v1.1.0
Convert review action to composite; [codex] Support private CLI release downloads; [codex] Fallback to repo token for CLI release access — 20 changes.
First public release
This release marks the first public, supported release of Bomly Guard.
Earlier pre-release builds and tags were used while the action was still being shaped, tested, and validated across real dependency-review workflows. Those releases have been retired so the project can start its public version history from a clean, intentional baseline.
From this release forward, Bomly Guard will follow a stable public versioning history. Consumers should pin to this release, or to the moving v1 tag for compatible updates.
What's Changed
- Convert review action to composite by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/1
- [codex] Support private CLI release downloads by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/2
- [codex] Fallback to repo token for CLI release access by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/3
- [codex] Improve review action logging and SARIF upload by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/4
- Fix job summary publishing by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/5
- Skip unsupported SARIF uploads cleanly by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/6
- Prepare dependency review action for public release by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/7
- Document release tag creation & Change action name by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/12
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in https://github.com/bomly-dev/bomly-guard/pull/11
- Bump actions/setup-node from 5 to 6 by @dependabot[bot] in https://github.com/bomly-dev/bomly-guard/pull/10
- Bump ossf/scorecard-action from 2.4.1 to 2.4.3 by @dependabot[bot] in https://github.com/bomly-dev/bomly-guard/pull/9
- Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in https://github.com/bomly-dev/bomly-guard/pull/8
- Improve README guidance by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/13
- Retire cli-repo-token from Bomly Guard by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/14
- Inherit org community defaults by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/15
- Support optional CLI release token by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/16
- Document package manager setup for Bomly Guard by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/17
- docs: explain how code scanning renders Bomly alerts on PRs by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/19
- feat: treat CLI exit 5 (nothing to evaluate) as a neutral pass by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/20
- docs: explain GitHub colors vulnerability annotations by severity, not policy by @bomly-guy in https://github.com/bomly-dev/bomly-guard/pull/21
New Contributors
- @bomly-guy made their first contribution in https://github.com/bomly-dev/bomly-guard/pull/1
- @dependabot[bot] made their first contribution in https://github.com/bomly-dev/bomly-guard/pull/11
Full Changelog: https://github.com/bomly-dev/bomly-guard/commits/v1.1.0