chore(deps): bump actions/dependency-review-action from 2.1.0 to 2.4.0#8168
Conversation
✅ [V2]
To edit notification comments on pull requests, go to your Netlify site settings. |
|
@dependabot rebase |
|
Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
|
@dependabot recreate |
|
Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use |
|
@dependabot reopen |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
|
Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use |
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.1.0 to 2.4.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@23d1fff...375c537) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
9e0b645 to
9848962
Compare
⚡️ Lighthouse report for the deploy preview of this PR
|
Bumps actions/dependency-review-action from 2.1.0 to 2.4.0.
Release notes
Sourced from actions/dependency-review-action's releases.
Commits
375c537Updating to 2.4.098f28ebMerge pull request #251 from actions/sarahkemi/ghsa-allowlist716b322add allow-ghsas input to action.yml12ae1bdUpdate wording in README.mdbcb5263build and package allow-ghsas241ff73add doc on allow-ghsas to readme062b749revise ghsa filter4f00b72filter allowed ghsas in action flow602f968create a filter for vulns that are on the allowlistbd61ea0create config option for ghsa allowlistDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)