v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in #​1634
• Prepare release 4.2.4 by @​Link- in #​1636

New Contributors

• @​nebuk89 made their first contribution in #​1620

Full Changelog: actions/cache@v4...v4.2.4

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in https://github.com/actions/checkout/pull/1971
• Add internal repos for checking out multiple repositories by @​mouismail in https://github.com/actions/checkout/pull/1977
• Documentation update - add recommended permissions to Readme by @​benwells in https://github.com/actions/checkout/pull/2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in https://github.com/actions/checkout/pull/2044
• Update README.md by @​nebuk89 in https://github.com/actions/checkout/pull/2194
• Update CODEOWNERS for actions by @​TingluoHuang in https://github.com/actions/checkout/pull/2224
• Update package dependencies by @​salmanmkc in https://github.com/actions/checkout/pull/2236
• Prepare release v4.3.0 by @​salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

• @​motss made their first contribution in https://github.com/actions/checkout/pull/1971
• @​mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
• @​benwells made their first contribution in https://github.com/actions/checkout/pull/2043
• @​nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
• @​salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

v2.1.4

Compare Source

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#​257) (bef1eaf)

v2.1.3

Compare Source

Bug Fixes

• deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#​256) (5d7307b)

v2.1.1

Compare Source

Bug Fixes

• revert "use node24 as runner" (#​278) (5204204), closes actions/create-github-app-token#267

v2.1.0

Compare Source

Features

• use node24 as runner (#​267) (a1cbe0f)

v7.1.0

Compare Source

What's Changed

• Upgrade husky to v9 by @​benelan in #​482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​485
• Upgrade IA Publish by @​Jcambass in #​486
• Fix workflow status badges by @​joshmgross in #​497
• Update usage of actions/upload-artifact by @​joshmgross in #​512
• Clear up package name confusion by @​joshmgross in #​514
• Update dependencies with npm audit fix by @​joshmgross in #​515
• Specify that the used script is JavaScript by @​timotk in #​478
• chore: Add Dependabot for NPM and Actions by @​nschonni in #​472
• Define permissions in workflows and update actions by @​joshmgross in #​531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in #​532
• chore: Remove .vscode settings by @​nschonni in #​533
• ci: Use github/setup-licensed by @​nschonni in #​473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in #​508
• Remove octokit README updates for v7 by @​joshmgross in #​557
• docs: add "exec" usage examples by @​neilime in #​546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in #​563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in #​575
• Clearly document passing inputs to the script by @​joshmgross in #​603
• Update README.md by @​nebuk89 in #​610

New Contributors

• @​benelan made their first contribution in #​482
• @​Jcambass made their first contribution in #​485
• @​timotk made their first contribution in #​478
• @​iamstarkov made their first contribution in #​508
• @​neilime made their first contribution in #​546
• @​nebuk89 made their first contribution in #​610

Full Changelog: actions/github-script@v7...v7.1.0

v3.6.0

Compare Source

• Add registry-auth input for raw authentication to registries by @​crazy-max in #​887
• Bump @​aws-sdk/client-ecr to 3.890.0 in #​882 #​890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in #​882 #​890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​883
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​880
• Bump undici from 5.28.4 to 5.29.0 in #​879
• Bump tmp from 0.2.3 to 0.2.4 in #​881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Compare Source

• Support dual-stack endpoints for AWS ECR by @​Spacefish @​crazy-max in #​874 #​876
• Bump @​aws-sdk/client-ecr to 3.859.0 in #​860 #​878
• Bump @​aws-sdk/client-ecr-public to 3.859.0 in #​860 #​878
• Bump @​docker/actions-toolkit from 0.57.0 to 0.62.1 in #​870
• Bump form-data from 2.5.1 to 2.5.5 in #​875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v2.2.3

Compare Source

What's Changed

• chore(deps): update workflows by @​renovate-bot in #​86
• chore(deps): update workflows to v5 (major) by @​renovate-bot in #​87
• Update to v2.2.3 by @​jess-lowe in #​101

Full Changelog: google/osv-scanner-action@v2.2.2...v2.2.3

v2.2.2

Compare Source

This updates OSV-Scanner to v2.2.2.

