search

sjinks / wp-two-factor-provider-webauthn

WebAuthn Provider for Two Factor plugin
https://wordpress.org/plugins/two-factor-provider-webauthn/
MIT License
14 stars 5 forks source link

chore(deps): update actions/dependency-review-action action to v4.3.2 #766

Closed renovate[bot] closed 2 months ago

renovate[bot] commented 2 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/dependency-review-action action minor v4.2.5 -> v4.3.2

Release Notes

actions/dependency-review-action (actions/dependency-review-action) ### [`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2 ### [`v4.3.1`](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.1) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) ### [`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@​febuiles](https://togithub.com/febuiles) and [@​bteng22](https://togithub.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) #### New Contributors - [@​bteng22](https://togithub.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) - [@​lukehinds](https://togithub.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0

Configuration

šŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

šŸš¦ Automerge: Enabled.

ā™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

šŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

github-actions[bot] commented 2 months ago

Dependency Review

āœ… No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/dependency-review-action 0c155c5e8556a497adf53f2c18edabf945ed8e70 :green_circle: 6.4
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 9security policy file detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
SAST:green_circle: 10SAST tool is run on all commits
Pinned-Dependencies:warning: 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities:green_circle: 82 existing vulnerabilities detected
actions/actions/dependency-review-action 5bbc3ba658137598168acb2ab73b21c432dd411b :green_circle: 6.4
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 9security policy file detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
SAST:green_circle: 10SAST tool is run on all commits
Pinned-Dependencies:warning: 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities:green_circle: 82 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70
  • actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b