Commit graph

176 commits

Author SHA1 Message Date
Jonathan Leitschuh
a48b2ea114
Create codeql-analysis.yml 2021-02-04 17:38:04 -05:00
Jonathan Leitschuh
7fac2d2c0a
Merge pull request #34 from gradle/dependabot/npm_and_yarn/node-notifier-8.0.1
Bump node-notifier from 8.0.0 to 8.0.1
2020-12-22 11:43:36 -05:00
dependabot[bot]
cd6c78a359
Bump node-notifier from 8.0.0 to 8.0.1
Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1.
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](https://github.com/mikaelbr/node-notifier/compare/v8.0.0...v8.0.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-12-22 11:57:15 +00:00
Jonathan Leitschuh
2a9956c214
Merge pull request #31 from gradle/dependabot/npm_and_yarn/actions/core-1.2.6 2020-10-01 15:11:30 -04:00
dependabot[bot]
923a185f07
Bump @actions/core from 1.2.5 to 1.2.6
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Signed-off-by: dependabot[bot] <support@github.com>
2020-10-01 17:28:28 +00:00
Jonathan Leitschuh
aa698a7603
Merge pull request #30 from gradle/eskatos/upgrade-deps 2020-09-22 13:33:47 -04:00
paul
d48df5be4b Upgrade dependencies
and deal with the fallouts

Signed-off-by: Paul Merlin <paul@gradle.com>
2020-09-22 18:02:50 +02:00
Paul Merlin
e7b6c4bcaa
Merge pull request #27 from sschuberth/minor-improvements
Minor improvements
2020-09-22 17:37:04 +02:00
Sterling Greene
d39c60192d
Clarify reporting failures documentation 2020-07-24 13:48:47 -04:00
Jonathan Leitschuh
cc54f530e7
Merge pull request #29 from gradle/dependabot/npm_and_yarn/lodash-4.17.19
Bump lodash from 4.17.15 to 4.17.19
2020-07-21 12:03:16 -04:00
dependabot[bot]
dfbc601d56
Bump lodash from 4.17.15 to 4.17.19
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>
2020-07-19 05:31:16 +00:00
Sebastian Schuberth
12970df4d0 checksums: Remove some superfluous type declarations
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
2020-05-27 21:14:29 +02:00
Sebastian Schuberth
34e3321280 Make lint pass on Windows / for files with CRLF line endings
By setting "endOfLine" to "auto". While at it, fix indentation.

Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
2020-05-27 21:13:13 +02:00
Paul Merlin
5b4f0d05a6
Merge pull request #24 from gradle/eskatos/upgrade-deps
Upgrade dependencies
2020-04-07 15:59:37 +02:00
Paul Merlin
fa6a439a1e Build
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-04-07 15:47:45 +02:00
Paul Merlin
94ba8eeec3 Remove now unneeded typescript definitions for unhomoglyph
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-04-07 15:47:11 +02:00
Paul Merlin
b3d8242e39 Upgrade prod dependencies
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-04-07 15:46:51 +02:00
Paul Merlin
013614f39c Drop now removed upstream eslint typescript rules
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-04-07 15:46:37 +02:00
Paul Merlin
bf03fe7831 Upgrade dev dependencies
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-04-07 15:46:05 +02:00
Paul Merlin
80713d1dd8 Refine RELEASING.md
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-03-17 11:11:49 +01:00
Vaidotas Valuckas
0cf712888b
Merge pull request #22 from gradle/vv/bump-minimist
Bump minimist library version
2020-03-17 12:09:24 +02:00
Vaidotas Valuckas
616fa6d030
Bump minimist library version 2020-03-17 12:01:07 +02:00
Frieder Bluemle
fcaf38c511 Update checkout action to v2 2020-03-17 10:30:48 +01:00
Jonathan Leitschuh
3cfb6c24e2
Merge pull request #21 from gradle/dependabot/npm_and_yarn/acorn-5.7.4
Bump acorn from 5.7.3 to 5.7.4
2020-03-16 14:00:05 -04:00
dependabot[bot]
98b3cf662c
Bump acorn from 5.7.3 to 5.7.4
Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4)

