Kevin Dangoor
289863a7c4
GitHub Actions can't push to our protected main
...
Our main branch is protected, which means that our Actions workflow
cannot push changes directly to main. This removes the non-functional
workflow.
2025-11-10 17:46:39 -05:00
Kevin Dangoor
3c4e3dcb1a
Merge pull request #1016 from actions/dra-release
...
4.8.2 release
v4.8.2
2025-11-10 17:45:29 -05:00
Kevin Dangoor
02930b2072
Update CONTRIBUTING to reflect new guidelines
...
External contributors should not build the project and commit
the build output any more.
2025-11-10 17:35:58 -05:00
Kevin Dangoor
49ffd9f636
Update CONTRIBUTING to reflect the need to build
...
Builds aren't happening automatically (or required to happen
manually), so we need to update the release steps to include
building the project.
2025-11-10 14:45:40 -05:00
Kevin Dangoor
70cb25ec56
4.8.2 release
2025-11-10 14:44:24 -05:00
Kevin Dangoor
ebabd31cea
Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
...
Fix PURL parsing to prevent mismatch for scoped packages
2025-11-07 18:20:38 -05:00
Dan Hardej
19f9360983
Update package-lock.json
2025-11-08 07:15:17 +08:00
Dan Hardej
5fd2f98b4f
Bump @types/jest to version 29.5.14
2025-11-07 12:39:28 +08:00
Dan Hardej
28647f4804
Fix PURL parsing by removing encodeURI
2025-11-07 12:32:03 +08:00
Kevin Dangoor
f620fd175c
Merge pull request #1013 from actions/dangoor/token-fix
...
Remove bad token reference
2025-11-06 08:40:41 -08:00
Kevin Dangoor
9b42b7e9a9
Remove bad token reference
2025-11-05 20:29:51 -05:00
Kevin Dangoor
4004cfa3a2
Merge pull request #1012 from actions/dangoor/saner-workflows
...
Generate dist files on main branch
2025-11-05 17:23:09 -08:00
Kevin Dangoor
94004c3444
Remove dist directory change blocking
...
We don't really need to prevent changes to the dist directory
being committed. If someone does push a change to the dist directory,
they'd be able to test with that. Plus the files will be regenerated
on main, so that we know the final dist files are correct.
This also fixes up some paths in the ci-update-dist.yml workflow
which generates the dist files on main.
2025-11-05 18:04:42 -05:00
Kevin Dangoor
75e65b4d81
Generate dist files on main branch
...
This adapts an approach taken by the Gradle actions in order to
generate the dist files on the main branch rather than having
every contributor need to generate them. (In fact, people will no
longer be able to submit PRs with the dist files updated). This
change is important because the current approach means that
people encounter merge conflicts all the time and will need to
keep regenerating the dist files in order to land their change.
2025-11-05 17:30:02 -05:00
Kevin Dangoor
355d25e5a7
Merge pull request #921 from jsoref/spelling
...
Spelling
2025-11-04 18:48:20 -08:00
Josh Soref
d456baec30
spelling: vulnerabilities
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
66054da10b
spelling: vuln
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
247f07b0c8
spelling: summary
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 21:39:50 -05:00
Josh Soref
5975520ad2
spelling: statement
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:52 -05:00
Josh Soref
b4849e7628
spelling: lodash
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:52 -05:00
Josh Soref
752c04656e
spelling: github
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:52 -05:00
Josh Soref
4fa8b92807
Add alt text for screen to create a PAT
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:44 -05:00
Josh Soref
3660056ed3
Add alt text for screen showing Release Action
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:17:34 -05:00
Josh Soref
5f8348ab03
Add alt text for screen to create arelease
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:16:44 -05:00
Josh Soref
6b5a983daf
link: full list of configuration options
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:08:49 -05:00
Josh Soref
8fd9b22286
link: the configuration
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:08:49 -05:00
Josh Soref
c4b82d3047
Reword comment-summary-in-pr description
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:08:49 -05:00
Josh Soref
622445f2a8
Remove unused import
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2025-11-04 20:08:49 -05:00
Kevin Dangoor
3f464ea511
Merge pull request #1009 from danielhardej/patch-1
...
