Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #51

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate-coveo[bot]
Copy link
Contributor

@renovate-coveo renovate-coveo bot commented Sep 30, 2024

DEF-160

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v4.1.1 -> v4.2.2
actions/dependency-review-action action minor v4.3.3 -> v4.5.0
actions/upload-artifact action minor v4.3.1 -> v4.5.0
ossf/scorecard-action action minor v2.3.1 -> v2.4.0

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.7

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

v4.1.4

Compare Source

v4.1.3

Compare Source

v4.1.2

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v4.5.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed
New Contributors

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/upload-artifact (actions/upload-artifact)

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Compare Source

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.3.6

v4.3.5

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

v4.3.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source


Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-coveo renovate-coveo bot requested a review from a team as a code owner September 30, 2024 04:09
@renovate-coveo renovate-coveo bot requested a review from a team as a code owner September 30, 2024 04:09
@renovate-coveo renovate-coveo bot requested a review from a team as a code owner September 30, 2024 04:09
Copy link

github-actions bot commented Sep 30, 2024

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 5 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/dependency-review-v2.yml

PackageVersionLicenseIssue Type
actions/dependency-review-action4.5.0MITIncompatible License

.github/workflows/dependency-review.yml

PackageVersionLicenseIssue Type
actions/dependency-review-action4.5.0MITIncompatible License

.github/workflows/scorecard.yml

PackageVersionLicenseIssue Type
actions/checkout11bd71901bbe5b1630ceea73d27597364c9af683MITIncompatible License
actions/upload-artifact6f51ac03b9356f520e9adb1b1b7802705f340c2bMITIncompatible License
ossf/scorecard-action62b2cac7ed8198b15735ed49ab1e5cf35480ba46Apache-2.0Incompatible License
Allowed Licenses: (Artistic-1.0 AND Artistic-2.0) OR (Artistic-1.0-Perl AND Artistic-2.0 AND GPL-1.0-or-later) OR (Artistic-2.0 AND GPL-2.0-or-later), 0BSD, 0BSD AND BSD-2-Clause, AFL-2.1, AFL-3.0, Apache-2.0, Apache-2.0 AND BSD-2-Clause, Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT, Apache-2.0 AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MPL-2.0, Apache-2.0 AND BSD-3-Clause AND Python-2.0, Apache-2.0 AND CNRI-Python, Apache-2.0 AND EPL-1.0 AND EPL-2.0, Apache-2.0 AND LGPL-3.0-or-later, Apache-2.0 AND LGPL-3.0-or-later AND MIT, Apache-2.0 AND MIT AND MIT-0, Apache-2.0 AND MIT AND MPL-2.0, Apache-2.0 WITH LLVM-exception, APL-1.0, Artistic-2.0, Beerware, BlueOak-1.0.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-2-Clause AND BSD-2-Clause-Views, BSD-2-Clause AND BSD-3-Clause, BSD-2-Clause AND BSD-3-Clause AND LGPL-3.0-only, BSD-2-Clause AND BSD-3-Clause AND LGPL-2.0-or-later AND MIT, BSD-2-Clause AND MIT, BSD-2-Clause AND ISC, BSD-2-Clause AND ISC AND Python-2.0, BSD-3-Clause AND ISC AND MIT, BSD-2-Clause AND BSD-4-Clause, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause AND BSD-3-Clause-Clear, BSD-2-Clause AND BSD-3-Clause AND Python-2.0, BSD-3-Clause AND LicenseRef-scancode-protobuf, BSD-4-Clause, BSL-1.0, CC-BY-3.0, CC-BY-4.0, CC0-1.0, CDDL-1.0, CDDL-1.1, CNRI-Python, CPL-1.0, curl, EPL-1.0, EPL-2.0, EPL-2.0 AND GPL-1.0-or-later AND GPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-3.0, EPL-1.0 AND GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-only OR LGPL-2.1-only AND GPL-3.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-3.0-or-later OR GPL-2.0-or-later, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-2.1-only AND curl, GPL-3.0-only AND GPL-3.0-or-later AND LGPL-3.0-only, HPND, IBM-pibs, ImageMagick, ISC, JSON, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1-only, LGPL-2.1+, LGPL-3.0, LGPL-3.0-only, LGPL-3.0-or-later, LGPL-3.0-or-later WITH openvpn-openssl-exception, MIT, MIT AND ISC, MIT AND Python-2.0, MIT AND MIT-0, MIT AND MIT-CMU, MIT AND MPL-2.0, MIT AND PSF-2.0, MIT-0, MIT-advertising, mpi-permissive, MPL-1.1, MPL-2.0, NCSA, Nokia, 0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT, ODC-By-1.0, OFL-1.1, PDDL-1.0, Plexus, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD, Python-2.0.1, Ruby, SAX-PD, SPL-1.0, Unlicense, UPL-1.0, W3C, Wsuipa, WTFPL, X11, X11-distribute-modifications-variant, Xerox, xpp, YPL-1.1, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/dependency-review-action 4.5.0 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1028 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/dependency-review-action 4.5.0 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1028 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 7.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 89 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/upload-artifact 6f51ac03b9356f520e9adb1b1b7802705f340c2b 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1016 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/ossf/scorecard-action 62b2cac7ed8198b15735ed49ab1e5cf35480ba46 🟢 8.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 1020 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1027 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 10no vulnerabilities detected

Scanned Files

  • .github/workflows/dependency-review-v2.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/scorecard.yml

@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 8882307 to 6d7bde5 Compare October 2, 2024 18:07
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 011ea32 to ed1ca71 Compare October 16, 2024 17:38
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from bd93fac to eac1ad7 Compare November 4, 2024 19:09
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch from eac1ad7 to f82caa9 Compare November 13, 2024 18:38
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch from f82caa9 to 3fd1404 Compare November 27, 2024 22:08
@JPLachance JPLachance self-assigned this Nov 28, 2024
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch from 3fd1404 to 6b392f1 Compare December 24, 2024 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant