Skip to content

build: update scorecard action dependencies #1071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build: update scorecard action dependencies #1071

wants to merge 1 commit into from

Conversation

angular-robot
Copy link
Collaborator

@angular-robot angular-robot commented Mar 15, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v3.3.0 -> v3.5.0
github/codeql-action action patch v2.2.6 -> v2.2.9
ossf/scorecard-action action patch v2.1.2 -> v2.1.3

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

actions/checkout

v3.5.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v3.4.0...v3.5.0

v3.4.0

Compare Source

github/codeql-action

v2.2.9

Compare Source

v2.2.8

Compare Source

v2.2.7

Compare Source

ossf/scorecard-action

v2.1.3

Compare Source

What's Changed

Bug Fixes
  • Invalid SARIF files from a bug in scorecard
  • Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
  • Scorecard action not reporting binary artifacts in the repo

Full Scorecard Changelog: ossf/scorecard@v4.10.2...v4.10.5

Full Changelog: ossf/scorecard-action@v2.1.2...v2.1.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker comp: build dependencies Pull requests that update a dependency file labels Mar 15, 2023
@angular-robot angular-robot bot added the area: build & ci Related the build and CI infrastructure of the project label Mar 15, 2023
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch from cfb2f92 to d12d869 Compare March 15, 2023 19:09
@angular-robot angular-robot changed the title build: update github/codeql-action action to v2.2.7 build: update scorecard action dependencies Mar 15, 2023
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch 4 times, most recently from 7bc33ce to 98f2aae Compare March 22, 2023 19:10
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch 2 times, most recently from 4aa1c94 to 20a8f7b Compare March 27, 2023 14:22
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch from 20a8f7b to 41a4a13 Compare March 29, 2023 20:11
josephperrott
josephperrott approved these changes Mar 30, 2023
View reviewed changes
Copy link
Member

@josephperrott josephperrott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@angular-robot
Copy link
Contributor

angular-robot bot commented Mar 30, 2023

This PR was merged into the repository by commit b46006e.

@angular-robot angular-robot bot closed this in b46006e Mar 30, 2023
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Apr 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@josephperrott josephperrott josephperrott approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project comp: build dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@angular-robot @josephperrott