 28 +++++++++++++++-- .github/workflows/ci-release.yml | 8 ++--- .github/workflows/pull-request.yml | 4 ++- .github/workflows/release.yml | 8 ++--- .gitignore | 1 + CONTRIBUTING.md | 50 ++++++++++++++++++++++++++++++ package.json | 2 +- 7 files changed, 89 insertions(+), 12 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/.github/settings.yml b/.github/settings.yml index 1019e26..107aa0a 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -1,2 +1,26 @@ ---- -_extends: '.github:npm-cli/settings.yml' +# This file is automatically added by @npmcli/template-oss. Do not edit. + +repository: + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + squash_merge_commit_title: PR_TITLE + squash_merge_commit_message: PR_BODY + delete_branch_on_merge: true + enable_automated_security_fixes: true + enable_vulnerability_alerts: true + +branches: + - name: main + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 6e80aa6..88e7905 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -61,7 +61,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -93,7 +93,7 @@ jobs: - name: Post Lint run: npm run postlint --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -162,7 +162,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -208,7 +208,7 @@ jobs: - name: Test run: npm test --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 99877da..721ea3c 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -44,5 +44,7 @@ jobs: npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' + env: + PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V + echo '$PR_TITLE' | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e40f482..9aae072 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -124,7 +124,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.release.outputs.pr-sha with: @@ -215,7 +215,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.commit.outputs.sha with: @@ -225,7 +225,7 @@ jobs: sha: ${{ steps.commit.outputs.sha }} output: ${{ steps.check-output.outputs.result }} - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.release.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -263,7 +263,7 @@ jobs: fi echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.update.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 0ec3c84..b3eeced 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,7 @@ !/bin/ !/CHANGELOG* !/CODE_OF_CONDUCT.md +!/CONTRIBUTING.md !/docs/ !/lib/ !/LICENSE* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..69e8878 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,50 @@ + + +# Contributing + +## Code of Conduct + +All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://docs.npmjs.com/policies/conduct). + +## Reporting Bugs + +Before submitting a new bug report please search for an existing or similar report. + +Use one of our existing issue templates if you believe you've come across a unique problem. + +Duplicate issues, or issues that don't use one of our templates may get closed without a response. + +## Pull Request Conventions + +### Commits + +We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). + +When opening a pull request please be sure that either the pull request title, or each commit in the pull request, has one of the following prefixes: + + - `feat`: For when introducing a new feature. The result will be a new semver minor version of the package when it is next published. + - `fix`: For bug fixes. The result will be a new semver patch version of the package when it is next published. + - `docs`: For documentation updates. The result will be a new semver patch version of the package when it is next published. + - `chore`: For changes that do not affect the published module. Often these are changes to tests. The result will be *no* change to the version of the package when it is next published (as the commit does not affect the published version). + +### Test Coverage + +Pull requests made against this repo will run `npm test` automatically. Please make sure tests pass locally before submitting a PR. + +Every new feature or bug fix should come with a corresponding test or tests that validate the solutions. Testing also reports on code coverage and will fail if code coverage drops. + +### Linting + +Linting is also done automatically once tests pass. `npm run lintfix` will fix most linting errors automatically. + +Please make sure linting passes before submitting a PR. + +## What _not_ to contribute? + +### Dependencies + +It should be noted that our team does not accept third-party dependency updates/PRs. If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines. + +### Tools/Automation + +Our core team is responsible for the maintenance of the tooling/automation in this project and we ask contributors to not make changes to these when contributing (e.g. `.github/*`, `.eslintrc.json`, `.licensee.json`). Most of those files also have a header at the top to remind folks they are automatically generated. Pull requests that alter these will not be accepted. diff --git a/package.json b/package.json index f0a3ca6..6091548 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.15.1", "publish": "true" } } From 3cec327b6d06252ad3001ea10adea01b76ad7bee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 18:16:36 +0000 Subject: [PATCH 3/8] chore: bump @npmcli/template-oss from 4.15.1 to 4.17.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.15.1 to 4.17.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.15.1...v4.17.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6091548..541fe31 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.15.1", + "@npmcli/template-oss": "4.17.0", "tap": "^16.0.1" }, "engines": { From 04eb45d07694aa163bf16ff03c75aa7d8f324392 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 12 Jul 2023 11:36:10 -0700 Subject: [PATCH 4/8] chore: postinstall for dependabot template-oss PR --- .github/settings.yml | 26 ++++++++++++++++++++++++++ .github/workflows/ci.yml | 1 + .