Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: bump actions/dependency-review-action from 4.2.4 to 4.2.5 (#692)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.4 to 4.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>4.2.5</h2> <h2>What's Changed</h2> <ul> <li>Fixed a bug where some configuration options in external files were not being properly picked up -- <a href="https://redirect.github.com/actions/dependency-review-action/pull/722">actions/dependency-review-action#722</a></li> <li>Bump eslint from 8.56.0 to 8.57.0</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5">https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/5bbc3ba658137598168acb2ab73b21c432dd411b"><code>5bbc3ba</code></a> bumping version</li> <li><a href="https://github.com/actions/dependency-review-action/commit/c59184aa7f30a5d1561f8913a98548614fde3f08"><code>c59184a</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/722">#722</a> from actions/remove-warn-default</li> <li><a href="https://github.com/actions/dependency-review-action/commit/54c06574f4561498740cc4da9e2bf458969f7b63"><code>54c0657</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/728">#728</a> from actions/dependabot/npm_and_yarn/eslint-8.57.0</li> <li><a href="https://github.com/actions/dependency-review-action/commit/21941b530b2705f2f002f90595f096a480f95953"><code>21941b5</code></a> Bump eslint from 8.56.0 to 8.57.0</li> <li><a href="https://github.com/actions/dependency-review-action/commit/651d22c5d5f0334db47d275f0dbb9418f4ecd601"><code>651d22c</code></a> Revert default values in action.yml to fix external configs.</li> <li>See full diff in <a href="https://github.com/actions/dependency-review-action/compare/733dd5d4a5203f238c33806593ec0f5fc5343d8c...5bbc3ba658137598168acb2ab73b21c432dd411b">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4.2.4&new-version=4.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Case Wylie <cmwylie19@defenseunicorns.com>
- Loading branch information