IBM/audit-ci (audit-ci)
### [`v6.6.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.6.1)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.6.0...v6.6.1)
#### What's Changed
- fix([#301](https://togithub.com/IBM/audit-ci/issues/301)): Handle JSONStream.parse() errors more gracefully by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/306](https://togithub.com/IBM/audit-ci/pull/306)
- Update README.md for improved docs on extra-args by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/304](https://togithub.com/IBM/audit-ci/pull/304)
- Release 6.6.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/307](https://togithub.com/IBM/audit-ci/pull/307)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.6.0...v6.6.1
### [`v6.6.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.6.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.5.0...v6.6.0)
#### What's Changed
- chore(deps): bump json5 from 1.0.1 to 1.0.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/IBM/audit-ci/pull/299](https://togithub.com/IBM/audit-ci/pull/299)
- Add `--extra-args` to fix [#298](https://togithub.com/IBM/audit-ci/issues/298) by [@sargunv](https://togithub.com/sargunv) in [https://github.com/IBM/audit-ci/pull/300](https://togithub.com/IBM/audit-ci/pull/300)
- chore: Release 6.6.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/303](https://togithub.com/IBM/audit-ci/pull/303)
#### New Contributors
- [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/IBM/audit-ci/pull/299](https://togithub.com/IBM/audit-ci/pull/299)
- [@sargunv](https://togithub.com/sargunv) made their first contribution in [https://github.com/IBM/audit-ci/pull/300](https://togithub.com/IBM/audit-ci/pull/300)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.5.0...v6.6.0
### [`v6.5.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.5.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.4.1...v6.5.0)
#### What's Changed
##### Features
- Added support for registry flag for pnpm by [@DiogoVCS](https://togithub.com/DiogoVCS) in [https://github.com/IBM/audit-ci/pull/293](https://togithub.com/IBM/audit-ci/pull/293)
##### Internal
- Update CircleCI base image by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/295](https://togithub.com/IBM/audit-ci/pull/295)
- Add ignore to linguist for Yarn Berry by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/296](https://togithub.com/IBM/audit-ci/pull/296)
- Release 6.5.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/294](https://togithub.com/IBM/audit-ci/pull/294)
#### New Contributors
- [@DiogoVCS](https://togithub.com/DiogoVCS) made their first contribution in [https://github.com/IBM/audit-ci/pull/293](https://togithub.com/IBM/audit-ci/pull/293)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.4.1...v6.5.0
### [`v6.4.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.4.1)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.4.0...v6.4.1)
#### What's Changed
##### Fixes
- fix: fix config parsing when using objects in allowlist by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/289](https://togithub.com/IBM/audit-ci/pull/289)
- Warn invalid NSP empty record by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/291](https://togithub.com/IBM/audit-ci/pull/291)
##### Internal
- chore: Update action dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/287](https://togithub.com/IBM/audit-ci/pull/287)
- Release 6.4.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/290](https://togithub.com/IBM/audit-ci/pull/290)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.4.0...v6.4.1
### [`v6.4.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.4.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.3.0...v6.4.0)
#### What's Changed
##### Features
- implement allowlist records by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/284](https://togithub.com/IBM/audit-ci/pull/284)
##### Internal
- chore: Update CodeQL by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/276](https://togithub.com/IBM/audit-ci/pull/276)
- chore: remove husky and pretty-quick by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/275](https://togithub.com/IBM/audit-ci/pull/275)
- chore: fix yarn-auditor tests by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/283](https://togithub.com/IBM/audit-ci/pull/283)
- Update devDependencies and release 6.4.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/286](https://togithub.com/IBM/audit-ci/pull/286)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.3.0...v6.4.0
### [`v6.3.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.3.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.2.1...v6.3.0)
#### What's Changed
##### Features
- feat: Add support for importing audit-ci by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/271](https://togithub.com/IBM/audit-ci/pull/271)
##### Fixes
- chore: Remove can't find package.json warning. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/269](https://togithub.com/IBM/audit-ci/pull/269)
- fix: Downgrade sinon for Node 12 support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/272](https://togithub.com/IBM/audit-ci/pull/272)
- docs: Pin running audit-ci to major version by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/273](https://togithub.com/IBM/audit-ci/pull/273)
