Skip to content

v2.6.1

Marketplace
Marketplace
Compare
Choose a tag to compare
@bigdaz bigdaz released this 17 Jul 22:03
· 214 commits to main since this release
v2.6.1
915a66c
This commit was signed with the committer’s verified signature.
bigdaz Daz DeBoer
SSH Key Fingerprint: 8sM5RN12NLqQrux93AOUMzIM+NBqCQUakoJYD75Ve/M Learn about vigilant mode.

Dependency Graph support

This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:

  • The action will now generate a unique job.correlator value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph.
  • Update to use github-dependency-graph-gradle-plugin@v0.1.0, which brings a number of improvements to the generated dependency graph:
    • Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated.
    • Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression
Assets 2