mrpj 0.2.5 → 0.2.7

package/API.md

@@ -5142,6 +5142,8 @@ const constructProjectOptions: ConstructProjectOptions = { ... }
 | <code><a href="#mrpj.ConstructProjectOptions.property.repositoryUrl">repositoryUrl</a></code> | <code>string</code> | Git repository URL. |
 | <code><a href="#mrpj.ConstructProjectOptions.property.allowLibraryDependencies">allowLibraryDependencies</a></code> | <code>boolean</code> | Allow the project to include `peerDependencies` and `bundledDependencies`. |
 | <code><a href="#mrpj.ConstructProjectOptions.property.artifactsDirectory">artifactsDirectory</a></code> | <code>string</code> | A directory which will contain build artifacts. |
+| <code><a href="#mrpj.ConstructProjectOptions.property.auditDeps">auditDeps</a></code> | <code>boolean</code> | Run security audit on dependencies. |
+| <code><a href="#mrpj.ConstructProjectOptions.property.auditDepsOptions">auditDepsOptions</a></code> | <code>projen.javascript.AuditOptions</code> | Security audit options. |
 | <code><a href="#mrpj.ConstructProjectOptions.property.authorEmail">authorEmail</a></code> | <code>string</code> | Author's e-mail. |
 | <code><a href="#mrpj.ConstructProjectOptions.property.authorName">authorName</a></code> | <code>string</code> | Author's name. |
 | <code><a href="#mrpj.ConstructProjectOptions.property.authorOrganization">authorOrganization</a></code> | <code>boolean</code> | Is the author an organization. |
@@ -5411,6 +5413,36 @@ A directory which will contain build artifacts.
 
 ---
 
+##### `auditDeps`<sup>Optional</sup> <a name="auditDeps" id="mrpj.ConstructProjectOptions.property.auditDeps"></a>
+
+```typescript
+public readonly auditDeps: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Run security audit on dependencies.
+
+When enabled, creates an "audit" task that checks for known security vulnerabilities
+in dependencies. By default, runs during every build and checks for "high" severity
+vulnerabilities or above in all dependencies (including dev dependencies).
+
+---
+
+##### `auditDepsOptions`<sup>Optional</sup> <a name="auditDepsOptions" id="mrpj.ConstructProjectOptions.property.auditDepsOptions"></a>
+
+```typescript
+public readonly auditDepsOptions: AuditOptions;
+```
+
+- *Type:* projen.javascript.AuditOptions
+- *Default:* default options
+
+Security audit options.
+
+---
+
 ##### `authorEmail`<sup>Optional</sup> <a name="authorEmail" id="mrpj.ConstructProjectOptions.property.authorEmail"></a>
 
 ```typescript
@@ -8064,6 +8096,8 @@ const projenProjectOptions: ProjenProjectOptions = { ... }
 | <code><a href="#mrpj.ProjenProjectOptions.property.allowedCommitTypes">allowedCommitTypes</a></code> | <code>string[]</code> | Which conventional commit types are allowed to be used Types listed in `releasableCommitTypes` are always allowed. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.allowLibraryDependencies">allowLibraryDependencies</a></code> | <code>boolean</code> | Allow the project to include `peerDependencies` and `bundledDependencies`. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.artifactsDirectory">artifactsDirectory</a></code> | <code>string</code> | A directory which will contain build artifacts. |
+| <code><a href="#mrpj.ProjenProjectOptions.property.auditDeps">auditDeps</a></code> | <code>boolean</code> | Run security audit on dependencies. |
+| <code><a href="#mrpj.ProjenProjectOptions.property.auditDepsOptions">auditDepsOptions</a></code> | <code>projen.javascript.AuditOptions</code> | Security audit options. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.authorAddress">authorAddress</a></code> | <code>string</code> | Email or URL of the library author. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.authorEmail">authorEmail</a></code> | <code>string</code> | Author's e-mail. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.authorOrganization">authorOrganization</a></code> | <code>boolean</code> | Is the author an organization. |
@@ -8071,6 +8105,7 @@ const projenProjectOptions: ProjenProjectOptions = { ... }
 | <code><a href="#mrpj.ProjenProjectOptions.property.autoApproveUpgrades">autoApproveUpgrades</a></code> | <code>boolean</code> | Automatically approve deps upgrade PRs, allowing them to be merged by mergify (if configued). |
 | <code><a href="#mrpj.ProjenProjectOptions.property.autoDetectBin">autoDetectBin</a></code> | <code>boolean</code> | Automatically add all executables under the `bin` directory to your `package.json` file under the `bin` section. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.automationAppName">automationAppName</a></code> | <code>string</code> | Use this app for workflow automation. |
+| <code><a href="#mrpj.ProjenProjectOptions.property.automationEnvironment">automationEnvironment</a></code> | <code>string</code> | Protect any automation with this environment. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.autoMerge">autoMerge</a></code> | <code>boolean</code> | Enable automatic merging on GitHub. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.autoMergeOptions">autoMergeOptions</a></code> | <code>projen.github.AutoMergeOptions</code> | Configure options for automatic merging on GitHub. |
 | <code><a href="#mrpj.ProjenProjectOptions.property.bin">bin</a></code> | <code>{[ key: string ]: string}</code> | Binary programs vended with your module. |
@@ -8281,6 +8316,36 @@ A directory which will contain build artifacts.
 
 ---
 
+##### `auditDeps`<sup>Optional</sup> <a name="auditDeps" id="mrpj.ProjenProjectOptions.property.auditDeps"></a>
+
+```typescript
+public readonly auditDeps: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Run security audit on dependencies.
+
+When enabled, creates an "audit" task that checks for known security vulnerabilities
+in dependencies. By default, runs during every build and checks for "high" severity
+vulnerabilities or above in all dependencies (including dev dependencies).
+
+---
+
+##### `auditDepsOptions`<sup>Optional</sup> <a name="auditDepsOptions" id="mrpj.ProjenProjectOptions.property.auditDepsOptions"></a>
+
+```typescript
+public readonly auditDepsOptions: AuditOptions;
+```
+
+- *Type:* projen.javascript.AuditOptions
+- *Default:* default options
+
+Security audit options.
+
+---
+
 ##### `authorAddress`<sup>Optional</sup> <a name="authorAddress" id="mrpj.ProjenProjectOptions.property.authorAddress"></a>
 
