v2.0.1

What's Changed

• fix(package.json): only includes ./dist in tarball whitelist by @fraxken in #261

Full Changelog: v2.0.0...v2.0.1

v2.0.0

Full Changelog: v2.0.0...v2.0.0

What's Changed

• Use @nodesecure/github instead of the old @SlimIO one by @fraxken in #45
• chore: deprecate Node.js Security WG DB strategy by @PierreDemailly in #47
• docs: add PierreDemailly as a contributor for code, doc by @allcontributors in #48
• fix: remove Node.js WG security disclosure program by @fraxken in #51
• fix(package): update dependencies to fix undici & arborist CWE by @fraxken in #52
• [Snyk] Upgrade @nodesecure/github from 1.1.0 to 1.2.0 by @fraxken in #54
• [Snyk] Upgrade @npmcli/arborist from 5.6.1 to 5.6.2 by @snyk-bot in #56
• [Snyk] Upgrade @nodesecure/npm-registry-sdk from 1.4.0 to 1.4.1 by @fraxken in #55
• Fixing the build badge/Adding badge scorecards by @fabnguess in #61
• refactor: update testing strategy to target *.unit and *.integration tests and remove flakiness by @antoine-coulon in #62
• Add missing .js extension in TypeScript definitions by @fabnguess in #65
• docs: add fabnguess as a contributor for code by @allcontributors in #66
• docs: update badges style and center them by @fraxken in #67
• feat(SECURITY.md): Adding security policy by @fabnguess in #72
• chore: remove permanently package-lock.json by @fraxken in #73
• chore(StepSecurity): Apply security best practices by @step-security-bot in #74
• chore(deps-dev): bump @slimio/is from 1.5.1 to 2.0.0 by @dependabot in #79
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #78
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #77
• chore(deps): bump actions/setup-node from 2.5.1 to 3.6.0 by @dependabot in #76
• chore(deps): bump sirv from 1.0.19 to 2.0.2 in /test/fixtures/audit by @dependabot in #85
• chore(deps-dev): bump pkg-ok from 2.3.1 to 3.0.0 in /test/fixtures/audit by @dependabot in #89
• chore(deps): bump @npmcli/arborist from 2.10.0 to 6.2.0 in /test/fixtures/audit by @dependabot in #88
• chore(deps-dev): bump get-folder-size from 2.0.1 to 4.0.0 in /test/fixtures/audit by @dependabot in #87
• chore(deps): bump @slimio/lock from 0.5.0 to 1.0.0 in /test/fixtures/audit by @dependabot in #86
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #96
• chore(deps-dev): bump @types/node from 14.18.36 to 18.11.18 in /test/fixtures/audit by @dependabot in #98
• chore(deps): bump @slimio/is from 1.5.1 to 2.0.0 in /test/fixtures/audit by @dependabot in #102
• chore(deps-dev): bump jest from 26.6.3 to 29.4.1 in /test/fixtures/audit by @dependabot in #100
• chore(deps-dev): bump esbuild from 0.9.7 to 0.17.7 in /test/fixtures/audit by @dependabot in #108
• chore(deps-dev): bump pretty-bytes from 5.6.0 to 6.1.0 in /test/fixtures/audit by @dependabot in #104
• chore(deps-dev): bump @slimio/eslint-config from 4.1.0 to 5.0.0 in /test/fixtures/audit by @dependabot in #99
• chore(deps): bump cliui from 7.0.4 to 8.0.1 in /test/fixtures/audit by @dependabot in #103
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 by @dependabot in #107
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #112
• chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 by @dependabot in #109
• Update dependabot frequency by @fabnguess in #114
• docs: add fabnguess as a contributor for maintenance by @allcontributors in #115
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #117
• chore(deps-dev): bump eslint from 7.32.0 to 8.35.0 in /test/fixtures/audit by @dependabot in #116
• chore(deps-dev): bump tsd from 0.25.0 to 0.27.0 by @dependabot in #118
• fix(security): add missing workflow top level permissions by @fraxken in #119
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #126
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #124
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #123
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #125
• chore(deps-dev): bump tsd from 0.27.0 to 0.28.1 by @dependabot in #127
• chore(deps): bump github/codeql-action from 2.2.9 to 2.3.2 by @dependabot in #133
• chore(deps): bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #132
• chore(deps): bump step-security/harden-runner from 2.2.1 to 2.3.1 by @dependabot in #131
• chore(deps): bump step-security/harden-runner from 2.3.1 to 2.4.0 by @dependabot in #144
• chore(deps): bump github/codeql-action from 2.3.2 to 2.3.5 by @dependabot in #143
• chore(deps-dev): bump c8 from 7.14.0 to 8.0.0 by @dependabot in #148
• fix: update getVulnerabilities to match arborist api results by @halcin in #158
• chore(deps): bump step-security/harden-runner from 2.4.0 to 2.5.1 by @dependabot in #187
• chore(deps): bump actions/checkout from 3.5.2 to 3.6.0 by @dependabot in #186
• chore(deps): bump github/codeql-action from 2.3.5 to 2.21.5 by @dependabot in #185
• chore(deps-dev): bump @types/node from 18.17.11 to 20.5.6 in /test/fixtures/audit by @dependabot in #183
• chore(deps): bump @myunisoft/httpie from 1.11.0 to 2.0.1 by @dependabot in #168
• chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #156
• chore(deps): bump itertools from 1.7.1 to 2.1.2 in /test/fixtures/audit by @dependabot in #163
• chore(deps): bump pacote from 11.3.5 to 17.0.3 in /test/fixtures/audit by @dependabot in #182
• chore(deps): bump cacache from 15.3.0 to 18.0.0 in /test/fixtures/audit by @dependabot in #180
• chore(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by @dependabot in #184
• feat: implement pnpm support by @fraxken in #188
• refactor!: rename NPM Audit to GitHub Advisory by @fraxken in #189
• chore(deps): bump @npmcli/arborist from 6.3.0 to 7.0.0 by @dependabot in #193
• chore(deps): bump @npmcli/arborist from 6.3.0 to 7.0.0 in /test/fixtures/audit by @dependabot in #192
• chore(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @dependabot in #191
• feat(sonatype): implement ratelimit for coordinates by @fraxken in #194
• refactor: migrate to TypeScript and Node.js test_runner by @fraxken in #197
• drop support for Node 16 by @fabnguess in #209
• Docs: Use new Github blockquotes by @fabnguess in #219
• chore: implement OSV api & format by @fraxken in #216
• chore(LICENSE): update licensing year by @fabnguess in #227
• chore: using dependabot groups by @fabnguess in #228
• fix(dependabot): ignore update for /test/fixtures/audit by @fraxken in #238
• chore(deps): bump the github-actions group with 6 updates by @dependabot in #239
• chore(deps): bump the dependencies group with 2 updates by @dependabo...

