aws-powertools
chore(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.3
Bumps actions/dependency-review-action from 4.0.0 to 4.1.3.
Release notes
Sourced from actions/dependency-review-action's releases.
4.1.3
Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see actions/dependency-review-action#697).
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3
4.1.2
What's Changed
- Expose dependency comment content by
@jsorefin actions/dependency-review-action#696Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2
4.1.1
What's Changed
- Bump
undicito fix GHSA-wqq4-5wpv-mx2g- Bump
@types/nodefrom 20.11.17 to 20.11.19 by@dependabotin actions/dependency-review-action#693Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1
4.1.0
What's Changed
- Add
warn-onlyby@tgrallin actions/dependency-review-action#432Added a new configuration option (
warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.
- Create stale.yaml by
@jonjanegoin actions/dependency-review-action#671- Use manual codeql config by
@juxtinin actions/dependency-review-action#678- Multiple dependency updates (see the changelog below for more information)
New Contributors
@jonjanegomade their first contribution in actions/dependency-review-action#671@tgrallmade their first contribution in actions/dependency-review-action#432Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0
Commits
9129d7ddon't set output on every runa1be843Update stale.yaml587ff57Don't useif: always()in examples.be8bc50Merge branch 'output-comment'cb180bfMerge pull request #696 from actions/output-commentb2ea187bumping action versionc94f57bAdd a new image for the example report.124fafeMerge branch 'issue-250' into output-comment26174d8Merge branch 'issue-250' of https://github.com/jsoref/dependency-review-actio...a87338aUpdate example workflow.- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}