2.1.0

This release includes a couple of new features (thanks @WillDaSilva and @tspascoal):

1. The Action now includes a summary of the vulnerabilities and licenses detected:

You can see a live example by visiting: https://github.com/future-funk/redesigned-custom-spood/actions/runs/2883016064

2. You can now use the Action in events different to pull_request. You just need to provide a head-sha and base-sha in your config file:

name: Dependency Review
  uses: actions/dependency-review-action@v2
  with:
    # You can pass any git refs here
    # base-ref: ${{ your_base_ref }}
    # head-ref: ${{ your_head_ref }}

2.0.4

The previous release did not include the right package.json, no major changes.

2.0.3

• Fixed a bug where removed changes were being inspected and reported as vulnerable (#155, thanks @kachick!)

2.0.2

• Fixes a small formatting error in the output of unknown licenses.

2.0.1

• Fixed a bug where null licenses would not show up in successful Action runs.

2.0.0

Major version update! We are introducing a few configuration options to make the action more useful in a broader set of scenarios:

• fail-on-severity: Specify the minimum security vulnerability threshold before failing workflow runs.
• allow-licenses: An allowlist for dependency licenses.
• deny-licenses: A blocklist for dependency licenses.

You can read more about these options in the "Configuration" section of the README.

1.0.2

• Clarify error messages for private repos
• Update NPM dependencies.

v1

First release of the Dependency Review Action.

v1.0.1

We're starting to use semantic versioning for our project.