copilot-swe-agent[bot]
faab373030
Fix Prettier formatting in summary.ts and apply show-patched-versions feature from PR #1045
...
Co-authored-by: ahpook <56753+ahpook@users.noreply.github.com >
2026-02-27 22:09:39 +00:00
copilot-swe-agent[bot]
3b17957780
Initial plan
2026-02-27 21:59:28 +00:00
Justin Holguín
dea54b4342
Merge pull request #1057 from actions/juxtin/case-sensitivity
...
Make purl comparisons case insensitive
2026-02-20 14:09:58 -08:00
Justin Holguín
8cf743c0ea
Make purl comparisons case insensitive
2026-02-20 22:01:04 +00:00
Justin Holguín
b49f407d39
Merge pull request #1056 from actions/juxtin/fix-exclusion-match
...
Compare normalized purls to account for encoding quirks
2026-02-20 10:27:39 -08:00
Justin Holguín
f68b94a696
Merge remote-tracking branch 'origin/main' into juxtin/fix-exclusion-match
2026-02-20 16:33:25 +00:00
Eric Sorenson
05fe457637
Merge pull request #1054 from actions/ahpook/release-4.8.3
...
Changes for Release 4.8.3
v4.8.3
2026-02-19 17:25:10 -08:00
Justin Holguín
2ced98cbe8
Compare normalized purls to account for encoding quirks
2026-02-20 00:02:42 +00:00
Eric Sorenson
3a8496cb71
Update generated package files for v4.8.3
2026-02-18 21:56:46 -08:00
Eric Sorenson
0f22a01592
Update CONTRIBUTING for new release process
...
Fixes some newline damage, grammatical errors, and includes new instructions for pushing a major version branch instead of force-pushing a tag.
2026-02-18 21:54:45 -08:00
Eric Sorenson
58be34364d
Updating package versions for 4.8.3
2026-02-18 21:45:59 -08:00
Eric Sorenson
9284e0c621
Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-208b55449f
...
Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory
2026-02-18 21:31:42 -08:00
dependabot[bot]
8b766562f0
Bump spdx-expression-parse in the spdx-licenses group across 1 directory
...
Bumps the spdx-licenses group with 1 update in the / directory: [spdx-expression-parse](https://github.com/jslicense/spdx-expression-parse.js ).
Updates `spdx-expression-parse` from 3.0.1 to 4.0.0
- [Commits](https://github.com/jslicense/spdx-expression-parse.js/compare/v3.0.1...v4.0.0 )
---
updated-dependencies:
- dependency-name: spdx-expression-parse
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: spdx-licenses
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-19 05:22:14 +00:00
Eric Sorenson
43f5f029f5
Merge pull request #1052 from actions/juxtin/fix-long-summaries
...
Properly truncate long summaries and catch errors
2026-02-18 21:18:45 -08:00
Eric Sorenson
f0033fc4d6
Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.3.6
...
Bump fast-xml-parser from 5.3.5 to 5.3.6
2026-02-18 08:49:06 -08:00
dependabot[bot]
b379e2e05f
Bump fast-xml-parser from 5.3.5 to 5.3.6
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) from 5.3.5 to 5.3.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6 )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.3.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-18 05:07:50 +00:00
Justin Holguín
2e1cf54a50
Properly truncate long summaries and catch errors
2026-02-17 22:46:59 +00:00
Lewis Jones
68e9887ce6
Merge pull request #1050 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.3.5
...
Bump fast-xml-parser from 5.3.3 to 5.3.5
2026-02-17 15:10:48 +00:00
dependabot[bot]
a7c7f3b9b1
Bump fast-xml-parser from 5.3.3 to 5.3.5
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) from 5.3.3 to 5.3.5.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.3...v5.3.5 )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.3.5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-11 19:21:05 +00:00
Ahmed ElMallah
98884d411b
Merge pull request #1036 from actions/ae/vuln-fixes
...
Addressing vulnerabilities
2026-01-06 08:12:33 -08:00
ahmed3lmallah
76bfce5cd7
optimize import
2026-01-05 15:50:21 -08:00
ahmed3lmallah
d45151f498
Addressing vulnerabilities
2026-01-05 15:39:34 -08:00
Barry Gordon
774d14bf50
Merge pull request #1020 from actions/dependabot/npm_and_yarn/multi-75e6bc5210
...
Bump js-yaml
2025-11-28 12:56:19 +00:00
Barry Gordon
20b998d4e2
Merge pull request #1024 from actions/brrygrdn/update-glob
...
Upgrade glob to address a vulnerability
2025-11-28 11:46:08 +00:00
Barry Gordon
ad048f729f
Upgrade glob to a fixed version
2025-11-27 18:26:19 +00:00
Barry Gordon
35ccfd2548
Merge pull request #1005 from actions/dependabot/github_actions/actions/setup-node-6
...