 ```typescript
@@ -8366,7 +8431,7 @@ public readonly automationAppName: string;
 ```
 
 - *Type:* string
-- *Default:* tokens will be used
+- *Default:* none
 
 Use this app for workflow automation.
 
@@ -8374,6 +8439,21 @@ Remember to install the app and to configure credentials.
 
 ---
 
+##### `automationEnvironment`<sup>Optional</sup> <a name="automationEnvironment" id="mrpj.ProjenProjectOptions.property.automationEnvironment"></a>
+
+```typescript
+public readonly automationEnvironment: string;
+```
+
+- *Type:* string
+- *Default:* "automation"
+
+Protect any automation with this environment.
+
+You will need to set the environment up in GitHub. Credentials can only be used within this environment.
+
+---
+
 ##### `autoMerge`<sup>Optional</sup> <a name="autoMerge" id="mrpj.ProjenProjectOptions.property.autoMerge"></a>
 
 ```typescript
@@ -10391,6 +10471,39 @@ Options for Yarn Berry.
 
 ---
 
+### SelfMutationOnForksOptions <a name="SelfMutationOnForksOptions" id="mrpj.components.SelfMutationOnForksOptions"></a>
+
+Options for configuring self-mutation behavior on forks.
+
+#### Initializer <a name="Initializer" id="mrpj.components.SelfMutationOnForksOptions.Initializer"></a>
+
+```typescript
+import { components } from 'mrpj'
+
+const selfMutationOnForksOptions: components.SelfMutationOnForksOptions = { ... }
+```
+
+#### Properties <a name="Properties" id="Properties"></a>
+
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#mrpj.components.SelfMutationOnForksOptions.property.environment">environment</a></code> | <code>string</code> | Environment name to use for the workflow. |
+
+---
+
+##### `environment`<sup>Optional</sup> <a name="environment" id="mrpj.components.SelfMutationOnForksOptions.property.environment"></a>
+
+```typescript
+public readonly environment: string;
+```
+
+- *Type:* string
+- *Default:* no environment specified
+
+Environment name to use for the workflow.
+
+---
+
 ### SizeOptions <a name="SizeOptions" id="mrpj.logo.SizeOptions"></a>
 
