Merge branch 'main' into jcs

jeremylong · Jan 12, 2023 · 2ba4da6 · 2ba4da6
2 parents fa576d8 + c016647
commit 2ba4da6
Show file tree

Hide file tree

Showing 125 changed files with 13,223 additions and 1,008 deletions.
diff --git a/.github/contributing.md b/.github/contributing.md
@@ -4,29 +4,30 @@
 
 - Ensure you're running the latest version of dependency-check.
 - Ensure the bug has not [already been reported](https://github.com/jeremylong/DependencyCheck/issues).
-- If you're unable to find an open issue addressing the problem, please [submit a new issue](https://github.com/jeremylong/DependencyCheck/issues/new).
-  - Please fill out the appropriate section of the bug report template provided. Please delete any sections not needed in the template.
+- If you're unable to find an open issue addressing the problem, please [submit a new issue](https://github.com/jeremylong/DependencyCheck/issues/new/choose).
+  - Please fill out the appropriate section of the bug report template provided.
+  - Delete any sections not needed in the template.
 
 ## Reporting Vulnerabilities
 
 - If you believe you have found a vulnerability in dependency-check itself (not that dependency-check found a vulnerability); please email [email protected].
 
 ## Asking Questions
 
-- Your question may be answered by taking a look at the [documentataion](https://jeremylong.github.io/DependencyCheck/).
-- If you still have a question consider:
-  - posting to the [Google Group](https://groups.google.com/forum/#!forum/dependency-check)
-  - opening a [new issue](https://github.com/jeremylong/DependencyCheck/issues/new)
+- Your question may be answered by taking a look at the [documentation](https://jeremylong.github.io/DependencyCheck/).
+- Search both the [open and closed issues issues in GitHub](https://github.com/jeremylong/DependencyCheck/issues/)
+- If you still have a question ask a [new question](https://github.com/jeremylong/DependencyCheck/issues/new?assignees=&labels=question&template=ask-a-question.md&title=)
 
 ## Enhancement Requests
 
-- Suggest changes by [submitting a new issue](https://github.com/jeremylong/DependencyCheck/issues/new) and begin coding.
+- Suggest changes by [submitting a new issue](https://github.com/jeremylong/DependencyCheck/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=) and begin coding.
 
 ## Contributing Code
 
 - If you have written a new feature or have fixed a bug please open a new pull request with the patch.
+- Use [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/); even for the PR title.
 - Ensure the PR description clearly describes the problem and solution. Include any related issue number(s) if applicable.
-- Please ensure the PR passes the automated checks performed (travis-ci, codacy, etc.)
+- Please ensure the PR passes the automated checks performed
 - Please consider adding test cases for any new functionality
 
 ## Thank you for your contributions

diff --git a/.github/workflows/false-positive-approvals.yml b/.github/workflows/false-positive-approvals.yml
@@ -23,7 +23,7 @@ jobs:
       - uses: actions/checkout@v3
         with:
           ref: generatedSuppressions
-      - uses: actions/setup-node@v3.5.1
+      - uses: actions/setup-node@v3.6.0
       - run: |
           npm install [email protected]
           npm install fs

diff --git a/.github/workflows/false-positive-ops.yml b/.github/workflows/false-positive-ops.yml
@@ -34,7 +34,7 @@ jobs:
         with:
           issue-body: ${{ github.event.issue.body }}
           template-path: odc/.github/ISSUE_TEMPLATE/false-positive-report.yml
-      - uses: actions/setup-node@v3.5.1
+      - uses: actions/setup-node@v3.6.0
         with:
           node-version: 14
       - name: Initialize npm

diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml
@@ -0,0 +1,23 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  main:
+    name: Validate PR title
+    permissions:
+      pull-requests: read
+      statuses: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,7 +2,7 @@ name: Build and Deploy Release
 
 ##
 ## Automates the release process
-## 1. Update the 'body:' below and the release_notes.md
+## 1. Update the 'body:' below and the changelog.md
 ## 2. Run `./prepare-release.sh`
 ## 3. Create PR, merge PR
 ## 4. Run `git push origin main --tags`
@@ -185,12 +185,11 @@ jobs:
           prerelease: false
           draft: false
           body: |
-            ### Changes
-            - Automated release of 7.3.1 failed and only published to Central; 7.3.2 is a re-release of 7.3.1.
-            - Resolved several false positives and false negatives.
-            - Use Jackson Afterburner if still on Java 8 (#4966).
-            - Exclude `node_modules` from the Maven plugin's scan path (#4974).
-            - See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/51?closed=1).
+            ### Fixed
+
+            - Resolved issue processing NVD CVE data due to column width (#5229)
+
+            See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/56?closed=1).
 
       - name: Upload CLI
         id: upload-release-cli
@@ -263,3 +262,4 @@ jobs:
         with:
           branch: gh-pages
           folder: target/staging
+          clean: false