v1.8.0

What's Changed

• docs: add missing types and interfaces and review usage example by @fraxken in #36
• [Snyk] Upgrade @npmcli/arborist from 5.1.1 to 5.2.0 by @snyk-bot in #35
• [Snyk] Upgrade @myunisoft/httpie from 1.6.0 to 1.7.0 by @snyk-bot in #37
• chore: add contribution guideline by @antoine-coulon in #38
• chore: update httpie to 1.8.0 by @tony-go in #40
• [Snyk] Upgrade @npmcli/arborist from 5.2.0 to 5.2.1 by @fraxken in #39
• chore: update dependencies by @fraxken in #43
• chore: rename all occurrences of "vuln" to "vulnera" by @antoine-coulon in #44

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

• test: update the global testing strategy by introducing unit and integration tests by @antoine-coulon in #30
• feat: create getVulnerabilities function by @Mathieuka in #33
• docs: add Mathieuka as a contributor for code by @allcontributors in #34
• update dependencies by @fraxken

New Contributors

• @Mathieuka made their first contribution in #33

Full Changelog: v1.6.0...v1.7.0

v1.6.0

What's Changed

• Add @nodesecure/ci action to the GitHub workflow by @antoine-coulon in #22
• Add Sonatype vulnerability detection strategy by @antoine-coulon in #21

Full Changelog: v1.5.0...v1.6.0