fb558e800c
Split scanning workflows ( #334 )
...
* Split scanning workflows
* Remove extra comments
* Run on PRS
2021-10-20 11:38:57 -07:00
dde253fd6c
Gfs/fix sarif ( #333 )
2021-10-18 19:08:43 -07:00
97cab3b1c3
Drop System.Text.Json to 5.0.0 to match Visual Studio ( #331 )
...
Else extension doesn't work
2021-10-14 16:20:59 -07:00
b4abd31d28
Add Fix Its to JSON output ( #325 )
...
* Clean up rules
* Update JSON Writer to support Fix Its
* Fix double writing scopes in pack command by switching to .net serialization.
* Update rulepacker
* Convert to System.Text.Json
Removes custom deserialization handlers in rule verification so this is a semver bump to 0.5.
* Misc Fixes for System.Text.Json differences
* Bump rulepacker
* Update PackCommand.cs
* Remove rulepacker
* New RulePacker
* Try to print verifier messages. Debugging pipeline issue.
* Nullable annotation fix
* Fix Verifier
* Change Severity enum to not be flags, processor now takes a list of Severities to match against.
* Revert "Change Severity enum to not be flags, processor now takes a list of Severities to match against."
This reverts commit 44e9967f37
2021-10-13 11:55:03 -07:00
1299d8f72c
Gfs/add more search in conditions ( #329 )
...
* Adds more finding conditions
* Remove empty comment fields from rules
* Update deserialization.json
* Last changes
2021-10-13 11:54:10 -07:00
ef525e8719
Revert "Upgrade all packages via `npx npm-check-updates -u` && `npm i` ( #320 )" ( #328 )
...
This reverts commit 76b87b5931
2021-10-13 10:39:51 -07:00
76b87b5931
Upgrade all packages via `npx npm-check-updates -u` && `npm i` ( #320 )
...
* Upgrade all packages via `npx npm-check-updates -u` && `npm i`
* Fix build problems with new versions.
* Fix extension
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
2021-09-28 14:35:15 -07:00
e6184fc369
Update dependencies ( #322 )
...
* Update dependencies
* Update Microsoft.DevSkim.Blazor.csproj
2021-09-22 13:33:51 -07:00
2714b2cae7
Add DevSkim Severity to the property bag ( #319 )
...
* Add DevSkim Severity to the property bag
* Update README.md
2021-09-13 12:22:24 -07:00
69c657b129
Bump tar from 4.4.15 to 4.4.19 in /DevSkim-VSCode-Plugin ( #316 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.15 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.15...v4.4.19 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 12:21:54 -07:00
4daf5f442a
Map the devskim levels to sarif levels ( #317 )
...
* Map the devskim levels to sarif levels
* Make static
* Try fix blazor publish.
2021-09-03 12:21:46 -07:00
423c423edf
Output the column and line information for findings. ( #315 )
2021-09-02 11:49:27 -07:00
a9c65ecf80
Gfs/fix blazor ( #314 )
...
* Update Index.razor
* Update Index.razor
2021-08-11 15:48:28 -07:00
9b6c40f005
Update Index.razor ( #313 )
2021-08-11 15:44:09 -07:00
38eb8b430c
Bump path-parse from 1.0.6 to 1.0.7 in /DevSkim-VSCode-Plugin ( #312 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-11 15:28:59 -07:00
82277de8cb
Bump path-parse from 1.0.6 to 1.0.7 in /DevSkim-VSCode-Plugin/client ( #311 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-11 15:28:52 -07:00
1a15e7a55f
Bump tar from 4.4.13 to 4.4.15 in /DevSkim-VSCode-Plugin ( #310 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.13 to 4.4.15.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.15 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 12:20:17 -07:00
4799220fb8
Fix #307 ( #308 )
2021-07-28 13:42:43 -07:00
8bd0a9a730
Note that untrusted workspaces are not supported. ( #302 )
...
Fix #277
2021-07-27 14:32:49 -07:00
01fa22070a
Update Ruleset.cs ( #306 )
2021-07-26 13:50:21 -07:00
7e200c4fee
Update languages.json ( #301 )
...
Add file extension .yml
2021-07-22 14:57:08 -07:00
b66302a235
Bump css-what from 5.0.0 to 5.0.1 in /DevSkim-VSCode-Plugin ( #291 )
...
Bumps [css-what](https://github.com/fb55/css-what ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/fb55/css-what/releases )
- [Commits](https://github.com/fb55/css-what/compare/v5.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: css-what
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-14 13:04:42 -07:00
a920ff6dda
Add glob exclude option. ( #298 )
...
* Add glob exclude option.
* Fix 297
* Fix #295
* filter earlier.
2021-06-14 11:35:48 -07:00
5768bffe7f
Adds does not apply to support to vs code extension. ( #290 )
...
