Releases: actions/dependency-review-action
Releases · actions/dependency-review-action
v4.3.2
What's Changed
Full Changelog: v4.3.1...v4.3.2
v4.3.1
What's Changed
This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #753.
Full Changelog: V4.3.0...v4.3.1
v4.3.0
New Features
- The
deny-packages
option can now be used without a version number to exclude all versions of a package.
What's Changed
- Fix action variable name for scorecard by @lukehinds in #735
- Fix extra https:// in summary by @jhutchings1 in #748
- Bump typescript from 5.3.3 to 5.4.5 by @dependabot in #744
- Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in #737
- Show denied packages with red X by @juxtin in #750
- deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in #733
New Contributors
- @bteng22 made their first contribution in #733
- @lukehinds made their first contribution in #735
Full Changelog: v4.2.5...V4.3.0
4.2.5
What's Changed
- Fixed a bug where some configuration options in external files were not being properly picked up -- #722
- Bump eslint from 8.56.0 to 8.57.0
Full Changelog: v4.2.4...v4.2.5
v4.2.4
What's Changed
Fixed a bug in the output of OpenSSF cards for GitHub Actions.
New Contributors
- @sporkmonger made their first contribution in #721
Full Changelog: v4.2.3...v4.2.4
4.2.3
What's Changed
- Set comment as output by @jsoref in #698
- Add support for calculating OpenSSF Scorecards by @jhutchings1 in #709
- Add outputs for the changes data by @laughedelic in #707
New Contributors
- @jhutchings1 made their first contribution in #709
- @laughedelic made their first contribution in #707
Full Changelog: v4.1.3...v4.2.3
4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see #697).
Full Changelog: v4.1.2...v4.1.3
4.1.2
4.1.1
What's Changed
- Bump
undici
to fix GHSA-wqq4-5wpv-mx2g - Bump @types/node from 20.11.17 to 20.11.19 by @dependabot in #693
Full Changelog: v4.1.0...v4.1.1
4.1.0
What's Changed
Added a new configuration option (warn-only
, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by @jonjanego in #671
- Use manual codeql config by @juxtin in #678
- Multiple dependency updates (see the changelog below for more information)
New Contributors
- @jonjanego made their first contribution in #671
- @tgrall made their first contribution in #432
Full Changelog: v4...v4.1.0