mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
116a034c8a
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Update action to Node 20 by <a href="https://github.com/takost"><code>@takost</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> <li>Dependabot updates, see the full changelog for more details.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0">https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0</a></p> <h2>3.1.5</h2> <h2>What's Changed</h2> <ul> <li>Smaller <code>per_page</code> when requesting diff by <a href="https://github.com/hmaurer"><code>@hmaurer</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/649">actions/dependency-review-action#649</a></li> <li>Update dependencies: <ul> <li>Bump <code>@typescript-eslint/parser</code> from 6.10.0 to 6.13.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/630">actions/dependency-review-action#630</a></li> <li>Bump prettier from 3.0.3 to 3.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/629">actions/dependency-review-action#629</a></li> <li>Bump <code>@types/jest</code> from 29.5.8 to 29.5.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/637">actions/dependency-review-action#637</a></li> <li>Bump nodemon from 3.0.1 to 3.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/636">actions/dependency-review-action#636</a></li> <li>Replace pip -> pypi in PURL examples by <a href="https://github.com/febuiles"><code>@febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/638">actions/dependency-review-action#638</a></li> <li>Bump <code>@typescript-eslint/eslint-plugin</code> from 6.12.0 to 6.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/644">actions/dependency-review-action#644</a></li> <li>Bump eslint from 8.53.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/640">actions/dependency-review-action#640</a></li> <li>Bump <code>@typescript-eslint/parser</code> from 6.13.1 to 6.16.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/645">actions/dependency-review-action#645</a></li> <li>Bump prettier from 3.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/646">actions/dependency-review-action#646</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5">https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5</a></p> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Fixed a <a href="https://redirect.github.com/actions/dependency-review-action/issues/618">bug</a> with severity filtering when using the <code>allow_ghsas</code> option: <a href="https://redirect.github.com/actions/dependency-review-action/pull/623">actions/dependency-review-action#623</a>.</p> </li> <li> <p>Updates dependencies:</p> <ul> <li>Bump <code>@types/node</code> from 16.18.61 to 16.18.62 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/619">actions/dependency-review-action#619</a> action/pull/620</li> <li>Bump <code>@typescript-eslint/eslint-plugin</code> from 6.11.0 to 6.12.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/625">actions/dependency-review-action#625</a></li> <li>Bump typescript from 5.2.2 to 5.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/624">actions/dependency-review-action#624</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.4">https://github.com/actions/dependency-review-action/compare/v3...v3.1.4</a></p> <h2>3.1.3</h2> <h2>What's Changed</h2> <ul> <li>Fixes purl "version must be percent-encoded" by <a href="https://github.com/theztefan"><code>@theztefan</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/617">actions/dependency-review-action#617</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.3">https://github.com/actions/dependency-review-action/compare/v3...v3.1.3</a></p> <h2>3.1.2</h2> <h2>What's Changed</h2> <ul> <li>Fix a regression for setups using self-hosted runners behind HTTP proxies:<a href="https://github.com/febuiles"><code>@febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/611">actions/dependency-review-action#611</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="4cd9eb2d23"><code>4cd9eb2</code></a> Updating docs to point to v4.</li> <li><a href="4901385134"><code>4901385</code></a> bump to 4.0.0</li> <li><a href="dbf82a4a5e"><code>dbf82a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/639">#639</a> from takost/takost/update-to-node-20</li> <li><a href="78aeb2a948"><code>78aeb2a</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/663">#663</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="4e510006f5"><code>4e51000</code></a> Bump <code>@typescript-eslint/parser</code> from 6.18.0 to 6.18.1</li> <li><a href="9560737c5e"><code>9560737</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/661">#661</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="4125f47f7e"><code>4125f47</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/660">#660</a> from actions/dependabot/npm_and_yarn/types/node-16.18.70</li> <li><a href="07cc93e0c8"><code>07cc93e</code></a> Bump <code>@typescript-eslint/eslint-plugin</code> from 6.18.0 to 6.18.1</li> <li><a href="e2c203b8b7"><code>e2c203b</code></a> Bump <code>@types/node</code> from 16.18.62 to 16.18.70</li> <li><a href="f0b304d0bc"><code>f0b304d</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/653">#653</a> from actions/dependabot/npm_and_yarn/got-14.0.0</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
15 lines
360 B
YAML
15 lines
360 B
YAML
name: dependency-review
|
|
on: [pull_request]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
dependency-review:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
|
|
- uses: actions/dependency-review-action@v4
|
|
with:
|
|
allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0
|