ElBe-Development/logging-rs
1
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases 2 Wiki Activity

Bump actions/dependency-review-action from 3 to 4 #6

Open
dependabot[bot] wants to merge 1 commits from dependabot/github_actions/actions/dependency-review-action-4 into main
pull from: dependabot/github_actions/actions/dependency-review-action-4
merge into: ElBe-Development:main
Conversation 2 Commits 1 Files Changed 1 +1 -1
dependabot[bot] commented 2024-01-18 22:07:14 +00:00 (Migrated from github.com)
Copy Link

Bumps actions/dependency-review-action from 3 to 4.

Release notes

Sourced from actions/dependency-review-action's releases.

v4.0.0

New Contributors

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0

3.1.5

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5

3.1.4

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.1.4

3.1.3

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3...v3.1.3

3.1.2

What's Changed

... (truncated)

Commits
  • 4cd9eb2 Updating docs to point to v4.
  • 4901385 bump to 4.0.0
  • dbf82a4 Merge pull request #639 from takost/takost/update-to-node-20
  • 78aeb2a Merge pull request #663 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • 4e51000 Bump @​typescript-eslint/parser from 6.18.0 to 6.18.1
  • 9560737 Merge pull request #661 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • 4125f47 Merge pull request #660 from actions/dependabot/npm_and_yarn/types/node-16.18.70
  • 07cc93e Bump @​typescript-eslint/eslint-plugin from 6.18.0 to 6.18.1
  • e2c203b Bump @​types/node from 16.18.62 to 16.18.70
  • f0b304d Merge pull request #653 from actions/dependabot/npm_and_yarn/got-14.0.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Update action to Node 20 by <a href="https://github.com/takost"><code>@​takost</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> <li>Dependabot updates, see the full changelog for more details.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/takost"><code>@​takost</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/639">actions/dependency-review-action#639</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0">https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0</a></p> <h2>3.1.5</h2> <h2>What's Changed</h2> <ul> <li>Smaller <code>per_page</code> when requesting diff by <a href="https://github.com/hmaurer"><code>@​hmaurer</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/649">actions/dependency-review-action#649</a></li> <li>Update dependencies: <ul> <li>Bump <code>@​typescript-eslint/parser</code> from 6.10.0 to 6.13.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/630">actions/dependency-review-action#630</a></li> <li>Bump prettier from 3.0.3 to 3.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/629">actions/dependency-review-action#629</a></li> <li>Bump <code>@​types/jest</code> from 29.5.8 to 29.5.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/637">actions/dependency-review-action#637</a></li> <li>Bump nodemon from 3.0.1 to 3.0.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/636">actions/dependency-review-action#636</a></li> <li>Replace pip -&gt; pypi in PURL examples by <a href="https://github.com/febuiles"><code>@​febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/638">actions/dependency-review-action#638</a></li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.12.0 to 6.15.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/644">actions/dependency-review-action#644</a></li> <li>Bump eslint from 8.53.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/640">actions/dependency-review-action#640</a></li> <li>Bump <code>@​typescript-eslint/parser</code> from 6.13.1 to 6.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/645">actions/dependency-review-action#645</a></li> <li>Bump prettier from 3.