What's Changed

• docs: Update Automatic install instructions by @​another-rex in #​94
• Update to v2.2.2 by @​cuixq in #​95

Full Changelog: google/osv-scanner-action@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:

• Feature #​2146 Allow manual OSV-Scalibr plugin selection.
• Feature #​2144 Add OSV-Scalibr version to osv-scanner --version output.
• Feature #​2021 Add experimental support for running OSV-Scalibr detectors.
• Feature #​2079 Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
• Feature #​2032 Add summary section at the top of outputs and a 'Fixed Version' column.
• Feature #​2076 Support Ubuntu severity type.

Fixes:

• Bug #​2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
• Bug #​2084 Show absolute paths when scanning containers.
• Bug #​2126 Log and preserve package count before continuing on db error.
• Bug #​2095 Pass through plugin capabilities correctly.
• Bug #​2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
• Bug #​2072 Add missing "text" property in description fields.
• Bug #​2068 Change links in output to go to the specific vulnerability page instead of the list page.
• Bug #​2064 Fix SARIF v3 output to include results.
• Bug #​2151 Filter by ecosystem before querying.

API Changes:

• API Change #​2096 Allow log handler to be overridden.

[!WARNING]
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.

v2.1.0

Compare Source

What's Changed

• chore(deps): update github/codeql-action action to v3.29.0 by @​renovate-bot in #​76
• Update to v2.1.0 by @​michaelkedar in #​81

Full Changelog: google/osv-scanner-action@v2.0.3...v2.1.0

v2.0.3

Compare Source

Update to use osv-scanner v2.0.3

Notable changes:

• There's now a flag --allow-no-lockfiles you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.
• We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)

v0.9.0

Compare Source

• #​92: [pre-commit.ci] pre-commit autoupdate
• #​100: Update README.md - update checkout versions
• #​106: Fix the actions enclosed in quotes are not updated
• #​115: Base on 3.12-slim-bullseye
• #​116: Update changelog-ci version

v2.4.1

Compare Source

What's Changed

Other Changes 🔄

• fix(util): support brace expansion globs containing commas in parseInputFiles by @​Copilot in #​672
• fix: gracefully fallback to body when body_path cannot be read by @​Copilot in #​671

Full Changelog: softprops/action-gh-release@v2...v2.4.1

v2.4.0

Compare Source

What's Changed

Exciting New Features 🎉

• feat(action): respect working_directory for files globs by @​stephenway in #​667

Other Changes 🔄

• chore(deps): bump the npm group with 2 updates by @​dependabot[bot] in #​668

Full Changelog: softprops/action-gh-release@v2.3.4...v2.4.0

v2.3.4

Compare Source

What's Changed

Bug fixes 🐛

• fix(action): handle 422 already_exists race condition by @​stephenway in #​665

Other Changes 🔄

• chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 in the github-actions group by @​dependabot[bot] in #​656
• chore(deps): bump @​types/node from 20.19.11 to 20.19.13 in the npm group by @​dependabot[bot] in #​655
• chore(deps): bump vite from 7.0.0 to 7.1.5 by @​dependabot[bot] in #​657
• chore(deps): bump the npm group across 1 directory with 2 updates by @​dependabot[bot] in #​662
• chore(deps): bump the npm group with 3 updates by @​dependabot[bot] in #​666

Full Changelog: softprops/action-gh-release@v2...v2.3.4

v2.3.3

Compare Source

What's Changed

Exciting New Features 🎉

• feat: add input option overwrite_files by @​asfernandes in #​343

Other Changes 🔄

• dependency updates

New Contributors

• @​asfernandes made their first contribution in #​343

Full Changelog: softprops/action-gh-release@v2...v2.3.3

v2.3.2

Compare Source

• fix: revert fs readableWebStream change

v2.3.1

Compare Source

What's Changed

Bug fixes 🐛

• fix: fix file closing issue by @​WailGree in #​629

New Contributors

• @​WailGree made their first contribution in #​629

Full Changelog: softprops/action-gh-release@v2.3.0...v2.3.1

v2.3.0

Compare Source

• Migrate from jest to vitest
• Replace mime with mime-types
• Bump to use node 24
• Dependency updates

Full Changelog: softprops/action-gh-release@v2.2.2...v2.3.0