github-actions[bot]
commented
1 month ago Thank you for following the naming conventions! 🙏
Closed renovate[bot] closed 1 month ago
github-actions[bot]
commented
1 month ago Thank you for following the naming conventions! 🙏
This PR contains the following updates:
v4.2.4->v4.3.4Release Notes
actions/dependency-review-action (actions/dependency-review-action)
### [`v4.3.4`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.4) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4) #### What's Changed - Include all added dependencies in scorecard entries by [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/783](https://redirect.github.com/actions/dependency-review-action/pull/783) - Update SPDX Expression Parsing by [@febuiles](https://redirect.github.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/719](https://redirect.github.com/actions/dependency-review-action/pull/719) - This PR is a significant refactor of SPDX expression parsing that *may* fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4 ### [`v4.3.3`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://redirect.github.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@josieang](https://redirect.github.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://redirect.github.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@am-stead](https://redirect.github.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://redirect.github.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@ramann](https://redirect.github.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://redirect.github.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@jonjanego](https://redirect.github.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://redirect.github.com/actions/dependency-review-action/pull/778) - Create issue templates by [@jonjanego](https://redirect.github.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://redirect.github.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@jhutchings1](https://redirect.github.com/jhutchings1) and [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://redirect.github.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://redirect.github.com/actions/dependency-review-action/pull/781) #### New Contributors - [@josieang](https://redirect.github.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://redirect.github.com/actions/dependency-review-action/pull/741) - [@am-stead](https://redirect.github.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://redirect.github.com/actions/dependency-review-action/pull/773) - [@ramann](https://redirect.github.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://redirect.github.com/actions/dependency-review-action/pull/776) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://redirect.github.com/actions/dependency-review-action/pull/761) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2 ### [`v4.3.1`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://redirect.github.com/actions/dependency-review-action/pull/753). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/V4.3.0...v4.3.1 ### [`v4.3.0`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://redirect.github.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@jhutchings1](https://redirect.github.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://redirect.github.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://redirect.github.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://redirect.github.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://redirect.github.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@febuiles](https://redirect.github.com/febuiles) and [@bteng22](https://redirect.github.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://redirect.github.com/actions/dependency-review-action/pull/733) #### New Contributors - [@bteng22](https://redirect.github.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://redirect.github.com/actions/dependency-review-action/pull/733) - [@lukehinds](https://redirect.github.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://redirect.github.com/actions/dependency-review-action/pull/735) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0 ### [`v4.2.5`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.2.5): 4.2.5 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5) #### What's Changed - Fixed a bug where some configuration options in external files were not being properly picked up -- [https://github.com/actions/dependency-review-action/pull/722](https://redirect.github.com/actions/dependency-review-action/pull/722) - Bump eslint from 8.56.0 to 8.57.0 **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5Configuration
📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.