##### Internal
- fix: improve gitignore to avoid adding yarn files by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/266](https://togithub.com/IBM/audit-ci/pull/266)
- feat: Add coverage checks and minimum levels by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/267](https://togithub.com/IBM/audit-ci/pull/267)
- chore: Improve test and code type-safety by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/268](https://togithub.com/IBM/audit-ci/pull/268)
- chore: Improve tests and typing & package d.ts files. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/270](https://togithub.com/IBM/audit-ci/pull/270)
- chore: Release 6.3.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/274](https://togithub.com/IBM/audit-ci/pull/274)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.2.1...v6.3.0
### [`v6.2.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.2.1)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.2.0...v6.2.1)
#### What's Changed
- chore: fix typo in lint:fix script by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/250](https://togithub.com/IBM/audit-ci/pull/250)
- chore(deps): Add audit-types by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/251](https://togithub.com/IBM/audit-ci/pull/251)
- docs: Add a ton of detail to allowlist documentation. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/254](https://togithub.com/IBM/audit-ci/pull/254)
- fix: Handle unhandled promise rejections in bin by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/255](https://togithub.com/IBM/audit-ci/pull/255)
- fix: minor lint by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/256](https://togithub.com/IBM/audit-ci/pull/256)
- fix: PNPM audit registry warning by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/257](https://togithub.com/IBM/audit-ci/pull/257)
- fix: Handle NPM 7+'s message (error) response by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/258](https://togithub.com/IBM/audit-ci/pull/258)
- chore: Release 6.2.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/259](https://togithub.com/IBM/audit-ci/pull/259)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.2.0...v6.2.1
### [`v6.2.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.2.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.2...v6.2.0)
#### What's Changed
##### Features
- fix: fix Yarn Berry workspace audit when skip-dev=true by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/248](https://togithub.com/IBM/audit-ci/pull/248)
##### Internal
- chore: Add dependabot for updating dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/245](https://togithub.com/IBM/audit-ci/pull/245)
- docs: CircleCI run audit-ci before npm install by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/246](https://togithub.com/IBM/audit-ci/pull/246)
- chore: Release 6.2.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/249](https://togithub.com/IBM/audit-ci/pull/249)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.2...v6.2.0
### [`v6.1.2`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.2)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.1...v6.1.2)
#### What's Changed
- add note about executing right after checkout by [@capaj](https://togithub.com/capaj) in [https://github.com/IBM/audit-ci/pull/242](https://togithub.com/IBM/audit-ci/pull/242)
- fix: dedupe advisory paths in yarn auditor by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/243](https://togithub.com/IBM/audit-ci/pull/243)
- chore: Release 6.1.2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/244](https://togithub.com/IBM/audit-ci/pull/244)
#### New Contributors
- [@capaj](https://togithub.com/capaj) made their first contribution in [https://github.com/IBM/audit-ci/pull/242](https://togithub.com/IBM/audit-ci/pull/242)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.1...v6.1.2
### [`v6.1.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.1)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.0...v6.1.1)
#### What's Changed
- docs: Add json-schema support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/238](https://togithub.com/IBM/audit-ci/pull/238)
- chore: Use [@types/node](https://togithub.com/types/node)^12 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/237](https://togithub.com/IBM/audit-ci/pull/237)
- fix: Deduplicate advisoryPathsFound by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/240](https://togithub.com/IBM/audit-ci/pull/240)
- chore: Release 6.1.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/241](https://togithub.com/IBM/audit-ci/pull/241)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.0...v6.1.1
### [`v6.1.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.0.0...v6.1.0)
#### What's Changed
**PNPM is supported!**
- feat: PNPM support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/235](https://togithub.com/IBM/audit-ci/pull/235)
- docs: Improvements on config explanations by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/233](https://togithub.com/IBM/audit-ci/pull/233)
- Type improvements and better functional structuring by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/234](https://togithub.com/IBM/audit-ci/pull/234)
