Releases: peckjon/vulnerability-to-azure-board
Releases · peckjon/vulnerability-to-azure-board
broaden triggering conditions
- introducing the pull_request_target trigger means that not all contexts will use "dependabot[bot]" as the Actor (removed restriction)
- some dependencies use a short name ("checkstyle") in the PR title but a full name ("com.puppycrawl.tools:checkstyle") in the repositoryvulnerabilityalert API (broadened match to include *:depname)
Resolves is-plain-object bug
Trigger on pull_request_target and fix is-plain-object bug
Pre-release
#8 Trigger on pull_request_target to avoid issues relating to read-only when kicked off by dependabot
#7 resolve action version 0.3.2 doesn't complete the run (problem with is-plain-object.js) due to bad node_modules
update NPMs
@actions/core: 1.2.6
@actions/github: 2.1.1
azure-devops-node-api: 10.1.0
node-fetch: 2.6.1
Python and NPM vulnerability checking
Includes Hotfix: don't require exact firstPatchedVersion match
MVP for Python Dependencies with Priority mapping
Tested for Python dependencies only
- trigger from Pull Request
- retrieves vulnerability data
- creates Task on Azure Board with appropriate Priority
MVP for Python Dependencies
Tested for Python dependencies only
- trigger from Pull Request
- retrieves vulnerability data
- creates Task on Azure Board
Test release -- do not use
This is a dummy test release, do not use