From e8ed199e98656d562edbd4f03394be156d4bb777 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:14:12 +0000 Subject: [PATCH 1/9] Warn instead of failing on npm audit Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index 953f642..f46b373 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -15,6 +15,37 @@ jobs: node-version: "22" - run: node -v - run: npm ci - - run: npm audit + - name: npm audit + shell: pwsh + run: | + npm audit --json > audit.json + + if ($LASTEXITCODE -gt 1) { + exit $LASTEXITCODE + } + + $audit = Get-Content audit.json -Raw | ConvertFrom-Json + $vulnerabilities = $audit.metadata.vulnerabilities + + if (-not $vulnerabilities) { + exit 0 + } + + $severityCounts = [ordered]@{ + critical = $vulnerabilities.critical + high = $vulnerabilities.high + moderate = $vulnerabilities.moderate + low = $vulnerabilities.low + info = $vulnerabilities.info + } + + foreach ($severity in $severityCounts.Keys) { + $count = [int]$severityCounts[$severity] + + if ($count -gt 0) { + $label = if ($count -eq 1) { "vulnerability" } else { "vulnerabilities" } + Write-Host "::warning::npm audit reported $count $severity $label." + } + } - run: npm run build - run: npm run test From 50d808e73cbb298ddedd8e639f8fc358b44991c4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:15:08 +0000 Subject: [PATCH 2/9] Validate audit workflow change Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- audit.json | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 audit.json diff --git a/audit.json b/audit.json new file mode 100644 index 0000000..3cfec09 --- /dev/null +++ b/audit.json @@ -0,0 +1,22 @@ +{ + "auditReportVersion": 2, + "vulnerabilities": {}, + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 0, + "moderate": 0, + "high": 0, + "critical": 0, + "total": 0 + }, + "dependencies": { + "prod": 4, + "dev": 325, + "optional": 1, + "peer": 0, + "peerOptional": 0, + "total": 328 + } + } +} From 8871e1717c3b708a18e0254f83d5afea553ae47c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:15:18 +0000 Subject: [PATCH 3/9] Remove temporary audit artifact Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- audit.json | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 audit.json diff --git a/audit.json b/audit.json deleted file mode 100644 index 3cfec09..0000000 --- a/audit.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "auditReportVersion": 2, - "vulnerabilities": {}, - "metadata": { - "vulnerabilities": { - "info": 0, - "low": 0, - "moderate": 0, - "high": 0, - "critical": 0, - "total": 0 - }, - "dependencies": { - "prod": 4, - "dev": 325, - "optional": 1, - "peer": 0, - "peerOptional": 0, - "total": 328 - } - } -} From cdcfb10dd08eae990aefca189a43d8073c1d2154 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:16:18 +0000 Subject: [PATCH 4/9] Handle audit command errors cleanly Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index f46b373..22b3a4e 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -19,16 +19,25 @@ jobs: shell: pwsh run: | npm audit --json > audit.json + $auditExitCode = $LASTEXITCODE - if ($LASTEXITCODE -gt 1) { - exit $LASTEXITCODE + $audit = Get-Content audit.json -Raw | ConvertFrom-Json + + if ($audit.error) { + Write-Error "npm audit failed: $($audit.error.summary)" + exit $auditExitCode } - $audit = Get-Content audit.json -Raw | ConvertFrom-Json $vulnerabilities = $audit.metadata.vulnerabilities - if (-not $vulnerabilities) { - exit 0 + if ($null -eq $vulnerabilities) { + $vulnerabilities = [pscustomobject]@{ + critical = 0 + high = 0 + moderate = 0 + low = 0 + info = 0 + } } $severityCounts = [ordered]@{ From c586df3694ade14c82818f4c9fab327e2de60199 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:16:56 +0000 Subject: [PATCH 5/9] Use PowerShell file output for audit report Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index 22b3a4e..8fb5514 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -18,7 +18,7 @@ jobs: - name: npm audit shell: pwsh run: | - npm audit --json > audit.json + npm audit --json | Out-File -FilePath audit.json -Encoding utf8 $auditExitCode = $LASTEXITCODE $audit = Get-Content audit.json -Raw | ConvertFrom-Json From ef45e1d7a0c22d0c693b0171bf4e08149319f332 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:17:36 +0000 Subject: [PATCH 6/9] Tighten audit warning step handling Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index 