ElBe-Development/localizer-rs
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases 4 Wiki Activity

Bump actions/dependency-review-action from 3 to 4 #7

Merged
dependabot[bot] merged 1 commits from dependabot/github_actions/actions/dependency-review-action-4 into main 2025-01-23 20:26:26 +00:00
Conversation 2 Commits 1 Files Changed 1 +1 -1
dependabot[bot] commented 2024-01-19 12:33:50 +00:00 (Migrated from github.com)
Copy Link

Bumps actions/dependency-review-action from 3 to 4.

Release notes

Sourced from actions/dependency-review-action's releases.

v4.0.0

New Contributors

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0

3.1.5

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5

3.1.4

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.1.4

3.1.3

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.1.3

3.1.2

What's Changed

... (truncated)

Commits
  • 4cd9eb2 Updating docs to point to v4.
  • 4901385 bump to 4.0.0
  • dbf82a4 Merge pull request #639 from takost/takost/update-to-node-20
  • 78aeb2a Merge pull request #663 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • 4e51000 Bump @​typescript-eslint/parser from 6.18.0 to 6.18.1
  • 9560737 Merge pull request #661 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • 4125f47 Merge pull request #660 from actions/dependabot/npm_and_yarn/types/node-16.18.70
  • 07cc93e Bump @​typescript-eslint/eslint-plugin from 6.18.0 to 6.18.1
  • e2c203b Bump @​types/node from 16.18.62 to 16.18.70
  • f0b304d Merge pull request #653 from actions/dependabot/npm_and_yarn/got-14.0.0
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note


Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Update action to Node 20 by <a href="https://github.com/takost"><code>@​takost</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> <li>Dependabot updates, see the full changelog for more details.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@​takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0">https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0</a></p> <h2>3.1.5</h2> <h2>What's Changed</h2> <ul> <li>Smaller <code>per_page</code> when requesting diff by <a href="https://github.com/hmaurer"><code>@​hmaurer</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/649">actions/dependency-review-action#649</a></li> <li>Update dependencies: <ul> <li>Bump <code>@​typescript-eslint/parser</code> from 6.10.0 to 6.13.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/630">actions/dependency-review-action#630</a></li> <li>Bump prettier from 3.0.3 to 3.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/629">actions/dependency-review-action#629</a></li> <li>Bump <code>@​types/jest</code> from 29.5.8 to 29.5.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/637">actions/dependency-review-action#637</a></li> <li>Bump nodemon from 3.0.1 to 3.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/636">actions/dependency-review-action#636</a></li> <li>Replace pip -&gt; pypi in PURL examples by <a href="https://github.com/febuiles"><code>@​febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/638">actions/dependency-review-action#638</a></li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.12.0 to 6.15.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/644">actions/dependency-review-action#644</a></li> <li>Bump eslint from 8.53.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/640">actions/dependency-review-action#640</a></li> <li>Bump <code>@​typescript-eslint/parser</code> from 6.13.1 to 6.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/645">actions/dependency-review-action#645</a></li> <li>Bump prettier from 3.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/646">actions/dependency-review-action#646</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5">https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5</a></p> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Fixed a <a href="https://redirect.github.com/actions/dependency-review-action/issues/618">bug</a> with severity filtering when using the <code>allow_ghsas</code> option: <a href="https://redirect.github.com/actions/dependency-review-action/pull/623">actions/dependency-review-action#623</a>.</p> </li> <li> <p>Updates dependencies:</p> <ul> <li>Bump <code>@​types/node</code> from 16.18.61 to 16.18.62 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/619">actions/dependency-review-action#619</a> action/pull/620</li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.11.0 to 6.12.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/625">actions/dependency-review-action#625</a></li> <li>Bump typescript from 5.2.2 to 5.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/624">actions/dependency-review-action#624</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.4">https://github.com/actions/dependency-review-action/compare/v3...v3.1.4</a></p> <h2>3.1.3</h2> <h2>What's Changed</h2> <ul> <li>Fixes purl &quot;version must be percent-encoded&quot; by <a href="https://github.com/theztefan"><code>@​theztefan</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/617">actions/dependency-review-action#617</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.3">https://github.com/actions/dependency-review-action/compare/v3...v3.1.3</a></p> <h2>3.1.2</h2> <h2>What's Changed</h2> <ul> <li>Fix a regression for setups using self-hosted runners behind HTTP proxies:<a href="https://github.com/febuiles"><code>@​febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/611">actions/dependency-review-action#611</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/4cd9eb2d23752464a87e00499c30d256a59a01b4"><code>4cd9eb2</code></a> Updating docs to point to v4.</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4901385134134e04cec5fbe5ddfe3b2c5bd5d976"><code>4901385</code></a> bump to 4.0.0</li> <li><a href="https://github.com/actions/dependency-review-action/commit/dbf82a4a5e789041feb229da46628470c73c9a0a"><code>dbf82a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/639">#639</a> from takost/takost/update-to-node-20</li> <li><a href="https://github.com/actions/dependency-review-action/commit/78aeb2a9481f34926df8c3362adc914ee6d1c2c4"><code>78aeb2a</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/663">#663</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4e510006f53ff8d6674dedf2002e9e0b82cc5470"><code>4e51000</code></a> Bump <code>@​typescript-eslint/parser</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9560737c5e7fc2128ffae68101ce1affe1e71e19"><code>9560737</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/661">#661</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4125f47f7e6413e88785249688b6c9013bc2a18e"><code>4125f47</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/660">#660</a> from actions/dependabot/npm_and_yarn/types/node-16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/07cc93e0c88d01956b9bdd07a4ae2a3dd5b03aff"><code>07cc93e</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e2c203b8b7d8c24420ab8f3b640f6c7a4379ffa8"><code>e2c203b</code></a> Bump <code>@​types/node</code> from 16.18.62 to 16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f0b304d0bca35ae1f93498c415db77ce72699b7c"><code>f0b304d</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/653">#653</a> from actions/dependabot/npm_and_yarn/got-14.0.0</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
github-actions[bot] commented 2024-01-19 12:37:15 +00:00 (Migrated from github.com)
Copy Link

