Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4 #2054

Merged
merged 1 commit into from Jul 14, 2022
Merged

🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4 #2054

merged 1 commit into from Jul 14, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 14, 2022

Bumps actions/dependency-review-action from 2.0.2 to 2.0.4.

Release notes

Sourced from actions/dependency-review-action's releases.

2.0.4

The previous release did not include the right package.json, no major changes.

2.0.3

  • Fixed a bug where removed changes were being inspected and reported as vulnerable (#155, thanks @​kachick!)
Commits
  • 94145f3 Bumping the version to 2.0.4.
  • af8d39d Bumping the version to 2.0.3.
  • b83777f Merge pull request #156 from actions/dependabot/npm_and_yarn/types/node-16.11.44
  • 1dc503a Merge pull request #155 from kachick/fix-154
  • 8975a27 Bump @​types/node from 16.11.43 to 16.11.44
  • c003e7f Add more test for added and removed pattern
  • ae4118f Update build files with npm run all
  • c5d7bdc Ignore removed changes in license checker
  • bced8aa Merge pull request #153 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • ba8e0b0 Bump @​typescript-eslint/parser from 5.30.5 to 5.30.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4
0429138 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@1c59cdf...94145f3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jul 14, 2022
@dependabot dependabot bot temporarily deployed to integration-test July 14, 2022 08:08 Inactive
@codecov
Copy link

codecov bot commented Jul 14, 2022
edited

Codecov Report

Merging #2054 (0429138) into main (f61ed37) will increase coverage by 2.62%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #2054      +/-   ##
==========================================
+ Coverage   50.56%   53.19%   +2.62%     
==========================================
  Files          87       87              
  Lines        7202     7202              
==========================================
+ Hits         3642     3831     +189     
+ Misses       3315     3119     -196     
- Partials      245      252       +7

@github-actions
Copy link

Integration tests success for
[0429138]
(https://github.com/ossf/scorecard/actions/runs/2668887827)

@naveensrinivasan naveensrinivasan merged commit 287ee7d into main Jul 14, 2022
@naveensrinivasan naveensrinivasan deleted the dependabot/github_actions/actions/dependency-review-action-2.0.4 branch July 14, 2022 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naveensrinivasan naveensrinivasan naveensrinivasan approved these changes

@azeemshaikh38 azeemshaikh38 Awaiting requested review from azeemshaikh38

@justaugustus justaugustus Awaiting requested review from justaugustus

@laurentsimon laurentsimon Awaiting requested review from laurentsimon

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@naveensrinivasan