ts-node-client 3.4.7 → 3.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/.github/workflows/scan.yml +7 -2
  2. package/CHANGELOG.md +12 -0
  3. package/SECURITY.md +27 -3
  4. package/package.json +4 -4
package/.github/workflows/scan.yml CHANGED
@@ -3,7 +3,7 @@ name: Scan and upload to trustsource.io
3
3
  on:
4
4
  push:
5
5
  tags:
6
- - '*.*.*'
6
+ - 'main'
7
7
 
8
8
  jobs:
9
9
  scan:
@@ -22,8 +22,13 @@ jobs:
22
22
  with:
23
23
  node-version: ${{ matrix.node-version }}
24
24
  registry-url: 'https://registry.npmjs.org'
25
+ - name: Get current version
26
+ id: get_version
27
+ run: |
28
+ echo VERSION=$(jq -r '.version' package.json) >> $GITHUB_OUTPUT
25
29
  - name: Install dependencies
26
30
  run: yarn
27
31
  - name: Scan dependencies
28
- run: yarn node ./bin/ts-node-client.js --branch main --tag $GITHUB_REF_NAME --project Scanner --url https://api.trustsource.io/ --apiKey ${{ secrets.TS_TOKEN }}
32
+ if: steps.get_version.outputs.VERSION
33
+ run: yarn node ./bin/ts-node-client.js --branch main --tag ${{ steps.get_version.outputs.VERSION }} --project Scanner --url https://api.trustsource.io/ --apiKey ${{ secrets.TS_TOKEN }}
29
34
 
package/CHANGELOG.md CHANGED
@@ -8,6 +8,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
8
8
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
9
9
 
10
10
 
11
+ ## 3.4.9 - 2026-02-11
12
+
13
+ ### Changed
14
+ * bump dependencies
15
+
16
+
17
+ ## 3.4.8 - 2026-01-28
18
+
19
+ ### Changed
20
+ * bump dependencies and SECURITY
21
+
22
+
11
23
  ## 3.4.7 - 2025-11-17
12
24
 
13
25
  ### Changed
package/SECURITY.md CHANGED
@@ -4,9 +4,33 @@
4
4
 
5
5
  | Version | Supported |
6
6
  |---------| ------------------ |
7
- | 3.3.x | :white_check_mark: |
7
+ | 3.4.x | :white_check_mark: |
8
8
  | < 3.0 | :x: |
9
9
 
10
- ## Reporting a Vulnerability
10
+ ## Contact information
11
+ Contact: mailto:support@trustsource.io
12
+ Contact: https://www.trustsource.io/contact-security
11
13
 
12
- No known vulnerabilities are available
14
+ ## Expiry
15
+ Expires: 2027-01-10T20:00:00.000Z
16
+
17
+ ## Our OpenPGP key
18
+ Encryption: https://www.trustsource.io/security-policy
19
+
20
+ ## Location where we attest our supporter's success
21
+ Acknowledgments: https://www.trustsource.io/hall-of-fame
22
+
23
+ ## Languages
24
+ Preferred-Languages: en, de
25
+
26
+ ## Self reference
27
+ Canonical: https://raw.githubusercontent.com/TrustSource/ts-node-client/refs/heads/main/SECURITY.txt
28
+
29
+ ## Our security policy
30
+ Policy: https://www.trustsource.io/security-policy
31
+
32
+ ## Our Security Job Openings
33
+ Hiring: https://www.trustsource.io/security-jobs
34
+
35
+ ## CSAF links
36
+ CSAF: https://trustsource.csaf.trustsource.io/.well-known/csaf/provider-metadata.json
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "ts-node-client",
3
3
  "description": "npm / node module to transfer dependency information to TrustSource server.",
4
- "version": "3.4.7",
4
+ "version": "3.4.9",
5
5
  "homepage": "https://app.trustsource.io/",
6
6
  "author": {
7
7
  "name": "Oleksandr Dmukhovskyi",
@@ -28,15 +28,15 @@
28
28
  },
29
29
  "dependencies": {
30
30
  "@yarnpkg/lockfile": "1.1.0",
31
- "axios": "1.12.0",
31
+ "axios": "1.13.5",
32
32
  "debuglog": "1.0.1",
33
33
  "js-yaml": "4.1.1",
34
34
  "packageurl-js": "1.2.1",
35
- "semver": "7.7.2",
35
+ "semver": "7.7.4",
36
36
  "yargs": "17.7.2"
37
37
  },
38
38
  "devDependencies": {
39
- "eslint": "8.57.0",
39
+ "eslint": "8.57.1",
40
40
  "eslint-config-airbnb-base": "15.0.0",
41
41
  "eslint-plugin-import": "2.32.0",
42
42
  "eslint-plugin-sonarjs": "0.25.1",