Skip to content

Bump cycodelabs/cimon-action from 0.9.4 to 0.10.0#429

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/cycodelabs/cimon-action-0.10.0
Open

Bump cycodelabs/cimon-action from 0.9.4 to 0.10.0#429
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/cycodelabs/cimon-action-0.10.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps cycodelabs/cimon-action from 0.9.4 to 0.10.0.

Release notes

Sourced from cycodelabs/cimon-action's releases.

v0.10.0

What's New

  • Auto-upload SBOM artifacts from post step — no need for separate upload-artifact step
  • SBOM summary in job report with component/relationship counts per build
  • Memory protection support
  • File integrity support
  • PR comment summary support
  • ESM compatibility fix for Node.js 20+

Bug Fixes

  • Fix SBOM artifact ZIP paths when using CIMON_SBOM_OUTPUT_DIRECTORY
  • Backward compatibility with older cimon versions without stats fields
  • Filter noise from SBOM summary (TryCompile, empty subbuilds)
  • Use same binary for stop as start to prevent timeout mismatches
Commits
  • f99ad55 Fix SBOM artifact ZIP paths — use CIMON_SBOM_OUTPUT_DIRECTORY as root
  • 1bec56a fix: resolve ESM require crash in post step on Node.js 20+
  • ca916d2 feat: auto-upload SBOM artifacts from post step
  • c3e04e9 Backward compat: preserve entries from older cimon without stats fields
  • d33a974 Filter noise from SBOM summary: skip TryCompile and empty subbuilds
  • 41f912a Fix SBOM summary: use HTML tags for all formatting in job summary
  • 7aceb21 Fix SBOM summary table: use HTML <code> tags instead of markdown backticks
  • 1b91aaa feat: enrich SBOM summary with component/relationship counts
  • d686854 test: add unit tests for SBOM summary + extract into testable module
  • 37b7ebb fix: use same binary for stop as start + add SBOM summary to job report
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/cycodelabs/cimon-action-0.10.0 branch 2 times, most recently from 0da88bc to 6558cf2 Compare April 20, 2026 12:55
@dependabot
Bump cycodelabs/cimon-action from 0.9.4 to 0.10.0
683f4af 
Bumps [cycodelabs/cimon-action](https://github.com/cycodelabs/cimon-action) from 0.9.4 to 0.10.0.
- [Release notes](https://github.com/cycodelabs/cimon-action/releases)
- [Commits](CycodeLabs/cimon-action@1c3e30d...f99ad55)

---
updated-dependencies:
- dependency-name: cycodelabs/cimon-action
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/cycodelabs/cimon-action-0.10.0 branch from 6558cf2 to 683f4af Compare April 20, 2026 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elsapet elsapet Awaiting requested review from elsapet elsapet is a code owner

@gotbadger gotbadger Awaiting requested review from gotbadger gotbadger is a code owner

@mateusz-sterczewski mateusz-sterczewski Awaiting requested review from mateusz-sterczewski mateusz-sterczewski is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants