Skip to content

Commit

Permalink
chore(deps): update workflows (#1882)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`a996638` -> `0f074c8` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.21.9` -> `v2.23.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.2.0` -> `v2.3.1` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.10` -> `v1.8.11` |

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.11`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.11)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11)

#### 💅 Cosmetic output improvements

[@&#8203;woodruffw](https://togithub.com/woodruffw) added a nudge
suggesting the users storing passwords in a GitHub Actions repository
secrets to switch to using secretless publishing in
[https://github.com/pypa/gh-action-pypi-publish/pull/190](https://togithub.com/pypa/gh-action-pypi-publish/pull/190).
This also reminds people that PyPI will start mandating two-factor
authentication to perform uploads in 2024.

#### 📝 What's Documented

[@&#8203;di](https://togithub.com/di) linked the configuration docs for
Trusted Publishing in README via
[https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179).

#### 🛠️ Internal dependencies

- Cryptography was bumped from 41.0.3 to 41.0.6
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/194](https://togithub.com/pypa/gh-action-pypi-publish/pull/194)ll/194
- Pip was bumped from 22.3.1 to 23.3
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/189](https://togithub.com/pypa/gh-action-pypi-publish/pull/189)ll/189
- pre-commit linters got autoupdated
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/184](https://togithub.com/pypa/gh-action-pypi-publish/pull/184)ll/184
- Urllib3 was bumped from 2.0.3 to 2.0.7
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/183](https://togithub.com/pypa/gh-action-pypi-publish/pull/183)ll/18[https://github.com/pypa/gh-action-pypi-publish/pull/185](https://togithub.com/pypa/gh-action-pypi-publish/pull/185)ll/185

#### 💪 New Contributors

- [@&#8203;di](https://togithub.com/di) made their first contribution in
[https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179)

**:mirror: Full Diff**:
pypa/gh-action-pypi-publish@v1.8.10...v1.8.11

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
  • Loading branch information
renovate-bot authored Jan 9, 2024
1 parent 4daf570 commit b139601
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/link-checker-on-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
- uses: gaurav-nelson/github-action-markdown-link-check@0f074c8562c5a8fed38282b7c741d1970bb1512d
with:
use-quiet-mode: "yes"
check-modified-files-only: "yes"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/link-checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
- uses: gaurav-nelson/github-action-markdown-link-check@0f074c8562c5a8fed38282b7c741d1970bb1512d
with:
use-quiet-mode: "yes"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-to-pypi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
build
--sdist --wheel --outdir dist/ .
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10
uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11
with:
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: dist/
4 changes: 2 additions & 2 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -50,6 +50,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
with:
sarif_file: results.sarif

0 comments on commit b139601

Please sign in to comment.