Releases: actions/dependency-review-action
Releases · actions/dependency-review-action
v4.5.0
What's Changed
- Bump got from 14.4.2 to 14.4.3 by @dependabot in #844
- Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in #847
- Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in #849
- Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in #850
- fix: add summary comment on failure when warn-only: true by @ebickle in #827
- Prepare for 4.5.0 release by @Ahmed3lmallah in #851
New Contributors
Full Changelog: v4...v4.5.0
v4.4.0
What's Changed
- Fix for merge_group event bug by @Ahmed3lmallah in #846
Full Changelog: v4.3.5...v4.4.0
v4.3.5
What's Changed
- fix: getRefs function to handle merge_group events by @louis-bompart in #766
- Create pull_request_template.md by @jonjanego in #794
- Update CONTRIBUTING.md by @jonjanego in #793
- Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in #815
- Upgrade transitive micromatch library by @elireisman in #829
- Do not list changed dependencies in summary by @hmaurer in #828
- Update stale.yaml by @jonjanego in #832
- Bump got from 14.4.1 to 14.4.2 by @dependabot in #822
- Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in #840
New Contributors
- @louis-bompart made their first contribution in #766
- @Ahmed3lmallah made their first contribution in #840
Full Changelog: v4.3.4...v4.3.5
v4.3.4
What's Changed
- Include all added dependencies in scorecard entries by @elireisman in #783
- Update SPDX Expression Parsing by @febuiles in #719
- This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.
Full Changelog: v4.3.3...v4.3.4
Notes for v4.3.3
What's Changed
- Allow slashes in purl package names by @juxtin in #765
- use the v3 version of the deps.dev API by @josieang in #741
- PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @am-stead in #773
- fix show-openssf-scorecard-levels input by @ramann in #776
- Updates to the contribution guidelines by @jonjanego in #778
- Create issue templates by @jonjanego in #777
- Fix the max comment length issue by @jhutchings1 and @elireisman in #767
- Bump project version to 4.3.3 in prep for a release by @elireisman in #781
New Contributors
- @josieang made their first contribution in #741
- @am-stead made their first contribution in #773
- @ramann made their first contribution in #776
Full Changelog: v4.3.2...v4.3.3
v4.3.2
What's Changed
Full Changelog: v4.3.1...v4.3.2
v4.3.1
What's Changed
This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #753.
Full Changelog: V4.3.0...v4.3.1
v4.3.0
New Features
- The
deny-packages
option can now be used without a version number to exclude all versions of a package.
What's Changed
- Fix action variable name for scorecard by @lukehinds in #735
- Fix extra https:// in summary by @jhutchings1 in #748
- Bump typescript from 5.3.3 to 5.4.5 by @dependabot in #744
- Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in #737
- Show denied packages with red X by @juxtin in #750
- deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in #733
New Contributors
- @bteng22 made their first contribution in #733
- @lukehinds made their first contribution in #735
Full Changelog: v4.2.5...V4.3.0
4.2.5
What's Changed
- Fixed a bug where some configuration options in external files were not being properly picked up -- #722
- Bump eslint from 8.56.0 to 8.57.0
Full Changelog: v4.2.4...v4.2.5
v4.2.4
What's Changed
Fixed a bug in the output of OpenSSF cards for GitHub Actions.
New Contributors
- @sporkmonger made their first contribution in #721
Full Changelog: v4.2.3...v4.2.4