Title: Bump actions/dependency-review-action from 4 to 5 by dependabot[bot] · Pull Request #235 · EngineScript/EngineScript · GitHub
Open Graph Title: Bump actions/dependency-review-action from 4 to 5 by dependabot[bot] · Pull Request #235 · EngineScript/EngineScript
X Title: Bump actions/dependency-review-action from 4 to 5 by dependabot[bot] · Pull Request #235 · EngineScript/EngineScript
Description: Bumps actions/dependency-review-action from 4 to 5.
Release notes
Sourced from actions/dependency-review-action's releases.
5.0.0
This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.
What's Changed
Add .github/copilot-instructions.md for Copilot coding agent by @ahpook in actions/dependency-review-action#1067
Update Node.js runtime from 20 to 24 by @scottschreckengaust in actions/dependency-review-action#1084
Bump spdx-license-ids from 3.0.20 to 3.0.23 by @mongolyy in actions/dependency-review-action#1091
docs: bump actions/checkout from v4 to v6 in workflow examples by @Marukome0743 in actions/dependency-review-action#1077
fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @tspascoal in actions/dependency-review-action#1076
Resolve security findings by @AshelyTC in actions/dependency-review-action#1094
v5.0.0 release branch by @ahpook in actions/dependency-review-action#1098
New Contributors
@scottschreckengaust made their first contribution in actions/dependency-review-action#1084
@mongolyy made their first contribution in actions/dependency-review-action#1091
@Marukome0743 made their first contribution in actions/dependency-review-action#1077
Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0
Dependency Review Action 4.9.0
This feature release contains a couple of notable changes:
There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @felickz!
Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @jantiebot!
There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @juxtin!
What's Changed
Compare normalized purls to account for encoding quirks by @juxtin in actions/dependency-review-action#1056
Make purl comparisons case insensitive by @juxtin in actions/dependency-review-action#1057
Feat: Add Patched Version to Vulnerabilities summary by @felickz in actions/dependency-review-action#1045
fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @jantiebot in actions/dependency-review-action#1060
Bump actions/stale from 10.1.0 to 10.2.0 by @dependabot[bot] in actions/dependency-review-action#1058
Bump actions/checkout from 4 to 6 by @dependabot[bot] in actions/dependency-review-action#1021
Updates for release 4.9.0 by @ahpook in actions/dependency-review-action#1064
New Contributors
@jantiebot made their first contribution in actions/dependency-review-action#1060
Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0
4.8.3
Dependency Review Action v4.8.3
This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.
We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.
What's Changed
GitHub Actions can't push to our protected main by @dangoor in actions/dependency-review-action#1017
Bump actions/stale from 9.1.0 to 10.1.0 by @dependabot[bot] in actions/dependency-review-action#995
... (truncated)
Commits
a1d282b Merge pull request #1098 from actions/ahpook/v5-release
eb6c199 update examples to show @v5
3943c2c v5.0.0 release branch
454943c Merge pull request #1094 from actions/ashelytc/security-findings
6d92a12 revert @typescript-eslint/parser update
a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
b6b7079 update @typescript-eslint/parser to 8.40.0
821a21d update more dependencies
05aaaae run npm audit fix
55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show
Open Graph Description: Bumps actions/dependency-review-action from 4 to 5. Release notes Sourced from actions/dependency-review-action's releases. 5.0.0 This is a new major version of the Dependency Review Action w...
X Description: Bumps actions/dependency-review-action from 4 to 5. Release notes Sourced from actions/dependency-review-action's releases. 5.0.0 This is a new major version of the Dependency Review Acti...
Opengraph URL: https://github.com/EngineScript/EngineScript/pull/235
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:4363b177-5a53-aa2a-ae66-8478033d53e8 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | D0F2:50919:3ED99CA:566C904:6A4F36DA |
| html-safe-nonce | 3eb2583c1942e25d5ded1e77c247e5727e5522d6b614a64922006b781699bc7b |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMEYyOjUwOTE5OjNFRDk5Q0E6NTY2QzkwNDo2QTRGMzZEQSIsInZpc2l0b3JfaWQiOiI3MTY0OTg4NTM1MTY1ODkyMzE0IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 6f79e1e02de43edd8434643c243bae12d7f1505bc3015819549fc510395cbf76 |
| hovercard-subject-tag | pull_request:3661503645 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/EngineScript/EngineScript/pull/235/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps actions/dependency-review-action from 4 to 5. Release notes Sourced from actions/dependency-review-action's releases. 5.0.0 This is a new major version of the Dependency Review Action w... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | b92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/EngineScript/EngineScript git https://github.com/EngineScript/EngineScript.git |
| octolytics-dimension-user_id | 50476375 |
| octolytics-dimension-user_login | EngineScript |
| octolytics-dimension-repository_id | 191669024 |
| octolytics-dimension-repository_nwo | EngineScript/EngineScript |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 191669024 |
| octolytics-dimension-repository_network_root_nwo | EngineScript/EngineScript |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 2b8f23afb982271f1b22258a94aede67a6b77760 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width