 #### Initializer <a name="Initializer" id="mrpj.logo.SizeOptions.Initializer"></a>
@@ -10603,6 +10716,8 @@ const typeScriptProjectOptions: TypeScriptProjectOptions = { ... }
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.allowedCommitTypes">allowedCommitTypes</a></code> | <code>string[]</code> | Which conventional commit types are allowed to be used Types listed in `releasableCommitTypes` are always allowed. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.allowLibraryDependencies">allowLibraryDependencies</a></code> | <code>boolean</code> | Allow the project to include `peerDependencies` and `bundledDependencies`. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.artifactsDirectory">artifactsDirectory</a></code> | <code>string</code> | A directory which will contain build artifacts. |
+| <code><a href="#mrpj.TypeScriptProjectOptions.property.auditDeps">auditDeps</a></code> | <code>boolean</code> | Run security audit on dependencies. |
+| <code><a href="#mrpj.TypeScriptProjectOptions.property.auditDepsOptions">auditDepsOptions</a></code> | <code>projen.javascript.AuditOptions</code> | Security audit options. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.authorEmail">authorEmail</a></code> | <code>string</code> | Author's e-mail. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.authorOrganization">authorOrganization</a></code> | <code>boolean</code> | Is the author an organization. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.authorUrl">authorUrl</a></code> | <code>string</code> | Author's URL / Website. |
@@ -10610,6 +10725,7 @@ const typeScriptProjectOptions: TypeScriptProjectOptions = { ... }
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.autoApproveUpgrades">autoApproveUpgrades</a></code> | <code>boolean</code> | Automatically approve deps upgrade PRs, allowing them to be merged by mergify (if configued). |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.autoDetectBin">autoDetectBin</a></code> | <code>boolean</code> | Automatically add all executables under the `bin` directory to your `package.json` file under the `bin` section. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.automationAppName">automationAppName</a></code> | <code>string</code> | Use this app for workflow automation. |
+| <code><a href="#mrpj.TypeScriptProjectOptions.property.automationEnvironment">automationEnvironment</a></code> | <code>string</code> | Protect any automation with this environment. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.autoMerge">autoMerge</a></code> | <code>boolean</code> | Enable automatic merging on GitHub. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.autoMergeOptions">autoMergeOptions</a></code> | <code>projen.github.AutoMergeOptions</code> | Configure options for automatic merging on GitHub. |
 | <code><a href="#mrpj.TypeScriptProjectOptions.property.bin">bin</a></code> | <code>{[ key: string ]: string}</code> | Binary programs vended with your module. |
@@ -10811,6 +10927,36 @@ A directory which will contain build artifacts.
 
 ---
 
+##### `auditDeps`<sup>Optional</sup> <a name="auditDeps" id="mrpj.TypeScriptProjectOptions.property.auditDeps"></a>
+
+```typescript
+public readonly auditDeps: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Run security audit on dependencies.
+
+When enabled, creates an "audit" task that checks for known security vulnerabilities
+in dependencies. By default, runs during every build and checks for "high" severity
+vulnerabilities or above in all dependencies (including dev dependencies).
+
+---
+
+##### `auditDepsOptions`<sup>Optional</sup> <a name="auditDepsOptions" id="mrpj.TypeScriptProjectOptions.property.auditDepsOptions"></a>
+
+```typescript
+public readonly auditDepsOptions: AuditOptions;
+```
+
+- *Type:* projen.javascript.AuditOptions
+- *Default:* default options
+
+Security audit options.
+
+---
+
 ##### `authorEmail`<sup>Optional</sup> <a name="authorEmail" id="mrpj.TypeScriptProjectOptions.property.authorEmail"></a>
 
 ```typescript
@@ -10895,7 +11041,7 @@ public readonly automationAppName: string;
 ```
 
 - *Type:* string
-- *Default:* tokens will be used
+- *Default:* none
 
 Use this app for workflow automation.
 
@@ -10903,6 +11049,21 @@ Remember to install the app and to configure credentials.
 
 ---
 
+##### `automationEnvironment`<sup>Optional</sup> <a name="automationEnvironment" id="mrpj.TypeScriptProjectOptions.property.automationEnvironment"></a>
+
+```typescript
+public readonly automationEnvironment: string;
+```
+
+- *Type:* string
+- *Default:* "automation"
+
+Protect any automation with this environment.
+
+You will need to set the environment up in GitHub. Credentials can only be used within this environment.
+
+---
+
 ##### `autoMerge`<sup>Optional</sup> <a name="autoMerge" id="mrpj.TypeScriptProjectOptions.property.autoMerge"></a>
 
 ```typescript
@@ -13127,6 +13288,53 @@ Scale the logo by a factor.
 ---
 
 
+### SelfMutationOnForks <a name="SelfMutationOnForks" id="mrpj.components.SelfMutationOnForks"></a>
+
+Configures GitHub workflows to enable self-mutation on fork pull requests.
+
+This class sets up a workflow that will automatically apply projen-generated changes
+when a build fails due to outdated generated files. The workflow:
+
+1. Runs when the build workflow fails on a PR
+2. Downloads any patch file generated during the failed build
+3. Authenticates using GitHub App credentials
+4. Checks out the PR branch
+5. Applies the patch if it exists and can be applied cleanly
+6. Commits and pushes the changes back to the PR
+
+This enables automated fixes for common projen-related issues on fork PRs.
+
+#### Initializers <a name="Initializers" id="mrpj.components.SelfMutationOnForks.Initializer"></a>
+
+```typescript
+import { components } from 'mrpj'
+
+new components.SelfMutationOnForks(project: Project, options?: SelfMutationOnForksOptions)
+```
+
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#mrpj.components.SelfMutationOnForks.Initializer.parameter.project">project</a></code> | <code>projen.Project</code> | *No description.* |
+| <code><a href="#mrpj.components.SelfMutationOnForks.Initializer.parameter.options">options</a></code> | <code>mrpj.components.SelfMutationOnForksOptions</code> | *No description.* |
+
+---
+
+##### `project`<sup>Required</sup> <a name="project" id="mrpj.components.SelfMutationOnForks.Initializer.parameter.project"></a>
+
+- *Type:* projen.Project
+
+---
+
+##### `options`<sup>Optional</sup> <a name="options" id="mrpj.components.SelfMutationOnForks.Initializer.parameter.options"></a>
+
+- *Type:* mrpj.components.SelfMutationOnForksOptions
+
+---
+
+
+
+
+
 ## Protocols <a name="Protocols" id="Protocols"></a>
 
 ### ILogo <a name="ILogo" id="mrpj.logo.ILogo"></a>

package/lib/components/SelfMutationOnForks.d.ts

@@ -0,0 +1,29 @@
+import type { Project } from 'projen';
+/**
+ * Options for configuring self-mutation behavior on forks
+ */
+export interface SelfMutationOnForksOptions {
+    /**
+     * Environment name to use for the workflow
+     * @default - no environment specified
+     */
+    readonly environment?: string;
+}
+/**
+ * Configures GitHub workflows to enable self-mutation on fork pull requests.
+ *
+ * This class sets up a workflow that will automatically apply projen-generated changes
+ * when a build fails due to outdated generated files. The workflow:
+ *
+ * 1. Runs when the build workflow fails on a PR
+ * 2. Downloads any patch file generated during the failed build
+ * 3. Authenticates using GitHub App credentials
+ * 4. Checks out the PR branch
+ * 5. Applies the patch if it exists and can be applied cleanly
+ * 6. Commits and pushes the changes back to the PR
+ *
+ * This enables automated fixes for common projen-related issues on fork PRs.
+ */
+export declare class SelfMutationOnForks {
+    constructor(project: Project, options?: SelfMutationOnForksOptions);
+}

package/lib/components/SelfMutationOnForks.js

@@ -0,0 +1,101 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SelfMutationOnForks = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const projen_1 = require("projen");
+/**
+ * Configures GitHub workflows to enable self-mutation on fork pull requests.
+ *
+ * This class sets up a workflow that will automatically apply projen-generated changes
+ * when a build fails due to outdated generated files. The workflow:
+ *
+ * 1. Runs when the build workflow fails on a PR
+ * 2. Downloads any patch file generated during the failed build
+ * 3. Authenticates using GitHub App credentials
+ * 4. Checks out the PR branch
+ * 5. Applies the patch if it exists and can be applied cleanly
+ * 6. Commits and pushes the changes back to the PR
+ *
+ * This enables automated fixes for common projen-related issues on fork PRs.
+ */
+class SelfMutationOnForks {
+    constructor(project, options = {}) {
+        const cicd = projen_1.github.GitHub.of(project);
+        if (!cicd)
+            return;
+        const buildWorkflow = cicd.tryFindWorkflow('build');
+        if (!buildWorkflow)
+            return;
+        // Update condition to run on all pull requests
+        buildWorkflow.file?.patch(projen_1.JsonPatch.remove('/jobs/self-mutation'));
+        // Add a new self mutation workflow that runs on completion of build
+        // and if the build failed and there is a patch, updates the PR
+        const selfMutation = cicd?.addWorkflow('self-mutation');
+        selfMutation?.on({
+            workflowRun: {
+                workflows: [buildWorkflow.name],
+                types: ['completed'],
+            },
+        });
+        selfMutation?.addJob('self-mutation', {
+            runsOn: ['ubuntu-latest'],
+            if: "github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event == 'pull_request'",
+            permissions: {
+                contents: projen_1.github.workflows.JobPermission.READ,
+            },
+            environment: options.environment,
+            steps: [
+                {
+                    name: 'Download patch',
+                    id: 'download_patch',
+                    continueOnError: true,
+                    uses: 'dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5',
+                    with: {
+                        run_id: '${{ github.event.workflow_run.id }}',
+                        name: 'repo.patch',
+                        path: '${{ runner.temp }}',
+                    },
+                },
+                ...conditionalSteps('steps.download_patch.outcome == \'success\'', cicd.projenCredentials.setupSteps, projen_1.github.WorkflowSteps.checkout({
+                    name: 'Checkout PR',
+                    with: {
+                        repository: '${{ github.event.workflow_run.head_repository.full_name }}',
+                        ref: '${{ github.event.workflow_run.head_branch }}',
+                        token: cicd.projenCredentials.tokenRef,
+                    },
+                }), {
+                    name: 'Apply patch to PR',
+                    run: [
+                        'set -e',
+                        'if [ ! -f "${{ runner.temp }}/repo.patch" ]; then',
+                        '  echo "Patch file not found"',
+                        '  exit 1',
+                        'fi',
+                        'git config user.name "github-actions[bot]"',
+                        'git config user.email "github-actions[bot]@users.noreply.github.com"',
+                        'if ! git apply --check ${{ runner.temp }}/repo.patch; then',
+                        '  echo "Patch cannot be applied cleanly"',
+                        '  exit 1',
+                        'fi',
+                        'git apply ${{ runner.temp }}/repo.patch',
+                        'if [ -z "$(git status --porcelain)" ]; then',
+                        '  echo "No changes to commit"',
+                        '  exit 0',
+                        'fi',
+                        'git add .',
+                        'git commit -s -m "chore: self mutation"',
+                        'git push',
+                    ].join('\n'),
+                }),
+            ],
+        });
+    }
+}
+exports.SelfMutationOnForks = SelfMutationOnForks;
+_a = JSII_RTTI_SYMBOL_1;
+SelfMutationOnForks[_a] = { fqn: "mrpj.components.SelfMutationOnForks", version: "0.2.7" };
+function conditionalSteps(cond, ...steps) {
+    return steps.flatMap(s => s).map(s => ({ ...s, if: s.if ?? cond }));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2VsZk11dGF0aW9uT25Gb3Jrcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jb21wb25lbnRzL1NlbGZNdXRhdGlvbk9uRm9ya3MudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSxtQ0FBMkM7QUFhM0M7Ozs7Ozs7Ozs7Ozs7O0dBY0c7QUFDSCxNQUFhLG1CQUFtQjtJQUM5QixZQUFZLE9BQWdCLEVBQUUsVUFBc0MsRUFBRTtRQUNwRSxNQUFNLElBQUksR0FBRyxlQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsSUFBSTtZQUFFLE9BQU87UUFFbEIsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNwRCxJQUFJLENBQUMsYUFBYTtZQUFFLE9BQU87UUFFM0IsK0NBQStDO1FBQy9DLGFBQWEsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUN2QixrQkFBUyxDQUFDLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxDQUN4QyxDQUFDO1FBRUYsb0VBQW9FO1FBQ3BFLCtEQUErRDtRQUMvRCxNQUFNLFlBQVksR0FBRyxJQUFJLEVBQUUsV0FBVyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3hELFlBQVksRUFBRSxFQUFFLENBQUM7WUFDZixXQUFXLEVBQUU7Z0JBQ1gsU0FBUyxFQUFFLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQztnQkFDL0IsS0FBSyxFQUFFLENBQUMsV0FBVyxDQUFDO2FBQ3JCO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsWUFBWSxFQUFFLE1BQU0sQ0FBQyxlQUFlLEVBQUU7WUFDcEMsTUFBTSxFQUFFLENBQUMsZUFBZSxDQUFDO1lBQ3pCLEVBQUUsRUFBRSx3R0FBd0c7WUFDNUcsV0FBVyxFQUFFO2dCQUNYLFFBQVEsRUFBRSxlQUFNLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxJQUFJO2FBQzlDO1lBQ0QsV0FBVyxFQUFFLE9BQU8sQ0FBQyxXQUFXO1lBQ2hDLEtBQUssRUFBRTtnQkFDTDtvQkFDRSxJQUFJLEVBQUUsZ0JBQWdCO29CQUN0QixFQUFFLEVBQUUsZ0JBQWdCO29CQUNwQixlQUFlLEVBQUUsSUFBSTtvQkFDckIsSUFBSSxFQUFFLDJFQUEyRTtvQkFDakYsSUFBSSxFQUFFO3dCQUNKLE1BQU0sRUFBRSxxQ0FBcUM7d0JBQzdDLElBQUksRUFBRSxZQUFZO3dCQUNsQixJQUFJLEVBQUUsb0JBQW9CO3FCQUMzQjtpQkFDRjtnQkFDRCxHQUFHLGdCQUFnQixDQUNqQiw2Q0FBNkMsRUFDN0MsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFVBQVUsRUFDakMsZUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUM7b0JBQzVCLElBQUksRUFBRSxhQUFhO29CQUNuQixJQUFJLEVBQUU7d0JBQ0osVUFBVSxFQUFFLDREQUE0RDt3QkFDeEUsR0FBRyxFQUFFLDhDQUE4Qzt3QkFDbkQsS0FBSyxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRO3FCQUN2QztpQkFDRixDQUFDLEVBQ0Y7b0JBQ0UsSUFBSSxFQUFFLG1CQUFtQjtvQkFDekIsR0FBRyxFQUFFO3dCQUNILFFBQVE7d0JBQ1IsbURBQW1EO3dCQUNuRCwrQkFBK0I7d0JBQy9CLFVBQVU7d0JBQ1YsSUFBSTt3QkFDSiw0Q0FBNEM7d0JBQzVDLHNFQUFzRTt3QkFDdEUsNERBQTREO3dCQUM1RCwwQ0FBMEM7d0JBQzFDLFVBQVU7d0JBQ1YsSUFBSTt3QkFDSix5Q0FBeUM7d0JBQ3pDLDZDQUE2Qzt3QkFDN0MsK0JBQStCO3dCQUMvQixVQUFVO3dCQUNWLElBQUk7d0JBQ0osV0FBVzt3QkFDWCx5Q0FBeUM7d0JBQ3pDLFVBQVU7cUJBQ1gsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO2lCQUNiLENBQ0Y7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7O0FBaEZILGtEQWlGQzs7O0FBRUQsU0FBUyxnQkFBZ0IsQ0FBQyxJQUFZLEVBQUUsR0FBRyxLQUFtRTtJQUM1RyxPQUFPLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ3RFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgdHlwZSB7IFByb2plY3QgfSBmcm9tICdwcm9qZW4nO1xuaW1wb3J0IHsgSnNvblBhdGNoLCBnaXRodWIgfSBmcm9tICdwcm9qZW4nO1xuXG4vKipcbiAqIE9wdGlvbnMgZm9yIGNvbmZpZ3VyaW5nIHNlbGYtbXV0YXRpb24gYmVoYXZpb3Igb24gZm9ya3NcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBTZWxmTXV0YXRpb25PbkZvcmtzT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBFbnZpcm9ubWVudCBuYW1lIHRvIHVzZSBmb3IgdGhlIHdvcmtmbG93XG4gICAqIEBkZWZhdWx0IC0gbm8gZW52aXJvbm1lbnQgc3BlY2lmaWVkXG4gICAqL1xuICByZWFkb25seSBlbnZpcm9ubWVudD86IHN0cmluZztcbn1cblxuLyoqXG4gKiBDb25maWd1cmVzIEdpdEh1YiB3b3JrZmxvd3MgdG8gZW5hYmxlIHNlbGYtbXV0YXRpb24gb24gZm9yayBwdWxsIHJlcXVlc3RzLlxuICpcbiAqIFRoaXMgY2xhc3Mgc2V0cyB1cCBhIHdvcmtmbG93IHRoYXQgd2lsbCBhdXRvbWF0aWNhbGx5IGFwcGx5IHByb2plbi1nZW5lcmF0ZWQgY2hhbmdlc1xuICogd2hlbiBhIGJ1aWxkIGZhaWxzIGR1ZSB0byBvdXRkYXRlZCBnZW5lcmF0ZWQgZmlsZXMuIFRoZSB3b3JrZmxvdzpcbiAqXG4gKiAxLiBSdW5zIHdoZW4gdGhlIGJ1aWxkIHdvcmtmbG93IGZhaWxzIG9uIGEgUFJcbiAqIDIuIERvd25sb2FkcyBhbnkgcGF0Y2ggZmlsZSBnZW5lcmF0ZWQgZHVyaW5nIHRoZSBmYWlsZWQgYnVpbGRcbiAqIDMuIEF1dGhlbnRpY2F0ZXMgdXNpbmcgR2l0SHViIEFwcCBjcmVkZW50aWFsc1xuICogNC4gQ2hlY2tzIG91dCB0aGUgUFIgYnJhbmNoXG4gKiA1LiBBcHBsaWVzIHRoZSBwYXRjaCBpZiBpdCBleGlzdHMgYW5kIGNhbiBiZSBhcHBsaWVkIGNsZWFubHlcbiAqIDYuIENvbW1pdHMgYW5kIHB1c2hlcyB0aGUgY2hhbmdlcyBiYWNrIHRvIHRoZSBQUlxuICpcbiAqIFRoaXMgZW5hYmxlcyBhdXRvbWF0ZWQgZml4ZXMgZm9yIGNvbW1vbiBwcm9qZW4tcmVsYXRlZCBpc3N1ZXMgb24gZm9yayBQUnMuXG4gKi9cbmV4cG9ydCBjbGFzcyBTZWxmTXV0YXRpb25PbkZvcmtzIHtcbiAgY29uc3RydWN0b3IocHJvamVjdDogUHJvamVjdCwgb3B0aW9uczogU2VsZk11dGF0aW9uT25Gb3Jrc09wdGlvbnMgPSB7fSkge1xuICAgIGNvbnN0IGNpY2QgPSBnaXRodWIuR2l0SHViLm9mKHByb2plY3QpO1xuICAgIGlmICghY2ljZCkgcmV0dXJuO1xuXG4gICAgY29uc3QgYnVpbGRXb3JrZmxvdyA9IGNpY2QudHJ5RmluZFdvcmtmbG93KCdidWlsZCcpO1xuICAgIGlmICghYnVpbGRXb3JrZmxvdykgcmV0dXJuO1xuXG4gICAgLy8gVXBkYXRlIGNvbmRpdGlvbiB0byBydW4gb24gYWxsIHB1bGwgcmVxdWVzdHNcbiAgICBidWlsZFdvcmtmbG93LmZpbGU/LnBhdGNoKFxuICAgICAgSnNvblBhdGNoLnJlbW92ZSgnL2pvYnMvc2VsZi1tdXRhdGlvbicpLFxuICAgICk7XG5cbiAgICAvLyBBZGQgYSBuZXcgc2VsZiBtdXRhdGlvbiB3b3JrZmxvdyB0aGF0IHJ1bnMgb24gY29tcGxldGlvbiBvZiBidWlsZFxuICAgIC8vIGFuZCBpZiB0aGUgYnVpbGQgZmFpbGVkIGFuZCB0aGVyZSBpcyBhIHBhdGNoLCB1cGRhdGVzIHRoZSBQUlxuICAgIGNvbnN0IHNlbGZNdXRhdGlvbiA9IGNpY2Q/LmFkZFdvcmtmbG93KCdzZWxmLW11dGF0aW9uJyk7XG4gICAgc2VsZk11dGF0aW9uPy5vbih7XG4gICAgICB3b3JrZmxvd1J1bjoge1xuICAgICAgICB3b3JrZmxvd3M6IFtidWlsZFdvcmtmbG93Lm5hbWVdLFxuICAgICAgICB0eXBlczogWydjb21wbGV0ZWQnXSxcbiAgICAgIH0sXG4gICAgfSk7XG5cbiAgICBzZWxmTXV0YXRpb24/LmFkZEpvYignc2VsZi1tdXRhdGlvbicsIHtcbiAgICAgIHJ1bnNPbjogWyd1YnVudHUtbGF0ZXN0J10sXG4gICAgICBpZjogXCJnaXRodWIuZXZlbnQud29ya2Zsb3dfcnVuLmNvbmNsdXNpb24gPT0gJ2ZhaWx1cmUnICYmIGdpdGh1Yi5ldmVudC53b3JrZmxvd19ydW4uZXZlbnQgPT0gJ3B1bGxfcmVxdWVzdCdcIixcbiAgICAgIHBlcm1pc3Npb25zOiB7XG4gICAgICAgIGNvbnRlbnRzOiBnaXRodWIud29ya2Zsb3dzLkpvYlBlcm1pc3Npb24uUkVBRCxcbiAgICAgIH0sXG4gICAgICBlbnZpcm9ubWVudDogb3B0aW9ucy5lbnZpcm9ubWVudCxcbiAgICAgIHN0ZXBzOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBuYW1lOiAnRG93bmxvYWQgcGF0Y2gnLFxuICAgICAgICAgIGlkOiAnZG93bmxvYWRfcGF0Y2gnLFxuICAgICAgICAgIGNvbnRpbnVlT25FcnJvcjogdHJ1ZSxcbiAgICAgICAgICB1c2VzOiAnZGF3aWRkNi9hY3Rpb24tZG93bmxvYWQtYXJ0aWZhY3RAYWM2NmI0M2YwZTZhMzQ2MjM0ZGQ2NWQ0ZDBjOGZiYjMxY2IzMTZlNScsXG4gICAgICAgICAgd2l0aDoge1xuICAgICAgICAgICAgcnVuX2lkOiAnJHt7IGdpdGh1Yi5ldmVudC53b3JrZmxvd19ydW4uaWQgfX0nLFxuICAgICAgICAgICAgbmFtZTogJ3JlcG8ucGF0Y2gnLFxuICAgICAgICAgICAgcGF0aDogJyR7eyBydW5uZXIudGVtcCB9fScsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgICAgLi4uY29uZGl0