Bump actions/setup-node from 4 to 6
2025-11-27 18:19:46 +00:00
Barry Gordon
a2014a181b
Merge pull request #1003 from actions/dependabot/github_actions/github/codeql-action-4
...
Bump github/codeql-action from 3 to 4
2025-11-27 18:19:21 +00:00
Barry Gordon
1a0268586f
Merge pull request #995 from actions/dependabot/github_actions/actions/stale-10.1.0
...
Bump actions/stale from 9.1.0 to 10.1.0
2025-11-27 18:18:38 +00:00
dependabot[bot]
14edcb1b2a
Bump js-yaml
...
Bumps [js-yaml](https://github.com/nodeca/js-yaml ) to 3.14.2 and updates ancestor dependency . These dependencies need to be updated together.
Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2 )
Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2 )
---
updated-dependencies:
- dependency-name: js-yaml
dependency-version: 3.14.2
dependency-type: indirect
- dependency-name: js-yaml
dependency-version: 4.1.1
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-17 22:03:38 +00:00
dependabot[bot]
805c0b2856
Bump actions/setup-node from 4 to 6
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-11 00:20:49 +00:00
Kevin Dangoor
125b995082
Merge pull request #1017 from actions/remove-non-working-workflow
...
GitHub Actions can't push to our protected main
2025-11-10 19:16:56 -05:00
Kevin Dangoor
289863a7c4
GitHub Actions can't push to our protected main
...
Our main branch is protected, which means that our Actions workflow
cannot push changes directly to main. This removes the non-functional
workflow.
2025-11-10 17:46:39 -05:00
Kevin Dangoor
3c4e3dcb1a
Merge pull request #1016 from actions/dra-release
...
4.8.2 release
v4.8.2
2025-11-10 17:45:29 -05:00
Kevin Dangoor
02930b2072
Update CONTRIBUTING to reflect new guidelines
...
External contributors should not build the project and commit
the build output any more.
2025-11-10 17:35:58 -05:00
Kevin Dangoor
49ffd9f636
Update CONTRIBUTING to reflect the need to build
...
Builds aren't happening automatically (or required to happen
manually), so we need to update the release steps to include
building the project.
2025-11-10 14:45:40 -05:00
Kevin Dangoor
70cb25ec56
4.8.2 release
2025-11-10 14:44:24 -05:00
Kevin Dangoor
ebabd31cea
Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
...
Fix PURL parsing to prevent mismatch for scoped packages
2025-11-07 18:20:38 -05:00
Dan Hardej
19f9360983
Update package-lock.json
2025-11-08 07:15:17 +08:00
Dan Hardej
5fd2f98b4f
Bump @types/jest to version 29.5.14
2025-11-07 12:39:28 +08:00
Dan Hardej
28647f4804
Fix PURL parsing by removing encodeURI
2025-11-07 12:32:03 +08:00
Kevin Dangoor
f620fd175c
Merge pull request #1013 from actions/dangoor/token-fix
...
Remove bad token reference
2025-11-06 08:40:41 -08:00
Kevin Dangoor
9b42b7e9a9
Remove bad token reference
2025-11-05 20:29:51 -05:00
Kevin Dangoor
4004cfa3a2
Merge pull request #1012 from actions/dangoor/saner-workflows
...
Generate dist files on main branch
2025-11-05 17:23:09 -08:00
Kevin Dangoor
94004c3444
Remove dist directory change blocking
...
We don't really need to prevent changes to the dist directory
being committed. If someone does push a change to the dist directory,
they'd be able to test with that. Plus the files will be regenerated
on main, so that we know the final dist files are correct.
This also fixes up some paths in the ci-update-dist.yml workflow
which generates the dist files on main.
2025-11-05 18:04:42 -05:00
Kevin Dangoor
75e65b4d81
Generate dist files on main branch
...
This adapts an approach taken by the Gradle actions in order to
generate the dist files on the main branch rather than having
every contributor need to generate them. (In fact, people will no
longer be able to submit PRs with the dist files updated). This
change is important because the current approach means that
people encounter merge conflicts all the time and will need to
keep regenerating the dist files in order to land their change.
2025-11-05 17:30:02 -05:00
Kevin Dangoor
355d25e5a7
Merge pull request #921 from jsoref/spelling
...
Spelling
2025-11-04 18:48:20 -08:00
Josh Soref
d456baec30
spelling: vulnerabilities
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
66054da10b
spelling: vuln
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
247f07b0c8
spelling: summary
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
5975520ad2
spelling: statement
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:52 -05:00