v4.0.0

• Update action to Node 20 by @takost in #639
• Dependabot updates, see the full changelog for more details.

New Contributors

• @takost made their first contribution in #639

Full Changelog: v3.1.5...v4.0.0

3.1.5

What's Changed

• Smaller per_page when requesting diff by @hmaurer in #649
• Update dependencies:
  • Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in #630
  • Bump prettier from 3.0.3 to 3.1.0 by @dependabot in #629
  • Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in #637
  • Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in #636
  • Replace pip -> pypi in PURL examples by @febuiles in #638
  • Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in #644
  • Bump eslint from 8.53.0 to 8.56.0 by @dependabot in #640
  • Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in #645
  • Bump prettier from 3.1.0 to 3.1.1 by @dependabot in #646

Full Changelog: v3.1.4...v3.1.5

3.1.4

What's Changed

• Fixed a bug with severity filtering when using the allow_ghsas option: #623.

• Updates dependencies:

  • Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
    action/pull/620
  • Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in #625
  • Bump typescript from 5.2.2 to 5.3.2 by @dependabot in #624

Full Changelog: v3...v3.1.4

3.1.3

What's Changed

• Fixes purl "version must be percent-encoded" by @theztefan in #617

Full Changelog: v3...v3.1.3

3.1.2

What's Changed

• Fix a regression for setups using self-hosted runners behind HTTP proxies:@febuiles in #611

Full Changelog: v3...v3.1.2

3.1.1

What's Changed

• Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: v3.1.0...v3.1.1

3.1.0

What's New

Added support for dependencies submitted through the dependency submission API. This includes two new configuration parameters: retry-on-snapshot-warnings and retry-on-snapshot-warnings-timeout.

What's Changed

• Fix(docs): Correct action input name by @oerd in #551

New Contributors

• @oerd made their first contribution in #551

Full Changelog: v3...v3.1.0

3.0.8

What's Changed

Added on-failure option to comment-summary-in-pr setting by @sgmurphy in #540

Previous configuration files using true/false for comment-summary-in-pr will be mapped automatically to the new values, but we encourage you to update to always/on-failure/never.

New Contributors

• @sgmurphy made their first contribution in #540

Full Changelog: v3...v3.0.8

3.0.7

What's Changed

• Make GHES support / setup more clear by @rajbos in #534
• Add an option to deny packages or groups of packages by @adrienpessu in #544

New Contributors

• @rajbos made their first contribution in #534
• @adrienpessu made their first contribution in #544

Full Changelog: v3...v3.0.7

3.0.6

Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty package_url.