aW9uYWxTdGVwcyhcbiAgICAgICAgICAnc3RlcHMuZG93bmxvYWRfcGF0Y2gub3V0Y29tZSA9PSBcXCdzdWNjZXNzXFwnJyxcbiAgICAgICAgICBjaWNkLnByb2plbkNyZWRlbnRpYWxzLnNldHVwU3RlcHMsXG4gICAgICAgICAgZ2l0aHViLldvcmtmbG93U3RlcHMuY2hlY2tvdXQoe1xuICAgICAgICAgICAgbmFtZTogJ0NoZWNrb3V0IFBSJyxcbiAgICAgICAgICAgIHdpdGg6IHtcbiAgICAgICAgICAgICAgcmVwb3NpdG9yeTogJyR7eyBnaXRodWIuZXZlbnQud29ya2Zsb3dfcnVuLmhlYWRfcmVwb3NpdG9yeS5mdWxsX25hbWUgfX0nLFxuICAgICAgICAgICAgICByZWY6ICcke3sgZ2l0aHViLmV2ZW50LndvcmtmbG93X3J1bi5oZWFkX2JyYW5jaCB9fScsXG4gICAgICAgICAgICAgIHRva2VuOiBjaWNkLnByb2plbkNyZWRlbnRpYWxzLnRva2VuUmVmLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9KSxcbiAgICAgICAgICB7XG4gICAgICAgICAgICBuYW1lOiAnQXBwbHkgcGF0Y2ggdG8gUFInLFxuICAgICAgICAgICAgcnVuOiBbXG4gICAgICAgICAgICAgICdzZXQgLWUnLFxuICAgICAgICAgICAgICAnaWYgWyAhIC1mIFwiJHt7IHJ1bm5lci50ZW1wIH19L3JlcG8ucGF0Y2hcIiBdOyB0aGVuJyxcbiAgICAgICAgICAgICAgJyAgZWNobyBcIlBhdGNoIGZpbGUgbm90IGZvdW5kXCInLFxuICAgICAgICAgICAgICAnICBleGl0IDEnLFxuICAgICAgICAgICAgICAnZmknLFxuICAgICAgICAgICAgICAnZ2l0IGNvbmZpZyB1c2VyLm5hbWUgXCJnaXRodWItYWN0aW9uc1tib3RdXCInLFxuICAgICAgICAgICAgICAnZ2l0IGNvbmZpZyB1c2VyLmVtYWlsIFwiZ2l0aHViLWFjdGlvbnNbYm90XUB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb21cIicsXG4gICAgICAgICAgICAgICdpZiAhIGdpdCBhcHBseSAtLWNoZWNrICR7eyBydW5uZXIudGVtcCB9fS9yZXBvLnBhdGNoOyB0aGVuJyxcbiAgICAgICAgICAgICAgJyAgZWNobyBcIlBhdGNoIGNhbm5vdCBiZSBhcHBsaWVkIGNsZWFubHlcIicsXG4gICAgICAgICAgICAgICcgIGV4aXQgMScsXG4gICAgICAgICAgICAgICdmaScsXG4gICAgICAgICAgICAgICdnaXQgYXBwbHkgJHt7IHJ1bm5lci50ZW1wIH19L3JlcG8ucGF0Y2gnLFxuICAgICAgICAgICAgICAnaWYgWyAteiBcIiQoZ2l0IHN0YXR1cyAtLXBvcmNlbGFpbilcIiBdOyB0aGVuJyxcbiAgICAgICAgICAgICAgJyAgZWNobyBcIk5vIGNoYW5nZXMgdG8gY29tbWl0XCInLFxuICAgICAgICAgICAgICAnICBleGl0IDAnLFxuICAgICAgICAgICAgICAnZmknLFxuICAgICAgICAgICAgICAnZ2l0IGFkZCAuJyxcbiAgICAgICAgICAgICAgJ2dpdCBjb21taXQgLXMgLW0gXCJjaG9yZTogc2VsZiBtdXRhdGlvblwiJyxcbiAgICAgICAgICAgICAgJ2dpdCBwdXNoJyxcbiAgICAgICAgICAgIF0uam9pbignXFxuJyksXG4gICAgICAgICAgfSxcbiAgICAgICAgKSxcbiAgICAgIF0sXG4gICAgfSk7XG4gIH1cbn1cblxuZnVuY3Rpb24gY29uZGl0aW9uYWxTdGVwcyhjb25kOiBzdHJpbmcsIC4uLnN0ZXBzOiBBcnJheTxnaXRodWIud29ya2Zsb3dzLkpvYlN0ZXAgfCBnaXRodWIud29ya2Zsb3dzLkpvYlN0ZXBbXT4pOiBnaXRodWIud29ya2Zsb3dzLkpvYlN0ZXBbXSB7XG4gIHJldHVybiBzdGVwcy5mbGF0TWFwKHMgPT4gcykubWFwKHMgPT4gKHsgLi4ucywgaWY6IHMuaWYgPz8gY29uZCB9KSk7XG59XG4iXX0=

package/lib/components/index.d.ts

@@ -0,0 +1 @@
+export * from './SelfMutationOnForks';

package/lib/components/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./SelfMutationOnForks"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY29tcG9uZW50cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsd0RBQXNDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSAnLi9TZWxmTXV0YXRpb25PbkZvcmtzJztcbiJdfQ==

package/lib/construct-project-options.d.ts

@@ -511,6 +511,21 @@ export interface ConstructProjectOptions {
      * @stability stable
      */
     readonly autoApproveUpgrades?: boolean;
+    /**
+     * Security audit options.
+     * @default - default options
+     * @stability stable
+     */
+    readonly auditDepsOptions?: javascript.AuditOptions;
+    /**
+     * Run security audit on dependencies.
+     * When enabled, creates an "audit" task that checks for known security vulnerabilities
+     * in dependencies. By default, runs during every build and checks for "high" severity
+     * vulnerabilities or above in all dependencies (including dev dependencies).
+     * @default false
+     * @stability stable
+     */
+    readonly auditDeps?: boolean;
     /**
      * A directory which will contain build artifacts.
      * @default "dist"