Skip to content

Commit

Permalink
bump listendev action to v0.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@fntlnz @isaacs
fntlnz authored and isaacs committed Mar 30, 2023
1 parent 8dd1bea commit 0325299
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,4 @@ jobs:
npm test --color=always -- -c -t0
- name: Scan your dependencies with the listen.dev CLI
uses: listendev/action@v0.1.0
uses: listendev/action@v0.2.0

2 comments on commit 0325299

@jadoonf
Copy link

@jadoonf jadoonf commented on 0325299 Apr 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@isaacs – the latest lstn CLI release (v0.6.0) is set to resolve this issue.

Re-running this workflow will automatically use the updated version of lstn to generate scan results, visible in the CI logs. As a push event, the workflow step will exit gracefully upon completion (see example screenshot below).

image

For pull request events, you'll be able to see the lstn scan results in the form of a comment on the PR itself.

@jadoonf
Copy link

@jadoonf jadoonf commented on 0325299 Apr 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, lstn now includes support for ignoring dependencies by name and type. This is configurable through the following ways:

Using CLI flags:

  --ignore-deptypes
  --ignore-packages

Only works for lstn scan at the moment.

Using config file (lstn.yml)

...
filtering:
  ignore:
    packages:
      - "donotprocessme"
      - "react"
    deptypes:
     - "peer"

Using env vars

LSTN_IGNORE_DEPTYPES=peer,optional
LSTN_IGNORE_PACKAGES=react,@vue/devtools

Please sign in to comment.