4.1.2

What's Changed

• Expose dependency comment content by @jsoref in #696

Full Changelog: v4.1.1...v4.1.2

4.1.1

What's Changed

• Bump undici to fix GHSA-wqq4-5wpv-mx2g
• Bump @types/node from 20.11.17 to 20.11.19 by @dependabot in #693

Full Changelog: v4.1.0...v4.1.1

4.1.0

What's Changed

• Add warn-only by @tgrall in #432

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

• Create stale.yaml by @jonjanego in #671
• Use manual codeql config by @juxtin in #678
• Multiple dependency updates (see the changelog below for more information)

New Contributors

• @jonjanego made their first contribution in #671
• @tgrall made their first contribution in #432

Full Changelog: v4...v4.1.0

v4.0.0

• Update action to Node 20 by @takost in #639
• Dependabot updates, see the full changelog for more details.

New Contributors

• @takost made their first contribution in #639

Full Changelog: v3.1.5...v4.0.0

3.1.5

What's Changed

• Smaller per_page when requesting diff by @hmaurer in #649
• Update dependencies:
  • Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in #630
  • Bump prettier from 3.0.3 to 3.1.0 by @dependabot in #629
  • Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in #637
  • Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in #636
  • Replace pip -> pypi in PURL examples by @febuiles in #638
  • Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in #644
  • Bump eslint from 8.53.0 to 8.56.0 by @dependabot in #640
  • Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in #645
  • Bump prettier from 3.1.0 to 3.1.1 by @dependabot in #646

Full Changelog: v3.1.4...v3.1.5

3.1.4

What's Changed

• Fixed a bug with severity filtering when using the allow_ghsas option: #623.

• Updates dependencies:

  • Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in #619
    action/pull/620
  • Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in #625
  • Bump typescript from 5.2.2 to 5.3.2 by @dependabot in #624

Full Changelog: v3...v3.1.4

3.1.3

What's Changed

• Fixes purl "version must be percent-encoded" by @theztefan in #617

Full Changelog: v3...v3.1.3

3.1.2

What's Changed

• Fix a regression for setups using self-hosted runners behind HTTP proxies:@febuiles in #611

Full Changelog: v3...v3.1.2

3.1.1

What's Changed

• Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: v3.1.0...v3.1.1

3.1.0

What's New

Added support for dependencies submitted through the dependency submission API. This includes two new configuration parameters: retry-on-snapshot-warnings and retry-on-snapshot-warnings-timeout.

What's Changed

• Fix(docs): Correct action input name by @oerd in #551

New Contributors

• @oerd made their first contribution in #551

Full Changelog: v3...v3.1.0