Releases: actions/dependency-review-action
Releases · actions/dependency-review-action
Dependency Review Action v4.8.1
What's Changed
- (bug) Fix spamming link test in deprecation warning (again) by @ahpook in #1000
- Bump version for 4.8.1 release by @ahpook in #1001
Full Changelog: v4...v4.8.1
Contributors
ahpook
Assets 2
v4.8.0
What's Changed
- Make Ruby Code Scannable by @ljones140 in #978
- Batch some contributions for release by @brrygrdn in #986
- Make license lists collapsable by @jasperkamerling
- feat: add large summary handling with artifact upload by @MattMencel
New Contributors
- @ljones140 made their first contribution in #978
- @jasperkamerling made their first contribution in #986
- @MattMencel made their first contribution in #986
Full Changelog: v4...v4.8.0
Contributors
MattMencel, brrygrdn, and 2 other contributors
Assets 2
4.7.3
What's Changed
- Add explicit permissions to workflow files by @AshelyTC in #966
- Claire153/fix spamming mentioned issue by @claire153 in #974
Full Changelog: v4...v4.7.3
Contributors
AshelyTC and claire153
Assets 2
4.7.2
What's Changed
- Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in #945
- Deprecate deny lists by @claire153 in #958
- Address discrepancy between docs and reality by @ahpook in #960
New Contributors
- @KyFaSt made their first contribution in #945
- @claire153 made their first contribution in #958
- @ahpook made their first contribution in #960
Full Changelog: v4...v4.7.2
Contributors
ahpook, KyFaSt, and claire153
Assets 2
v4.7.1
- Packages added to
allow-dependencies-licenseswill be allowed even if the package in question has no license information #889 - License expressions (e.g.
Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g.Ruby)
v4.7.0
- Handle complex license expressions (e.g.
MIT AND GPL-2.0) in allow lists (fixes #809 and probably others) - Replace
OTHERin package licenses withLicenseRef-clearlydefined-OTHERso that parsing passes
v4.6.0
What's Changed
- Updating multiple dependency versions by @Ahmed3lmallah in #870
- Grouping minor and patch dependabot updates to lessen the number of PRs by @Ahmed3lmallah in #876
- Bump actions/stale from 9.0.0 to 9.1.0 by @dependabot in #878
- Bump undici from 5.28.4 to 5.28.5 by @dependabot in #877
- DR Action should link to the proxima stamp when appropriate in error messages by @AshelyTC in #891
- Allow deny package removal by @ellenfieldn in #888
- Fix typos by @omahs in #893
- Bump esbuild from 0.19.5 to 0.25.0 by @dependabot in #900
- Bump octokit and related dependencies by @RomanIakovlev in #904
- Bump @babel/helpers from 7.23.2 to 7.26.10 by @dependabot in #905
- Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @dependabot in #899
- Update transitive dependency spdx-license-ids by @ailox in #855
- To not print OpenSSF Scorecard section if no dependencies scanned by @fabasoad in #884
- Improve usage of this action in dependency-review.yml by @fabasoad in #883
- Clarify comment-summary-in-pr behaviour by @Pantelis-Santorinios in #902
- Prepare 4.6.0 Release candidate by @brrygrdn in #910
New Contributors
- @AshelyTC made their first contribution in #891
- @ellenfieldn made their first contribution in #888
- @omahs made their first contribution in #893
- @RomanIakovlev made their first contribution in #904
- @ailox made their first contribution in #855
- @fabasoad made their first contribution in #884
- @Pantelis-Santorinios made their first contribution in #902
- @brrygrdn made their first contribution in #910
Full Changelog: v4.5.0...v4.6.0
Contributors
brrygrdn, ellenfieldn, and 8 other contributors
Assets 2
v4.5.0
What's Changed
- Bump got from 14.4.2 to 14.4.3 by @dependabot in #844
- Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in #847
- Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in #849
- Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in #850
- fix: add summary comment on failure when warn-only: true by @ebickle in #827
- Prepare for 4.5.0 release by @Ahmed3lmallah in #851
New Contributors
Full Changelog: v4...v4.5.0
Contributors
ebickle, dependabot, and Ahmed3lmallah
Assets 2
v4.4.0
What's Changed
- Fix for merge_group event bug by @Ahmed3lmallah in #846
Full Changelog: v4.3.5...v4.4.0
Contributors
Ahmed3lmallah
Assets 2
v4.3.5
What's Changed
- fix: getRefs function to handle merge_group events by @louis-bompart in #766
- Create pull_request_template.md by @jonjanego in #794
- Update CONTRIBUTING.md by @jonjanego in #793
- Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in #815
- Upgrade transitive micromatch library by @elireisman in #829
- Do not list changed dependencies in summary by @hmaurer in #828
- Update stale.yaml by @jonjanego in #832
- Bump got from 14.4.1 to 14.4.2 by @dependabot in #822
- Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in #840
New Contributors
- @louis-bompart made their first contribution in #766
- @Ahmed3lmallah made their first contribution in #840
Full Changelog: v4.3.4...v4.3.5
Contributors
hmaurer, jonjanego, and 4 other contributors