audit-ci

EDIT: Not accessible on the NPM registry due to NPM's outage: https://status.npmjs.org/incidents/wy4002vc8ryc

#196 - Support wildcards in allowlist
#204 - Use array.prototype.flatmap instead of core-js

#198 - [BREAKING]: Drop support for Node 8
#198 - Update lots of dependencies, fixing advisories

#199 - fix: Update advisory numbers for tests
#197 - feat: Add support for JSON5 config
#193 - feat: output-format, support JSON

#184 - Via link resolving for NPM 7
#186 - Opt-in skip dev dependencies

#175 - Add NPM 7 support

• #171 - Support Yarn Berry
• #172 - Bump lodash to fix NPM audit
• #177 - Bump lodash and y18n to fix NPM audit
• #178 - Specify NPM 6 in CircleCI
• #180 - Update README for GitHub Actions

Bugs fixes

#159 - Remove duplicate element of advisoriesFound in summary
#161 - Change lodash to node-noop for no vuln

• feat(allowlist): Change default to allowlist (#154)
• chore: Add Node 14 to testing matrix (#155)
• chore: Ran npm upgrade (#156)
• chore: Remove /bin (#157)

• #145: Fix npm-auditer's full audit report message to say NPM instead of Yarn
• #149: Remove unnecessary whitelist for advisory 1179

• #131 BREAKING: Drop node 6 support
• #138 BREAKING: Remove deprecated report and summary options
• #131 Change prettier settings
• #139 Use async/await syntax
• #139 Possibly fix https://github.com/IBM/audit-ci/issues/139
• #137 Use npmpublish GitHub Action for releases

Fixes:

#129 - fix: NPM ENOAUDIT message capturing improvements

Fixes:
#120 - fix: Get audit-ci version from package.json

Docs:
#123 - docs: Change suggested usage to include master

Build:
#121 - fix(CI): Update CircleCI and Travis-CI build configs
#122 - fix(CI): audit-ci checks in CircleCI on PR builds

#114 - Add current audit-ci version to output
#115 - chore(contributing): Improve testing section

Fixes:

#112: Remove duplicate advisories from whitelisted list

Features

• Add list of advisories to failed summary output (#110)

Features:
#104 - Add "path-whitelist" option

Fixes:
#108 - Fix --pass-enoaudit to not always pass an audit

Docs:
#101 - README typo fix for the --report-type
#105 - Aditional examples for path whitelisting

Fixes:

• #97 - Adds JSONStream for handling JSON data too big for JSON.parse
• #98 - Change low vulnerability dependency test

Docs:

• #99 - Add --pass-enoaudit information to README
• #101 - Typo fix for the --report-type

Features

#88 - Added --pass-enoaudit flag to mitigate issues with registries having service unavailability

Diff: https://github.com/IBM/audit-ci/compare/v2.0.0..v2.0.1

Bug fixes
Fix retry mechanism for another version of NPM error message: https://github.com/IBM/audit-ci/pull/89

Diff: https://github.com/IBM/audit-ci/compare/v1.7.0..v2.0.0

BREAKING

The default report output has been changed for Yarn and NPM. Instead of showing the audit summary alone, it shows the audit summary as well as relevant vulnerabilities. This behaviour can be changed using the --report-type option.

Spec:

--report-type important --> (default) Show the audit summary and relevant vulnerabilities
--report-type summary --> Only show the audit summary (# of each vulnerability)
--report-type full --> Show the full audit report

Features

• Introduce --report-type {important,summary,full} flag #74 (closes #64 )

Chores

• Deprecate --report in favour of --report-type full
• Deprecate --summary in favour of --report-type summary

Major release due to changing the default behaviour for audit reporting and deprecating key options