Bump actions/dependency-review-action from 3.1.5 to 4.8.3#1877
Merged
SharonHart merged 2 commits intomainfrom Feb 24, 2026
Merged
Conversation
dependabot
bot
added
dependencies
Coverage report (presidio-anonymizer)
This PR does not seem to contain any modification to coverable code. |
Coverage report (presidio-structured)
This PR does not seem to contain any modification to coverable code. |
Coverage report (presidio-cli)
This PR does not seem to contain any modification to coverable code. |
Coverage report (presidio-image-redactor)
This PR does not seem to contain any modification to coverable code. |
Coverage report (presidio-analyzer)
This PR does not seem to contain any modification to coverable code. |
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c74b580...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/dependency-review-action-4.8.3
branch
from
5f6cb47 to
d887367
Compare
…-review-action-4.8.3
SharonHart
approved these changes
Feb 24, 2026
SharonHart
deleted the
dependabot/github_actions/actions/dependency-review-action-4.8.3
branch
AyushAggarwal1
added a commit
to AyushAggarwal1/presidio
that referenced
this pull request
Mar 2, 2026
* Samples: add telemetry redaction sample (microsoft#1824) * Samples: add otel redaction sample * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * sample-otel-redaction - fix pii dashboard query (re-commit) --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Feat: add class_name to allow multiple recognizers from same class (microsoft#1819) * fix: Rename method to get_recognizer_class_name for clarity and update usage * fix: Clarify comments regarding excluded recognizer attributes in RecognizerListLoader * feat: Add class_name parameter to BaseRecognizerConfig for improved recognizer identification * fix: Include 'class_name' in custom recognizers exclusion list for improved configuration handling * feat: Enhance Ollama recognizer to support custom instance names and update configuration handling * Enhance recognizers to accept additional keyword arguments - Updated various recognizers across different countries (India, Italy, Korea, Poland, Singapore, Spain, Thailand, UK, US) to accept **kwargs in their constructors. - This change allows for more flexible configuration of recognizers without modifying their signatures. - Adjusted the recognizer loading mechanism to handle the new **kwargs parameter appropriately. * refactor: Simplify Ollama recognizer loading verification and assertions * test: Update Ollama recognizer loading verification to ensure single instance retrieval * feat: Enhance recognizer class name logic in RecognizerListLoader * Refactor recognizers to explicitly handle 'name' parameter in __init__ methods - Updated various recognizers across different countries (Italy, Korea, Poland, Singapore, Spain, Thailand, UK, US) to include an optional 'name' parameter in their constructors. - Adjusted super() calls to pass the 'name' parameter appropriately. - Ensured that the 'Optional' type is imported where necessary. - Added a script to automate the updates for recognizers that were missing the 'name' parameter. * fix: Update Stanza and Transformers recognizers to handle additional kwargs in __init__ methods * fix: Correct the import order for constants in methods.py * refactor: Remove update_recognizers_name.py script as its functionality is no longer needed * check * fix: Remove unnecessary comments and clean up recognizer configuration code * Refactor recognizer constructors to remove unused **kwargs parameter - Updated multiple recognizer classes across various countries (Australia, Finland, India, Italy, Korea, Poland, Singapore, Spain, Thailand, UK, US) to remove the **kwargs parameter from their constructors. - Simplified constructor signatures for better clarity and maintainability. * refactor: Remove unused **kwargs parameter from recognizer initializers * refactor: Remove unused **kwargs parameter from recognizer constructors * fix ci * refactor: format parameters in recognizer constructors for consistency * refactor: format parameters in recognizer constructors for consistency * Docs/gpu acceleration guide (microsoft#1826) * docs: Add GPU acceleration documentation for transformer models Addresses microsoft#1790 - Added comprehensive documentation for using GPU acceleration with spaCy transformer models and other NLP engines. - New GPU usage guide with examples for spaCy and Hugging Face transformers - Covers automatic GPU detection, prerequisites, and troubleshooting - Added cross-references from existing NLP engine documentation - Updated CHANGELOG and mkdocs navigation * chore: revert changes to CHANGELOG.md * chore: revert optional cross-reference links * docs: refine gpu installation instructions and add warnings * docs: streamline gpu docs based on review feedback * fix: restore accidentally deleted telemetry doc link * docs: remove apple silicon bash snippet per review * fixed the trailing whitespace. --------- Co-authored-by: dilshad <dilshad@dilshads-MacBook-Air.local> Co-authored-by: dilshad-aee <dilshad-aee@users.noreply.github.com> * [Feature] add korean business registration number recognizer (microsoft#1822) * add kr brn recognizer * add brn to docs * add reference in docstring * Refactor: lazy initialization for device_detector singleton (microsoft#1831) * Refactor: implement lazy initialization for device_detector instance * Fix: improve device detection logic in device_detector and update TransformersRecognizer to use it * doube lock added * [Feature] add Korean Foreigner Registration Number recognizer (microsoft#1825) * add frn recognizer * make copilot happy --------- Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * feat: Add MacAddressRecognizer (microsoft#1829) * Add MAC address recognizer Support colon, hyphen, and Cisco dot-separated MAC formats with validation and comprehensive tests * fix: linting errors in mac address recognizer * chore: add mac address recognizer to supported_entities, ahds_surrogate * fix: MacAddressRecognizer orde * add: MAC address reference * chore:Add MacAddressRecognizer to default recognizers * Update MAC address regex and validation logic * Refactor MAC address recognizer patterns Updated MAC address patterns and validation logic. * Add additional invalid MAC address test cases * Add test cases for lowercase and mixedcase MAC addresses * chore: fix lint error * chore: fix typo * fix: Add optional name parameter to MAC recognizer * fix: update expected count of recognizers in test --------- Co-authored-by: Ron Shakutai <58519179+RonShakutai@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Fix gliner truncates text (microsoft#1805) * Add failing test for - gliner truncates text and misses names (PII) * Update gliner recognizer to implement basic chunking * Add changes for chunking capabilities including local chuking and call to chunking from gliner recognizer * Remove gliner image redaction test - not required * Rename local text chunker to character based text chunker * Fix rename leftovers * Update doc string * Add test for text without spaces and unicodes * Resove linting - format code * Add logging to character based text chunker * Update to remove redundent chunk_overlap parameter * Remove chunk size and chunk overlap from GlinerRecognizer constructor * Updated the utilities to use RecognizerResult * Update so that utils methods are part of base chunker * Add chunker factory * Create Lang chain text chunker * Remove Character based inhouse chunker * Fixed - deterministic offset tracking, fail-fast on misalignment * Resolve merge issue * Add chunk parameter validation * Fix chunk size tests * Fix liniting * Make langchain splitter mandetory * Add clearer type error - review comment * Fix langchain installtion - review comment * Add conditional import of lang chain * Revert to use in-house chunker * Fix line too long (lint) * Fix trailing whitespace lint error * Revemo not required comment * Remove gliner extras from e2e tests to fix CI disk space issue * Remove trailing comma in pyproject.toml to match main --------- Co-authored-by: AJ (Ashitosh Jedhe) <ajedhe@microsoft.com> Co-authored-by: Ron Shakutai <58519179+ShakutaiGit@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> Co-authored-by: Ron Shakutai <58519179+RonShakutai@users.noreply.github.com> * Migrate short-running workflows to ubuntu-slim runners (microsoft#1840) * Initial plan * Migrate eligible workflows to ubuntu-slim runners for cost efficiency Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Document ubuntu-slim migration in CHANGELOG Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Revert CodeQL to ubuntu-latest - CPU-intensive analysis requires 2+ cores Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Fix CHANGELOG to use correct job name (github-pages-release) Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Remove CHANGELOG modifications for ubuntu-slim migration Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * feat(recognizers): add UsMbiRecognizer for US Medicare Beneficiary ID (microsoft#1821) * Fix language in pattern recognizer example (microsoft#1835) * Update cryptography dependency to >=46.0.4 for CVE-2025-15467 (microsoft#1841) * Initial plan * Update cryptography dependency to >=46.0.4 to address CVE-2025-15467 Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Add a configurable LangExtract recognizer for use with any provider. (microsoft#1815) * Add a basic, configurable LangExtract-based recognizer class for use with any provider. * Add a basic, configurable LangExtract-based recognizer class for use with any provider. * Address comments (#4) * Address comments * Replace ollama_langextract_recognizer with basic_langextract_recognizer. * Replace ollama_langextract_recognizer with basic_langextract_recognizer. * Replace ollama_langextract_recognizer with basic_langextract_recognizer. * Working so far * Working so far * Working so far * remove dead code * bad comment --------- Co-authored-by: Kassymkhan Bekbolatov <kbekbolatov@solidcore.ai> * Address comment in telackey/lellm (#5) * Replace ollama_langextract_recognizer with basic_langextract_recognizer. * Fix LangExtract error --------- Co-authored-by: Kassymkhan Bekbolatov <kbekbolatov@solidcore.ai> * Remove changes not required * docstring * update docs * ruff --------- Co-authored-by: Kassymkhan Bekbolatov <kasymhan007@gmail.com> Co-authored-by: Kassymkhan Bekbolatov <kbekbolatov@solidcore.ai> * Support batch processing over the REST API. (microsoft#1806) * Support batch processing over the REST API. * Partially fix e2e tests * Fix e2e tests * ruff * ruff * consistent use of strings * Update API docs * Support batch processing over the REST API. * Partially fix e2e tests * Fix e2e tests * ruff * ruff * consistent use of strings * Update API docs * Fix Analyzer build on 3.10 (microsoft#1848) * Update README.MD * Update pyproject.toml * Update pyproject.toml * Update pyproject.toml * Update pyproject.toml * Update pyproject.toml * Add salted hashing to hash operator to prevent brute-force attacks (microsoft#1846) * Initial plan * Implement salted hashing in Hash operator to prevent brute-force attacks Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Fix linting issues in hash operator implementation Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Address code review comments - improve salt precedence logic and fix type hint Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Pass hash_salt only to hash operator, not all operators Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Move salt generation into Hash operator, remove engine dependency Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Simplify hash operator: remove statefulness, use random salt per entity Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Add explicit breaking change disclaimer for hash operator Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Update version number to 2.2.361 in breaking change warning Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Convert Privacy Note to mkdocs note format Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Address s-zanella's security review: add salt validation and known-answer tests Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Remove unused operator_kwargs parameter from engine_base Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Update salt validation error message to clarify auto-generation Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Address review comments: restore operator_kwargs, move imports to top, reject empty salt Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> * Remove tests that relied on empty salt (now rejected) Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * restore tests with salt addition --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> Co-authored-by: Omri Mendels <omri374@users.noreply.github.com> Co-authored-by: Sharon Hart <shhart@microsoft.com> * Prepare release 2.2.361: bump versions and finalize changelog (microsoft#1851) * Initial plan * Update CHANGELOG.md with 30 PRs since v2.2.360 Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Prepare release 2.2.361: bump versions and update CHANGELOG.md Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Feature - GPU Device Control via Environment Variable (microsoft#1844) * init commit * gpu on windows * delete benchmark script and results file for Presidio Analyzer * ruff fix --------- Co-authored-by: Omri Mendels <omri374@users.noreply.github.com> * feat: Add HuggingFaceNerRecognizer for direct NER model inference (microsoft#1834) * Fix Broken Links (microsoft#1856) This commit fixes broken links within the presidio documentation. * Pin dependencies to mitigate supply chain attacks (microsoft#1861) * Initial plan * Pin GitHub Actions and Docker images to specific hashes for security Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Pin pip, poetry, and other build tool versions for security Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Add