Sourced from actions/dependency-review-action's releases.
5.0.0
This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.
What's Changed
- Add .github/copilot-instructions.md for Copilot coding agent by
@ahpookin actions/dependency-review-action#1067- Update Node.js runtime from 20 to 24 by
@scottschreckengaustin actions/dependency-review-action#1084- Bump spdx-license-ids from 3.0.20 to 3.0.23 by
@mongolyyin actions/dependency-review-action#1091- docs: bump actions/checkout from v4 to v6 in workflow examples by
@Marukome0743in actions/dependency-review-action#1077- fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by
@tspascoalin actions/dependency-review-action#1076- Resolve security findings by
@AshelyTCin actions/dependency-review-action#1094- v5.0.0 release branch by
@ahpookin actions/dependency-review-action#1098New Contributors
@scottschreckengaustmade their first contribution in actions/dependency-review-action#1084@mongolyymade their first contribution in actions/dependency-review-action#1091@Marukome0743made their first contribution in actions/dependency-review-action#1077Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0
Dependency Review Action 4.9.0
This feature release contains a couple of notable changes:
- There is a new configuration option
show_patched_versionswhich will add a column to the output, showing the fix version of each vulnerable dependency. Thanks@felickz!- Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch
@jantiebot!- There are a couple of fixes to purl parsing which should improve match accuracy for
allow-package-dependencylists, including case (in)sensitivity and url-encoded namespaces Thanks@juxtin!What's Changed
- Compare normalized purls to account for encoding quirks by
@juxtinin actions/dependency-review-action#1056- Make purl comparisons case insensitive by
@juxtinin actions/dependency-review-action#1057- Feat: Add
Patched VersiontoVulnerabilitiessummary by@felickzin actions/dependency-review-action#1045- fix: only get scorecard levels if user wants to see the OpenSSF scorecard by
@jantiebotin actions/dependency-review-action#1060- Bump actions/stale from 10.1.0 to 10.2.0 by
@dependabot[bot] in actions/dependency-review-action#1058- Bump actions/checkout from 4 to 6 by
@dependabot[bot] in actions/dependency-review-action#1021- Updates for release 4.9.0 by
@ahpookin actions/dependency-review-action#1064New Contributors
@jantiebotmade their first contribution in actions/dependency-review-action#1060Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0
4.8.3
Dependency Review Action v4.8.3
This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.
We have also updated the release process to use a long-lived
v4branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.What's Changed
- GitHub Actions can't push to our protected main by
@dangoorin actions/dependency-review-action#1017- Bump actions/stale from 9.1.0 to 10.1.0 by
@dependabot[bot] in actions/dependency-review-action#995
... (truncated)
a1d282b
Merge pull request #1098
from actions/ahpook/v5-releaseeb6c199
update examples to show @v53943c2c
v5.0.0 release branch454943c
Merge pull request #1094
from actions/ashelytc/security-findings6d92a12
revert @typescript-eslint/parser updatea8e5a7e
Merge pull request #1076
from tspascoal/fix-version-matching-for-non-string-s...b6b7079
update @typescript-eslint/parser to 8.40.0821a21d
update more dependencies05aaaae
run npm audit fix55d3e75
Merge pull request #1077
from Marukome0743/docs/checkout