Open renovate[bot] opened 1 month ago
Code Climate has analyzed commit 75251dbb and detected 0 issues on this pull request.
View more on Code Climate.
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
This PR contains the following updates:
v3.1.5
->v4.3.4
v3.1.5
->v4.3.4
Release Notes
actions/dependency-review-action (actions/dependency-review-action)
### [`v4.3.4`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.4) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4) #### What's Changed - Include all added dependencies in scorecard entries by [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/783](https://redirect.github.com/actions/dependency-review-action/pull/783) - Update SPDX Expression Parsing by [@febuiles](https://redirect.github.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/719](https://redirect.github.com/actions/dependency-review-action/pull/719) - This PR is a significant refactor of SPDX expression parsing that *may* fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4 ### [`v4.3.3`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://redirect.github.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@josieang](https://redirect.github.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://redirect.github.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@am-stead](https://redirect.github.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://redirect.github.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@ramann](https://redirect.github.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://redirect.github.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@jonjanego](https://redirect.github.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://redirect.github.com/actions/dependency-review-action/pull/778) - Create issue templates by [@jonjanego](https://redirect.github.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://redirect.github.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@jhutchings1](https://redirect.github.com/jhutchings1) and [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://redirect.github.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@elireisman](https://redirect.github.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://redirect.github.com/actions/dependency-review-action/pull/781) #### New Contributors - [@josieang](https://redirect.github.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://redirect.github.com/actions/dependency-review-action/pull/741) - [@am-stead](https://redirect.github.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://redirect.github.com/actions/dependency-review-action/pull/773) - [@ramann](https://redirect.github.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://redirect.github.com/actions/dependency-review-action/pull/776) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://redirect.github.com/actions/dependency-review-action/pull/761) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2 ### [`v4.3.1`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://redirect.github.com/actions/dependency-review-action/pull/753). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/V4.3.0...v4.3.1 ### [`v4.3.0`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://redirect.github.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@jhutchings1](https://redirect.github.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://redirect.github.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://redirect.github.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://redirect.github.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://redirect.github.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@febuiles](https://redirect.github.com/febuiles) and [@bteng22](https://redirect.github.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://redirect.github.com/actions/dependency-review-action/pull/733) #### New Contributors - [@bteng22](https://redirect.github.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://redirect.github.com/actions/dependency-review-action/pull/733) - [@lukehinds](https://redirect.github.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://redirect.github.com/actions/dependency-review-action/pull/735) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0 ### [`v4.2.5`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.2.5): 4.2.5 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5) #### What's Changed - Fixed a bug where some configuration options in external files were not being properly picked up -- [https://github.com/actions/dependency-review-action/pull/722](https://redirect.github.com/actions/dependency-review-action/pull/722) - Bump eslint from 8.56.0 to 8.57.0 **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5 ### [`v4.2.4`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.2.4) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4) #### What's Changed Fixed a bug in the output of OpenSSF cards for GitHub Actions. #### New Contributors - [@sporkmonger](https://redirect.github.com/sporkmonger) made their first contribution in [https://github.com/actions/dependency-review-action/pull/721](https://redirect.github.com/actions/dependency-review-action/pull/721) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4 ### [`v4.2.3`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.2.3): 4.2.3 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3) #### What's Changed - Set comment as output by [@jsoref](https://redirect.github.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/698](https://redirect.github.com/actions/dependency-review-action/pull/698) - Add support for calculating OpenSSF Scorecards by [@jhutchings1](https://redirect.github.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/709](https://redirect.github.com/actions/dependency-review-action/pull/709) - Add outputs for the changes data by [@laughedelic](https://redirect.github.com/laughedelic) in [https://github.com/actions/dependency-review-action/pull/707](https://redirect.github.com/actions/dependency-review-action/pull/707) #### New Contributors - [@jhutchings1](https://redirect.github.com/jhutchings1) made their first contribution in [https://github.com/actions/dependency-review-action/pull/709](https://redirect.github.com/actions/dependency-review-action/pull/709) - [@laughedelic](https://redirect.github.com/laughedelic) made their first contribution in [https://github.com/actions/dependency-review-action/pull/707](https://redirect.github.com/actions/dependency-review-action/pull/707) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3 ### [`v4.1.3`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3) Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see [https://github.com/actions/dependency-review-action/issues/697](https://redirect.github.com/actions/dependency-review-action/issues/697)). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.1.2): 4.1.2 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2) #### What's Changed - Expose dependency comment content by [@jsoref](https://redirect.github.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/696](https://redirect.github.com/actions/dependency-review-action/pull/696) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2 ### [`v4.1.1`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.1.1): 4.1.1 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1) #### What's Changed - Bump `undici` to fix [GHSA-wqq4-5wpv-mx2g](https://redirect.github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g) - Bump [@types/node](https://redirect.github.com/types/node) from 20.11.17 to 20.11.19 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/693](https://redirect.github.com/actions/dependency-review-action/pull/693) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.1.0): 4.1.0 [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0) #### What's Changed - Add `warn-only` by [@tgrall](https://redirect.github.com/tgrall) in [https://github.com/actions/dependency-review-action/pull/432](https://redirect.github.com/actions/dependency-review-action/pull/432) Added a new configuration option (`warn-only`, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log. - Create stale.yaml by [@jonjanego](https://redirect.github.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/671](https://redirect.github.com/actions/dependency-review-action/pull/671) - Use manual codeql config by [@juxtin](https://redirect.github.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/678](https://redirect.github.com/actions/dependency-review-action/pull/678) - Multiple dependency updates (see the changelog below for more information) #### New Contributors - [@jonjanego](https://redirect.github.com/jonjanego) made their first contribution in [https://github.com/actions/dependency-review-action/pull/671](https://redirect.github.com/actions/dependency-review-action/pull/671) - [@tgrall](https://redirect.github.com/tgrall) made their first contribution in [https://github.com/actions/dependency-review-action/pull/432](https://redirect.github.com/actions/dependency-review-action/pull/432) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0 ### [`v4.0.0`](https://redirect.github.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://redirect.github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@takost](https://redirect.github.com/takost) in [https://github.com/actions/dependency-review-action/pull/639](https://redirect.github.com/actions/dependency-review-action/pull/639) - Dependabot updates, see the full changelog for more details. #### New Contributors - [@takost](https://redirect.github.com/takost) made their first contribution in [https://github.com/actions/dependency-review-action/pull/639](https://redirect.github.com/actions/dependency-review-action/pull/639) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.