Skip to content

chore(deps): bump actions/dependency-review-action from 2.0.4 to 2.1.0#7988

Merged
Josh-Cena merged 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-2.1.0
Aug 22, 2022
Merged

chore(deps): bump actions/dependency-review-action from 2.0.4 to 2.1.0#7988
Josh-Cena merged 1 commit into
mainfrom
dependabot/github_actions/actions/dependency-review-action-2.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Aug 22, 2022

Copy link
Copy Markdown
Contributor

Bumps actions/dependency-review-action from 2.0.4 to 2.1.0.

Release notes

Sourced from actions/dependency-review-action's releases.

2.1.0

This release includes a couple of new features (thanks @​WillDaSilva and @​tspascoal):

  1. The Action now includes a summary of the vulnerabilities and licenses detected:

You can see a live example by visiting: https://github.com/future-funk/redesigned-custom-spood/actions/runs/2883016064

  1. You can now use the Action in events different to pull_request. You just need to provide a head-sha and base-sha in your config file:
name: Dependency Review
  uses: actions/dependency-review-action@v2
  with:
    # You can pass any git refs here
    # base-ref: ${{ your_base_ref }}
    # head-ref: ${{ your_head_ref }}
Commits
  • 23d1fff Bumping to 2.1.0.
  • d792f3e Add a reminder to update the version number in package.json
  • 5da7945 Fixing lint/dist.
  • a8e7c37 Merge pull request #181 from tspascoal/add-summary
  • 0e0d6ec Merge branch 'main' into add-summary
  • 9f2f2d8 Merge pull request #200 from actions/willdasilva-fork
  • d201842 Clean up mock data setup.
  • 54af7c7 Merge branch 'main' into WillDaSilva-main.
  • f2e57a1 Merge pull request #196 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • fb59017 Bump @​typescript-eslint/eslint-plugin from 5.33.0 to 5.33.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@94145f3...23d1fff)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the pr: dependencies Pull requests that update a dependency file label Aug 22, 2022
@facebook-github-bot facebook-github-bot added the CLA Signed Signed Facebook CLA label Aug 22, 2022
@netlify

netlify Bot commented Aug 22, 2022

Copy link
Copy Markdown

[V2]

Name Link
🔨 Latest commit 6e35578
🔍 Latest deploy log https://app.netlify.com/sites/docusaurus-2/deploys/6303e474f32c7d0008a4a654
😎 Deploy Preview https://deploy-preview-7988--docusaurus-2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@github-actions

Copy link
Copy Markdown

⚡️ Lighthouse report for the deploy preview of this PR

URL Performance Accessibility Best Practices SEO PWA Report
/ 🟠 83 🟢 98 🟢 100 🟢 100 🟠 80 Report
/docs/installation 🟠 78 🟢 100 🟢 100 🟢 100 🟢 90 Report

@Josh-Cena Josh-Cena merged commit bd9f29a into main Aug 22, 2022
@Josh-Cena Josh-Cena deleted the dependabot/github_actions/actions/dependency-review-action-2.1.0 branch August 22, 2022 20:22
This was referenced Oct 19, 2023
mrizwanashiq pushed a commit to mrizwanashiq/docusaurus that referenced this pull request Jun 25, 2026
facebook#7988)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.0.4 to 2.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@94145f3...23d1fff)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed Signed Facebook CLA pr: dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants