Sourced from dependabot/fetch-metadata's releases.

v1.3.5

What's Changed

• v1.3.4 Release Notes by @​Nishnha in dependabot/fetch-metadata#267
• docs: fix auto-merge example by @​rribeiro1 in dependabot/fetch-metadata#250
• Bump @​types/node from 18.7.18 to 18.11.9 by @​dependabot in dependabot/fetch-metadata#275
• Fix object-shorthand linter warnings by @​mattt in dependabot/fetch-metadata#276
• Bump @​actions/core from 1.9.1 to 1.10.0 by @​dependabot in dependabot/fetch-metadata#272
• Bump @​typescript-eslint/eslint-plugin from 5.38.0 to 5.42.0 by @​dependabot in dependabot/fetch-metadata#274
• Bump @​actions/github from 5.0.3 to 5.1.1 by @​dependabot in dependabot/fetch-metadata#271
• Bump yargs and @​types/yargs by @​dependabot in dependabot/fetch-metadata#273
• Document steps for cutting a new release by @​jeffwidman in dependabot/fetch-metadata#252
• Don't bump pin versions in README.md by @​jeffwidman in dependabot/fetch-metadata#280

New Contributors

• @​Nishnha made their first contribution in dependabot/fetch-metadata#267
• @​rribeiro1 made their first contribution in dependabot/fetch-metadata#250

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1...v1.3.5

• 5ef0018 Merge pull request #282 from dependabot/v1.3.5-release-notes
• a9380d2 v1.3.5
• 404ba25 Merge pull request #280 from dependabot/drop-readme-from-bump-script
• f40d4c7 Don't bump pin versions in README.md
• 7db64c3 Merge pull request #252 from dependabot/document-release-steps
• daa85e7 Add mention of npm run build if dev deps need updating.
• b768c40 Document steps for cutting a new release
• 9833f74 Merge pull request #273 from dependabot/dependabot/npm_and_yarn/yargs-and-typ...
• 32b7ed3 Bump yargs and @​types/yargs
• 7942397 Merge pull request #271 from dependabot/dependabot/npm_and_yarn/actions/githu...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.3.4

What's Changed

• Pin only to major version, not full patch version by @​jeffwidman in dependabot/fetch-metadata#246
• Fix broken logo on readme by @​jeffwidman in dependabot/fetch-metadata#253
• Bump action to use node16 by @​quinnjn in dependabot/fetch-metadata#251
• Bump @​typescript-eslint/eslint-plugin from 5.20.0 to 5.38.0 by @​dependabot in dependabot/fetch-metadata#256
• Bump @​actions/core from 1.6.0 to 1.9.1 by @​dependabot in dependabot/fetch-metadata#242
• Bump eslint-config-standard from 16.0.3 to 17.0.0 by @​dependabot in dependabot/fetch-metadata#214
• Bump @​types/node from 17.0.25 to 18.7.18 by @​dependabot in dependabot/fetch-metadata#255
• Bump @​typescript-eslint/parser from 5.20.0 to 5.38.0 by @​dependabot in dependabot/fetch-metadata#254
• Bump eslint from 8.13.0 to 8.23.1 by @​dependabot in dependabot/fetch-metadata#259
• Bump nock from 13.2.4 to 13.2.9 by @​dependabot in dependabot/fetch-metadata#260
• Bump yargs and @​types/yargs by @​dependabot in dependabot/fetch-metadata#261
• Bump eslint-plugin-promise from 6.0.0 to 6.0.1 by @​dependabot in dependabot/fetch-metadata#263
• Bump dotenv from 16.0.0 to 16.0.2 by @​dependabot in dependabot/fetch-metadata#262
• Bump @​vercel/ncc from 0.33.4 to 0.34.0 by @​dependabot in dependabot/fetch-metadata#264
• Bump @​actions/github from 5.0.1 to 5.0.3 by @​dependabot in dependabot/fetch-metadata#265
• Bump ts-node from 10.7.0 to 10.9.1 by @​dependabot in dependabot/fetch-metadata#266
• Bump typescript from 4.6.3 to 4.8.3 by @​dependabot in dependabot/fetch-metadata#257
• Bump yaml from 2.0.1 to 2.1.1 by @​dependabot in dependabot/fetch-metadata#258

New Contributors

• @​jeffwidman made their first contribution in dependabot/fetch-metadata#246
• @​quinnjn made their first contribution in dependabot/fetch-metadata#251

