Lewis Jones
96b82f03c4
try using the path not file
2025-08-28 14:54:28 +01:00
Lewis Jones
a340a7a878
Add ruby script to codeql
2025-08-28 14:50:30 +01:00
Lewis Jones
908dc1151c
Scan Ruby
2025-08-28 14:32:30 +01:00
Claire Song
595b5aeba7
Update package version ( #975 )
v4.7.3
2025-08-26 13:00:34 -07:00
Claire Song
fc5fd661aa
Claire153/fix spamming mentioned issue ( #974 )
...
* Keep the issue number and remove the url to avoid linking every PR running the action to that issue
2025-08-26 12:46:02 -07:00
Ashely Tenesaca
d38d1a4f40
Merge pull request #965 from actions/dependabot/npm_and_yarn/multi-c22e25d29b
...
Bump brace-expansion
2025-08-20 17:40:22 -04:00
Ashely Tenesaca
8d420b827c
Merge branch 'main' into dependabot/npm_and_yarn/multi-c22e25d29b
2025-08-20 17:28:38 -04:00
Ashely Tenesaca
bde01290d3
Merge pull request #966 from actions/ashelytc/add-permissions
...
Add explicit permissions to workflow files
2025-08-20 09:33:56 -04:00
Ashely Tenesaca
ab524903e8
remove ruby
2025-08-19 17:11:41 -04:00
Ashely Tenesaca
ef00a0afbb
add permissions to workflows
2025-08-19 20:55:24 +00:00
dependabot[bot]
74c8179d39
Bump brace-expansion
...
Bumps and [brace-expansion](https://github.com/juliangruber/brace-expansion ). These dependencies needed to be updated together.
Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12 )
Updates `brace-expansion` from 2.0.1 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 1.1.12
dependency-type: indirect
- dependency-name: brace-expansion
dependency-version: 2.0.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-18 22:33:26 +00:00
Claire Song
bc41886e18
Cut 4.7.2 version release ( #964 )
...
* Cut 4.7.2 version release
* Bump dependency minor versions
v4.7.2
2025-08-18 11:17:54 -07:00
Kevin Dangoor
1c73553e36
Merge pull request #960 from ahpook/ahpook/address-docs-dashes
...
Address discrepancy between docs and reality
2025-08-18 14:02:19 -04:00
dependabot[bot]
fac3d41a58
Bump the minor-updates group across 1 directory with 5 updates ( #956 )
...
Bumps the minor-updates group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [ts-jest](https://github.com/kulshekhar/ts-jest ) | `29.4.0` | `29.4.1` |
| [yaml](https://github.com/eemeli/yaml ) | `2.8.0` | `2.8.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) | `20.19.7` | `20.19.10` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier ) | `5.5.1` | `5.5.4` |
| [typescript](https://github.com/microsoft/TypeScript ) | `5.8.3` | `5.9.2` |
Updates `ts-jest` from 29.4.0 to 29.4.1
- [Release notes](https://github.com/kulshekhar/ts-jest/releases )
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.0...v29.4.1 )
Updates `yaml` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/eemeli/yaml/releases )
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.0...v2.8.1 )
Updates `@types/node` from 20.19.7 to 20.19.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `eslint-plugin-prettier` from 5.5.1 to 5.5.4
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases )
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.5.1...v5.5.4 )
Updates `typescript` from 5.8.3 to 5.9.2
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.8.3...v5.9.2 )
---
updated-dependencies:
- dependency-name: ts-jest
dependency-version: 29.4.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: yaml
dependency-version: 2.8.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: "@types/node"
dependency-version: 20.19.10
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: eslint-plugin-prettier
dependency-version: 5.5.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: typescript
dependency-version: 5.9.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-updates
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 10:31:31 -07:00
Claire Song
d8073c4b76
Merge pull request #958 from actions/claire153/deprecate-deny-lists
...
Deprecate deny lists
2025-08-18 12:33:17 -04:00
Claire Song
77184c6339
Fix tests
2025-08-18 15:10:48 +00:00
Eric Sorenson
5558c35bb3
Address discrepancy between docs and reality
...
