v2.5.0

Fixes:
#120 - fix: Get audit-ci version from package.json

Docs:
#123 - docs: Change suggested usage to include master

Build:
#121 - fix(CI): Update CircleCI and Travis-CI build configs
#122 - fix(CI): audit-ci checks in CircleCI on PR builds

Add current audit-ci version to output

#114 - Add current audit-ci version to output
#115 - chore(contributing): Improve testing section

Remove duplicate advisories from whitelisted list

Fixes:

#112: Remove duplicate advisories from whitelisted list

Add list of advisories to failed summary output

Features

• Add list of advisories to failed summary output (#110)

Add `--path-whitelist` option and fix `--pass-enoaudit`

Features:
#104 - Add "path-whitelist" option

Fixes:
#108 - Fix --pass-enoaudit to not always pass an audit

Docs:
#101 - README typo fix for the --report-type
#105 - Aditional examples for path whitelisting

Adds `JSONStream` for handling JSON data too big for `JSON.parse`

Fixes:

• #97 - Adds JSONStream for handling JSON data too big for JSON.parse
• #98 - Change low vulnerability dependency test

Docs:

• #99 - Add --pass-enoaudit information to README
• #101 - Typo fix for the --report-type

Introduce `-pass-enoaudit` flag

Features

#88 - Added --pass-enoaudit flag to mitigate issues with registries having service unavailability

Fix retry mechanism for NPM ENOAUDIT

Diff: https://github.com/IBM/audit-ci/compare/v2.0.0..v2.0.1

Bug fixes
Fix retry mechanism for another version of NPM error message: #89

Use --report-type {type} instead of --report or --summary

Diff: https://github.com/IBM/audit-ci/compare/v1.7.0..v2.0.0

BREAKING

The default report output has been changed for Yarn and NPM. Instead of showing the audit summary alone, it shows the audit summary as well as relevant vulnerabilities. This behaviour can be changed using the --report-type option.

Spec:

--report-type important --> (default) Show the audit summary and relevant vulnerabilities
--report-type summary --> Only show the audit summary (# of each vulnerability)
--report-type full --> Show the full audit report

Features

• Introduce --report-type {important,summary,full} flag #74 (closes #64 )

Chores

• Deprecate --report in favour of --report-type full
• Deprecate --summary in favour of --report-type summary

Major release due to changing the default behaviour for audit reporting and deprecating key options

Warn when whitelisted advisories are not found + bug fixes

Diff: https://github.com/IBM/audit-ci/compare/v1.5.0..v1.6.0

Features

• Warn when whitelisted advisories are not found (closes #70) (PR: #73)

Fixes

• Handle non-JSON Yarn audit report (re-closes #45) (PR: #66 and #76)
• Fix broken link in README (PR: #78)

Chores

• Update .travis.yml config to use the cache: npm shortcut and provide more docs (PR: #79)
• Fix advisories (fixes #67) (PR: #68 and #80)
• Bump Mocha (minor) (PR: #80)
• Bump ESLint (minor) (PR: #80)

Minor release due to the new behaviour of Yarn non-JSON audit report and warning when whitelisted advisories are not found