Component Detection dependency submission action
Version updated for https://github.com/advanced-security/component-detection-dependency-submission-action to version v0.1.1.
- This publisher is shown as ‘verified’ by GitHub.
- This action is used across all versions by 203 repositories.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Component Detection Dependency Submission GitHub Action automates the extraction and submission of project dependencies by leveraging the Microsoft Component Detection library. It uses static and dynamic scanning to generate a comprehensive dependency tree and uploads it to GitHub’s dependency graph via the dependency submission API. This enhances dependency tracking, improves the accuracy of Dependabot alerts, and supports additional ecosystems, streamlining dependency management for development teams.
Release notes
What’s Changed
- Update README to have latest version by @GeekMasher in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/131
- Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/141
- Bump js-yaml from 3.14.1 to 3.14.2 in /test in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/142
- Bump brace-expansion from 1.1.11 to 1.1.12 by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/140
- Unescape the locationsFoundAt paths by @lxop in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/137
- Bump the actions-dependencies group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/138
- Bump the npm-dependencies group across 1 directory with 13 updates by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/139
- Fix build failure from deprecated @types/glob package by @Copilot in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/149
- Bump the npm-dependencies group across 1 directory with 6 updates by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/148
- Bump tar from 6.2.1 to 7.5.3 in /test in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/150
- Bump tar from 7.5.2 to 7.5.3 by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/151
- Bump @babel/preset-env from 7.28.5 to 7.28.6 in the npm-dependencies group by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/153
- Bump the actions-dependencies group with 2 updates by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/152
- Bump tar from 7.5.3 to 7.5.4 by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/154
- Bump tar from 7.5.3 to 7.5.4 in /test in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/155
New Contributors
- @GeekMasher made their first contribution in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/131
- @lxop made their first contribution in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/137
- @Copilot made their first contribution in https://github.com/advanced-security/component-detection-dependency-submission-action/pull/149
Full Changelog: https://github.com/advanced-security/component-detection-dependency-submission-action/compare/v0.1.0...v0.1.1