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.3...v1.3.4

• bfc19f4 v1.3.4
• 4367f58 Merge pull request #258 from dependabot/dependabot/npm_and_yarn/yaml-2.1.1
• 00ab600 Manually bump dist/
• bdbe81d Bump yaml from 2.0.1 to 2.1.1
• 5fc325a Merge pull request #257 from dependabot/dependabot/npm_and_yarn/typescript-4.8.3
• c91309c Bump typescript from 4.6.3 to 4.8.3
• 264d039 Merge pull request #266 from dependabot/dependabot/npm_and_yarn/ts-node-10.9.1
• d1cd6ed Bump ts-node from 10.7.0 to 10.9.1
• e3cb77e Merge pull request #265 from dependabot/dependabot/npm_and_yarn/actions/githu...
• e462341 [dependabot skip] Update dist/ with build changes
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.3.3

What's Changed

• action.yaml: fix skip-commit-verification quoting by @​jsok in dependabot/fetch-metadata#232

New Contributors

• @​jsok made their first contribution in dependabot/fetch-metadata#232

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.2...v1.3.3

v1.3.2

What's Changed

• Update CODEOWNERS by @​mattt in dependabot/fetch-metadata#211
• Add 'skip-commit-verification' as an input for GitHub Enterprise Server users by @​brrygrdn in dependabot/fetch-metadata#225

New Contributors

• @​mattt made their first contribution in dependabot/fetch-metadata#211

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.1...v1.3.2

• 605e039 Merge pull request #233 from dependabot/v1.3.3-release-notes
• e0f3842 v1.3.3
• ac6adf8 Merge pull request #232 from jsok/patch-1
• 15259f7 action.yaml: fix skip-commit-verification quoting
• 90ed90d Merge pull request #226 from dependabot/v1.3.2-release-notes
• 28b141f v1.3.2
• cfb7274 Merge pull request #225 from dependabot/brrygrdn/skip-commit-verification
• 6c87543 Bump dist/
• d882a80 Update documentation
• b1673a7 Add skip-commit-verification input
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.3.1

Highlights

This release is primarily catching up on our dependencies, but it also includes a few bug fixes:

• Correctly populate Dependabot Alert metadata when a manifest is located in the project root, thanks @​SalimBensiali
• Add a workaround for a dependabot-core bug that causes the update-type to be blank occasionally, thanks @​mwaddell

What's Changed

• If the update-type is missing for some reason, calculate it by @​mwaddell in dependabot/fetch-metadata#173
• Updated readme to explain when you need to use a PAT by @​mwaddell in dependabot/fetch-metadata#183
• Updated auto approve example to minimizing notifications by @​mwaddell in dependabot/fetch-metadata#188
• Bump @​types/node from 17.0.19 to 17.0.23 by @​dependabot in dependabot/fetch-metadata#191
• Bump @​types/jest from 27.4.0 to 27.4.1 by @​dependabot in dependabot/fetch-metadata#168
• Fix incorrect vulnerable manifest path check by @​SalimBensiali in dependabot/fetch-metadata#186
• Bump @​types/yargs from 17.0.8 to 17.0.10 by @​dependabot in dependabot/fetch-metadata#181
• Bump @​typescript-eslint/parser from 5.12.1 to 5.17.0 by @​dependabot in dependabot/fetch-metadata#194
• Bump eslint from 8.9.0 to 8.12.0 by @​dependabot in dependabot/fetch-metadata#190
• Bump ts-node from 10.5.0 to 10.7.0 by @​dependabot in dependabot/fetch-metadata#196
• Bump eslint from 8.12.0 to 8.13.0 by @​dependabot in dependabot/fetch-metadata#198
• Bump typescript from 4.5.5 to 4.6.3 by @​dependabot in dependabot/fetch-metadata#193
• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in dependabot/fetch-metadata#204
• Bump yargs from 17.3.1 to 17.4.1 by @​dependabot in dependabot/fetch-metadata#199
• Bump @​typescript-eslint/parser from 5.17.0 to 5.20.0 by @​dependabot in dependabot/fetch-metadata#202
• Bump @​typescript-eslint/eslint-plugin from 5.12.1 to 5.20.0 by @​dependabot in dependabot/fetch-metadata#203
• Dependabot updates run monthly and attempt to auto-compile dist/ by @​brrygrdn in dependabot/fetch-metadata#205
• Bump @​actions/github from 5.0.0 to 5.0.1 by @​dependabot in dependabot/fetch-metadata#197
• Bump eslint-plugin-import from 2.25.4 to 2.26.0 by @​dependabot in dependabot/fetch-metadata#207
• Bump @​types/node from 17.0.23 to 17.0.25 by @​dependabot in dependabot/fetch-metadata#208
• Bump @​vercel/ncc from 0.33.3 to 0.33.4 by @​dependabot in dependabot/fetch-metadata#209
• Bump yaml from 1.10.2 to 2.0.1 by @​dependabot in dependabot/fetch-metadata#206

