Commit Graph

1792 Commits

Author SHA1 Message Date
Barry Gordon d2e453a37e Handle any SPDX dependencies as a priority PR 2025-04-01 13:52:16 +01:00
Barry Gordon aee95908ea Merge pull request #902 from Pantelis-Santorinios/patch-1
Clarify comment-summary-in-pr behaviour
2025-04-01 11:40:30 +01:00
Barry Gordon 080ada6281 Merge pull request #883 from fabasoad/fix/ci
Improve usage of this action in dependency-review.yml
2025-04-01 11:36:38 +01:00
Barry Gordon 430e5f0bbf Merge pull request #884 from fabasoad/fix/863
To not print OpenSSF Scorecard section if no dependencies scanned
2025-04-01 11:35:58 +01:00
Barry Gordon 51699b6461 Merge pull request #855 from ailox/ailox/fix/invalid-new-licenses
Update transitive dependency spdx-license-ids
2025-04-01 11:33:12 +01:00
Roman Iakovlev ac9b193beb Merge pull request #899 from actions/dependabot/npm_and_yarn/octokit/plugin-paginate-rest-9.2.2
Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2
2025-03-13 15:37:55 +01:00
Roman Iakovlev d630451aa0 Pin @octokit/types version for compatibility 2025-03-13 14:34:23 +00:00
Roman Iakovlev c8dafca32b Add dist for @octokit/plugin-paginate-rest version bump 2025-03-12 16:55:30 +00:00
dependabot[bot] bc858b5649 Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2
Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) from 9.1.5 to 9.2.2.
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](https://github.com/octokit/plugin-paginate-rest.js/compare/v9.1.5...v9.2.2)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-12 16:53:26 +00:00
Roman Iakovlev cd1541ea8d Merge pull request #905 from actions/dependabot/npm_and_yarn/babel/helpers-7.26.10
Bump @babel/helpers from 7.23.2 to 7.26.10
2025-03-12 15:43:04 +01:00
dependabot[bot] 7bce095f93 Bump @babel/helpers from 7.23.2 to 7.26.10
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.23.2 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers)

