#3392 PR merged: Bump redhat-plumbers-in-action/differential-shellcheck from 5.4.0 to 5.5.1

Labels: dependencies

dependabot opened issue at 2025-02-01 11:37:

Bumps redhat-plumbers-in-action/differential-shellcheck from 5.4.0 to 5.5.1.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v5.5.1

What's Changed

Bug Fixes

  • Include git-lfs in the image to avoid issues with projects using it

Maintenance

Full Changelog: https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/v5.5.0...v5.5.1

v5.5.0

What's Changed

New

  • Remove hardcoded github.com references in the code (#469) @​barzaka12
  • feat: fail when running in a shallow git repository :giraffe: (#468) @​jamacku
  • feat: Make SARIF file more compact to allow for more findings to be uploaded to GitHub :elephant: (#467) @​jamacku
  • Use Fedora 41 as base image & update ShellCheck to 0.10.0 (#466) @​jamacku

Maintenance

Dependency Updates

... (truncated)

Changelog

Sourced from redhat-plumbers-in-action/differential-shellcheck's changelog.

Changelog

Next release

v5.5.1

  • Include git-lfs in image to avoid issues with projects using it
  • Improve debugging of Differential ShellCheck

v5.5.0

  • Fail when running in a shallow git repository
  • Make SARIF file more compact to allow for more findings to be uploaded to GitHub
  • Improve debugging of Differential ShellCheck
  • Use Fedora 41 as base image & update ShellCheck to 0.10.0
  • Update csutils (csdiff) to 3.5.0

v5.4.0

  • Native support for merge_group trigger event

v5.3.1

  • Update csutils (csdiff) to 3.4.0
    • HTML output now uses HTML5 and CSS

v5.3.0

  • Add support for different display engines (csgrep, sarif-fmt)
  • Update csutils (csdiff) to 3.3.0
    • csdiff: match findings by line content without spaces if available
    • csgrep --hash-v1: match csdiff/v1 fingerprint prefix
    • sarif: initial implementation of csdiff/v1 fingerprints
    • sarif: add descriptions for ShellCheck rules

v5.2.0

  • Provide html output with detected defects
  • Allow specifying WORK_DIR for intermediate files
  • Update csutils (csdiff) to 3.2.2
    • propagate the imp flag as level in the SARIF format
    • propagate endLine/endColumn in the JSON and SARIF formats

v5.1.2

  • Fix curl Argument list too long by using a payload.json file - by @​mpoberezhniy
  • Container images now based on Fedora 40
  • Update csutils (csdiff) to 3.2.1

v5.1.0

... (truncated)

Commits
  • 5fa026e v5.5.1
  • 5be744b test: fix tests
  • 7aba0c1 build: include git-lfs in image
  • ca4bc89 debug: improve debugging of git issues
  • f7211b8 debug: improve debug of differential scanning issues
  • 24b2c11 v5.5.0
  • 1d0149d feat: improve debugging
  • 6327b37 Remove hardcoded github.com references in the code
  • 4c4dd5f feat: fail when running in a shallow git repository
  • 06c922a feat: Make SARIF file more compact to allow for more findings to be uploaded ...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Export of Github issue for rear/rear.]