Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: backport fork changes to upstream - copy #8

Closed
wants to merge 8 commits into from

Conversation

asos-danielc
Copy link
Contributor

Due to an issue with workflow secret permission access running in forked PRs, this PR has been recreated internally from #7

Issue

Fixes #5

Relates to #6

Details

This cherry picks amended commits from the https://github.com/jlp-craigmorten/snyker fork of this repo to contribute changes back, namely:

  • feat: upgrade dependencies to latest versions
  • feat: bump to Node 20 and NPM >=9
  • fix: correctly handle ignores even if limited to administrators
  • chore: eslint v9 upgrade
  • fix: need to force install to workaround incorrect peer deps on npm

(as included in the changelog)

This change squashes some patches I have on my fork into a single change against a new v5 version (hence why this change has 5.0.0 whereas my fork is currently at 5.0.3). Open to suggestion on whether you want to keep the version bump out of this change so you can implement yourselves, or change it as you better suited if disagree with the major.

Given the change in Node and NPM version it feels sensible to insist on this being a breaking change.

Also feel free to ignore or edit this change and/or recreate with the pieces you like.

src/index.js Dismissed Show dismissed Hide dismissed
@asos-danielc asos-danielc changed the title chore: backport fork changes to upstream chore: backport fork changes to upstream - copy Nov 27, 2024
…ty hash when `sha1` is used due to private repositories such as Azure Artifacts not supporting anything other than `sha1`.

feat: removed need for `--lockfile` flag if a `yarn.lock` or `package-lock.json` exists. Defaults to `yarn.lock` if not found. You can still specify a lockfile if you wish.
@asos-danielc asos-danielc marked this pull request as ready for review November 27, 2024 14:57
@asos-danielc asos-danielc deleted the craig-fork-merge branch November 27, 2024 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

snyker fails to update policy file ignore rules
2 participants