---
updated-dependencies:
- dependency-name: "@babel/helpers"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-12 11:42:46 +00:00
Roman Iakovlev 195b0c2e88 Merge pull request #904 from actions/roman/upd
Bump octokit and related dependencies
2025-03-12 12:41:41 +01:00
Roman Iakovlev cdee0bc8c3 Bump octokit and related dependencies 2025-03-12 10:57:15 +00:00
Lewis Jones 0e562a634b Merge pull request #900 from actions/dependabot/npm_and_yarn/esbuild-0.25.0
Bump esbuild from 0.19.5 to 0.25.0
2025-03-07 11:49:50 +00:00
Pantelis 3d00aed36d Update README.md 2025-03-06 14:43:51 +01:00
dependabot[bot] 2c5ec1eea8 Bump esbuild from 0.19.5 to 0.25.0
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.19.5 to 0.25.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.19.5...v0.25.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-26 20:54:18 +00:00
Eric Sorenson bf0431a342 Merge pull request #893 from omahs/patch-1
Fix typos
2025-02-07 14:27:22 -08:00
omahs c26b132baa fix typos 2025-02-07 13:22:20 +01:00
omahs 3ffdd4d73e fix typos 2025-02-07 13:20:46 +01:00
Ashely Tenesaca ea2cae5127 Merge pull request #888 from ellenfieldn/allow-deny-package-removal
Allow deny package removal
2025-02-06 17:18:15 -05:00
Nathan Ellenfield dfe560420d fix formatting and dist 2025-02-05 15:50:50 -05:00
Nathan Ellenfield e4033dcc29 Merge remote-tracking branch 'origin/main' into allow-deny-package-removal 2025-02-04 13:33:03 -05:00
Ashely Tenesaca 92129e58e4 Merge pull request #891 from actions/ashelytc/server-url-fix
DR Action should link to the proxima stamp when appropriate in error messages
2025-02-03 14:46:11 -05:00
Ashely Tenesaca bf9bc3f2a6 generate dist code 2025-02-03 17:25:46 +00:00
Ashely Tenesaca d703cf58c3 replace server url with variable 2025-02-03 15:57:21 +00:00
Nathan Ellenfield c80eb9894b fixit 2025-01-27 16:01:10 -05:00
Nathan Ellenfield 5e7a6ffc7d fix: Allow removal denied packages 2025-01-27 16:00:09 -05:00
fabasoad c665328b35 Make 'None' to be a text instead of list 2025-01-26 22:36:42 +09:00
fabasoad 5370d75f36 To not print OpenSSF Scorecard section if no dependencies scanned 2025-01-25 23:28:54 +09:00
fabasoad 7f3cd87ec0 Fix usage of this action in dependency-review.yml 2025-01-25 23:11:35 +09:00
Ahmed ElMallah 67ca5cc413 Merge pull request #877 from actions/dependabot/npm_and_yarn/undici-5.28.5
Bump undici from 5.28.4 to 5.28.5
2025-01-24 12:04:24 -08:00
Ahmed ElMallah 8992b0e1c7 updating dist code 2025-01-24 20:01:21 +00:00
Ahmed ElMallah 5e9a56c6de Merge pull request #878 from actions/dependabot/github_actions/actions/stale-9.1.0
Bump actions/stale from 9.0.0 to 9.1.0
2025-01-24 11:58:00 -08:00
dependabot[bot] 9cd1f01f7f Bump actions/stale from 9.0.0 to 9.1.0
Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9.0.0...v9.1.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-24 19:52:48 +00:00
Ahmed ElMallah a0be92bfc2 Merge pull request #876 from actions/ahmed3lmallah/dependabot-updates
Grouping minor and patch dependabot updates to lessen the number of PRs
2025-01-24 11:52:11 -08:00
dependabot[bot] 6ec8e13b9a Bump undici from 5.28.4 to 5.28.5
Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-24 17:39:09 +00:00
Ahmed ElMallah c9bb42fdbf grouping minor and patch updates to lessen the number of PRs 2025-01-23 23:01:53 +00:00
Ahmed ElMallah b109bc8c95 Merge pull request #870 from actions/ahmed3lmallah/updating-dependencies
Updating multiple dependency versions
2025-01-23 14:00:10 -08:00
Ahmed ElMallah 5f24a51147 Updating dist folder 2025-01-23 21:07:48 +00:00
Ahmed ElMallah ef281d4e24 Updating multiple dependency versions 2025-01-23 21:07:39 +00:00
Paul Scheunemann 67fc6dd646 Update compiled assets 2025-01-09 15:15:28 +01:00
Paul Scheunemann 2caab057ed Update transitive dependency spdx-license-ids 2024-12-06 16:36:10 +01:00
Ahmed ElMallah 3b139cfc5f Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
Prepare for 4.5.0 release
v4.5.0
2024-11-20 13:49:04 -08:00
Ahmed ElMallah d6807b6643 updating generated code 2024-11-20 21:42:05 +00:00
Ahmed ElMallah c89b41fdc6 addressing lint issues 2024-11-20 21:41:54 +00:00
Ahmed ElMallah eee97d8b03 incrementing project version 2024-11-20 21:41:43 +00:00
Ahmed ElMallah 9d101822a3 Merge pull request #827 from ebickle/fix/comment-warn-only
fix: add summary comment on failure when warn-only: true
2024-11-20 13:28:17 -08:00
Ahmed ElMallah 9192be9c72 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
Overriding the cross-spawn dependency to use a safe version
2024-11-19 14:42:32 -08:00
Ahmed ElMallah 2fc8e23b12 Using cross-spawn safe version 2024-11-19 22:26:34 +00:00
Eric Bickle fb86db2043 fix: resolve race conditions in async core.group calls 2024-11-19 14:17:06 -08:00