Releases: actions/dependency-review-action
v4.0.0
- Update action to Node 20 by @takost in #639
- Dependabot updates, see the full changelog for more details.
New Contributors
Full Changelog: v3.1.5...v4.0.0
3.1.5
What's Changed
- Smaller
per_page
when requesting diff by @hmaurer in #649 - Update dependencies:
- Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in #630
- Bump prettier from 3.0.3 to 3.1.0 by @dependabot in #629
- Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in #637
- Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in #636
- Replace pip -> pypi in PURL examples by @febuiles in #638
- Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in #644
- Bump eslint from 8.53.0 to 8.56.0 by @dependabot in #640
- Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in #645
- Bump prettier from 3.1.0 to 3.1.1 by @dependabot in #646
Full Changelog: v3.1.4...v3.1.5
3.1.4
What's Changed
-
Fixed a bug with severity filtering when using the
allow_ghsas
option: #623. -
Updates dependencies:
- Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
action/pull/620 - Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in #625
- Bump typescript from 5.2.2 to 5.3.2 by @dependabot in #624
- Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
Full Changelog: v3...v3.1.4
3.1.3
What's Changed
- Fixes purl "version must be percent-encoded" by @theztefan in #617
Full Changelog: v3...v3.1.3
3.1.2
What's Changed
Full Changelog: v3...v3.1.2
3.1.1
What's Changed
- Update a bunch of dependencies, including major version upgrades for
octokit
,@actions/github
andtypescript
.
Full Changelog: v3.1.0...v3.1.1
3.1.0
What's New
Added support for dependencies submitted through the dependency submission API. This includes two new configuration parameters: retry-on-snapshot-warnings
and retry-on-snapshot-warnings-timeout
.
What's Changed
New Contributors
Full Changelog: v3...v3.1.0
3.0.8
What's Changed
Added on-failure
option to comment-summary-in-pr
setting by @sgmurphy in #540
Previous configuration files using true
/false
for comment-summary-in-pr
will be mapped automatically to the new values, but we encourage you to update to always
/on-failure
/never
.
New Contributors
Full Changelog: v3...v3.0.8
3.0.7
What's Changed
- Make GHES support / setup more clear by @rajbos in #534
- Add an option to deny packages or groups of packages by @adrienpessu in #544
New Contributors
- @rajbos made their first contribution in #534
- @adrienpessu made their first contribution in #544
Full Changelog: v3...v3.0.7
3.0.6
Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty package_url
.