actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • f5b971718e Merge pull request #1067 from ahpook/ahpook/custom-instructions main Eric Sorenson 2026-03-06 14:41:37 -08:00
  • f51df6d455 Updates from code review Eric Sorenson 2026-03-05 20:39:09 -08:00
  • cffae74507 Add .github/copilot-instructions.md for Copilot coding agent Eric Sorenson 2026-03-05 18:46:42 -08:00
  • 2031cfc080 Merge pull request #1064 from actions/ahpook/release-4.9.0 Eric Sorenson 2026-03-03 14:08:16 -08:00
  • d02fa39f79 Updates for release 4.9.0 Eric Sorenson 2026-03-02 16:13:56 -08:00
  • 4038a34c4b Merge pull request #1021 from actions/dependabot/github_actions/actions/checkout-6 Eric Sorenson 2026-03-02 16:00:21 -08:00
  • a632b8386b Merge pull request #1058 from actions/dependabot/github_actions/actions/stale-10.2.0 Eric Sorenson 2026-03-02 15:59:31 -08:00
  • 57a3d46a7b Merge pull request #1060 from jantiebot/main Eric Sorenson 2026-02-27 15:05:18 -08:00
  • 5ecdc4b578 Merge pull request #1045 from forks-felickz/main Eric Sorenson 2026-02-27 15:03:52 -08:00
  • e8c2f9a12c fix: remove inferrable type annotation to pass eslint Chad Bentz 2026-02-27 22:58:04 +00:00
  • 0e129e113c Prettier - Refactor summary table rendering for improved readability Chad Bentz 2026-02-27 22:30:03 +00:00
  • aa60746a92 Add 'show-patched-versions' option to configuration and update summary handling Chad Bentz 2026-02-27 14:58:54 -05:00
  • e404798400 Merge upstream actions/dependency-review-action main Chad Bentz 2026-02-27 14:04:27 -05:00
  • 24398f008e chore: revert dist changes jantiebot 2026-02-27 12:41:22 +01:00
  • 7863651912 fix: only get scorecard levels if user wants to see the OpenSSF scorecard jantiebot 2026-02-26 18:16:44 +01:00
  • 17d14c08d9 Bump actions/stale from 10.1.0 to 10.2.0 dependabot[bot] 2026-02-23 01:42:33 +00:00
  • dea54b4342 Merge pull request #1057 from actions/juxtin/case-sensitivity Justin Holguín 2026-02-20 14:09:58 -08:00
  • 8cf743c0ea Make purl comparisons case insensitive Justin Holguín 2026-02-20 22:01:04 +00:00
  • b49f407d39 Merge pull request #1056 from actions/juxtin/fix-exclusion-match Justin Holguín 2026-02-20 10:27:39 -08:00
  • f68b94a696 Merge remote-tracking branch 'origin/main' into juxtin/fix-exclusion-match Justin Holguín 2026-02-20 16:33:25 +00:00
  • 05fe457637 Merge pull request #1054 from actions/ahpook/release-4.8.3 Eric Sorenson 2026-02-19 17:25:10 -08:00
  • 2ced98cbe8 Compare normalized purls to account for encoding quirks Justin Holguín 2026-02-20 00:02:37 +00:00
  • 3a8496cb71 Update generated package files for v4.8.3 Eric Sorenson 2026-02-18 21:56:46 -08:00
  • 0f22a01592 Update CONTRIBUTING for new release process Eric Sorenson 2026-02-18 21:54:45 -08:00
  • 58be34364d Updating package versions for 4.8.3 Eric Sorenson 2026-02-18 21:45:59 -08:00
  • 9284e0c621 Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-208b55449f Eric Sorenson 2026-02-18 21:31:42 -08:00
  • 8b766562f0 Bump spdx-expression-parse in the spdx-licenses group across 1 directory dependabot[bot] 2026-02-19 05:22:14 +00:00
  • 43f5f029f5 Merge pull request #1052 from actions/juxtin/fix-long-summaries Eric Sorenson 2026-02-18 21:18:45 -08:00
  • f0033fc4d6 Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.3.6 Eric Sorenson 2026-02-18 08:49:06 -08:00
  • a6c34d8785 Address review feedback: deterministic tests, cached normalization, simplified promisePool (#9) Copilot 2026-02-18 06:33:39 -05:00
  • b379e2e05f Bump fast-xml-parser from 5.3.5 to 5.3.6 dependabot[bot] 2026-02-18 05:07:50 +00:00