comprehensive dependency pinning security documentation Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix CI: Replace incorrect setup-python SHA with v6 tag Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Update dependency pinning docs to reflect pragmatic approach Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix CI: Replace invalid codeql-action and security-devops-action SHAs with version tags Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Update docs to list all actions using version tags Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix CI: Replace invalid py-cov-action SHA with version tag Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Update docs to include py-cov-action in version tag list Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Remove DEPENDENCY_PINNING.md as requested by maintainer Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Pin actions/setup-python to commit SHA e797f83 (v6.0.0) Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Pin codeql-action, security-devops-action, and py-cov-action to commit SHAs Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Remove all pip upgrade commands as requested Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> * Fixing CVE-2024-47874 and CVE-2025-54121 (microsoft#1860) * Fixing CVE-2024-47874 and CVE-2025-54121 Fixing CVE-2024-47874 and CVE-2025-54121 by bumping fastapi in samples * Update FastAPI version to 0.129.0 * Fixing CVE-2025-2953 and CVE-2025-3730 (microsoft#1859) * fix: Fixed context enhancement substring matching bug (microsoft#1827) * Fix _process_names unconditionally treating all metadata as PHI (microsoft#1855) * feat: Add UK Postcode (UK_POSTCODE) recognizer (microsoft#1858) Add a pattern-based recognizer for UK postcodes covering all six standard formats (A9, A99, A9A, AA9, AA99, AA9A) plus GIR 0AA. The regex enforces position-specific letter restrictions per Royal Mail rules. Base score is 0.1 due to the short length of postcodes, with context words (postcode, address, delivery, etc.) boosting confidence. Disabled by default per country-specific convention. Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Pin ruff and build pip installs by hash for OSSF scorecard compliance (microsoft#1864) * Initial plan * Pin pip commands with hashes for OSSF scorecard compliance Add --require-hashes to all pip install commands across Dockerfiles, CI workflows, and shell scripts. Generate locked requirements files with hashes for e2e tests, docs, and sample deployments. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Revert requirements-locked.txt changes, keep only direct pip hash pinning Remove all changes that involve requirements-locked.txt files per user request. Retain direct pip install hash pinning for poetry, ruff, build, and other version-pinned packages. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * fix: Remove --require-hashes/--hash from pip install commands pip 26.0 removed the --hash CLI option. Hash verification via command-line arguments is no longer supported; hashes can only be specified in requirements files. Revert all pip install commands to use simple version pinning (package==version) which is compatible with all pip versions. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Pin pip commands by hash via requirements files for OSSF compliance Use pip install --require-hashes with dedicated requirements files instead of bare pip install commands. This satisfies the OSSF scorecard pinned-dependencies check. - Create requirements-poetry.txt, requirements-ruff.txt, and requirements-build.txt with SHA256 hashes - Update all Dockerfiles to use hash-pinned poetry install - Update ci.yml to use hash-pinned ruff, poetry, and build installs - Update release.yml to use hash-pinned build install - Update spark startup.sh to use hash-pinned requirements file Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Plan: inline hashes via /dev/stdin instead of separate files Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Inline pip hashes via printf|stdin, remove separate requirements files Replace requirements-poetry.txt, requirements-ruff.txt, and requirements-build.txt with inline printf|pip install -r /dev/stdin. pip --hash only works inside requirements files, not as a CLI flag, so piping through /dev/stdin is the most inline approach possible. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Simplify ruff hash: use single linux x86_64 hash instead of all 17 platform hashes The lint job runs only on ubuntu-slim (x86_64), so only the manylinux_2_17_x86_64 wheel hash is needed. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix Windows Dockerfiles: use PowerShell for hash-pinned pip install The printf|/dev/stdin pattern is Unix-only and doesn't work on Windows Server Core. Use PowerShell Set-Content to write a temp requirements file instead. The hash is correct — poetry is a pure Python wheel (py3-none-any), same on all platforms. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix CI: remove --no-deps from poetry and build pip installs poetry and build have transitive dependencies (cleo, pyproject_hooks, etc.) that must be installed. --no-deps prevented their installation, causing ModuleNotFoundError: No module named 'cleo'. ruff keeps --no-deps --require-hashes since it has zero Python deps. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Plan: move requirements files into .github/pipelines/ Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Move CI requirements files to .github/pipelines/ directory Organize all pip-compile generated requirements files under .github/pipelines/ for ruff, poetry, and build tools. Replaces inline printf hash approach with proper requirements files. Component-level requirements-poetry.txt copies remain for Docker build context (COPY requires files within build context). Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Remove unnecessary .in files from .github/pipelines/ The .in files are just pip-compile input files containing the direct dependency name. This info is already in the header comment of each generated .txt file, making the .in files redundant. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Share single requirements-poetry.txt via Docker --build-context Replace 4 identical copies of requirements-poetry.txt (713 lines each) with a single file at the repo root. Dockerfiles use COPY --from=pipelines to access it from a named build context, eliminating duplication. Also consolidate requirements-ruff.txt and requirements-build.txt at the repo root. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Rename Docker build context from 'pipelines' to 'root' The requirements files are at the repo root, not in a pipelines directory. Rename the named build context to 'root' for clarity. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Scope down to CI-only ruff and build hash pinning Revert all Docker changes (Dockerfiles, docker-compose.yml, build context). Keep hash-pinned pip installs only for ruff and build in CI workflow. Requirements files live in .github/pipelines/. Reverted: all 10 Dockerfiles, docker-compose.yml, release.yml, poetry install in ci.yml, spark startup.sh. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Add 0BSD to allowed licenses in dependency-review Ruff's SPDX license expression is '0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT'. The 0BSD component was not in the allow list, causing the dependency review to fail. 0BSD is a permissive public-domain-equivalent license. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> * Fix dependency-review: allow ruff's full compound SPDX license The dependency-review-action doesn't decompose compound SPDX expressions. Ruff's license '0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT' must be listed as a complete expression in allow-licenses. Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Add US NPI (National Provider Identifier) recognizer (microsoft#1847) * Add transformer-based MedicalNERRecognizer for clinical entity detection (microsoft#1853) * feat: Add Nigeria recognizers (National Identity Number and Vehicle Registration) (microsoft#1863) * fix validation_result type in api docs and type hint (microsoft#1869) * Bump actions/setup-python from 6.0.0 to 6.2.0 (microsoft#1879) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@e797f83...a309ff8) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 3.32.3 to 4.32.4 (microsoft#1878) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.32.3 to 4.32.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f5c2471...89a39a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump actions/dependency-review-action from 3.1.5 to 4.8.3 (microsoft#1877) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c74b580...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump microsoft/security-devops-action from 1.11.0 to 1.12.0 (microsoft#1876) Bumps [microsoft/security-devops-action](https://github.com/microsoft/security-devops-action) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/microsoft/security-devops-action/releases) - [Commits](microsoft/security-devops-action@cc007d0...08976cb) --- updated-dependencies: - dependency-name: microsoft/security-devops-action dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump actions/github-script from 7.0.1 to 8.0.0 (microsoft#1875) Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@60a0d83...ed59741) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump azure/login from 2.1.1 to 2.3.0 (microsoft#1874) Bumps [azure/login](https://github.com/azure/login) from 2.1.1 to 2.3.0. - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@6c25186...a457da9) --- updated-dependencies: - dependency-name: azure/login dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump docker/setup-buildx-action from 3.7.1 to 3.12.0 (microsoft#1873) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.12.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@c47758b...8d2750c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump actions/cache from 4.2.0 to 5.0.3 (microsoft#1872) Bumps [actions/cache](https://github.com/actions/cache) from 4.2.0 to 5.0.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...cdf6c1f) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump actions/checkout from 4.2.2 to 6.0.2 (microsoft#1871) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Bump actions/setup-dotnet from 4.0.1 to 5.1.0 (microsoft#1870) Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 4.0.1 to 5.1.0. - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@6bd8b7f...baa11fb) --- updated-dependencies: - dependency-name: actions/setup-dotnet dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python from `9e01bf1` to `f3fa41d` in /presidio-analyzer (microsoft#1887) Bumps python from `9e01bf1` to `f3fa41d`. --- updated-dependencies: - dependency-name: python dependency-version: 3.12-windowsservercore dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python from `3de9a8d` to `f50f56f` in /presidio-anonymizer (microsoft#1886) Bumps python from `3de9a8d` to `f50f56f`. --- updated-dependencies: - dependency-name: python dependency-version: 3.13-windowsservercore dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> * Merge branch 'main' of https://github.com/microsoft/presidio --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jakob Serlier <37184788+Jakob-98@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Sharon Hart <sharonh.dev@gmail.com> Co-authored-by: Ron Shakutai <58519179+RonShakutai@users.noreply.github.com> Co-authored-by: Dilshad <124334195+dilshad-aee@users.noreply.github.com> Co-authored-by: dilshad <dilshad@dilshads-MacBook-Air.local> Co-authored-by: dilshad-aee <dilshad-aee@users.noreply.github.com> Co-authored-by: RektPunk <rektpunk@gmail.com> Co-authored-by: kim <83156897+kyoungbinkim@users.noreply.github.com> Co-authored-by: jedheaj314 <51018779+jedheaj314@users.noreply.github.com> Co-authored-by: AJ (Ashitosh Jedhe) <ajedhe@microsoft.com> Co-authored-by: Ron Shakutai <58519179+ShakutaiGit@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: tamirkamara <26870601+tamirkamara@users.noreply.github.com> Co-authored-by: Chris von Csefalvay <chris@chrisvoncsefalvay.com> Co-authored-by: andyjessen <62343929+andyjessen@users.noreply.github.com> Co-authored-by: SharonHart <15013757+SharonHart@users.noreply.github.com> Co-authored-by: Thomas E Lackey <telackey@redbudcomputer.com> Co-authored-by: Kassymkhan Bekbolatov <kasymhan007@gmail.com> Co-authored-by: Kassymkhan Bekbolatov <kbekbolatov@solidcore.ai> Co-authored-by: omri374 <3776619+omri374@users.noreply.github.com> Co-authored-by: Omri Mendels <omri374@users.noreply.github.com> Co-authored-by: Sharon Hart <shhart@microsoft.com> Co-authored-by: taewoong Kim <116135174+ultramancode@users.noreply.github.com> Co-authored-by: ravi-jindal <ravi.23189@gmail.com> Co-authored-by: Harikrishna KP <harikp2002@gmail.com> Co-authored-by: Tolulope Jegede <49379077+tee-jagz@users.noreply.github.com> Co-authored-by: Steven Elliott <srichardelliottjr@gmail.com> Co-authored-by: AKIOS <hello@akios.ai> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/dependency-review-action from 3.1.5 to 4.8.3.
Release notes
Sourced from actions/dependency-review-action's releases.
... (truncated)
Commits
05fe457Merge pull request #1054 from actions/ahpook/release-4.8.33a8496cUpdate generated package files for v4.8.30f22a01Update CONTRIBUTING for new release process58be343Updating package versions for 4.8.39284e0cMerge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...8b76656Bump spdx-expression-parse in the spdx-licenses group across 1 directory43f5f02Merge pull request #1052 from actions/juxtin/fix-long-summariesf0033fcMerge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...b379e2eBump fast-xml-parser from 5.3.5 to 5.3.62e1cf54Properly truncate long summaries and catch errorsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)