The documentation used to say that you needed to transform keys
in external config files from using `-` to `_`, but in reality
the code transforms `-` to `_` regardless of where they occur.
See 4b4ec08f7b
Closes #909
2025-08-15 17:16:55 -07:00
Claire Song
e85d57a50e
Remove test code
2025-08-15 16:15:02 +00:00
Claire Song
3eb62794c5
Re-add test package. Only show warning in summary if option is used. Update copy.
2025-08-15 15:49:35 +00:00
Claire Song
7cf33ac2f2
Remove test deny list
2025-08-14 17:58:31 +00:00
Claire Song
493bee0560
Remove test package
2025-08-14 17:46:53 +00:00
Claire Song
659a1e1bd0
Update copy and styling
2025-08-14 17:44:34 +00:00
Claire Song
6e80be31cd
Add one more line break
2025-08-14 16:39:53 +00:00
Claire Song
3fb5c613f0
Add one more line break
2025-08-14 16:32:20 +00:00
Claire Song
7d16ba5d7e
Add one more line break
2025-08-14 15:43:03 +00:00
Claire Song
a92a9da9c8
Add one more line break
2025-08-14 15:39:37 +00:00
Claire Song
c1fa9df06b
Build
2025-08-14 14:43:45 +00:00
Claire Song
6e2bbef080
Add deprecation warning, fix lint issues
2025-08-14 14:25:52 +00:00
Claire Song
9ca24b6906
Add new package
2025-08-13 21:22:20 +00:00
Claire Song
70e1d26338
Test deny list
2025-08-13 21:07:58 +00:00
Roman Iakovlev
89c7383074
Merge pull request #946 from actions/dependabot/npm_and_yarn/minor-updates-9b599382cb
...
Bump the minor-updates group across 1 directory with 10 updates
2025-07-22 16:15:34 +02:00
Roman Iakovlev
40f2ab01b7
Update dist
2025-07-22 14:06:49 +00:00
Roman Iakovlev
2bedf4a221
Update dist
2025-07-22 14:01:55 +00:00
dependabot[bot]
87052cdc7b
Bump the minor-updates group across 1 directory with 10 updates
...
Bumps the minor-updates group with 10 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) | `1.10.1` | `1.11.1` |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github ) | `6.0.0` | `6.0.1` |
| [got](https://github.com/sindresorhus/got ) | `14.4.5` | `14.4.7` |
| [ts-jest](https://github.com/kulshekhar/ts-jest ) | `29.2.5` | `29.4.0` |
| [yaml](https://github.com/eemeli/yaml ) | `2.3.4` | `2.8.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) | `20.16.0` | `20.19.7` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier ) | `5.1.3` | `5.5.1` |
| [nodemon](https://github.com/remy/nodemon ) | `3.1.9` | `3.1.10` |
| [prettier](https://github.com/prettier/prettier ) | `3.2.5` | `3.6.2` |
| [typescript](https://github.com/microsoft/TypeScript ) | `5.4.5` | `5.8.3` |
Updates `@actions/core` from 1.10.1 to 1.11.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/github` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github )
Updates `got` from 14.4.5 to 14.4.7
- [Release notes](https://github.com/sindresorhus/got/releases )
- [Commits](https://github.com/sindresorhus/got/compare/v14.4.5...v14.4.7 )
Updates `ts-jest` from 29.2.5 to 29.4.0
- [Release notes](https://github.com/kulshekhar/ts-jest/releases )
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.5...v29.4.0 )
Updates `yaml` from 2.3.4 to 2.8.0
- [Release notes](https://github.com/eemeli/yaml/releases )
- [Commits](https://github.com/eemeli/yaml/compare/v2.3.4...v2.8.0 )
Updates `@types/node` from 20.16.0 to 20.19.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `eslint-plugin-prettier` from 5.1.3 to 5.5.1
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases )
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.1.3...v5.5.1 )
Updates `nodemon` from 3.1.9 to 3.1.10
- [Release notes](https://github.com/remy/nodemon/releases )
- [Commits](https://github.com/remy/nodemon/compare/v3.1.9...v3.1.10 )
Updates `prettier` from 3.2.5 to 3.6.2
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.2.5...3.6.2 )
Updates `typescript` from 5.4.5 to 5.8.3
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.4.5...v5.8.3 )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 1.11.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: "@actions/github"
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: got
dependency-version: 14.4.7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: ts-jest
dependency-version: 29.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: yaml
dependency-version: 2.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: "@types/node"
dependency-version: 20.19.7
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: eslint-plugin-prettier
dependency-version: 5.5.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: nodemon
dependency-version: 3.1.10
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-updates
- dependency-name: prettier
dependency-version: 3.6.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-updates
- dependency-name: typescript
dependency-version: 5.8.3
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-updates
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-22 13:56:08 +00:00
Roman Iakovlev
47d790678f
Merge pull request #934 from actions/dependabot/npm_and_yarn/undici-5.29.0
...
