9d2bd043b0a67624faf063ea8dcbd2f862fb29e5
Bumps the npm-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `6.0.0` | `6.0.1` | | [@github/dependency-submission-toolkit](https://github.com/github/dependency-submission-toolkit) | `2.0.4` | `2.0.5` | | [dotenv](https://github.com/motdotla/dotenv) | `16.4.7` | `16.5.0` | | [octokit](https://github.com/octokit/octokit.js) | `4.1.2` | `4.1.3` | | [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.7.1` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.26.9` | `7.27.2` | | [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) | `7.26.0` | `7.27.1` | | [eslint](https://github.com/eslint/eslint) | `9.21.0` | `9.26.0` | | [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.2.6` | `29.3.2` | Updates `@actions/github` from 6.0.0 to 6.0.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@github/dependency-submission-toolkit` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/github/dependency-submission-toolkit/releases) - [Commits](https://github.com/github/dependency-submission-toolkit/compare/v2.0.4...v2.0.5) Updates `dotenv` from 16.4.7 to 16.5.0 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0) Updates `octokit` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/octokit/octokit.js/releases) - [Commits](https://github.com/octokit/octokit.js/compare/v4.1.2...v4.1.3) Updates `yaml` from 2.7.0 to 2.7.1 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v2.7.0...v2.7.1) Updates `@babel/preset-env` from 7.26.9 to 7.27.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.2/packages/babel-preset-env) Updates `@babel/preset-typescript` from 7.26.0 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-preset-typescript) Updates `eslint` from 9.21.0 to 9.26.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.21.0...v9.26.0) Updates `ts-jest` from 29.2.6 to 29.3.2 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.6...v29.3.2) --- updated-dependencies: - dependency-name: "@actions/github" dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@github/dependency-submission-toolkit" dependency-version: 2.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: dotenv dependency-version: 16.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: octokit dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: yaml dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@babel/preset-env" dependency-version: 7.27.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: "@babel/preset-typescript" dependency-version: 7.27.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: eslint dependency-version: 9.26.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: ts-jest dependency-version: 29.3.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #95 from advanced-security/dependabot/github_actions/actions-dependencies-c2de478214
Component detection dependency submission action
This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
Example workflow
name: Component Detection
on:
workflow_dispatch:
push:
permissions:
id-token: write
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.0.3
Configuration options
| Parameter | Description | Example |
|---|---|---|
| filePath | The path to the directory containing the environment files to upload. Defaults to Actions working directory. | '.' |
| directoryExclusionList | Filters out specific directories following a minimatch pattern. | test |
| detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | Pip=EnableIfDefaultOff |
| dockerImagesToScan | Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
| detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | Pip, RustCrateDetector |
| correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the job_id of the current job | csharp-backend |
For more information: https://github.com/microsoft/component-detection
License
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
Description
Languages
TypeScript
96.4%
JavaScript
3.6%