  • 2e1cf54a50 Properly truncate long summaries and catch errors Justin Holguín 2026-02-17 22:46:59 +00:00
  • 68e9887ce6 Merge pull request #1050 from actions/dependabot/npm_and_yarn/fast-xml-parser-5.3.5 Lewis Jones 2026-02-17 15:10:48 +00:00
  • a7c7f3b9b1 Bump fast-xml-parser from 5.3.3 to 5.3.5 dependabot[bot] 2026-02-11 19:21:05 +00:00
  • 539c79be65 Implement review feedback: concurrency limiting, semver coercion, logging improvements, and test coverage (#8) Copilot 2026-02-09 14:28:09 -05:00
  • ee66ea100d Implement review fixes: semver library, scoping, case-insensitive matching, error logging, and configurable fail behavior (#7) Copilot 2026-02-08 16:05:04 -05:00
  • 2af9bac14d Add patched version column to vulnerability summary with multi-range support (#5) Copilot 2026-02-06 18:12:20 -05:00
  • 98884d411b Merge pull request #1036 from actions/ae/vuln-fixes Ahmed ElMallah 2026-01-06 08:12:33 -08:00
  • 76bfce5cd7 optimize import ahmed3lmallah 2026-01-05 15:50:21 -08:00
  • d45151f498 Addressing vulnerabilities ahmed3lmallah 2026-01-05 15:39:34 -08:00
  • 774d14bf50 Merge pull request #1020 from actions/dependabot/npm_and_yarn/multi-75e6bc5210 Barry Gordon 2025-11-28 12:56:19 +00:00
  • 20b998d4e2 Merge pull request #1024 from actions/brrygrdn/update-glob Barry Gordon 2025-11-28 11:46:08 +00:00
  • ad048f729f Upgrade glob to a fixed version Barry Gordon 2025-11-27 18:26:19 +00:00
  • 1d60e0d095 Bump actions/checkout from 4 to 6 dependabot[bot] 2025-11-27 18:20:43 +00:00
  • 35ccfd2548 Merge pull request #1005 from actions/dependabot/github_actions/actions/setup-node-6 Barry Gordon 2025-11-27 18:19:46 +00:00
  • a2014a181b Merge pull request #1003 from actions/dependabot/github_actions/github/codeql-action-4 Barry Gordon 2025-11-27 18:19:21 +00:00
  • 1a0268586f Merge pull request #995 from actions/dependabot/github_actions/actions/stale-10.1.0 Barry Gordon 2025-11-27 18:18:38 +00:00
  • 14edcb1b2a Bump js-yaml dependabot[bot] 2025-11-17 22:03:38 +00:00
  • 805c0b2856 Bump actions/setup-node from 4 to 6 dependabot[bot] 2025-11-11 00:20:49 +00:00
  • 125b995082 Merge pull request #1017 from actions/remove-non-working-workflow Kevin Dangoor 2025-11-10 19:16:56 -05:00
  • 289863a7c4 GitHub Actions can't push to our protected main Kevin Dangoor 2025-11-10 17:46:39 -05:00
  • 3c4e3dcb1a Merge pull request #1016 from actions/dra-release Kevin Dangoor 2025-11-10 17:45:29 -05:00
  • 02930b2072 Update CONTRIBUTING to reflect new guidelines Kevin Dangoor 2025-11-10 17:35:58 -05:00
  • 49ffd9f636 Update CONTRIBUTING to reflect the need to build Kevin Dangoor 2025-11-10 14:45:40 -05:00
  • 70cb25ec56 4.8.2 release Kevin Dangoor 2025-11-10 14:44:24 -05:00
  • ebabd31cea Merge pull request #1008 from danielhardej/danielhardej-patch-20251023 Kevin Dangoor 2025-11-07 18:20:38 -05:00
  • 19f9360983 Update package-lock.json Dan Hardej 2025-11-08 07:15:17 +08:00
  • 5fd2f98b4f Bump @types/jest to version 29.5.14 Dan Hardej 2025-11-07 12:39:28 +08:00
  • 28647f4804 Fix PURL parsing by removing encodeURI Dan Hardej 2025-11-07 12:32:03 +08:00
  • f620fd175c Merge pull request #1013 from actions/dangoor/token-fix Kevin Dangoor 2025-11-06 08:40:41 -08:00
  • 9b42b7e9a9 Remove bad token reference Kevin Dangoor 2025-11-05 20:29:51 -05:00
  • 4004cfa3a2 Merge pull request #1012 from actions/dangoor/saner-workflows Kevin Dangoor 2025-11-05 17:23:09 -08:00
  • 94004c3444 Remove dist directory change blocking Kevin Dangoor 2025-11-05 18:04:42 -05:00
