Merge pull request #343 from duggalsu/update_pr_security_workflow

Update pr security workflow

.github/workflows/pr-security.yml

@@ -24,10 +24,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup Python version
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: '3.11'
 
@@ -50,8 +50,6 @@ jobs:
           no-deps: true
           inputs: |
             ./src/requirements.txt
-          ignore-vulns: |
-            GHSA-84pr-m4jr-85g5
 
       - name: pip audit install setup 2
         run: |
@@ -82,7 +80,7 @@ jobs:
             ./src/core/operators/vid_vec_rep_resnet_requirements.txt
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -94,25 +92,7 @@ jobs:
           skip-dirs: '.vscode,docs'
           exit-code: '1'
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@9e39a05578dd315aad814d3c71bd03472cc5b815 # v.3.24.7
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v.3.25.6
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
-
-#      - name: Bandit Scan
-#        uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c # v1.0
-#        with: # optional arguments
-#          # exit with 0, even with results found
-#          exit_zero: false # optional, default is DEFAULT
-#          # File or directory to run bandit on
-#          path: ./src/ # optional, default is .
-#          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
-#          # level: HIGH # optional, default is UNDEFINED
-#          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
-#          # confidence: # optional, default is UNDEFINED
-#          # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
-#          # excluded_paths: # optional, default is DEFAULT
-#          # comma-separated list of test IDs to skip
-#          # skips: # optional, default is DEFAULT
-#          # path to a .bandit file that supplies command line arguments
-#          # ini_path: # optional, default is DEFAULT

CHANGELOG.md

@@ -2,6 +2,23 @@
 
 
 
+## v0.7.1 (2024-05-28)
+
+### Fix
+
+* fix: Updated github action versions to latest ([`44b46ad`](https://github.com/tattle-made/feluda/commit/44b46ad84d4b651a0f4ca264c21eab23d7defd4f))
+
+### Unknown
+
+* Merge pull request #342 from tattle-made/hotfix
+
+Hotfix ([`eecc55f`](https://github.com/tattle-made/feluda/commit/eecc55f07d397142f8980c3cc2fedecd15a186a5))
+
+* Merge pull request #341 from duggalsu/update_scorecard_workflow
+
+Update scorecard workflow ([`b2e2aa8`](https://github.com/tattle-made/feluda/commit/b2e2aa852f3377490f6cebd679706678b89e5c50))
+
+
 ## v0.7.0 (2024-05-28)
 
 ### Chore