Update README to include `allow-dependencies-licenses` example
2025-11-04 14:35:46 -08:00
Lewis Jones
8e51299cdf
Merge pull request #1007 from gitulisca/gitulisca/summary-size-limit
...
Make handleLargeSummary also update core.summary
2025-10-27 12:51:46 +00:00
Art Leo
7a990117b1
Add dist files
2025-10-27 17:41:42 +11:00
Dan Hardej
99ce29f02e
Update README with allowed-dependencies-licenses example
2025-10-23 16:31:35 +08:00
gitulisca
140b44b7bf
Remove trailing whitespace from blank line
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-10-22 19:12:18 +11:00
Art Leo
4603a62e00
Make handleLargeSummary also update core.summary
2025-10-22 17:52:52 +11:00
Eric Sorenson
07b91577a3
Merge pull request #920 from jsoref/issue-919
2025-10-17 14:30:12 -07:00
Josh Soref
3084754c49
Scope warning about private repositories
2025-10-15 14:16:01 -04:00
dependabot[bot]
0f943b29ae
Bump github/codeql-action from 3 to 4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-13 01:01:57 +00:00
Eric Sorenson
40c09b7dc9
Merge pull request #1001 from actions/ahpook/v4.8.1-release
v4.8.1
2025-10-10 14:06:00 -07:00
Eric Sorenson
45529485b5
Bump version for 4.8.1 release
2025-10-10 12:55:32 -07:00
Eric Sorenson
e63da9a041
Merge pull request #1000 from actions/ahpook/deprecation-redux
2025-10-10 12:21:31 -07:00
Eric Sorenson
71365c76bc
(bug) Fix spamming link test in deprecation warning (again)
...
We'd thought that the syntax in #974 would avoid auto-linking
but didn't check closely enough, and now the deprecation issue
it links to cannot be loaded due to having too many references.
This updates the text to point to a new issue in a way that...
I hope... will not be auto-linked.
2025-10-10 09:37:13 -07:00
dependabot[bot]
2440f520c8
Bump actions/stale from 9.1.0 to 10.1.0
...
Bumps [actions/stale](https://github.com/actions/stale ) from 9.1.0 to 10.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v9.1.0...v10.1.0 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-version: 10.1.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-06 01:01:54 +00:00
Barry Gordon
56339e523c
Merge pull request #988 from actions/brrygrdn/rc-4.8.0
...
Bump to 4.8.0
v4.8.0
2025-09-26 16:05:17 +01:00
Barry Gordon
1688b745f3
Bump to a 4.8.0
2025-09-26 15:45:28 +01:00
Barry Gordon
31c9f175b9
Merge pull request #987 from actions/rc-4.7.4
...
Prepare release of v4.7.4
v4.7.4
2025-09-26 15:20:06 +01:00
Barry Gordon
eacde7836e
Update version
2025-09-26 14:42:22 +01:00
Barry Gordon
81510090e4
Merge pull request #986 from actions/brrygrdn/rc-4.7.4
...
Batch some contributions for release
2025-09-26 14:32:46 +01:00
Barry Gordon
b472ec914b
Add a quick regression test for the artefact summary
2025-09-26 13:34:03 +01:00
Matt Mencel
e0cedc52dc
feat: add large summary handling with artifact upload
...
When the dependency review summary exceeds GitHub's size limit (1024k), upload it as an artifact and provide a link in the comment. This ensures users can still access the full review details even when the summary is too large to display directly.
2025-09-26 12:55:14 +01:00
Jasper Kamerling
e3fdf0f899
This ensures large allow or deny lists don't create huge comments
2025-09-26 12:49:38 +01:00