Dependency Graph support
This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:
- The action will now generate a unique
job.correlator
value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph. - Update to use
github-dependency-graph-gradle-plugin@v0.1.0
, which brings a number of improvements to the generated dependency graph:- Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated.
- Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression