Dependency Review Action v4.8.3
This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.
We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.
What's Changed
- GitHub Actions can't push to our protected main by @dangoor in #1017
- Bump actions/stale from 9.1.0 to 10.1.0 by @dependabot[bot] in #995
- Bump github/codeql-action from 3 to 4 by @dependabot[bot] in #1003
- Bump actions/setup-node from 4 to 6 by @dependabot[bot] in #1005
- Upgrade glob to address a vulnerability by @brrygrdn in #1024
- Bump js-yaml by @dependabot[bot] in #1020
- Addressing vulnerabilities by @Ahmed3lmallah in #1036
- Bump fast-xml-parser from 5.3.3 to 5.3.5 by @dependabot[bot] in #1050
- Bump fast-xml-parser from 5.3.5 to 5.3.6 by @dependabot[bot] in #1053
- Properly truncate long summaries and catch errors by @juxtin in #1052
- Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @dependabot[bot] in #931
- Changes for Release 4.8.3 by @ahpook in #1054
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3
Contributors
dangoor, ahpook, and 4 other contributors