New Contributors

• @​SalimBensiali made their first contribution in dependabot/fetch-metadata#186

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1

• bfac3fa Merge pull request #210 from dependabot/v1.3.1-release-notes
• 80173ff Small correction to bump-version script
• 525fbe9 v1.3.1
• 58f09fc Merge pull request #206 from dependabot/dependabot/npm_and_yarn/yaml-2.0.1
• b1d2cf8 Bump dist/
• 70c6c9e Bump yaml from 1.10.2 to 2.0.1
• 7b49493 Merge pull request #209 from dependabot/dependabot/npm_and_yarn/vercel/ncc-0....
• 13f5830 Bump @​vercel/ncc from 0.33.3 to 0.33.4
• 59ab888 Merge pull request #208 from dependabot/dependabot/npm_and_yarn/types/node-17...
• aad4446 Bump @​types/node from 17.0.23 to 17.0.25
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.3.0 - Fetch additional metadata via the GitHub API

Highlights

🆕 Fetch additional metadata about Dependabot commits

You can now optionally enable API lookups within the Action to retrieve extra information about Dependabot PRs.

Example:

-- .github/workflows/dependabot-prs.yml
name: Dependabot Pull Request
on: pull_request_target
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Fetch Dependabot metadata
      id: dependabot-metadata
      uses: dependabot/[email protected]
      with:
        alert-lookup: true
        compat-lookup: true

The flags enable the following new outputs:

• steps.dependabot-metadata.outputs.alert-state
  • If this PR is associated with a security alert and alert-lookup is true, this contains the current state of that alert (OPEN, FIXED or DISMISSED).
• steps.dependabot-metadata.outputs.ghsa-id
  • If this PR is associated with a security alert and alert-lookup is true, this contains the GHSA-ID of that alert.
• steps.dependabot-metadata.outputs.cvss
  • If this PR is associated with a security alert and alert-lookup is true, this contains the CVSS value of that alert (otherwise it contains 0).
• steps.dependabot-metadata.outputs.compatibility-score
  • If this PR has a known compatibility score and compat-lookup is true, this contains the compatibility score (otherwise it contains 0).

Many thanks to @​mwaddell for contributing these additional flags 🥇

The Action no longer fails if other commits are present

We received feedback at this change was highly obtrusive and blocking common workflows that merging in the target branch. Following on from changes in 1.2.1 to make it easier for a user to re-run failed workflows this friction was much more obvious.

Thanks for the feedback, and thanks @​mwaddell for contributing the change.

The Action defaults to using the GITHUB_TOKEN

This makes us consistent with other GitHub Actions such as actions/checkout in using the baseline token provided to the workflow. Since the Action doesn't have any features which require write scopes this defaulting is adequate for all use cases.

Thanks @​jablko for contributing this change 🏆

What's Changed

• Flag security alerts and pass versions through by @​mwaddell in dependabot/fetch-metadata#144

... (truncated)

• a96c30f Merge pull request #170 from dependabot/v1.3.0-release-notes
• 11d3bb7 v1.3.0
• 0ca01a5 Merge pull request #146 from pangaeatech/get_compat_score
• f4b2d0d Merge pull request #83 from jablko/patch-1
• 26e18ca Merge branch 'main' into patch-1
• a30bbbb Merge pull request #166 from pangaeatech/allow-other-commits
• 9a3daaf linting
• 4a87565 Allow fetch-metadata to run on a PR even if it has additional commits, as lon...
• 749688a Merge pull request #165 from pangaeatech/update_readme
• 592101e Updated README to reference correct version
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.2.1 - Workflows may be re-ran by someone other than Dependabot

Highlights:

• Check the PR author instead of the Action Actor so failed fetch-metadata workflows can be retried, thanks @​mwaddell!
• Catch up on our dependency updates 😅

