Example Dependency Submission Action
Version updated for https://github.com/github/dependency-submission-toolkit to version v2.0.6.
This publisher is shown as ‘verified’ by GitHub.
This action is used across all versions by 110 repositories.
Action Type
This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Dependency Submission Toolkit is a TypeScript library designed to help developers create and submit dependency snapshots to GitHub’s Dependency Submission API. This action automates the process of generating structured dependency data, including metadata, and integrates it into a repository’s dependency graph for enhanced supply chain security and visibility. It streamlines dependency tracking by enabling developers to define dependencies programmatically and submit comprehensive snapshots for use in security and management workflows.
What’s Changed
What’s Changed
- Add id to submitSnapshot success response by @gitulisca in https://github.com/github/dependency-submission-toolkit/pull/117
- Bump vite from 5.4.14 to 6.2.5 in the npm_and_yarn group by @dependabot[bot] in https://github.com/github/dependency-submission-toolkit/pull/118
- Bump vitest from 3.0.8 to 3.1.2 by @dependabot[bot] in https://github.com/github/dependency-submission-toolkit/pull/121
- Update exec_sponsor from nerdneha to aaroncathcart by @jovel in https://github.com/github/dependency-submission-toolkit/pull/141
- Add actions to CodeQL analysis languages by @AshelyTC in https://github.com/github/dependency-submission-toolkit/pull/147
- Add permissions to publish.yml and test.yml by @AshelyTC in https://github.com/github/dependency-submission-toolkit/pull/150
- Upgrade Undici to 5.29.0 by @AshelyTC in https://github.com/github/dependency-submission-toolkit/pull/152
- Bump github/codeql-action from 3 to 4 by @dependabot[bot] in https://github.com/github/dependency-submission-toolkit/pull/164
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in https://github.com/github/dependency-submission-toolkit/pull/145
- Remove ownership.yaml (moved to central directory) by @github-service-catalog[bot] in https://github.com/github/dependency-submission-toolkit/pull/171
- Upgrade glob and vite dependencies manually by @brrygrdn in https://github.com/github/dependency-submission-toolkit/pull/172
- Bump actions/setup-node from 4 to 6 by @dependabot[bot] in https://github.com/github/dependency-submission-toolkit/pull/167
- Upgrade dependencies to clear security alerts by @ljones140 in https://github.com/github/dependency-submission-toolkit/pull/179
New Contributors
- @gitulisca made their first contribution in https://github.com/github/dependency-submission-toolkit/pull/117
- @jovel made their first contribution in https://github.com/github/dependency-submission-toolkit/pull/141
- @AshelyTC made their first contribution in https://github.com/github/dependency-submission-toolkit/pull/147
- @github-service-catalog[bot] made their first contribution in https://github.com/github/dependency-submission-toolkit/pull/171
- @brrygrdn made their first contribution in https://github.com/github/dependency-submission-toolkit/pull/172
Full Changelog: https://github.com/github/dependency-submission-toolkit/compare/v2.0.5...v2.0.6