Releases: actions/dependency-review-action
Releases · actions/dependency-review-action
4.2.3
What's Changed
- Set comment as output by @jsoref in #698
- Add support for calculating OpenSSF Scorecards by @jhutchings1 in #709
- Add outputs for the changes data by @laughedelic in #707
New Contributors
- @jhutchings1 made their first contribution in #709
- @laughedelic made their first contribution in #707
Full Changelog: v4.1.3...v4.2.3
Contributors
laughedelic, jsoref, and jhutchings1
Assets 2
4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see #697).
Full Changelog: v4.1.2...v4.1.3
4.1.2
Contributors
jsoref
Assets 2
4.1.1
What's Changed
- Bump
undicito fix GHSA-wqq4-5wpv-mx2g - Bump @types/node from 20.11.17 to 20.11.19 by @dependabot in #693
Full Changelog: v4.1.0...v4.1.1
Contributors
dependabot
Assets 2
4.1.0
What's Changed
Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by @jonjanego in #671
- Use manual codeql config by @juxtin in #678
- Multiple dependency updates (see the changelog below for more information)
New Contributors
- @jonjanego made their first contribution in #671
- @tgrall made their first contribution in #432
Full Changelog: v4...v4.1.0
Contributors
tgrall, jonjanego, and juxtin
Assets 2
v4.0.0
- Update action to Node 20 by @takost in #639
- Dependabot updates, see the full changelog for more details.
New Contributors
Full Changelog: v3.1.5...v4.0.0
Contributors
takost
Assets 2
3.1.5
What's Changed
- Smaller
per_pagewhen requesting diff by @hmaurer in #649 - Update dependencies:
- Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in #630
- Bump prettier from 3.0.3 to 3.1.0 by @dependabot in #629
- Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in #637
- Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in #636
- Replace pip -> pypi in PURL examples by @febuiles in #638
- Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in #644
- Bump eslint from 8.53.0 to 8.56.0 by @dependabot in #640
- Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in #645
- Bump prettier from 3.1.0 to 3.1.1 by @dependabot in #646
Full Changelog: v3.1.4...v3.1.5
Contributors
febuiles, hmaurer, and dependabot
Assets 2
3.1.4
What's Changed
-
Fixed a bug with severity filtering when using the
allow_ghsasoption: #623. -
Updates dependencies:
- Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
action/pull/620 - Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in #625
- Bump typescript from 5.2.2 to 5.3.2 by @dependabot in #624
- Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
Full Changelog: v3...v3.1.4
Contributors
dependabot
Assets 2
3.1.3
What's Changed
- Fixes purl "version must be percent-encoded" by @theztefan in #617
Full Changelog: v3...v3.1.3
Contributors
theztefan
Assets 2
3.1.2
What's Changed
Full Changelog: v3...v3.1.2
Contributors
febuiles