* Adds does not apply to support to vs code extension.
* Cleanup CodeQL Recommendations
* Clean up warnings
* CodeQL Recommendations
* Bump dependencies
* Update OAT
* Fix rule filtering
* Fix deserialization
* Update Microsoft.DevSkim.Blazor.csproj
2021-06-08 09:37:47 -07:00
2bbe2a0628
Fix blazor build
...
Recent .NET changes caused this behavior to change. Replacing the build command with the new correct one.
2021-06-04 13:15:12 -07:00
c29af2efbd
Add DoesNotApplyTo feature for rules ( #288 )
2021-06-04 12:18:04 -07:00
389e3566e0
Bump ws from 7.2.3 to 7.4.6 in /DevSkim-VSCode-Plugin/client ( #287 )
...
Bumps [ws](https://github.com/websockets/ws ) from 7.2.3 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.4.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-29 18:21:03 -07:00
8f709bd4f6
Downgrade Newtownsoft.Json ( #286 )
...
13.0.1 doesn't appear to package correctly.
2021-05-19 08:47:03 -07:00
cae3f5b8d1
Gfs/#283 ( #284 )
...
* Fix #283
* Bump dependencies
* npm audit fix
2021-05-18 14:12:24 -07:00
348981c247
Bump lodash from 4.17.20 to 4.17.21 in /DevSkim-VSCode-Plugin/server ( #280 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 07:19:45 -07:00
cb4215e3b0
Bump lodash from 4.17.19 to 4.17.21 in /DevSkim-VSCode-Plugin/client ( #281 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 07:19:38 -07:00
39de3a522b
Bump hosted-git-info from 2.8.5 to 2.8.9 in /DevSkim-VSCode-Plugin ( #282 )
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 07:19:31 -07:00
b70f04e45f
Bump lodash from 4.17.19 to 4.17.21 in /DevSkim-VSCode-Plugin ( #279 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 07:19:24 -07:00
d0c252f5af
Update publish-wasm-to-gh-pages.yml
2021-05-03 13:06:06 -07:00
d67e95fcb7
Update publish-wasm-to-gh-pages.yml
2021-05-03 13:00:13 -07:00
903f1079c6
Bump ssri from 6.0.1 to 6.0.2 in /DevSkim-VSCode-Plugin ( #276 )
...
Bumps [ssri](https://github.com/npm/ssri ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases )
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md )
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 12:56:54 -07:00
7c16b1736d
Bump ssri from 6.0.1 to 6.0.2 in /DevSkim-VSCode-Plugin/server ( #275 )
...
Bumps [ssri](https://github.com/npm/ssri ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases )
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md )
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-03 12:56:45 -07:00
0f803f43b8
Bump y18n from 4.0.0 to 4.0.1 in /DevSkim-VSCode-Plugin/server ( #273 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-01 11:48:18 -07:00
0808eaaabf
Bump y18n from 4.0.0 to 4.0.1 in /DevSkim-VSCode-Plugin/client ( #274 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-01 11:48:05 -07:00
0f3ccd48eb
Bump y18n from 3.2.1 to 3.2.2 in /DevSkim-VSCode-Plugin ( #272 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-01 11:47:54 -07:00
17272b4af9
Fix #270 ( #271 )
2021-03-23 14:26:08 -07:00
5fec1072d0
Bump elliptic from 6.5.3 to 6.5.4 in /DevSkim-VSCode-Plugin/server ( #268 )
...
Bumps [elliptic](https://github.com/indutny/elliptic ) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases )
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-23 13:28:09 -07:00
ce694decd0
Bump elliptic from 6.5.3 to 6.5.4 in /DevSkim-VSCode-Plugin ( #269 )
...
Bumps [elliptic](https://github.com/indutny/elliptic ) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases )
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-23 13:28:01 -07:00
8f3ad14aba
Fix HTTPS Rule ( #267 )
2021-02-12 13:31:09 -08:00
7ce8bbf0f3
Fix x#264 ( #266 )
2021-02-12 12:15:27 -08:00
d721125ebe
CodeQL Recommended changes. ( #263 )
2021-02-12 11:20:41 -08:00
92563c3b67
Fix #258 ( #262 )
...
* Fix #258
Check if directory exists before trying to read it.
* Update SkimShim.cs
2021-02-03 08:06:35 -08:00
08157b6727
Fix #260 ( #261 )
...
Fixes relative path printing and incorrect line output in sarif.
2021-02-03 07:34:34 -08:00
81c83c4e28
Add nuget.org link to NuGet package shield ( #259 )
2021-02-03 06:48:59 -08:00
1efa72658c
Bump Dependencies ( #257 )
2021-02-01 12:28:52 -08:00
Gabe Stocco
dependabot[bot]
Juscélio Reis
Paulo Morgado