- chore: Release 6.1.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/236](https://togithub.com/IBM/audit-ci/pull/236)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.0.0...v6.1.0
### [`v6.0.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.0.0)
[Compare Source](https://togithub.com/IBM/audit-ci/compare/v5.1.2...v6.0.0)
#### What's Changed
#### BREAKING
- Drop Node 10 support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219)
- Rewrite NPM 7/8 to fix audit path resolution by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219)
- Remove deprecated props `advisories`, `path-whitelist`, `whitelist` (codemod available) by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219)
- Switch identifier to be taken from `github_advisory_id` (codemod available) by [@mobilutz](https://togithub.com/mobilutz) in [https://github.com/IBM/audit-ci/pull/217](https://togithub.com/IBM/audit-ci/pull/217)
#### Features
- docs: Add codemod instructions and set Node v12 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/223](https://togithub.com/IBM/audit-ci/pull/223)
- feat: Print path for vulnerable advisories by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/230](https://togithub.com/IBM/audit-ci/pull/230)
#### Internal
- set package-lock.json lockfile to version 2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219)
- update dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219)
- chore: Release 6.0.0-beta.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/220](https://togithub.com/IBM/audit-ci/pull/220)
- fix: update npm fixtures by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/221](https://togithub.com/IBM/audit-ci/pull/221)
- chore: remove audit-ci allowlist value by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/222](https://togithub.com/IBM/audit-ci/pull/222)
- chore: Release 6.0.0-beta.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/224](https://togithub.com/IBM/audit-ci/pull/224)
- TypeScript support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/226](https://togithub.com/IBM/audit-ci/pull/226)
- chore: Release 6.0.0-beta.2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/229](https://togithub.com/IBM/audit-ci/pull/229)
- chore: Release 6.0.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/231](https://togithub.com/IBM/audit-ci/pull/231)
**Full Changelog**: https://github.com/IBM/audit-ci/compare/v5.1.2...v6.0.0
Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
^5.1.2
->^6.0.0
Release Notes
IBM/audit-ci (audit-ci)
### [`v6.6.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.6.1) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.6.0...v6.6.1) #### What's Changed - fix([#301](https://togithub.com/IBM/audit-ci/issues/301)): Handle JSONStream.parse() errors more gracefully by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/306](https://togithub.com/IBM/audit-ci/pull/306) - Update README.md for improved docs on extra-args by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/304](https://togithub.com/IBM/audit-ci/pull/304) - Release 6.6.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/307](https://togithub.com/IBM/audit-ci/pull/307) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.6.0...v6.6.1 ### [`v6.6.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.6.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.5.0...v6.6.0) #### What's Changed - chore(deps): bump json5 from 1.0.1 to 1.0.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/IBM/audit-ci/pull/299](https://togithub.com/IBM/audit-ci/pull/299) - Add `--extra-args` to fix [#298](https://togithub.com/IBM/audit-ci/issues/298) by [@sargunv](https://togithub.com/sargunv) in [https://github.com/IBM/audit-ci/pull/300](https://togithub.com/IBM/audit-ci/pull/300) - chore: Release 6.6.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/303](https://togithub.com/IBM/audit-ci/pull/303) #### New Contributors - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/IBM/audit-ci/pull/299](https://togithub.com/IBM/audit-ci/pull/299) - [@sargunv](https://togithub.com/sargunv) made their first contribution in [https://github.com/IBM/audit-ci/pull/300](https://togithub.com/IBM/audit-ci/pull/300) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.5.0...v6.6.0 ### [`v6.5.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.5.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.4.1...v6.5.0) #### What's Changed ##### Features - Added support for registry flag for pnpm by [@DiogoVCS](https://togithub.com/DiogoVCS) in [https://github.com/IBM/audit-ci/pull/293](https://togithub.com/IBM/audit-ci/pull/293) ##### Internal - Update CircleCI base image by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/295](https://togithub.com/IBM/audit-ci/pull/295) - Add ignore to linguist for Yarn Berry by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/296](https://togithub.com/IBM/audit-ci/pull/296) - Release 6.5.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/294](https://togithub.com/IBM/audit-ci/pull/294) #### New Contributors - [@DiogoVCS](https://togithub.com/DiogoVCS) made their first contribution in [https://github.com/IBM/audit-ci/pull/293](https://togithub.com/IBM/audit-ci/pull/293) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.4.1...v6.5.0 ### [`v6.4.