Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump actions/dependency-review-action from 3 to 4 (#3366)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Update action to Node 20 by <a href="https://github.com/takost"><code>@takost</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> <li>Dependabot updates, see the full changelog for more details.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0">https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0</a></p> <h2>3.1.5</h2> <h2>What's Changed</h2> <ul> <li>Smaller <code>per_page</code> when requesting diff by <a href="https://github.com/hmaurer"><code>@hmaurer</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/649">actions/dependency-review-action#649</a></li> <li>Update dependencies: <ul> <li>Bump <code>@typescript-eslint/parser</code> from 6.10.0 to 6.13.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/630">actions/dependency-review-action#630</a></li> <li>Bump prettier from 3.0.3 to 3.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/629">actions/dependency-review-action#629</a></li> <li>Bump <code>@types/jest</code> from 29.5.8 to 29.5.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/637">actions/dependency-review-action#637</a></li> <li>Bump nodemon from 3.0.1 to 3.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/636">actions/dependency-review-action#636</a></li> <li>Replace pip -> pypi in PURL examples by <a href="https://github.com/febuiles"><code>@febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/638">actions/dependency-review-action#638</a></li> <li>Bump <code>@typescript-eslint/eslint-plugin</code> from 6.12.0 to 6.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/644">actions/dependency-review-action#644</a></li> <li>Bump eslint from 8.53.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/640">actions/dependency-review-action#640</a></li> <li>Bump <code>@typescript-eslint/parser</code> from 6.13.1 to 6.16.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/645">actions/dependency-review-action#645</a></li> <li>Bump prettier from 3.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/646">actions/dependency-review-action#646</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5">https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5</a></p> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Fixed a <a href="https://redirect.github.com/actions/dependency-review-action/issues/618">bug</a> with severity filtering when using the <code>allow_ghsas</code> option: <a href="https://redirect.github.com/actions/dependency-review-action/pull/623">actions/dependency-review-action#623</a>.</p> </li> <li> <p>Updates dependencies:</p> <ul> <li>Bump <code>@types/node</code> from 16.18.61 to 16.18.62 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/619">actions/dependency-review-action#619</a> action/pull/620</li> <li>Bump <code>@typescript-eslint/eslint-plugin</code> from 6.11.0 to 6.12.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/625">actions/dependency-review-action#625</a></li> <li>Bump typescript from 5.2.2 to 5.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/624">actions/dependency-review-action#624</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.4">https://github.com/actions/dependency-review-action/compare/v3...v3.1.4</a></p> <h2>3.1.3</h2> <h2>What's Changed</h2> <ul> <li>Fixes purl "version must be percent-encoded" by <a href="https://github.com/theztefan"><code>@theztefan</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/617">actions/dependency-review-action#617</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.3">https://github.com/actions/dependency-review-action/compare/v3...v3.1.3</a></p> <h2>3.1.2</h2> <h2>What's Changed</h2> <ul> <li>Fix a regression for setups using self-hosted runners behind HTTP proxies:<a href="https://github.com/febuiles"><code>@febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/611">actions/dependency-review-action#611</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/4cd9eb2d23752464a87e00499c30d256a59a01b4"><code>4cd9eb2</code></a> Updating docs to point to v4.</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4901385134134e04cec5fbe5ddfe3b2c5bd5d976"><code>4901385</code></a> bump to 4.0.0</li> <li><a href="https://github.com/actions/dependency-review-action/commit/dbf82a4a5e789041feb229da46628470c73c9a0a"><code>dbf82a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/639">#639</a> from takost/takost/update-to-node-20</li> <li><a href="https://github.com/actions/dependency-review-action/commit/78aeb2a9481f34926df8c3362adc914ee6d1c2c4"><code>78aeb2a</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/663">#663</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4e510006f53ff8d6674dedf2002e9e0b82cc5470"><code>4e51000</code></a> Bump <code>@typescript-eslint/parser</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9560737c5e7fc2128ffae68101ce1affe1e71e19"><code>9560737</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/661">#661</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4125f47f7e6413e88785249688b6c9013bc2a18e"><code>4125f47</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/660">#660</a> from actions/dependabot/npm_and_yarn/types/node-16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/07cc93e0c88d01956b9bdd07a4ae2a3dd5b03aff"><code>07cc93e</code></a> Bump <code>@typescript-eslint/eslint-plugin</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e2c203b8b7d8c24420ab8f3b640f6c7a4379ffa8"><code>e2c203b</code></a> Bump <code>@types/node</code> from 16.18.62 to 16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f0b304d0bca35ae1f93498c415db77ce72699b7c"><code>f0b304d</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/653">#653</a> from actions/dependabot/npm_and_yarn/got-14.0.0</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information