Bump advanced-security/spdx-dependency-submission-action from 0.0.1 to 0.2.0 by dependabot[bot] · Pull Request #532 · cloudfoundry/bosh-linux-stemcell-builder

dependabot · 2026-04-09T22:42:59Z

Bumps advanced-security/spdx-dependency-submission-action from 0.0.1 to 0.2.0.

Release notes

Sourced from advanced-security/spdx-dependency-submission-action's releases.

v0.2.0

What's Changed

build: Update dist files after dependency bump by @Copilot in advanced-security/spdx-dependency-submission-action#97

deps: Bump the production-dependencies group with 2 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#96

chore: Bump eslint from 9.39.1 to 9.39.2 in the development-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#95

deps: Bump the production-dependencies group across 1 directory with 2 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#98

chore: Bump eslint from 9.39.2 to 10.0.0 in the development-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#100

deps: Bump the production-dependencies group across 1 directory with 2 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#101

Convert to ES modules for @actions/core v3 and @actions/github v9 compatibility advanced-security/spdx-dependency-submission-action#102

Full Changelog: advanced-security/spdx-dependency-submission-action@v0.1.2...v0.2.0

v0.1.2 - features and maintenance release

What's Changed

Update CODEOWNERS to DG team by @jhutchings1 in advanced-security/spdx-dependency-submission-action#49

Update CODEOWNERS by @GeekMasher in advanced-security/spdx-dependency-submission-action#54

deps: bump actions/setup-node from 4.0.2 to 4.2.0 in the production-dependencies group across 1 directory by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#69

feat: Update dependabot.yml by @GeekMasher in advanced-security/spdx-dependency-submission-action#55

feat: Add support for running inside a matrix by overriding the default correlator identifier by @felickz in advanced-security/spdx-dependency-submission-action#50

deps: bump actions/setup-node from 4.2.0 to 4.3.0 in the production-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#71

deps: bump actions/setup-node from 4.3.0 to 4.4.0 in the production-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#72

Update README.md to use v4 for checkout and upload-artifact by @CallMeGreg in advanced-security/spdx-dependency-submission-action#73

conditional test - do not run on PR from fork by @felickz in advanced-security/spdx-dependency-submission-action#74

Bump the npm_and_yarn group across 1 directory with 5 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#77

deps: bump actions/checkout from 4 to 5 in the production-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#79

chore: bump the development-dependencies group across 1 directory with 3 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#78

chore: bump js-yaml from 3.14.1 to 3.14.2 in the npm_and_yarn group across 1 directory by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#86

deps: bump the production-dependencies group across 1 directory with 3 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#76

chore: bump glob from 10.4.5 to 10.5.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#87

deps: bump the production-dependencies group across 1 directory with 3 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#85

deps: Bump the production-dependencies group across 1 directory with 2 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#89

chore: bump the development-dependencies group across 1 directory with 3 updates by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#82

Fix for "workflow does not contain permissions", plus updated dist and fixed test failure with lazy loading of submission toolkit by @aegilops in advanced-security/spdx-dependency-submission-action#90

deps: bump @actions/core from 1.11.1 to 2.0.1 in the production-dependencies group by @dependabot[bot] in advanced-security/spdx-dependency-submission-action#92

New Contributors

@felickz made their first contribution in advanced-security/spdx-dependency-submission-action#50

@CallMeGreg made their first contribution in advanced-security/spdx-dependency-submission-action#73

@aegilops made their first contribution in advanced-security/spdx-dependency-submission-action#90

Full Changelog: advanced-security/spdx-dependency-submission-action@v0.1.1...v0.1.2

v0.1.1

What's Changed

Hotfix for PURL issues by @GeekMasher in advanced-security/spdx-dependency-submission-action#42

Full Changelog: advanced-security/spdx-dependency-submission-action@v0.1.0...v0.1.1

... (truncated)

Commits

169d224 deps: Bump the production-dependencies group across 1 directory with 2 update...
c810a02 Merge pull request #100 from advanced-security/dependabot/npm_and_yarn/main/d...
f9ac915 chore: Bump eslint in the development-dependencies group
4df5384 Merge pull request #98 from advanced-security/dependabot/github_actions/main/...
ff0db0f Merge pull request #95 from advanced-security/dependabot/npm_and_yarn/main/de...
e99d8ce deps: Bump the production-dependencies group across 1 directory with 2 updates
be4152f chore: Bump eslint in the development-dependencies group
6b8807f Merge pull request #96 from advanced-security/dependabot/npm_and_yarn/main/pr...
c6bcfd0 Merge pull request #97 from advanced-security/copilot/sub-pr-96
096e79b build: Update dist files after dependency bump
Additional commits viewable in compare view

Bumps [advanced-security/spdx-dependency-submission-action](https://github.com/advanced-security/spdx-dependency-submission-action) from 0.0.1 to 0.2.0. - [Release notes](https://github.com/advanced-security/spdx-dependency-submission-action/releases) - [Commits](advanced-security/spdx-dependency-submission-action@v0.0.1...v0.2.0) --- updated-dependencies: - dependency-name: advanced-security/spdx-dependency-submission-action dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 9, 2026

aramprice approved these changes Apr 9, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/github_actions/advanced-security/spdx-dependency-submission-action-0.2.0 branch from 0b8032f to b7569d8 Compare April 9, 2026 23:02

aramprice merged commit f956450 into ubuntu-jammy Apr 9, 2026
5 checks passed

dependabot Bot deleted the dependabot/github_actions/advanced-security/spdx-dependency-submission-action-0.2.0 branch April 9, 2026 23:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump advanced-security/spdx-dependency-submission-action from 0.0.1 to 0.2.0#532

Bump advanced-security/spdx-dependency-submission-action from 0.0.1 to 0.2.0#532
aramprice merged 1 commit into
ubuntu-jammyfrom
dependabot/github_actions/advanced-security/spdx-dependency-submission-action-0.2.0

dependabot Bot commented on behalf of github Apr 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.2.0

What's Changed

v0.1.2 - features and maintenance release

What's Changed

New Contributors

v0.1.1

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 9, 2026 •

edited

Loading