Signed-off-by: dependabot[bot] <support@github.com>
2020-03-16 17:37:20 +00:00
Jonathan Leitschuh
b759e436a5 Add a link to the example Homoglyph attack PR 2020-03-03 10:41:27 +01:00
Frieder Bluemle
78999a846d Update GitHub Actions workflow name to ci 2020-02-26 09:53:27 +01:00
Jonathan Leitschuh
3d02c5f395
Merge pull request #14 from JLLeitschuh/docs/JLL/gradle_unsupported_versions
Document unsupported versions 3.3 to 4.0
2020-02-18 08:44:49 -05:00
Jonathan Leitschuh
793a52f6a9
Fix spacing on README 2020-02-13 16:59:09 -05:00
Jonathan Leitschuh
91b8d34dbf
Add explanation of what to do if in problematic version range
Co-Authored-By: Paul Merlin <paul@nosphere.org>
2020-02-12 13:59:11 -05:00
Jonathan Leitschuh
aea0bb6ee7
Document unsupported versions 3.3 to 4.0 2020-02-04 11:22:06 -05:00
Jonathan Leitschuh
80623af194
Merge pull request #13 from JLLeitschuh/docs/JLL/external_contribution_section
Add external contribution details to README
2020-02-04 10:01:29 -05:00
Jonathan Leitschuh
76f5cdbf5e
Add external contribution details to README 2020-02-03 15:37:36 -05:00
Jonathan Leitschuh
17df8817b6
Merge pull request #12 from JLLeitschuh/chore/JLL/remove_company_note
Remove comment about problem being unique to open source
2020-01-31 11:36:54 -05:00
Jonathan Leitschuh
025bdee66a
Remove comment about problem being unique to open source 2020-01-30 12:37:07 -05:00
Jonathan Leitschuh
e7f83badee
Merge pull request #11 from friederbluemle/update-project
Fix typo
2020-01-22 21:25:19 -05:00
Frieder Bluemle
c95c3c3f46
Fix typo 2020-01-22 16:44:58 -08:00
Paul Merlin
6651bb31dd Document release process
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-01-16 10:31:12 +01:00
Paul Merlin
8cb3a6f68d Let failure message link to how to report validation errors
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-01-16 10:08:53 +01:00
Jonathan Leitschuh
f783f98dff Simple housekeeping improvements 2020-01-16 10:03:19 +01:00
Paul Merlin
c17576acf6 Refine workflow sample in README
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-01-16 10:00:48 +01:00
Jonathan Leitschuh
ffa49e0d93
Merge pull request #6 from JLLeitschuh/feat/JLL/homoglyph_detector
Add a homoglyph detector for gradle-wrapper.jar files
2020-01-15 14:16:32 -05:00
Jonathan Leitschuh
169f8f11db
Mention the homoglyph detection capabilities in the README 2020-01-15 12:24:14 -05:00
Jonathan Leitschuh
9f4cacc32b
Merge branch 'master' into feat/JLL/homoglyph_detector
* master:
  Add :
  Build
  Rework output
  Let finding wrapper jars be predictable
  Ignore IDEA files
2020-01-15 11:59:08 -05:00
Jonathan Leitschuh
e4429f250f
Replace homoglyphs.ts with unhomoglyph library 2020-01-15 11:41:11 -05:00
Paul Merlin
fbc9d54f7d
Merge pull request #5 from gradle/eskatos/output-enhancements
Always display all found wrapper jars and their checksum
2020-01-14 10:03:22 +01:00
Jonathan Leitschuh
ae0da6528c
Add a homoglyph detector for gradle-wrapper.jar files 2020-01-13 13:00:16 -05:00
Paul Merlin
6c65025c7d Add :
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-01-13 10:29:20 +01:00
Jonathan Leitschuh
c230e9d098 Update alt text for binary file image 2020-01-13 10:05:53 +01:00
Paul Merlin
a8266c0a0b Build
Signed-off-by: Paul Merlin <paul@gradle.com>
2020-01-11 15:35:28 +01:00