v0.8.1

0.8.1 (2022-07-27)

This version updates the json schema for config files to allow GHSA IDs.

Note that while audit-app is not officially deprecated, we now strongly
recommend using osv-detector instead - it does the exact same thing,
only better! (and faster too)

• update schema to allow GHSA IDs (#22)

v0.8.0...v0.8.1

v0.8.0

0.8.0 (2022-03-14)

This version changes audit findings to use the GHSA as the ID where possible,
which means existing ignores will be incorrect now - luckily this release also
adds a --update-config-ignores flag which can be used to automatically update
the ignore field in the config with all the vulnerabilities found by the
auditor!

The reason for this change is that the IDs have not been stable since the NPM
advisory was merged into the GitHub advisory database, so CIs often fail due to
ignores being "missing" and "new" vulnerabilities appearing.

This should resolve that, since the GHSA should be stable and present for all
findings with all package managers.

• use GHSA as ID to improve stability (#19)
• support updating ignore list in config file with --update-config-ignores flag (#20)

v0.7.0...v0.8.0

v0.7.0

This release greatly improves NPM 7 support, including restoring dependency
paths used for ignoring vulnerabilities to their full selves as they are with
yarn and NPM 6.

This also means workspaces (which are new in NPM 7) and file: dependencies are
supported properly - there are a few quirks, but these exist in NPM as well and
are a nature of using local file dependencies so cannot be easily avoided.

All vulnerabilities should be reported, but nested file: dependencies may be
listed both as nested & again as top-level dependencies.

• chore: update CHANGELOG.md for next release 06b9623
• chore: update dependencies (#16) bea9cca
• feat: improve npm v7 support by walking the dependency tree (#15) b7694d8

v0.6.0...v0.7.0

v0.6.0

• feat: include vulnerable versions in findings when available (#14) ae4df78
• feat: sort vulnerability paths when outputting paths (#13) 21ffe00

v0.5.3...v0.6.0

v0.5.3

• refactor: use for await to read data from streams (#12) 0e3dfab
• fix: improve grammar of "missing ignored vulnerabilities" error message (#11) 41fcdc7
• fix: support dependencies with multiple vulnerabilities when using npm 7 (#10) 8de7f88
• chore: update dev packages (#9) be94f4d

v0.5.2...v0.5.3

v0.5.2

• chore: update CHANGELOG.md for next release 2b06e1f
• fix: use wrap-ansi for wrapping text when formatting tables (#6) 191652d

v0.5.1...v0.5.2

v0.5.1

• chore: update CHANGELOG.md for next release 9d5e704
• fix: update pattern for ignore paths in config schema (#5) 70ced7f

v0.5.0...v0.5.1

v0.5.0

This release dramatically changes the audit report created by audit-app in
order to support NPM 7.

In addition to changing the JSON structure outputted by --output json, the
format of ignore paths has also changed meaning any existing ignores will need
to be updated.

• chore: update CHANGELOG.md for next release bf2085c
• feat: initial support for npm@7 (#3) 2e10def
• chore: update dependencies (#4) 6e5c869

v0.4.3...v0.5.0

v0.4.3

• chore: update CHANGELOG.md for next release 844a03f
• ci: validate json schema with ajv-cli 3a63c29
• fix: update schema to be valid in strict mode d5c5fd0
• ci: add CodeQL scanning 1b3b6d8
• chore: update dependencies a9eac09

v0.4.2...v0.4.3

v0.4.2

• chore: update CHANGELOG.md for next release a138ea9
• chore: update dependencies 62eef25
• ci: actually test against node versions 65e2940
• chore: adjust TS target to better represent min. node version 144612c
• fix: replace use of flatMap to support lower versions of node 8608381

v0.4.1...v0.4.2