dependency-submission-toolkit
dependency-submission-toolkit copied to clipboard
github
A TypeScript library for creating dependency snapshots.
Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4. Release notes Sourced from undici's releases. v5.28.4 :warning: Security Release :warning: Fixes https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 CVE-2024-30260 Fixes https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 CVE-2024-30261 Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 Commits fb98306 Bumped v5.28.4...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.1.6 to 5.2.8. Release notes Sourced from vite's releases. [email protected] Please refer to CHANGELOG.md for details. [email protected] Please refer to CHANGELOG.md for details. [email protected] Please refer to...
See discussion in https://github.com/orgs/github-community/discussions/18918 - it would be great if the toolkit could support SBOM standards out of the box, as this would enable a bridge from existing tooling into...
Hi, While using this library with GitHub Actions, `core.notice` generates unnecessary annotations to the summary run. Example screenshot:  Code: https://github.com/github/dependency-submission-toolkit/blob/ba4304393932d94a64d5b97d53b8405ed0e40a90/src/snapshot.ts#L192 Would be possible for...
First of all, I'm sorry if this is not the right place to file this as it's more about the JSON schema for the submissions API, but I could not...
Bumps the npm_and_yarn group with 1 update: [rollup](https://github.com/rollup/rollup). Updates `rollup` from 4.21.3 to 4.22.4 Release notes Sourced from rollup's releases. v4.22.4 4.22.4 2024-09-21 Bug Fixes Fix a vulnerability in generated...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.12.7 to 22.13.13. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.0.8 to 3.0.9. Release notes Sourced from vitest's releases. v3.0.9 🐞 Bug Fixes Typings of ctx.skip() as never - by @sirlancelot in vitest-dev/vitest#7608 (09f35) Cleanup vitest in...
Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 1.2.1 to 2.0.1. Changelog Sourced from packageurl-js's changelog. 2.0.1 Bug Fix Fix decoding problems around the % character #75 (fix contributed by @jdalton) 2.0.0 Significant refactor based...