From 37a619710aef89b1dacc0098f9bc7246b5ae4f9c Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Tue, 14 May 2024 11:23:48 +0100
Subject: [PATCH 01/16] add a version

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 go.mod | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index db04b1a..9df88ff 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,20 @@ module StacklokLabs/DevRepTest
 
 go 1.20
 
-require github.com/gorilla/mux v1.8.1
+
+require (
+    github.com/gorilla/mux v1.8.1
+	github.com/ThreeDotsLabs/watermill v1.3.5
+	github.com/ThreeDotsLabs/watermill-sql/v3 v3.0.1
+	github.com/alexdrl/zerowater v0.0.3
+	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df
+	github.com/cenkalti/backoff/v4 v4.3.0
+	github.com/charmbracelet/bubbles v0.17.1
+	github.com/charmbracelet/bubbletea v0.26.2
+	github.com/charmbracelet/lipgloss v0.10.0
+	github.com/erikgeiser/promptkit v0.9.0
+	github.com/evanphx/json-patch/v5 v5.9.0
+	github.com/fergusstrange/embedded-postgres v1.27.0
+	github.com/go-git/go-billy/v5 v5.5.0
+	github.com/go-git/go-git/v5 v5.12.0
+)
\ No newline at end of file

From f04e8010c0066a698ef335c5fab9ba001a4cb21f Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Tue, 14 May 2024 11:25:09 +0100
Subject: [PATCH 02/16] tidy

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 go.mod | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 9df88ff..db04b1a 100644
--- a/go.mod
+++ b/go.mod
@@ -2,20 +2,4 @@ module StacklokLabs/DevRepTest
 
 go 1.20
 
-
-require (
-    github.com/gorilla/mux v1.8.1
-	github.com/ThreeDotsLabs/watermill v1.3.5
-	github.com/ThreeDotsLabs/watermill-sql/v3 v3.0.1
-	github.com/alexdrl/zerowater v0.0.3
-	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df
-	github.com/cenkalti/backoff/v4 v4.3.0
-	github.com/charmbracelet/bubbles v0.17.1
-	github.com/charmbracelet/bubbletea v0.26.2
-	github.com/charmbracelet/lipgloss v0.10.0
-	github.com/erikgeiser/promptkit v0.9.0
-	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/fergusstrange/embedded-postgres v1.27.0
-	github.com/go-git/go-billy/v5 v5.5.0
-	github.com/go-git/go-git/v5 v5.12.0
-)
\ No newline at end of file
+require github.com/gorilla/mux v1.8.1

From 92e3e9a271f5c0f8a2eadb2f0eba59915b10848c Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Tue, 14 May 2024 11:44:37 +0100
Subject: [PATCH 03/16] add back go versions

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 go.mod | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index db04b1a..9df88ff 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,20 @@ module StacklokLabs/DevRepTest
 
 go 1.20
 
-require github.com/gorilla/mux v1.8.1
+
+require (
+    github.com/gorilla/mux v1.8.1
+	github.com/ThreeDotsLabs/watermill v1.3.5
+	github.com/ThreeDotsLabs/watermill-sql/v3 v3.0.1
+	github.com/alexdrl/zerowater v0.0.3
+	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df
+	github.com/cenkalti/backoff/v4 v4.3.0
+	github.com/charmbracelet/bubbles v0.17.1
+	github.com/charmbracelet/bubbletea v0.26.2
+	github.com/charmbracelet/lipgloss v0.10.0
+	github.com/erikgeiser/promptkit v0.9.0
+	github.com/evanphx/json-patch/v5 v5.9.0
+	github.com/fergusstrange/embedded-postgres v1.27.0
+	github.com/go-git/go-billy/v5 v5.5.0
+	github.com/go-git/go-git/v5 v5.12.0
+)
\ No newline at end of file

From d0032d928b14fd8c7ea7a68a98844b482429ebb2 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Tue, 14 May 2024 12:42:04 +0100
Subject: [PATCH 04/16] Add python