🦙 MegaLinter status: ERROR

Descriptor Linter Files Fixed Errors Elapsed time
ACTION actionlint 1 0 0.02s
COPYPASTE jscpd yes no 1.31s
EDITORCONFIG editorconfig-checker 1 0 0.01s
REPOSITORY checkov yes no 10.69s
REPOSITORY devskim yes no 1.79s
REPOSITORY dustilock yes no 0.0s
REPOSITORY gitleaks yes no 0.26s
REPOSITORY git_diff yes no 0.0s
REPOSITORY grype yes no 13.67s
REPOSITORY kics yes 1 1.05s
REPOSITORY secretlint yes no 0.78s
REPOSITORY syft yes no 0.47s
REPOSITORY trivy yes no 4.38s
REPOSITORY trivy-sbom yes no 4.32s
REPOSITORY trufflehog yes no 3.44s
SPELL cspell 2 0 2.4s
SPELL lychee 1 0 0.03s
YAML prettier 1 0 0.41s
YAML v8r 1 0 2.55s
YAML yamllint 1 0 1.78s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

## [🦙 MegaLinter](https://megalinter.io/7.7.0) status: ❌ [ERROR](https://github.com/ElBe-Development/localizer-rs/actions/runs/7583824491) | Descriptor | Linter |Files|Fixed| Errors |Elapsed time| |---------------|-------------------------------------------------------------------------------------------------|-----|-----|-----------------------------------------------------------------------------|------------| |✅ ACTION |[actionlint](https://megalinter.io/7.7.0/descriptors/action_actionlint) | 1| | 0|0.02s | |✅ COPYPASTE |[jscpd](https://megalinter.io/7.7.0/descriptors/copypaste_jscpd) |yes | |no |1.31s | |✅ EDITORCONFIG|[editorconfig-checker](https://megalinter.io/7.7.0/descriptors/editorconfig_editorconfig_checker)| 1| | 0|0.01s | |✅ REPOSITORY |[checkov](https://megalinter.io/7.7.0/descriptors/repository_checkov) |yes | |no |10.69s | |✅ REPOSITORY |[devskim](https://megalinter.io/7.7.0/descriptors/repository_devskim) |yes | |no |1.79s | |✅ REPOSITORY |[dustilock](https://megalinter.io/7.7.0/descriptors/repository_dustilock) |yes | |no |0.0s | |✅ REPOSITORY |[gitleaks](https://megalinter.io/7.7.0/descriptors/repository_gitleaks) |yes | |no |0.26s | |✅ REPOSITORY |[git_diff](https://megalinter.io/7.7.0/descriptors/repository_git_diff) |yes | |no |0.0s | |✅ REPOSITORY |[grype](https://megalinter.io/7.7.0/descriptors/repository_grype) |yes | |no |13.67s | |❌ REPOSITORY |[kics](https://megalinter.io/7.7.0/descriptors/repository_kics) |yes | |[1](https://github.com/ElBe-Development/localizer-rs/actions/runs/7583824491)|1.05s | |✅ REPOSITORY |[secretlint](https://megalinter.io/7.7.0/descriptors/repository_secretlint) |yes | |no |0.78s | |✅ REPOSITORY |[syft](https://megalinter.io/7.7.0/descriptors/repository_syft) |yes | |no |0.47s | |✅ REPOSITORY |[trivy](https://megalinter.io/7.7.0/descriptors/repository_trivy) |yes | |no |4.38s | |✅ REPOSITORY |[trivy-sbom](https://megalinter.io/7.7.0/descriptors/repository_trivy_sbom) |yes | |no |4.32s | |✅ REPOSITORY |[trufflehog](https://megalinter.io/7.7.0/descriptors/repository_trufflehog) |yes | |no |3.44s | |✅ SPELL |[cspell](https://megalinter.io/7.7.0/descriptors/spell_cspell) |2 | | 0|2.4s | |✅ SPELL |[lychee](https://megalinter.io/7.7.0/descriptors/spell_lychee) |1 | | 0|0.03s | |✅ YAML |[prettier](https://megalinter.io/7.7.0/descriptors/yaml_prettier) |1 | | 0|0.41s | |✅ YAML |[v8r](https://megalinter.io/7.7.0/descriptors/yaml_v8r) |1 | | 0|2.55s | |✅ YAML |[yamllint](https://megalinter.io/7.7.0/descriptors/yaml_yamllint) |1 | | 0|1.78s | See detailed report in [MegaLinter reports](https://github.com/ElBe-Development/localizer-rs/actions/runs/7583824491) _Set `VALIDATE_ALL_CODEBASE: true` in mega-linter.yml to validate all sources, not only the diff_ _MegaLinter is graciously provided by [![OX Security](https://www.ox.security/wp-content/uploads/2022/06/logo.svg?ref=megalinter_comment)](https://www.ox.security/?ref=megalinter)_ <!-- megalinter: github-comment-reporter workflow='MegaLinter' jobid='build' -->
ElBe-Plaq (Migrated from github.com) approved these changes 2025-01-23 20:26:17 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
ElBe-Plaq
Labels
Clear labels
bug
Something isn't working
dependencies
documentation
Improvements or additions to documentation
duplicate
This issue or pull request already exists
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
invalid
This doesn't seem right
question
Further information is requested
size/S
size/XS
wontfix
This will not be worked on
No Label
size/XS
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
elbe
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ElBe-Development/localizer-rs#7
No description provided.
Delete Branch "dependabot/github_actions/actions/dependency-review-action-4"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?