From ef783f628ba8b56384810239abd97eb5b5c4245c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 17:32:41 +0000 Subject: [PATCH 1/2] chore: bump @npmcli/template-oss from 4.22.0 to 4.23.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.22.0 to 4.23.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.22.0...v4.23.1) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 067236b..dfbed5e 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.22.0", + "@npmcli/template-oss": "4.23.1", "tap": "^16.0.1" }, "files": [ From b119c84f1deb7cf049f39b71338be9ea57faebc3 Mon Sep 17 00:00:00 2001 From: Chris Sidi Date: Mon, 22 Jul 2024 19:31:19 -0400 Subject: [PATCH 2/2] chore: postinstall for dependabot template-oss PR --- .github/actions/create-check/action.yml | 2 +- .github/actions/install-latest-npm/action.yml | 2 +- .github/workflows/ci-release.yml | 4 ++-- .github/workflows/post-dependabot.yml | 2 +- .gitignore | 7 ++++--- SECURITY.md | 2 +- package.json | 9 +++++---- 7 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.github/actions/create-check/action.yml b/.github/actions/create-check/action.yml index aa24a5b..d1220c9 100644 --- a/.github/actions/create-check/action.yml +++ b/.github/actions/create-check/action.yml @@ -25,7 +25,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ diff --git a/.github/actions/install-latest-npm/action.yml b/.github/actions/install-latest-npm/action.yml index 8339dbf..580603d 100644 --- a/.github/actions/install-latest-npm/action.yml +++ b/.github/actions/install-latest-npm/action.yml @@ -44,7 +44,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 182ed0b..d554a1e 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -61,7 +61,7 @@ jobs: run: npm run postlint --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.6.0 - if: always() + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} @@ -148,7 +148,7 @@ jobs: run: npm test --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.6.0 - if: always() + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index a7ebe12..1ea8693 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -49,7 +49,7 @@ jobs: id: flags run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a diff --git a/.gitignore b/.gitignore index 773cada..2bab6d1 100644 --- a/.gitignore +++ b/.gitignore @@ -2,17 +2,17 @@ # ignore everything in the root /* -# transient test directories -tap-testdir*/ -# keep these !**/.gitignore !/.commitlintrc.js !/.eslintrc.js !/.eslintrc.local.* +!/.git-blame-ignore-revs !/.github/ !/.gitignore !/.npmrc +!/.prettierignore +!/.prettierrc.js !/.release-please-manifest.json !/bin/ !/CHANGELOG* @@ -30,3 +30,4 @@ tap-testdir*/ !/tap-snapshots/ !/test/ !/tsconfig.json +tap-testdir*/ diff --git a/SECURITY.md b/SECURITY.md index 9cd2dea..4fe06a2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). diff --git a/package.json b/package.json index dfbed5e..8b54cd3 100644 --- a/package.json +++ b/package.json @@ -6,11 +6,12 @@ "scripts": { "test": "tap", "posttest": "npm run lint", - "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", + "lint": "npm run eslint", "postlint": "template-oss-check", - "lintfix": "npm run lint -- --fix", + "lintfix": "npm run eslint -- --fix", "snap": "tap", - "template-oss-apply": "template-oss-apply --force" + "template-oss-apply": "template-oss-apply --force", + "eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"" }, "repository": { "type": "git", @@ -45,7 +46,7 @@ "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", "windowsCI": false, - "version": "4.22.0", + "version": "4.23.1", "publish": "true" }, "tap": {