Merge pull request #51 from AikidoSec/fix/use-correct-startsWith

willem-delbare · web-flow · commit 47d83dbcf3e6 · 2024-05-10T13:40:47.000+02:00
Fix: use correct startsWith function on string
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Detect new vulnerabilities
-        uses: AikidoSec/github-actions-workflow@v1.0.12
+        uses: AikidoSec/github-actions-workflow@v1.0.13
         with:
             secret-key: ${{ secrets.AIKIDO_SECRET_KEY }}
             fail-on-timeout: true
diff --git a/dist/index.js b/dist/index.js
@@ -189,7 +189,7 @@ async function run() {
             core.info(`starting a scan with secret key: "${redactedToken}"`);
         }
         else {
-            const isLikelyDependabotPr = ((_8 = startScanPayload.branch_name) !== null && _8 !== void 0 ? _8 : '').starts_with('dependabot/');
+            const isLikelyDependabotPr = ((_8 = startScanPayload.branch_name) !== null && _8 !== void 0 ? _8 : '').startsWith('dependabot/');
             if (isLikelyDependabotPr) {
                 core.info(`it looks like the action is running on a dependabot PR, this means that secret variables are not available in this context and thus we can not start a scan. Please see: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/`);
                 core.setOutput('outcome', STATUS_SUCCEEDED);
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/main.ts b/src/main.ts
@@ -75,7 +75,7 @@ async function run(): Promise<void> {
 			const redactedToken = '********************' + secretKey.slice(-4);
 			core.info(`starting a scan with secret key: "${redactedToken}"`);
 		} else {
-			const isLikelyDependabotPr = (startScanPayload.branch_name ?? '').starts_with('dependabot/')
+			const isLikelyDependabotPr = (startScanPayload.branch_name ?? '').startsWith('dependabot/')
 			if (isLikelyDependabotPr) {
 				core.info(`it looks like the action is running on a dependabot PR, this means that secret variables are not available in this context and thus we can not start a scan. Please see: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/`);
 				core.setOutput('outcome', STATUS_SUCCEEDED);

Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,7 @@ async function run() {`
`189`	`189`	core.info(`starting a scan with secret key: "${redactedToken}"`);
`190`	`190`	`}`
`191`	`191`	`else {`
`192`		`- const isLikelyDependabotPr = ((_8 = startScanPayload.branch_name) !== null && _8 !== void 0 ? _8 : '').starts_with('dependabot/');`
	`192`	`+ const isLikelyDependabotPr = ((_8 = startScanPayload.branch_name) !== null && _8 !== void 0 ? _8 : '').startsWith('dependabot/');`
`193`	`193`	`if (isLikelyDependabotPr) {`
`194`	`194`	core.info(`it looks like the action is running on a dependabot PR, this means that secret variables are not available in this context and thus we can not start a scan. Please see: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/`);
`195`	`195`	`core.setOutput('outcome', STATUS_SUCCEEDED);`