Skip to content

Commit

Permalink
fix(deps): update actions/dependency-review-action action to v4.3.4 (#…
Browse files Browse the repository at this point in the history 
…113)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.3` -> `v4.3.4` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.4)

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4)

#### What's Changed

- Include all added dependencies in scorecard entries by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/783](https://togithub.com/actions/dependency-review-action/pull/783)
- Update SPDX Expression Parsing by
[@&#8203;febuiles](https://togithub.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/719](https://togithub.com/actions/dependency-review-action/pull/719)
- This PR is a significant refactor of SPDX expression parsing that
*may* fix some bugs, but unfortunately there are several related known
issues that remain unresolved as of this version.

**Full Changelog**:
actions/dependency-review-action@v4.3.3...v4.3.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->

Signed-off-by: Renovate Bot <[email protected]>
Co-authored-by: renovate-gsuquet[bot] <173481049+renovate-gsuquet[bot]@users.noreply.github.com>
  • Loading branch information
@renovate-gsuquet
renovate-gsuquet[bot] authored Jul 17, 2024
1 parent f36de7a commit 0c62c2f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/security-dependencies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Dependency Review
uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
with:
fail-on-severity: ${{ inputs.severity || 'low' }}
comment-summary-in-pr: ${{ inputs.comment || 'always' }}

0 comments on commit 0c62c2f

Please sign in to comment.