actions/dependency-review-action (actions/dependency-review-action)
### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4
[Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4)
#### What's Changed
- Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623).
- Updates dependencies:
- Bump [@types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619)
action/pull/620
- Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625)
- Bump typescript from 5.2.2 to 5.3.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624)
**Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.4
### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3
[Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3)
#### What's Changed
- Fixes purl "version must be percent-encoded" by [@theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617)
**Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.3
### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2
[Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2)
#### What's Changed
- Fix a regression for setups using self-hosted runners behind HTTP proxies:[@febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611)
**Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.2
### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1
[Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1)
#### What's Changed
- Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`.
**Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1
github/codeql-action (github/codeql-action)
### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)
[Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)
### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)
[Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)
### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)
[Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)
step-security/harden-runner (step-security/harden-runner)
### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1)
##### What's Changed
Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356)
This release:
1. Improves the job summary markdown written by the Harden-Runner Action
2. Improves detection of cache endpoint used by the job
3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners
4. Updates dependencies
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.19.4
->1.19.5
4.17.20
->4.17.21
1.2.4
->1.2.5
20.8.10
->20.10.2
2.3.3
->2.3.4
2.0.15
->2.0.16
v3.1.0
->v3.1.4
v2.22.5
->v2.22.8
v2.6.0
->v2.6.1
Release Notes
actions/dependency-review-action (actions/dependency-review-action)
### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1github/codeql-action (github/codeql-action)
### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)step-security/harden-runner (step-security/harden-runner)
### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1) ##### What's Changed Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356) This release: 1. Improves the job summary markdown written by the Harden-Runner Action 2. Improves detection of cache endpoint used by the job 3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners 4. Updates dependencies **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.