Releases: actions/dependency-review-action
Releases · actions/dependency-review-action
V4.3.0
New Features
- The
deny-packages
option can now be used without a version number to exclude all versions of a package.
What's Changed
- Fix action variable name for scorecard by @lukehinds in #735
- Fix extra https:// in summary by @jhutchings1 in #748
- Bump typescript from 5.3.3 to 5.4.5 by @dependabot in #744
- Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in #737
- Show denied packages with red X by @juxtin in #750
- deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in #733
New Contributors
- @bteng22 made their first contribution in #733
- @lukehinds made their first contribution in #735
Full Changelog: v4.2.5...V4.3.0
4.2.5
What's Changed
- Fixed a bug where some configuration options in external files were not being properly picked up -- #722
- Bump eslint from 8.56.0 to 8.57.0
Full Changelog: v4.2.4...v4.2.5
v4.2.4
What's Changed
Fixed a bug in the output of OpenSSF cards for GitHub Actions.
New Contributors
- @sporkmonger made their first contribution in #721
Full Changelog: v4.2.3...v4.2.4
4.2.3
What's Changed
- Set comment as output by @jsoref in #698
- Add support for calculating OpenSSF Scorecards by @jhutchings1 in #709
- Add outputs for the changes data by @laughedelic in #707
New Contributors
- @jhutchings1 made their first contribution in #709
- @laughedelic made their first contribution in #707
Full Changelog: v4.1.3...v4.2.3
4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see #697).
Full Changelog: v4.1.2...v4.1.3
4.1.2
4.1.1
What's Changed
- Bump
undici
to fix GHSA-wqq4-5wpv-mx2g - Bump @types/node from 20.11.17 to 20.11.19 by @dependabot in #693
Full Changelog: v4.1.0...v4.1.1
4.1.0
What's Changed
Added a new configuration option (warn-only
, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by @jonjanego in #671
- Use manual codeql config by @juxtin in #678
- Multiple dependency updates (see the changelog below for more information)
New Contributors
- @jonjanego made their first contribution in #671
- @tgrall made their first contribution in #432
Full Changelog: v4...v4.1.0
v4.0.0
- Update action to Node 20 by @takost in #639
- Dependabot updates, see the full changelog for more details.
New Contributors
Full Changelog: v3.1.5...v4.0.0
3.1.5
What's Changed
- Smaller
per_page
when requesting diff by @hmaurer in #649 - Update dependencies:
- Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in #630
- Bump prettier from 3.0.3 to 3.1.0 by @dependabot in #629
- Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in #637
- Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in #636
- Replace pip -> pypi in PURL examples by @febuiles in #638
- Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in #644
- Bump eslint from 8.53.0 to 8.56.0 by @dependabot in #640
- Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in #645
- Bump prettier from 3.1.0 to 3.1.1 by @dependabot in #646
Full Changelog: v3.1.4...v3.1.5