Skip to content

Feat: Add Patched Version to Vulnerabilities summary #1045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ahpook merged 8 commits into from
Feb 27, 2026
+2,097 −252
Merged

Feat: Add Patched Version to Vulnerabilities summary #1045

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2af9bac
Add patched version column to vulnerability summary with multi-range …
Copilot Feb 6, 2026
ee66ea1
Implement review fixes: semver library, scoping, case-insensitive mat…
Copilot Feb 8, 2026
539c79b
Implement review feedback: concurrency limiting, semver coercion, log…
Copilot Feb 9, 2026
a6c34d8
Address review feedback: deterministic tests, cached normalization, s…
Copilot Feb 18, 2026
e404798
Merge upstream actions/dependency-review-action main
felickz Feb 27, 2026
aa60746
Add 'show-patched-versions' option to configuration and update summar…
felickz Feb 27, 2026
0e129e1
Prettier - Refactor summary table rendering for improved readability
felickz Feb 27, 2026
e8c2f9a
fix: remove inferrable type annotation to pass eslint
felickz Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
- [Overview](#overview)
- [Viewing the results](#viewing-the-results)
- [Installation](#installation)
- [Installation (standard)](#installation-standard)
- [Installation (GitHub Enterprise Server)](#installation-github-enterprise-server)
- [Installation (standard)](#installation-standard)
- [Installation (GitHub Enterprise Server)](#installation-github-enterprise-server)
- [Configuration](#configuration)
- [Configuration options](#configuration-options)
- [Configuration methods](#configuration-methods)
Expand Down Expand Up @@ -130,6 +130,7 @@ All configuration options are optional.
| `warn-only`+ | When set to `true`, the action will log all vulnerabilities as warnings regardless of the severity, and the action will complete with a `success` status. This overrides the `fail-on-severity` option. | `true`, `false` | `false` |
| `show-openssf-scorecard` | When set to `true`, the action will output information about all the known OpenSSF Scorecard scores for the dependencies changed in this pull request. | `true`, `false` | `true` |
| `warn-on-openssf-scorecard-level` | When `show-openssf-scorecard-levels` is set to `true`, this option lets you configure the threshold for when a score is considered too low and gets a :warning: warning in the CI. | Any positive integer | 3 |
| `show-patched-versions`\* | When set to `true`, the vulnerability summary table will include an additional column showing the first patched version for each vulnerability. This requires additional API calls to fetch advisory data. | `true`, `false` | `false` |

> [!NOTE]
>
Expand Down Expand Up @@ -215,6 +216,7 @@ You can use an external configuration file to specify settings for this action.

3. Create the configuration file in the path you specified for `config-file`.
4. In the configuration file, specify your chosen settings.

```yaml
fail-on-severity: 'critical'
allow-licenses:
Expand Down
Loading
Loading