  • 75e65b4d81 Generate dist files on main branch Kevin Dangoor 2025-11-05 17:30:02 -05:00
  • 355d25e5a7 Merge pull request #921 from jsoref/spelling Kevin Dangoor 2025-11-04 18:48:20 -08:00
  • d456baec30 spelling: vulnerabilities Josh Soref 2025-04-14 22:53:23 -04:00
  • 66054da10b spelling: vuln Josh Soref 2025-04-15 08:08:06 -04:00
  • 247f07b0c8 spelling: summary Josh Soref 2025-04-14 22:53:15 -04:00
  • 5975520ad2 spelling: statement Josh Soref 2025-04-14 22:53:09 -04:00
  • b4849e7628 spelling: lodash Josh Soref 2025-04-15 08:03:53 -04:00
  • 752c04656e spelling: github Josh Soref 2025-04-14 23:01:25 -04:00
  • 4fa8b92807 Add alt text for screen to create a PAT Josh Soref 2025-11-04 20:07:46 -05:00
  • 3660056ed3 Add alt text for screen showing Release Action Josh Soref 2025-11-04 20:06:07 -05:00
  • 5f8348ab03 Add alt text for screen to create arelease Josh Soref 2025-11-04 20:05:22 -05:00
  • 6b5a983daf link: full list of configuration options Josh Soref 2025-04-14 22:52:13 -04:00
  • 8fd9b22286 link: the configuration Josh Soref 2025-04-14 22:51:57 -04:00
  • c4b82d3047 Reword comment-summary-in-pr description Josh Soref 2025-11-04 19:59:31 -05:00
  • 622445f2a8 Remove unused import Josh Soref 2025-11-04 20:01:39 -05:00
  • 3f464ea511 Merge pull request #1009 from danielhardej/patch-1 Kevin Dangoor 2025-11-04 14:35:46 -08:00
  • 8e51299cdf Merge pull request #1007 from gitulisca/gitulisca/summary-size-limit Lewis Jones 2025-10-27 12:51:46 +00:00
  • 7a990117b1 Add dist files Art Leo 2025-10-27 17:39:01 +11:00
  • 99ce29f02e Update README with allowed-dependencies-licenses example Dan Hardej 2025-10-23 16:31:35 +08:00
  • 140b44b7bf Remove trailing whitespace from blank line gitulisca 2025-10-22 19:12:18 +11:00
  • 4603a62e00 Make handleLargeSummary also update core.summary Art Leo 2025-10-22 17:52:52 +11:00
  • 07b91577a3 Merge pull request #920 from jsoref/issue-919 Eric Sorenson 2025-10-17 14:30:12 -07:00
  • 3084754c49 Scope warning about private repositories Josh Soref 2025-04-14 14:59:02 -04:00
  • 0f943b29ae Bump github/codeql-action from 3 to 4 dependabot[bot] 2025-10-13 01:01:57 +00:00
  • 40c09b7dc9 Merge pull request #1001 from actions/ahpook/v4.8.1-release Eric Sorenson 2025-10-10 14:06:00 -07:00
  • 45529485b5 Bump version for 4.8.1 release Eric Sorenson 2025-10-10 12:55:32 -07:00
  • e63da9a041 Merge pull request #1000 from actions/ahpook/deprecation-redux Eric Sorenson 2025-10-10 12:21:31 -07:00
  • 71365c76bc (bug) Fix spamming link test in deprecation warning (again) Eric Sorenson 2025-10-10 09:37:13 -07:00
  • 2440f520c8 Bump actions/stale from 9.1.0 to 10.1.0 dependabot[bot] 2025-10-06 01:01:54 +00:00
  • 56339e523c Merge pull request #988 from actions/brrygrdn/rc-4.8.0 Barry Gordon 2025-09-26 16:05:17 +01:00
  • 1688b745f3 Bump to a 4.8.0 Barry Gordon 2025-09-26 15:45:28 +01:00
  • 31c9f175b9 Merge pull request #987 from actions/rc-4.7.4 Barry Gordon 2025-09-26 15:20:06 +01:00
  • eacde7836e Update version Barry Gordon 2025-09-26 14:42:22 +01:00
  • 81510090e4 Merge pull request #986 from actions/brrygrdn/rc-4.7.4 Barry Gordon 2025-09-26 14:32:46 +01:00
  • b472ec914b Add a quick regression test for the artefact summary Barry Gordon 2025-09-26 13:33:36 +01:00
  • e0cedc52dc feat: add large summary handling with artifact upload Matt Mencel 2025-04-11 12:11:49 -05:00
  • e3fdf0f899 This ensures large allow or deny lists don't create huge comments Jasper Kamerling 2025-07-30 13:31:26 +02:00