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/release.yml | 2 +- package.json | 2 +- 5 files changed, 31 insertions(+), 2 deletions(-) diff --git a/.github/settings.yml b/.github/settings.yml index 107aa0a..adbef7e 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -24,3 +24,29 @@ branches: apps: [] users: [] teams: [ "cli-team" ] + - name: latest + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] + - name: release/v* + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9cc149d..5762610 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,7 @@ on: branches: - main - latest + - release/v* schedule: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 66b9498..2124487 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,10 +7,12 @@ on: branches: - main - latest + - release/v* pull_request: branches: - main - latest + - release/v* schedule: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9aae072..1710109 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,7 +78,7 @@ jobs: let commentId = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` - body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` + body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`${REF_NAME}\`. ` body += `To force CI to update this PR, run this command:\n\n` body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo} -f release-pr=${issue_number}\n\`\`\`` diff --git a/package.json b/package.json index 541fe31..ffc9631 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.15.1", + "version": "4.17.0", "publish": "true" } } From ac8e12c152e399eb46c39e9fa1ee74cbff8726eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jul 2023 18:56:14 +0000 Subject: [PATCH 5/8] chore: bump @npmcli/template-oss from 4.17.0 to 4.18.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.17.0 to 4.18.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.17.0...v4.18.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ffc9631..fc9cfb9 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.17.0", + "@npmcli/template-oss": "4.18.0", "tap": "^16.0.1" }, "engines": { From a80e455803656add45b5df6ca71daad85d85aa52 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 19 Jul 2023 08:11:34 -0700 Subject: [PATCH 6/8] chore: postinstall for dependabot template-oss PR --- .github/dependabot.yml | 1 + .github/settings.yml | 27 +-------------------------- .github/workflows/ci.yml | 2 -- .github/workflows/codeql-analysis.yml | 4 ---- .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 2 -- package.json | 2 +- 7 files changed, 4 insertions(+), 36 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8da2a45..69312df 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,7 @@ updates: directory: / schedule: interval: daily + target-branch: "main" allow: - dependency-type: direct versioning-strategy: increase-if-necessary diff --git a/.github/settings.yml b/.github/settings.yml index adbef7e..c742871 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -15,32 +15,7 @@ branches: protection: required_status_checks: null enforce_admins: true - required_pull_request_reviews: - required_approving_review_count: 1 - require_code_owner_reviews: true - require_last_push_approval: true - dismiss_stale_reviews: true - restrictions: - apps: [] - users: [] - teams: [ "cli-team" ] - - name: latest - protection: - required_status_checks: null - enforce_admins: true - required_pull_request_reviews: - required_approving_review_count: 1 - require_code_owner_reviews: true - require_last_push_approval: true - dismiss_stale_reviews: true - restrictions: - apps: [] - users: [] - teams: [ "cli-team" ] - - name: release/v* - protection: - required_status_checks: null - enforce_admins: true + block_creations: true required_pull_request_reviews: required_approving_review_count: 1 require_code_owner_reviews: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5762610..4b8d4a8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,8 +8,6 @@ on: push: branches: - main - - latest - - release/v* schedule: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2124487..f7e691d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,13 +6,9 @@ on: push: branches: - main - - latest - - release/v* pull_request: branches: - main - - latest - - release/v* schedule: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 721ea3c..b2c2479 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -47,4 +47,4 @@ jobs: env: PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo '$PR_TITLE' | npx --offline commitlint -V + echo "$PR_TITLE" | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1710109..3978bb1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,8 +11,6 @@ on: push: branches: - main - - latest - - release/v* permissions: contents: write diff --git a/package.json b/package.json index fc9cfb9..c9f412e 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.17.0", + "version": "4.18.0", "publish": "true" } } From 00dacfd5e96468d0cd304fc33577a0a4e039d60f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 18:03:00 +0000 Subject: [PATCH 7/8] deps: bump minipass from 5.0.0 to 7.0.3 Bumps [minipass](https://github.com/isaacs/minipass) from 5.0.0 to 7.0.3. - [Changelog](https://github.com/isaacs/minipass/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/minipass/compare/v5.0.0...v7.0.3) --- updated-dependencies: - dependency-name: minipass dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c9f412e..37822c9 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "author": "GitHub Inc.", "license": "ISC", "dependencies": { - "minipass": "^5.0.0" + "minipass": "^7.0.3" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", From b74cf03824a67504e27e2185eed9fcd0d649caa2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 18:41:14 +0000 Subject: [PATCH 8/8] chore: release 10.0.5 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 6 ++++++ package.json | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 848ff9f..c9b13d3 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "10.0.4" + ".": "10.0.5" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 67ae49f..b50ab27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [10.0.5](https://github.com/npm/ssri/compare/v10.0.4...v10.0.5) (2023-08-14) + +### Dependencies + +* [`00dacfd`](https://github.com/npm/ssri/commit/00dacfd5e96468d0cd304fc33577a0a4e039d60f) [#94](https://github.com/npm/ssri/pull/94) bump minipass from 5.0.0 to 7.0.3 + ## [10.0.4](https://github.com/npm/ssri/compare/v10.0.3...v10.0.4) (2023-04-26) ### Dependencies diff --git a/package.json b/package.json index 37822c9..8750bd7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ssri", - "version": "10.0.4", + "version": "10.0.5", "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", "main": "lib/index.js", "files": [