build and package scope filtering

README.md

@@ -38,7 +38,7 @@ jobs:
 
 ### GitHub Enterprise Server
 
-This action is available in GHES starting with version 3.6. Make sure
+This action is available in Enterprise Server starting with version 3.6. Make sure
 [GitHub Advanced
 Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
 and [GitHub
@@ -92,7 +92,7 @@ jobs:
           # base-ref: ${{ github.event.pull_request.base.ref }}
           # head-ref: ${{ github.event.pull_request.head.ref }}
           #
-          # You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on GHES.
+          # You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on Enterprise Server.
           #
           # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
           # allow-licenses: GPL-3.0, BSD-3-Clause, MIT
@@ -124,7 +124,7 @@ This example will only fail on pull requests with `critical` and `high` vulnerab
 
 ### Dependency Scoping
 
-By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on GHES just yet, as the REST API's introduction of `scope` will be released in an upcoming version. We will treat all dependencies on GHES as having a `runtime` scope and thus will not be filtered away.
+By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on Enterprise Server just yet, as the REST API's introduction of `scope` will be released in an upcoming Enterprise Server version. We will treat all dependencies on Enterprise Server as having a `runtime` scope and thus will not be filtered away.
 
 ```yaml
 - name: Dependency Review
@@ -138,7 +138,7 @@ By default the action will only fail on `runtime` dependencies that have vulnera
 You can set the action to fail on pull requests based on the licenses of the dependencies
 they introduce. With `allow-licenses` you can define the list of licenses
 your repository will accept. Alternatively, you can use `deny-licenses` to only
-forbid a subset of licenses. These options are not supported on GHES.
+forbid a subset of licenses. These options are not supported on Enterprise Server.
 
 You can use the [Licenses
 API](https://docs.github.com/en/rest/licenses) to see the full list of
@@ -163,7 +163,7 @@ to filter. A couple of examples:
 
 **Important**
 
-- Checking for licenses is not supported on GHES.
+- Checking for licenses is not supported on Enterprise Server.
 - The action will only accept one of the two parameters; an error will
   be raised if you provide both.
 - By default both parameters are empty (no license checking is

src/filter.ts

@@ -39,11 +39,9 @@ export function filterChangesByScopes(
   changes: Changes
 ): Changes {
   const filteredChanges = changes.filter(change => {
-    // if there is no scope on the change (GHES API for now), we will assume it is a runtime scope
+    // if there is no scope on the change (Enterprise Server API for now), we will assume it is a runtime scope
     const scope = change.scope || 'runtime'
-    if (scopes.includes(scope)) {
-      return true
-    }
+    return scopes.includes(scope)
   })
 
   return filteredChanges