Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update github-actions (#651)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-node](https://togithub.com/actions/setup-node) | action | minor | `v3.6.0` -> `v3.7.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.3.6` -> `v2.20.4` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.1.3` -> `v2.2.0` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.7.0`](https://togithub.com/actions/setup-node/releases/tag/v3.7.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.6.0...v3.7.0) ##### What's Changed In scope of this release we added a logic to save an additional cache path for yarn 3 ([related pull request](https://togithub.com/actions/setup-node/pull/744) and [feature request](https://togithub.com/actions/setup-node/issues/325)). Moreover, we added functionality to use all the sub directories derived from `cache-dependency-path` input and add detect all dependencies directories to cache (related [pull request](https://togithub.com/actions/setup-node/pull/735) and [feature request](https://togithub.com/actions/setup-node/issues/488)). ##### Besides, we made such changes as: - Replace workflow badge with new badge by [@​jongwooo](https://togithub.com/jongwooo) in [actions/setup-node#653 - Fix a minor typo by [@​phanan](https://togithub.com/phanan) in [actions/setup-node#662 - docs: fix typo in advanced-usage.md by [@​remarkablemark](https://togithub.com/remarkablemark) in [actions/setup-node#697 - bugfix: Don't attempt to use Windows fallbacks on non-Windows OSes by [@​domdomegg](https://togithub.com/domdomegg) in [actions/setup-node#718 - Update to node 18.x by [@​feelepxyz](https://togithub.com/feelepxyz) in [actions/setup-node#751 - Remove implicit dependencies by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [actions/setup-node#758 - Fix description about ensuring workflow access to private package by [@​x86chi](https://togithub.com/x86chi) in [actions/setup-node#704 ##### New Contributors - [@​jongwooo](https://togithub.com/jongwooo) made their first contribution in [actions/setup-node#653 - [@​phanan](https://togithub.com/phanan) made their first contribution in [actions/setup-node#662 - [@​remarkablemark](https://togithub.com/remarkablemark) made their first contribution in [actions/setup-node#697 - [@​domdomegg](https://togithub.com/domdomegg) made their first contribution in [actions/setup-node#718 - [@​feelepxyz](https://togithub.com/feelepxyz) made their first contribution in [actions/setup-node#751 - [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) made their first contribution in [actions/setup-node#758 - [@​x86chi](https://togithub.com/x86chi) made their first contribution in [actions/setup-node#704 **Full Changelog**: actions/setup-node@v3...v3.7.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) ### [`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) ### [`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) ### [`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) ### [`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1192 #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://togithub.com/cynthia-sg) and [@​tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [ossf/scorecard-webapp#406 - [ossf/scorecard-webapp#422 As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([ossf/scorecard-action#1156, resolved [ossf/scorecard-action#1150) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([ossf/scorecard-action#1191) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://togithub.com/pnacht) in [ossf/scorecard-action#1175 - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://togithub.com/joycebrum) in [ossf/scorecard-action#1153 - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [ossf/scorecard-action#1140 - [@​pnacht](https://togithub.com/pnacht) made their first contribution in [ossf/scorecard-action#1175 **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM2LjUuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
- Loading branch information