functions-framework-php
functions-framework-php copied to clipboard
GoogleCloudPlatform
chore(deps): update actions/dependency-review-action action to v4
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/dependency-review-action | action | major | v3.1.5 -> v4.3.3 |
Release Notes
actions/dependency-review-action (actions/dependency-review-action)
v4.3.3: Notes for v4.3.3
What's Changed
- Allow slashes in purl package names by @juxtin in https://github.com/actions/dependency-review-action/pull/765
- use the v3 version of the deps.dev API by @josieang in https://github.com/actions/dependency-review-action/pull/741
- PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @am-stead in https://github.com/actions/dependency-review-action/pull/773
- fix show-openssf-scorecard-levels input by @ramann in https://github.com/actions/dependency-review-action/pull/776
- Updates to the contribution guidelines by @jonjanego in https://github.com/actions/dependency-review-action/pull/778
- Create issue templates by @jonjanego in https://github.com/actions/dependency-review-action/pull/777
- Fix the max comment length issue by @jhutchings1 and @elireisman in https://github.com/actions/dependency-review-action/pull/767
- Bump project version to 4.3.3 in prep for a release by @elireisman in https://github.com/actions/dependency-review-action/pull/781
New Contributors
- @josieang made their first contribution in https://github.com/actions/dependency-review-action/pull/741
- @am-stead made their first contribution in https://github.com/actions/dependency-review-action/pull/773
- @ramann made their first contribution in https://github.com/actions/dependency-review-action/pull/776
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3
v4.3.2
What's Changed
- Fix package-url parsing for allow-dependencies-licenses by @juxtin in https://github.com/actions/dependency-review-action/pull/761
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2
v4.3.1
What's Changed
This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See https://github.com/actions/dependency-review-action/pull/753.
Full Changelog: https://github.com/actions/dependency-review-action/compare/V4.3.0...v4.3.1
v4.3.0
New Features
- The
deny-packagesoption can now be used without a version number to exclude all versions of a package.
What's Changed
- Fix action variable name for scorecard by @lukehinds in https://github.com/actions/dependency-review-action/pull/735
- Fix extra https:// in summary by @jhutchings1 in https://github.com/actions/dependency-review-action/pull/748
- Bump typescript from 5.3.3 to 5.4.5 by @dependabot in https://github.com/actions/dependency-review-action/pull/744
- Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in https://github.com/actions/dependency-review-action/pull/737
- Show denied packages with red X by @juxtin in https://github.com/actions/dependency-review-action/pull/750
- deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in https://github.com/actions/dependency-review-action/pull/733
New Contributors
- @bteng22 made their first contribution in https://github.com/actions/dependency-review-action/pull/733
- @lukehinds made their first contribution in https://github.com/actions/dependency-review-action/pull/735
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0
v4.2.5: 4.2.5
What's Changed
- Fixed a bug where some configuration options in external files were not being properly picked up -- https://github.com/actions/dependency-review-action/pull/722
- Bump eslint from 8.56.0 to 8.57.0
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5
v4.2.4
What's Changed
Fixed a bug in the output of OpenSSF cards for GitHub Actions.
New Contributors
- @sporkmonger made their first contribution in https://github.com/actions/dependency-review-action/pull/721
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4
v4.2.3: 4.2.3
What's Changed
- Set comment as output by @jsoref in https://github.com/actions/dependency-review-action/pull/698
- Add support for calculating OpenSSF Scorecards by @jhutchings1 in https://github.com/actions/dependency-review-action/pull/709
- Add outputs for the changes data by @laughedelic in https://github.com/actions/dependency-review-action/pull/707
New Contributors
- @jhutchings1 made their first contribution in https://github.com/actions/dependency-review-action/pull/709
- @laughedelic made their first contribution in https://github.com/actions/dependency-review-action/pull/707
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3
v4.1.3: 4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see https://github.com/actions/dependency-review-action/issues/697).
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3
v4.1.2: 4.1.2
What's Changed
- Expose dependency comment content by @jsoref in https://github.com/actions/dependency-review-action/pull/696
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2
v4.1.1: 4.1.1
What's Changed
- Bump
undicito fix GHSA-wqq4-5wpv-mx2g - Bump @types/node from 20.11.17 to 20.11.19 by @dependabot in https://github.com/actions/dependency-review-action/pull/693
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1
v4.1.0: 4.1.0
What's Changed
- Add
warn-onlyby @tgrall in https://github.com/actions/dependency-review-action/pull/432
Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by @jonjanego in https://github.com/actions/dependency-review-action/pull/671
- Use manual codeql config by @juxtin in https://github.com/actions/dependency-review-action/pull/678
- Multiple dependency updates (see the changelog below for more information)
New Contributors
- @jonjanego made their first contribution in https://github.com/actions/dependency-review-action/pull/671
- @tgrall made their first contribution in https://github.com/actions/dependency-review-action/pull/432
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0
v4.0.0
- Update action to Node 20 by @takost in https://github.com/actions/dependency-review-action/pull/639
- Dependabot updates, see the full changelog for more details.
New Contributors
- @takost made their first contribution in https://github.com/actions/dependency-review-action/pull/639
Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