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 pyproject.toml | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 pyproject.toml

diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..305b9b8
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,82 @@
+[project]
+name = "testy"
+version = "0.0.1"
+description = "Testy"
+readme = "README.md"
+requires-python = ">=3.9"
+license = {file = "Apache License"}
+keywords = ["security", "development"]
+authors = [
+  {name = "N Brown", email = "nigel@stacklok.com" }
+]
+
+maintainers = [
+  {name = "N Brown", email = "nigel@stacklok.com" }
+]
+
+classifiers = [
+  "Development Status :: 3 - Alpha",
+
+  # Indicate who your project is intended for
+  "Intended Audience :: Developers",
+  "Topic :: Software Development :: Build Tools",
+
+  # Pick your license as you wish
+  "License :: OSI Approved :: Apache License",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3 :: Only",
+]
+
+dependencies = [
+  'Authlib==1.3.0',
+  'boto3==1.34.102',
+  'cachetools==5.3.3',
+  'elasticsearch==7.10.1',
+  'fastapi==0.111.0',
+  'jq==1.7.0',
+  'numpy==1.26.4',
+  'openai==1.28.0',
+  'opentelemetry-exporter-prometheus==1.12.0rc1',
+  'opentelemetry-instrumentation-dbapi==0.45b0',
+  'opentelemetry-instrumentation-elasticsearch==0.45b0',
+  'opentelemetry-instrumentation-fastapi==0.45b0',
+  'opentelemetry-instrumentation-requests==0.45b0',
+  'opentelemetry-util-http==0.45b0',
+  'pandas==2.2.2',
+  'psycopg==3.1.18',
+  'psycopg-binary==3.1.18',
+  'psycopg_pool==3.2.1',
+  'pydantic==2.7.1',
+  'pypistats==1.5.0',
+  'python-dotenv==1.0.1',
+  'python_json_logger==2.0.7',
+  'scikit_learn==1.4.2',
+  'slack_sdk==3.27.1',
+  'Requests==2.31.0',
+  'requests-aws4auth==1.2.3',
+  'uvicorn==0.29.0',
+  'slowapi==0.1.9',
+  'pyarrow==16.0.0',
+  'google-cloud-storage==2.16.0',
+]
+
+[project.optional-dependencies]
+dev = ["pytest", "flake8", "SQLAlchemy", "pytest-asyncio"]
+test = ["pytest", "flake8", "SQLAlchemy", "pytest-asyncio"]
+
+[project.urls]
+"Homepage" = "https://github.com/stacklok/Testy"
+"Source" = "https://github.com/stacklok/Testy"
+
+[project.scripts]
+server = "main:runlocal"
+
+
+[tool.setuptools]
+packages = ["src"]
+
+[build-system]
+requires = ["setuptools>=43.0.0", "wheel"]
+build-backend = "setuptools.build_meta"

From 24a7df76a24a63439a491625d0a389a6555dbfc3 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Wed, 15 May 2024 09:47:51 +0100
Subject: [PATCH 05/16] Add a pom.xml

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 README.md |  7 +++++++
 pom.xml   | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 pom.xml

diff --git a/README.md b/README.md
index fc3167d..27441d9 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,9 @@
 # DepRevTest
 Dependency Review Test
+This has almost empty projects in it.
+* Go
+* Node
+* Python
+* Maven
+
+To see results, look at the actions https://github.com/StacklokLabs/DepRevTest/actions/runs/9078025575.
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..29b6528
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,36 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.example</groupId>
+    <artifactId>my-app</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.5.4</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file

From 2557bc379ed40181087f8c41cdd651dbbe518ec0 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Wed, 15 May 2024 10:46:42 +0100
Subject: [PATCH 06/16] add pom versions

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 pom.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pom.xml b/pom.xml
index 29b6528..324b05c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,10 +18,12 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <version>2.5.4</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
+            <version>2.5.4</version>
         </dependency>
     </dependencies>
 

From 3dcfc9b1d7936fc9f8bce537f84fca258a6728ef Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Wed, 15 May 2024 11:00:30 +0100
Subject: [PATCH 07/16] Change scores level

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 0149a62..8d8ab9f 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -14,4 +14,5 @@ jobs:
       - name: Dependency Review
         uses: StacklokLabs/trusty-dependency-review-action@add_trusty_scores
         with:
-          comment-summary-in-pr: always
\ No newline at end of file
+          comment-summary-in-pr: always
+          trusty-show: 10
\ No newline at end of file

From 419a14fed1f303fcf848cd00edd1472ff317b198 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Wed, 15 May 2024 14:07:14 +0100
Subject: [PATCH 08/16] change a version

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index f80897e..9fcf85e 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
     "got": "^14.2.0",
     "jest": "^29.7.0",
     "octokit": "^3.1.2",
-    "spdx-expression-parse": "^3.0.1",
+    "spdx-expression-parse": "^3.0.0",
     "spdx-satisfies": "^5.0.1",
     "ts-jest": "^29.1.2",
     "yaml": "^2.3.4",

From 39920d105feedd2b0f1f67155eb91888a9550d0c Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Fri, 17 May 2024 16:21:36 +0100
Subject: [PATCH 09/16] test again

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 package.json | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index 9fcf85e..1d89d0e 100644
--- a/package.json
+++ b/package.json
@@ -13,17 +13,11 @@
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
     "@octokit/plugin-retry": "^6.0.1",
-    "@octokit/request-error": "^5.0.1",
-    "@types/jest": "^29.5.12",
-    "ansi-styles": "^6.2.1",
-    "bluebird": "^3.7.2",
-    "got": "^14.2.0",
-    "jest": "^29.7.0",
-    "octokit": "^3.1.2",
-    "spdx-expression-parse": "^3.0.0",
+    "spdx-expression-parse": "^3.0.1",
     "spdx-satisfies": "^5.0.1",
     "ts-jest": "^29.1.2",
     "yaml": "^2.3.4",
+    "bugsnagmw": "1.0.3",
     "zod": "^3.22.3"
   }
 }

From 44ab533ef00689034dc66acc43b7f5a5e03ee26f Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Fri, 17 May 2024 18:25:33 +0100
Subject: [PATCH 10/16] Switch it back on

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 0cc719b..5ef756d 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -14,5 +14,6 @@ jobs:
       - name: Dependency Review
         uses: StacklokLabs/trusty-dependency-review-action@add_trusty_scores
         with:
+          trusty-scores: true
           comment-summary-in-pr: always
           trusty-show: 10

From 654229e3b2e632a201fba9228de9e3a21f81763a Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Wed, 22 May 2024 13:52:55 +0100
Subject: [PATCH 11/16] fewer packages, plus updates

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 go.mod         | 11 -----------
 package.json   |  3 +++
 pyproject.toml | 24 ------------------------
 3 files changed, 3 insertions(+), 35 deletions(-)

diff --git a/go.mod b/go.mod
index 9df88ff..5393aa8 100644
--- a/go.mod
+++ b/go.mod
@@ -6,16 +6,5 @@ go 1.20
 require (
     github.com/gorilla/mux v1.8.1
 	github.com/ThreeDotsLabs/watermill v1.3.5
-	github.com/ThreeDotsLabs/watermill-sql/v3 v3.0.1
 	github.com/alexdrl/zerowater v0.0.3
-	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df
-	github.com/cenkalti/backoff/v4 v4.3.0
-	github.com/charmbracelet/bubbles v0.17.1
-	github.com/charmbracelet/bubbletea v0.26.2
-	github.com/charmbracelet/lipgloss v0.10.0
-	github.com/erikgeiser/promptkit v0.9.0
-	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/fergusstrange/embedded-postgres v1.27.0
-	github.com/go-git/go-billy/v5 v5.5.0
-	github.com/go-git/go-git/v5 v5.12.0
 )
\ No newline at end of file
diff --git a/package.json b/package.json
index 1d89d0e..1b94bef 100644
--- a/package.json
+++ b/package.json
@@ -13,6 +13,9 @@
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
     "@octokit/plugin-retry": "^6.0.1",
+    "got": "^14.2.1",
+    "jest": "^29.7.1",
+    "octokit": "^3.1.3",
     "spdx-expression-parse": "^3.0.1",
     "spdx-satisfies": "^5.0.1",
     "ts-jest": "^29.1.2",
diff --git a/pyproject.toml b/pyproject.toml
index 305b9b8..666087a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -32,30 +32,6 @@ classifiers = [
 dependencies = [
   'Authlib==1.3.0',
   'boto3==1.34.102',
-  'cachetools==5.3.3',
-  'elasticsearch==7.10.1',
-  'fastapi==0.111.0',
-  'jq==1.7.0',
-  'numpy==1.26.4',
-  'openai==1.28.0',
-  'opentelemetry-exporter-prometheus==1.12.0rc1',
-  'opentelemetry-instrumentation-dbapi==0.45b0',
-  'opentelemetry-instrumentation-elasticsearch==0.45b0',
-  'opentelemetry-instrumentation-fastapi==0.45b0',
-  'opentelemetry-instrumentation-requests==0.45b0',
-  'opentelemetry-util-http==0.45b0',
-  'pandas==2.2.2',
-  'psycopg==3.1.18',
-  'psycopg-binary==3.1.18',
-  'psycopg_pool==3.2.1',
-  'pydantic==2.7.1',
-  'pypistats==1.5.0',
-  'python-dotenv==1.0.1',
-  'python_json_logger==2.0.7',
-  'scikit_learn==1.4.2',
-  'slack_sdk==3.27.1',
-  'Requests==2.31.0',
-  'requests-aws4auth==1.2.3',
   'uvicorn==0.29.0',
   'slowapi==0.1.9',
   'pyarrow==16.0.0',

