All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added
babel& configuration to enableJestto handle ES6 module syntax - Added
jsonschemamodule to run validation processing on reports with expected schema in test cases - Added additional unit-tests to characterize all current features of CLI
- Added unit-tests to ensure handling of 0 vulnerability inputs to create an valid 0 vulnerability GitLab report
- Additional fault-tolerance and error handling to processing
- Aliased v1 & v2 of
npm-audit-reportpkg as devDependency, enables update monitoring & test integration - Lint: allow increment notation (
i++) of variables
- Dev build does not produce extrenous files by default
- Expanded
package.jsonspec with more keywords for SEO - Improved
README.mddescription to explain why to use this library - Refactored processing of v1 & v2 audit reports for better code reuse and maintainability
- Refactored test framework organization to consolidate CLI tests together
- Resulting reports now include
dependency_filesentries that didn't exist before and are required byv14.0.3schema - Switched
schema-mergedevdependency to@gitlab-org/security-report-schemaspkg & refactored usage - V1 report now includes remediation actions for resolving vulnerabilities if exists
- V2 report will ensure no duplicate remediation actions in the resulting report
- Dropped
toolfield inreport.json - Dropped inclusion of NodeJS core modules into distribution code via changed webpack config
- Removed concept of a DEV_ENTRYPOINT and development version testing. Decided to require a production rebuild prior to executing testcases
- Fix "value not exist in enum" issue relating to vulnerability severity translation
- Fixed invalid entries in reports that do not pass the schema validation
- Rewrite the vulnerabilility ID format generated per reported vulnerability to better match schema rules
- Bumped
wsversion to fix regex vulnerability - Changed
remark-lint-are-links-validdevdependency toremark-lint-no-dead-urlsin favor of an active repo that resolves its vulnerabilities
- Changed lint to ignore
import/no-extraneous-dependenciesrule
- The installation of any dependencies for runtime
- Resolved slow installation of package
- Added CHANGELOG file
- Added per version readme documentation
- Eslint for JS and Markdown to include prettier, AirBnb style & remark plugins
- Official Schema package as a dependency & into bundle for use
- Webpack bundle creation for distribution code
- Run-scripts modified for new developer workflow & pre-checks (dropped prepare
- Testing Framework implementation uses jest/nodejs instead of shell scripts script)
- Updated README documentation to explain package and explain new test usage
- Updated schema output to match official schema (schema.version)
- Fix parse error from stdin extrenuous prefixed json output (usually from
npm run-script)
- Initial automated test run and validation
- Improved README instructions related to testing
- Ported to new author @elpete
- Implemented support for
npm-audit-report@v2.0, which provides v2 report format
- Optimized
join()
- Implemented
versiontop level key - Implemented
remediationskey - Instructions for Gitlab CI configuration
- Put vulnerability info into
vulnerabilitiesarray
- Defined bin file
- Added initial documentation
- Cleaned up code
- Initial creation of project & base implementation