Bump undici from 5.28.5 to 5.29.0
2025-07-21 19:12:52 +02:00
Roman Iakovlev
1e946feb37
Update dist
2025-07-21 13:53:37 +00:00
Kevin Dangoor
8a1ad91c0a
Merge pull request #945 from KyFaSt/patch-1
...
Add Missing Languages to CodeQL Advanced Configuration
2025-07-11 13:47:35 -04:00
Kylie Stradley
8296deda21
Add Missing Languages to CodeQL Advanced Configuration
2025-07-10 09:22:28 -04:00
dependabot[bot]
733ef0ab01
Bump undici from 5.28.5 to 5.29.0
...
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-15 16:32:05 +00:00
Kevin Dangoor
da24556b54
Merge pull request #933 from actions/dangoor/471-release
...
Bump version number for 4.7.1
v4.7.1
2025-05-13 12:46:37 -04:00
Kevin Dangoor
9af0caf0e5
Bump version number for 4.7.1
2025-05-13 11:20:20 -04:00
Kevin Dangoor
d8f2df20d5
Merge pull request #932 from actions/907-disallow-expression
...
Discard allow list entries that are not SPDX IDs
2025-05-13 10:28:49 -04:00
Kevin Dangoor
6e9307a3d4
Discard allow list entries that are not SPDX IDs
...
The allow-licenses list is expected (and documented) to be a list of
SPDX license IDs (LicenseRefs are also valid). If someone puts an
expression in the list (e.g. "GPL-3.0-only OR MIT"), it should be
discarded so that the whole list does not become invalid.
Fixes #907
2025-05-12 18:58:58 -04:00
Kevin Dangoor
8805179dc9
Merge pull request #930 from actions/889-allow-no-license
...
Allowing dependencies works with no licenses
2025-05-08 17:38:03 -04:00
Kevin Dangoor
014300b08c
Update build
2025-05-08 17:19:56 -04:00
Kevin Dangoor
34486f306e
Check namespaces when excluding license checks
...
The `allow-dependencies-licenses` option was not checking the namespace
part of the PURL to make sure it matched.
2025-05-08 17:17:08 -04:00
Kevin Dangoor
9b155d6432
Update build
2025-05-08 16:37:11 -04:00
Kevin Dangoor
f199659a6a
Allowing dependencies works with no licenses
...
When using the `allow-dependencies-licenses` option, the packages listed
there should be allowed even if they have no license. This wasn't
working because the filtering for allowed dependencies was done
specifically on the list of packages that had licenses, leaving a
separate list (unfiltered) for packages with no licenses. With this
change, we filter out any changes for packages that have been allowed
_before_ we retrieve licenses.
Fixes #889
2025-05-08 16:31:46 -04:00
Kevin Dangoor
38ecb5b593
Merge pull request #929 from actions/dangoor/4.7-release
...
Version 4.7.0 release
v4.7.0
2025-05-08 14:14:35 -04:00
Kevin Dangoor
0e9e935cc8
Version 4.7.0 release
...
Also add a note about the new `LicenseRef-clearlydefined-OTHER`
to the README.
2025-05-08 13:58:56 -04:00