Skip to content

build(deps): bump actions/dependency-review-action from 3.1.0 to 3.1.4#69

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-3.1.4
Closed

build(deps): bump actions/dependency-review-action from 3.1.0 to 3.1.4#69
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-3.1.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 4, 2023

Copy link
Copy Markdown
Contributor

Bumps actions/dependency-review-action from 3.1.0 to 3.1.4.

Release notes

Sourced from actions/dependency-review-action's releases.

3.1.4

What's Changed

Full Changelog: actions/dependency-review-action@v3...v3.1.4

3.1.3

What's Changed

Full Changelog: actions/dependency-review-action@v3...v3.1.3

3.1.2

What's Changed

Full Changelog: actions/dependency-review-action@v3...v3.1.2

3.1.1

What's Changed

  • Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: actions/dependency-review-action@v3.1.0...v3.1.1

Commits
  • 01bc870 bumping version
  • 4b4f0de Merge pull request #623 from actions/fix-advisory-filters
  • a93fa86 Fixing test name.
  • 550520e Merge pull request #624 from actions/dependabot/npm_and_yarn/typescript-5.3.2
  • 2d0fb60 Merge pull request #625 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • c07c237 Bump @​typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0
  • 4d842d7 Bump typescript from 5.2.2 to 5.3.2
  • a6d4686 adding dist
  • 4366dba Advisory filters should not drop entire dependencies.
  • 50dafeb Tiny logic refactor.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.0 to 3.1.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@6c5ccda...01bc870)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 4, 2023
@github-actions

github-actions Bot commented Dec 4, 2023

Copy link
Copy Markdown

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 1 0 0.01s
✅ COPYPASTE jscpd yes no 1.69s
✅ EDITORCONFIG editorconfig-checker 1 0 0.01s
✅ REPOSITORY checkov yes no 11.23s
✅ REPOSITORY gitleaks yes no 0.22s
✅ REPOSITORY git_diff yes no 0.03s
✅ REPOSITORY grype yes no 11.0s
✅ REPOSITORY secretlint yes no 0.9s
✅ REPOSITORY trivy yes no 4.25s
✅ REPOSITORY trivy-sbom yes no 3.68s
✅ REPOSITORY trufflehog yes no 3.79s
✅ YAML prettier 1 0 0 0.48s
✅ YAML v8r 1 0 2.45s
✅ YAML yamllint 1 0 0.82s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@dependabot @github

dependabot Bot commented on behalf of github Jan 8, 2024

Copy link
Copy Markdown
Contributor Author

Superseded by #78.

@dependabot dependabot Bot closed this Jan 8, 2024
@dependabot dependabot Bot deleted the dependabot/github_actions/actions/dependency-review-action-3.1.4 branch January 8, 2024 03:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants