v4.0.1

What's Changed

Other Changes

• chore(deps): bump vite to 7.3.1 by @oke-py in #310
• refactor(input): use getBooleanInput and trim inputs by @oke-py in #311
• refactor(workdir): centralize input normalization by @oke-py in #312
• test(coverage): exclude fixtures and tests by @oke-py in #313
• refactor(input): centralize input parsing by @oke-py in #314
• refactor(pr): extract pull request handling by @oke-py in #315
• refactor(issue): extract issue handling by @oke-py in #316
• chore: add husky hooks for biome and tests by @oke-py in #317
• chore(release): unify release flow and set v4.0.1 by @oke-py in #318

Full Changelog: v4...v4.0.1

v4.0.0

Summary

• major release v4.0.0
• update runtime from node20 to node24
• update dependencies

Changes

• version bump to 4.0.0
• update README and workflows to use v4

v3.0.0

npm-audit-action v3.0.0 Release Notes

Major Changes

Runtime Environment

• Node.js 20 Support: Updated minimum Node.js version from 16 to 20
• ES Modules Migration: Converted codebase from CommonJS to ES Modules
• Modern JavaScript: Modernized code to ES2020 standards

Development Infrastructure

• Testing Framework: Migrated from Jest to Vitest
• Linting: Upgraded to ESLint 9 with updated configurations
• Build Process: Updated TypeScript configuration and build pipeline

Dependencies

• Core Dependencies:
  • Updated @actions/core from 1.10.1 to 1.11.1
  • Updated @actions/github to v6.0.0
  • Updated @octokit/rest to v21.1.1
  • Replaced axios calls with Octokit
  • Updated strip-ansi to v7.1.0

GitHub Actions

• Action Dependencies:
  • Bumped actions/checkout from v3 to v4
  • Bumped actions/setup-node from v3 to v4
  • Bumped stefanzweifel/git-auto-commit-action from v4 to v5

Breaking Changes

The upgrade to Node.js 20 may require users to update their GitHub Actions workflows if they're currently pinned to older Node.js versions. Update your workflow files to use a compatible runner that supports Node.js 20.

How to Upgrade

Update your GitHub Actions workflow to use the new version:

- uses: oke-py/npm-audit-action@v3
  with:
    audit_level: moderate
    github_token: ${{ secrets.GITHUB_TOKEN }}
    issue_assignees: your-username
    issue_labels: vulnerability,security
    dedupe_issues: true

Full Changelog

For a complete list of changes, see the full changelog.

v2.4.4

What's Changed

Other Changes

• chore(release): fix error on re-targeting v2 tag on release by @oke-py in #166

Full Changelog: v2.4.3...v2.4.4

v2.4.3

What's Changed

No changes for production code.

Other Changes

• [skip ci] docs: update inputs description by @oke-py in #160
• docs: fix an error by @oke-py in #162
• chore(release): exclude release pr from release note by @oke-py in #161
• chore(build): remove unused branch from trigger by @oke-py in #163

Full Changelog: v2.4.2...v2.4.3

v2.4.2

What's Changed

Production code updates

• chore(package): bump axios from 1.2.1 to 1.2.2 by @oke-py in #158

Other Changes

• update devDependencies by @oke-py in #156
• chore(test): ignore devDependencies vulnerabilities by @oke-py in #157

Full Changelog: v2.4.1...v2.4.2

v2.4.1

What's Changed

Production code updates

• chore(package): bump typescript from 3.9.10 to 4.9.4 by @oke-py in #138
• chore(package): bump axios from 0.27.2 to 1.2.1 by @oke-py in #139
• chore(package): bump @actions/github from 5.0.3 to 5.1.1 by @oke-py in #142
• chore(package): bump @octokit/rest from 18.12.0 to 19.0.5 by @oke-py in #152

Other Changes

• chore(test): run tests on node 16 & 18 by @oke-py in #149
• chore(package): bump jest from 27.2.5 to 29.3.1 by @oke-py in #150
• chore(package): bump eslint from 8.19.0 to 8.30.0 by @oke-py in #151
• patch release: 2.4.1 by @oke-py in #154

Full Changelog: v2.4.0...v2.4.1

v2.4.0

What's Changed

• [Snyk] Security upgrade node from 16 to 16-bullseye-slim by @snyk-bot in #128
• update @actions/core not to use deprecated commands by @oke-py in #131
• test: fix CVE-2022-24999 in testdata to avoid failure unit test by @oke-py in #134
• test: PR build will not create a new issue to report vulnerabilities by @oke-py in #135
• docs: update actions/checkout by @oke-py in #136

New Contributors

• @snyk-bot made their first contribution in #128

Full Changelog: v2.3.0...v2.4.0

v2.3.0

What's Changed

• update npm globally at an earlier step of each job by @oke-py in #124
• updating production flag to --omit=dev by @Williamgbarnes in #125
• update dependencies by @oke-py in #126

New Contributors

• @Williamgbarnes made their first contribution in #125

Full Changelog: v2...v2.3.0

v2.2.0

What's Changed

• Fix Commit - Committing fix whereby NPM Audit Actions Fails when running on Window OS by @ShaidK in #122

New Contributors

• @ShaidK made their first contribution in #122

Full Changelog: v2.1.0...v2.2.0