8fb5514..c1bbd9e 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -18,7 +18,7 @@ jobs: - name: npm audit shell: pwsh run: | - npm audit --json | Out-File -FilePath audit.json -Encoding utf8 + npm audit --json > audit.json 2>&1 $auditExitCode = $LASTEXITCODE $audit = Get-Content audit.json -Raw | ConvertFrom-Json @@ -31,13 +31,8 @@ jobs: $vulnerabilities = $audit.metadata.vulnerabilities if ($null -eq $vulnerabilities) { - $vulnerabilities = [pscustomobject]@{ - critical = 0 - high = 0 - moderate = 0 - low = 0 - info = 0 - } + Write-Error "npm audit returned an unexpected response." + exit 1 } $severityCounts = [ordered]@{ @@ -53,7 +48,7 @@ jobs: if ($count -gt 0) { $label = if ($count -eq 1) { "vulnerability" } else { "vulnerabilities" } - Write-Host "::warning::npm audit reported $count $severity $label." + Write-Host "::warning::npm audit reported $count $severity $label. Run npm audit for details." } } - run: npm run build From 763aa8f7b06ca09a04aff31053ac9663eeb94557 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:18:21 +0000 Subject: [PATCH 7/9] Use explicit process handling for npm audit Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index c1bbd9e..ef8215e 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -18,8 +18,8 @@ jobs: - name: npm audit shell: pwsh run: | - npm audit --json > audit.json 2>&1 - $auditExitCode = $LASTEXITCODE + $process = Start-Process npm -ArgumentList 'audit', '--json' -NoNewWindow -Wait -RedirectStandardOutput audit.json -PassThru + $auditExitCode = $process.ExitCode $audit = Get-Content audit.json -Raw | ConvertFrom-Json @@ -31,7 +31,7 @@ jobs: $vulnerabilities = $audit.metadata.vulnerabilities if ($null -eq $vulnerabilities) { - Write-Error "npm audit returned an unexpected response." + Write-Error "Expected npm audit vulnerabilities metadata but found none." exit 1 } From dac1b3c0d859b8712ce27201d4cd66cc01187f4f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:18:52 +0000 Subject: [PATCH 8/9] Clean up audit output artifact Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/fa4715d3-0d8b-4749-b6a8-18bc497ab6bc --- .github/workflows/pr-gated.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index ef8215e..a15fae0 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -22,6 +22,7 @@ jobs: $auditExitCode = $process.ExitCode $audit = Get-Content audit.json -Raw | ConvertFrom-Json + Remove-Item audit.json -ErrorAction SilentlyContinue if ($audit.error) { Write-Error "npm audit failed: $($audit.error.summary)" From 2b21413c9297fc72b510e4f5c7d3d72b975afd90 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:44:55 +0000 Subject: [PATCH 9/9] Simplify npm audit workflow step Co-authored-by: mattmasson <5509937+mattmasson@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/powerquery-formatter/sessions/b6003116-937f-48c5-ad8a-64e8002cdb2b --- .github/workflows/pr-gated.yml | 39 ++-------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/.github/workflows/pr-gated.yml b/.github/workflows/pr-gated.yml index a15fae0..d96c801 100644 --- a/.github/workflows/pr-gated.yml +++ b/.github/workflows/pr-gated.yml @@ -15,42 +15,7 @@ jobs: node-version: "22" - run: node -v - run: npm ci - - name: npm audit - shell: pwsh - run: | - $process = Start-Process npm -ArgumentList 'audit', '--json' -NoNewWindow -Wait -RedirectStandardOutput audit.json -PassThru - $auditExitCode = $process.ExitCode - - $audit = Get-Content audit.json -Raw | ConvertFrom-Json - Remove-Item audit.json -ErrorAction SilentlyContinue - - if ($audit.error) { - Write-Error "npm audit failed: $($audit.error.summary)" - exit $auditExitCode - } - - $vulnerabilities = $audit.metadata.vulnerabilities - - if ($null -eq $vulnerabilities) { - Write-Error "Expected npm audit vulnerabilities metadata but found none." - exit 1 - } - - $severityCounts = [ordered]@{ - critical = $vulnerabilities.critical - high = $vulnerabilities.high - moderate = $vulnerabilities.moderate - low = $vulnerabilities.low - info = $vulnerabilities.info - } - - foreach ($severity in $severityCounts.Keys) { - $count = [int]$severityCounts[$severity] - - if ($count -gt 0) { - $label = if ($count -eq 1) { "vulnerability" } else { "vulnerabilities" } - Write-Host "::warning::npm audit reported $count $severity $label. Run npm audit for details." - } - } + - run: npm audit + continue-on-error: true - run: npm run build - run: npm run test