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/646">actions/dependency-review-action#646</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5">https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5</a></p> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li> <p>Fixed a <a href="https://redirect.github.com/actions/dependency-review-action/issues/618">bug</a> with severity filtering when using the <code>allow_ghsas</code> option: <a href="https://redirect.github.com/actions/dependency-review-action/pull/623">actions/dependency-review-action#623</a>.</p> </li> <li> <p>Updates dependencies:</p> <ul> <li>Bump <code>@​types/node</code> from 16.18.61 to 16.18.62 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/619">actions/dependency-review-action#619</a> action/pull/620</li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.11.0 to 6.12.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/625">actions/dependency-review-action#625</a></li> <li>Bump typescript from 5.2.2 to 5.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/624">actions/dependency-review-action#624</a></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.4">https://github.com/actions/dependency-review-action/compare/v3...v3.1.4</a></p> <h2>3.1.3</h2> <h2>What's Changed</h2> <ul> <li>Fixes purl &quot;version must be percent-encoded&quot; by <a href="https://github.com/theztefan"><code>@​theztefan</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/617">actions/dependency-review-action#617</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v3...v3.1.3">https://github.com/actions/dependency-review-action/compare/v3...v3.1.3</a></p> <h2>3.1.2</h2> <h2>What's Changed</h2> <ul> <li>Fix a regression for setups using self-hosted runners behind HTTP proxies:<a href="https://github.com/febuiles"><code>@​febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/611">actions/dependency-review-action#611</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/4cd9eb2d23752464a87e00499c30d256a59a01b4"><code>4cd9eb2</code></a> Updating docs to point to v4.</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4901385134134e04cec5fbe5ddfe3b2c5bd5d976"><code>4901385</code></a> bump to 4.0.0</li> <li><a href="https://github.com/actions/dependency-review-action/commit/dbf82a4a5e789041feb229da46628470c73c9a0a"><code>dbf82a4</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/639">#639</a> from takost/takost/update-to-node-20</li> <li><a href="https://github.com/actions/dependency-review-action/commit/78aeb2a9481f34926df8c3362adc914ee6d1c2c4"><code>78aeb2a</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/663">#663</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4e510006f53ff8d6674dedf2002e9e0b82cc5470"><code>4e51000</code></a> Bump <code>@​typescript-eslint/parser</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9560737c5e7fc2128ffae68101ce1affe1e71e19"><code>9560737</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/661">#661</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="https://github.com/actions/dependency-review-action/commit/4125f47f7e6413e88785249688b6c9013bc2a18e"><code>4125f47</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/660">#660</a> from actions/dependabot/npm_and_yarn/types/node-16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/07cc93e0c88d01956b9bdd07a4ae2a3dd5b03aff"><code>07cc93e</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 6.18.0 to 6.18.1</li> <li><a href="https://github.com/actions/dependency-review-action/commit/e2c203b8b7d8c24420ab8f3b640f6c7a4379ffa8"><code>e2c203b</code></a> Bump <code>@​types/node</code> from 16.18.62 to 16.18.70</li> <li><a href="https://github.com/actions/dependency-review-action/commit/f0b304d0bca35ae1f93498c415db77ce72699b7c"><code>f0b304d</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/653">#653</a> from actions/dependabot/npm_and_yarn/got-14.0.0</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
ElBe-Plaq (Migrated from github.com) reviewed 2024-01-18 22:07:14 +00:00
github-actions[bot] commented 2024-01-18 22:10:34 +00:00 (Migrated from github.com)
Copy Link

🦙 MegaLinter status: ERROR

Descriptor Linter Files Fixed Errors Elapsed time
ACTION actionlint 1 0 0.02s
COPYPASTE jscpd yes 5 1.43s
EDITORCONFIG editorconfig-checker 1 0 0.01s
REPOSITORY checkov yes no 12.26s
REPOSITORY devskim yes no 1.97s
REPOSITORY dustilock yes no 0.01s
REPOSITORY gitleaks yes no 0.11s
REPOSITORY git_diff yes no 0.01s
REPOSITORY grype yes no 13.01s
REPOSITORY kics yes 1 1.9s
REPOSITORY secretlint yes no 0.87s
REPOSITORY syft yes no 0.12s
REPOSITORY trivy yes no 4.78s
REPOSITORY trivy-sbom yes no 3.25s
REPOSITORY trufflehog yes no 3.79s
SPELL cspell 2 0 2.45s
SPELL lychee 1 0 0.02s
YAML prettier 1 0 0.59s
YAML v8r 1 0 1.96s
YAML yamllint 1 0 0.66s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

## [🦙 MegaLinter](https://megalinter.io/7.7.0) status: ❌ [ERROR](https://github.com/ElBe-Development/logging-rs/actions/runs/7576533609) | Descriptor | Linter |Files|Fixed| Errors |Elapsed time| |---------------|-------------------------------------------------------------------------------------------------|-----|-----|---------------------------------------------------------------------------|------------| |✅ ACTION |[actionlint](https://megalinter.io/7.7.0/descriptors/action_actionlint) | 1| | 0|0.02s | |❌ COPYPASTE |[jscpd](https://megalinter.io/7.7.0/descriptors/copypaste_jscpd) |yes | |[5](https://github.com/ElBe-Development/logging-rs/actions/runs/7576533609)|1.43s | |✅ EDITORCONFIG|[editorconfig-checker](https://megalinter.io/7.7.0/descriptors/editorconfig_editorconfig_checker)| 1| | 0|0.01s | |✅ REPOSITORY |[checkov](https://megalinter.io/7.7.0/descriptors/repository_checkov) |yes | |no |12.26s | |✅ REPOSITORY |[devskim](https://megalinter.io/7.7.0/descriptors/repository_devskim) |yes | |no |1.97s | |✅ REPOSITORY |[dustilock](https://megalinter.io/7.7.0/descriptors/repository_dustilock) |yes | |no |0.01s | |✅ REPOSITORY |[gitleaks](https://megalinter.io/7.7.0/descriptors/repository_gitleaks) |yes | |no |0.11s | |✅ REPOSITORY |[git_diff](https://megalinter.io/7.7.0/descriptors/repository_git_diff) |yes | |no |0.01s | |✅ REPOSITORY |[grype](https://megalinter.io/7.7.0/descriptors/repository_grype) |yes | |no |13.01s | |❌ REPOSITORY |[kics](https://megalinter.io/7.7.0/descriptors/repository_kics) |yes | |[1](https://github.com/ElBe-Development/logging-rs/actions/runs/7576533609)|1.9s | |✅ REPOSITORY |[secretlint](https://megalinter.io/7.7.0/descriptors/repository_secretlint) |yes | |no |0.87s | |✅ REPOSITORY |[syft](https://megalinter.io/7.7.0/descriptors/repository_syft) |yes | |no |0.12s | |✅ REPOSITORY |[trivy](https://megalinter.io/7.7.0/descriptors/repository_trivy) |yes | |no |4.78s | |✅ REPOSITORY |[trivy-sbom](https://megalinter.io/7.7.0/descriptors/repository_trivy_sbom) |yes | |no |3.25s | |✅ REPOSITORY |[trufflehog](https://megalinter.io/7.7.0/descriptors/repository_trufflehog) |yes | |no |3.79s | |✅ SPELL |[cspell](https://megalinter.io/7.7.0/descriptors/spell_cspell) |2 | | 0|2.45s | |✅ SPELL |[lychee](https://megalinter.io/7.7.0/descriptors/spell_lychee) |1 | | 0|0.02s | |✅ YAML |[prettier](https://megalinter.io/7.7.0/descriptors/yaml_prettier) |1 | | 0|0.59s | |✅ YAML |[v8r](https://megalinter.io/7.7.0/descriptors/yaml_v8r) |1 | | 0|1.96s | |✅ YAML |[yamllint](https://megalinter.io/7.7.0/descriptors/yaml_yamllint) |1 | | 0|0.66s | See detailed report in [MegaLinter reports](https://github.com/ElBe-Development/logging-rs/actions/runs/7576533609) _Set `VALIDATE_ALL_CODEBASE: true` in mega-linter.yml to validate all sources, not only the diff_ _MegaLinter is graciously provided by [![OX Security](https://www.ox.security/wp-content/uploads/2022/06/logo.svg?ref=megalinter_comment)](https://www.ox.security/?ref=megalinter)_ <!-- megalinter: github-comment-reporter workflow='MegaLinter' jobid='build' -->
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin dependabot/github_actions/actions/dependency-review-action-4:dependabot/github_actions/actions/dependency-review-action-4
git checkout dependabot/github_actions/actions/dependency-review-action-4
Sign in to join this conversation.
Reviewers
No Reviewers
ElBe-Plaq
Labels
Clear labels
bug
Something isn't working
dependencies
documentation
Improvements or additions to documentation
duplicate
This issue or pull request already exists
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
invalid
This doesn't seem right
question
Further information is requested
wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
elbe
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ElBe-Development/logging-rs#6
No description provided.
Delete Branch "dependabot/github_actions/actions/dependency-review-action-4"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?