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.4.1) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.4.0...v6.4.1) #### What's Changed ##### Fixes - fix: fix config parsing when using objects in allowlist by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/289](https://togithub.com/IBM/audit-ci/pull/289) - Warn invalid NSP empty record by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/291](https://togithub.com/IBM/audit-ci/pull/291) ##### Internal - chore: Update action dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/287](https://togithub.com/IBM/audit-ci/pull/287) - Release 6.4.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/290](https://togithub.com/IBM/audit-ci/pull/290) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.4.0...v6.4.1 ### [`v6.4.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.4.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.3.0...v6.4.0) #### What's Changed ##### Features - implement allowlist records by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/284](https://togithub.com/IBM/audit-ci/pull/284) ##### Internal - chore: Update CodeQL by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/276](https://togithub.com/IBM/audit-ci/pull/276) - chore: remove husky and pretty-quick by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/275](https://togithub.com/IBM/audit-ci/pull/275) - chore: fix yarn-auditor tests by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/283](https://togithub.com/IBM/audit-ci/pull/283) - Update devDependencies and release 6.4.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/286](https://togithub.com/IBM/audit-ci/pull/286) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.3.0...v6.4.0 ### [`v6.3.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.3.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.2.1...v6.3.0) #### What's Changed ##### Features - feat: Add support for importing audit-ci by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/271](https://togithub.com/IBM/audit-ci/pull/271) ##### Fixes - chore: Remove can't find package.json warning. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/269](https://togithub.com/IBM/audit-ci/pull/269) - fix: Downgrade sinon for Node 12 support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/272](https://togithub.com/IBM/audit-ci/pull/272) - docs: Pin running audit-ci to major version by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/273](https://togithub.com/IBM/audit-ci/pull/273) ##### Internal - fix: improve gitignore to avoid adding yarn files by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/266](https://togithub.com/IBM/audit-ci/pull/266) - feat: Add coverage checks and minimum levels by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/267](https://togithub.com/IBM/audit-ci/pull/267) - chore: Improve test and code type-safety by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/268](https://togithub.com/IBM/audit-ci/pull/268) - chore: Improve tests and typing & package d.ts files. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/270](https://togithub.com/IBM/audit-ci/pull/270) - chore: Release 6.3.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/274](https://togithub.com/IBM/audit-ci/pull/274) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.2.1...v6.3.0 ### [`v6.2.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.2.1) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.2.0...v6.2.1) #### What's Changed - chore: fix typo in lint:fix script by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/250](https://togithub.com/IBM/audit-ci/pull/250) - chore(deps): Add audit-types by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/251](https://togithub.com/IBM/audit-ci/pull/251) - docs: Add a ton of detail to allowlist documentation. by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/254](https://togithub.com/IBM/audit-ci/pull/254) - fix: Handle unhandled promise rejections in bin by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/255](https://togithub.com/IBM/audit-ci/pull/255) - fix: minor lint by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/256](https://togithub.com/IBM/audit-ci/pull/256) - fix: PNPM audit registry warning by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/257](https://togithub.com/IBM/audit-ci/pull/257) - fix: Handle NPM 7+'s message (error) response by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/258](https://togithub.com/IBM/audit-ci/pull/258) - chore: Release 6.2.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/259](https://togithub.com/IBM/audit-ci/pull/259) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.2.0...v6.2.1 ### [`v6.2.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.2.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.2...v6.2.0) #### What's Changed ##### Features - fix: fix Yarn Berry workspace audit when skip-dev=true by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/248](https://togithub.com/IBM/audit-ci/pull/248) ##### Internal - chore: Add dependabot for updating dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/245](https://togithub.com/IBM/audit-ci/pull/245) - docs: CircleCI run audit-ci before npm install by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/246](https://togithub.com/IBM/audit-ci/pull/246) - chore: Release 6.2.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/249](https://togithub.com/IBM/audit-ci/pull/249) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.2...v6.2.0 ### [`v6.1.2`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.2) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.1...v6.1.2) #### What's Changed - add note about executing right after checkout by [@capaj](https://togithub.com/capaj) in [https://github.com/IBM/audit-ci/pull/242](https://togithub.com/IBM/audit-ci/pull/242) - fix: dedupe advisory paths in yarn auditor by [@kyletsang](https://togithub.com/kyletsang) in [https://github.com/IBM/audit-ci/pull/243](https://togithub.com/IBM/audit-ci/pull/243) - chore: Release 6.1.2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/244](https://togithub.com/IBM/audit-ci/pull/244) #### New Contributors - [@capaj](https://togithub.com/capaj) made their first contribution in [https://github.com/IBM/audit-ci/pull/242](https://togithub.com/IBM/audit-ci/pull/242) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.1...v6.1.2 ### [`v6.1.1`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.1) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.1.0...v6.1.1) #### What's Changed - docs: Add json-schema support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/238](https://togithub.com/IBM/audit-ci/pull/238) - chore: Use [@types/node](https://togithub.com/types/node)^12 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/237](https://togithub.com/IBM/audit-ci/pull/237) - fix: Deduplicate advisoryPathsFound by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/240](https://togithub.com/IBM/audit-ci/pull/240) - chore: Release 6.1.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/241](https://togithub.com/IBM/audit-ci/pull/241) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.1.0...v6.1.1 ### [`v6.1.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.1.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v6.0.0...v6.1.0) #### What's Changed **PNPM is supported!** - feat: PNPM support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/235](https://togithub.com/IBM/audit-ci/pull/235) - docs: Improvements on config explanations by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/233](https://togithub.com/IBM/audit-ci/pull/233) - Type improvements and better functional structuring by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/234](https://togithub.com/IBM/audit-ci/pull/234) - chore: Release 6.1.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/236](https://togithub.com/IBM/audit-ci/pull/236) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v6.0.0...v6.1.0 ### [`v6.0.0`](https://togithub.com/IBM/audit-ci/releases/tag/v6.0.0) [Compare Source](https://togithub.com/IBM/audit-ci/compare/v5.1.2...v6.0.0) #### What's Changed #### BREAKING - Drop Node 10 support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219) - Rewrite NPM 7/8 to fix audit path resolution by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219) - Remove deprecated props `advisories`, `path-whitelist`, `whitelist` (codemod available) by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219) - Switch identifier to be taken from `github_advisory_id` (codemod available) by [@mobilutz](https://togithub.com/mobilutz) in [https://github.com/IBM/audit-ci/pull/217](https://togithub.com/IBM/audit-ci/pull/217) #### Features - docs: Add codemod instructions and set Node v12 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/223](https://togithub.com/IBM/audit-ci/pull/223) - feat: Print path for vulnerable advisories by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/230](https://togithub.com/IBM/audit-ci/pull/230) #### Internal - set package-lock.json lockfile to version 2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219) - update dependencies by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/219](https://togithub.com/IBM/audit-ci/pull/219) - chore: Release 6.0.0-beta.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/220](https://togithub.com/IBM/audit-ci/pull/220) - fix: update npm fixtures by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/221](https://togithub.com/IBM/audit-ci/pull/221) - chore: remove audit-ci allowlist value by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/222](https://togithub.com/IBM/audit-ci/pull/222) - chore: Release 6.0.0-beta.1 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/224](https://togithub.com/IBM/audit-ci/pull/224) - TypeScript support by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/226](https://togithub.com/IBM/audit-ci/pull/226) - chore: Release 6.0.0-beta.2 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/229](https://togithub.com/IBM/audit-ci/pull/229) - chore: Release 6.0.0 by [@quinnturner](https://togithub.com/quinnturner) in [https://github.com/IBM/audit-ci/pull/231](https://togithub.com/IBM/audit-ci/pull/231) **Full Changelog**: https://github.com/IBM/audit-ci/compare/v5.1.2...v6.0.0Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.