Sourced from actions/dependency-review-action's releases.
4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see actions/dependency-review-action#697).
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3
4.1.2
What's Changed
- Expose dependency comment content by
@jsoref
in actions/dependency-review-action#696Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2
4.1.1
What's Changed
- Bump
undici
to fix GHSA-wqq4-5wpv-mx2g- Bump
@types/node
from 20.11.17 to 20.11.19 by@dependabot
in actions/dependency-review-action#693Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1
4.1.0
What's Changed
- Add
warn-only
by@tgrall
in actions/dependency-review-action#432Added a new configuration option (
warn-only
, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by
@jonjanego
in actions/dependency-review-action#671- Use manual codeql config by
@juxtin
in actions/dependency-review-action#678- Multiple dependency updates (see the changelog below for more information)
New Contributors
@jonjanego
made their first contribution in actions/dependency-review-action#671@tgrall
made their first contribution in actions/dependency-review-action#432Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0
9129d7d
don't set output on every runa1be843
Update stale.yaml587ff57
Don't use if: always()
in examples.be8bc50
Merge branch 'output-comment'cb180bf
Merge pull request #696
from actions/output-commentb2ea187
bumping action versionc94f57b
Add a new image for the example report.124fafe
Merge branch 'issue-250' into output-comment26174d8
Merge branch 'issue-250' of https://github.com/jsoref/dependency-review-actio...a87338a
Update example workflow.