Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by dependabot[bot] · Pull Request #26938 · PowerShell/PowerShell
Bumps actions/dependency-review-action from 4.8.3 to 4.9.0.
Release notes
Sourced from actions/dependency-review-action's releases.
Dependency Review Action 4.9.0
This feature release contains a couple of notable changes:
- There is a new configuration option
show_patched_versionswhich will add a column to the output, showing the fix version of each vulnerable dependency. Thanks@felickz!- Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch
@jantiebot!- There are a couple of fixes to purl parsing which should improve match accuracy for
allow-package-dependencylists, including case (in)sensitivity and url-encoded namespaces Thanks@juxtin!What's Changed
- Compare normalized purls to account for encoding quirks by
@juxtinin actions/dependency-review-action#1056- Make purl comparisons case insensitive by
@juxtinin actions/dependency-review-action#1057- Feat: Add
Patched VersiontoVulnerabilitiessummary by@felickzin actions/dependency-review-action#1045- fix: only get scorecard levels if user wants to see the OpenSSF scorecard by
@jantiebotin actions/dependency-review-action#1060- Bump actions/stale from 10.1.0 to 10.2.0 by
@dependabot[bot] in actions/dependency-review-action#1058- Bump actions/checkout from 4 to 6 by
@dependabot[bot] in actions/dependency-review-action#1021- Updates for release 4.9.0 by
@ahpookin actions/dependency-review-action#1064New Contributors
@jantiebotmade their first contribution in actions/dependency-review-action#1060Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0
Commits
2031cfcMerge pull request #1064 from actions/ahpook/release-4.9.0d02fa39Updates for release 4.9.04038a34Merge pull request #1021 from actions/dependabot/github_actions/actions/check...a632b83Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...57a3d46Merge pull request #1060 from jantiebot/main5ecdc4bMerge pull request #1045 from forks-felickz/maine8c2f9afix: remove inferrable type annotation to pass eslint0e129e1Prettier - Refactor summary table rendering for improved readabilityaa60746Add 'show-patched-versions' option to configuration and update summary handlinge404798Merge upstream actions/dependency-review-action main- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)