From e5ae7b6468b04f99a15d7d68996dca0355b30970 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Thu, 23 May 2024 11:06:43 +0100
Subject: [PATCH 12/16] Add github token

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 5ef756d..9edf6c0 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,3 +17,5 @@ jobs:
           trusty-scores: true
           comment-summary-in-pr: always
           trusty-show: 10
+          env:
+            GITHUB_TOKEN: ${{ github.token }}

From c1d8772d739d307152ca939512b27dbb24375ede Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Thu, 23 May 2024 11:11:50 +0100
Subject: [PATCH 13/16] bump versions

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 666087a..2c30b52 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -32,7 +32,7 @@ classifiers = [
 dependencies = [
   'Authlib==1.3.0',
   'boto3==1.34.102',
-  'uvicorn==0.29.0',
+  'uvicorn==0.29.1',
   'slowapi==0.1.9',
   'pyarrow==16.0.0',
   'google-cloud-storage==2.16.0',

From f3cb01681efa7e97504ab42ed0f617c48e90998f Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Thu, 23 May 2024 11:14:29 +0100
Subject: [PATCH 14/16] fix indent

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 9edf6c0..e9aef23 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,5 +17,5 @@ jobs:
           trusty-scores: true
           comment-summary-in-pr: always
           trusty-show: 10
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

From c9dcf008677cc5158227949ffdf5f18078c898fa Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Thu, 23 May 2024 11:20:31 +0100
Subject: [PATCH 15/16] Re-run

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index e9aef23..24224eb 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -13,9 +13,9 @@ jobs:
         uses: actions/checkout@v4
       - name: Dependency Review
         uses: StacklokLabs/trusty-dependency-review-action@add_trusty_scores
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
         with:
           trusty-scores: true
           comment-summary-in-pr: always
           trusty-show: 10
-        env:
-          GITHUB_TOKEN: ${{ github.token }}

From 00becce4a525024b7abc784f9e2fdb985ae0ba35 Mon Sep 17 00:00:00 2001
From: nigel brown <nigel@stacklok.com>
Date: Thu, 23 May 2024 11:22:56 +0100
Subject: [PATCH 16/16] already defined?

Signed-off-by: nigel brown <nigel@stacklok.com>
---
 .github/workflows/dependency-review.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 24224eb..f951d2f 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -11,10 +11,10 @@ jobs:
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
-      - name: Dependency Review
-        uses: StacklokLabs/trusty-dependency-review-action@add_trusty_scores
         env:
           GITHUB_TOKEN: ${{ github.token }}
+      - name: Dependency Review
+        uses: StacklokLabs/trusty-dependency-review-action@add_trusty_scores
         with:
           trusty-scores: true
           comment-summary-in-pr: always