What's Changed

• Check PR Author instead of Action Actor by @​mwaddell in dependabot/fetch-metadata#137
• Updated README to list supported dependency-type values by @​mwaddell in dependabot/fetch-metadata#145
• Bump yargs from 17.0.1 to 17.3.1 by @​dependabot in dependabot/fetch-metadata#126
• Bump eslint-plugin-import from 2.23.4 to 2.25.4 by @​dependabot in dependabot/fetch-metadata#129
• Bump ts-node from 10.1.0 to 10.5.0 by @​dependabot in dependabot/fetch-metadata#142
• Bump @​types/node from 16.4.10 to 17.0.19 by @​dependabot in dependabot/fetch-metadata#147
• Bump @​typescript-eslint/parser from 4.29.0 to 4.33.0 by @​dependabot in dependabot/fetch-metadata#149
• Bump @​types/jest from 26.0.24 to 27.4.0 by @​dependabot in dependabot/fetch-metadata#151
• Bump @​vercel/ncc from 0.29.0 to 0.33.3 by @​dependabot in dependabot/fetch-metadata#148
• Bump @​typescript-eslint/eslint-plugin from 4.29.0 to 4.33.0 by @​dependabot in dependabot/fetch-metadata#152
• Bump @​types/yargs from 17.0.2 to 17.0.8 by @​dependabot in dependabot/fetch-metadata#153
• Bump nock from 13.1.1 to 13.2.4 by @​dependabot in dependabot/fetch-metadata#154
• Bump tmpl from 1.0.4 to 1.0.5 by @​dependabot in dependabot/fetch-metadata#160
• Bump node-fetch from 2.6.1 to 2.6.7 by @​dependabot in dependabot/fetch-metadata#159
• Bump eslint-plugin-promise from 5.1.0 to 6.0.0 by @​dependabot in dependabot/fetch-metadata#158
• Bump dotenv from 10.0.0 to 16.0.0 by @​dependabot in dependabot/fetch-metadata#156
• Bump @​actions/core from 1.4.0 to 1.6.0 by @​dependabot in dependabot/fetch-metadata#155
• Bump typescript from 4.3.5 to 4.5.5 by @​dependabot in dependabot/fetch-metadata#157
• Bump eslint from 7.32.0 to 8.9.0 by @​dependabot in dependabot/fetch-metadata#150

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.2.0...v1.2.1

• 2354b3f Merge pull request #161 from dependabot/v1.2.1-release-notes
• 8e0cbe5 Merge pull request #162 from dependabot/brrygrdn/automerge-as-someone-else
• cf742d5 Add a bump-version script
• 3b13269 v1.2.1
• 320b24c Merge pull request #150 from dependabot/dependabot/npm_and_yarn/eslint-8.9.0
• c80fdd5 Update eslint typescript extensions
• 62295ac Execute automerges using a PAT
• 6f13a25 Merge pull request #157 from dependabot/dependabot/npm_and_yarn/typescript-4.5.5
• 91c778d Fix new Typescript rules
• 594834d Bump typescript from 4.3.5 to 4.5.5
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from dependabot/fetch-metadata's releases.

v1.2.0 - Updated outputs

What's Changed

• Prefer node 16.x by @​brrygrdn in dependabot/fetch-metadata#70
• Add a code of conduct by @​brrygrdn in dependabot/fetch-metadata#99
• Add directory, package-ecosystem, and target-branch as outputs by @​mwaddell in dependabot/fetch-metadata#139

All other changes are dev or build related.

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.1.1...v1.2.0

• 37d2f78 Merge pull request #140 from pangaeatech/fix_name
• 7bf7b54 rebuilding index.js
• ffbb37f renaming target_branch to target-branch
• 9fd8ff4 Merge pull request #139 from pangaeatech/add_outputs
• aa297d4 linting
• ca81f58 have to make a call-out to get the details of the PR
• 7b566f4 linting
• 74c5483 Using branchNames per @​Nishnha's suggestion
• 9967bee fixing comment style
• 4d237c6 Update src/dependabot/update_metadata.ts
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's releases.

v3.0.0

• Update default runtime to node16

v2.4.0

• Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

• Add missing awaits
• Swap to Environment Files

v2.3.3

• Remove Unneeded commit information from build logs
• Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

Sourced from actions/checkout's changelog.

Changelog

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

• a12a394 update readme for v3 (#708)
• 8f9e05e Update to node 16 (#689)
• 230611d Change secret name for PAT to not start with GITHUB_ (#623)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)