Skip to content

Commit

Permalink
Bump the all group with 3 updates (#46)
Browse files Browse the repository at this point in the history 
Bumps the all group with 3 updates:
[github/codeql-action](https://github.com/github/codeql-action),
[ossf/scorecard-action](https://github.com/ossf/scorecard-action) and
[actions/upload-artifact](https://github.com/actions/upload-artifact).

Updates `github/codeql-action` from 2 to 3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle v2.15.5</h2>
<p>Bundles CodeQL CLI v2.15.5</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.5">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5"><code>github/codeql@codeql-cli/v2.15.5</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/cpp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/cpp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/csharp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/csharp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/go/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/go/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/java/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/java/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/javascript/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/javascript/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/python/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/python/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/ruby/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/ruby/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/swift/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/swift/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.5/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle v2.15.4</h2>
<p>Bundles CodeQL CLI v2.15.4</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4"><code>github/codeql@codeql-cli/v2.15.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/cpp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/cpp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/csharp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/csharp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/go/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/go/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/java/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/java/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/javascript/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/javascript/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/python/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/python/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/ruby/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/ruby/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/swift/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/swift/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.4/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.15.3</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.3">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.3"><code>github/codeql@codeql-cli/v2.15.3</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.3/cpp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.15.3/cpp/ql/src">source</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/216127f34aa309c5876c25b8ea6bda90f4f559fe"><code>216127f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1994">#1994</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/7963a6001675b42b74b3d85c7fa38488252eb4be"><code>7963a60</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2009">#2009</a>
from github/henrymercer/drop-codeql-v2.11.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/6ebbf452bb03d0f9c3394aa6adeb21864acdc472"><code>6ebbf45</code></a>
Merge branch 'main' into
update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/e345646da5cf2c896c269dba2b4fb62229464ef7"><code>e345646</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2058">#2058</a>
from github/dependabot/github_actions/actions-970b8d...</li>
<li><a
href="https://github.com/github/codeql-action/commit/35b10b5ff76e0315f7669ecd4774aa0bbe609b34"><code>35b10b5</code></a>
Merge branch 'main' into henrymercer/drop-codeql-v2.11.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/ee9b8ab1f1ebb3bbcc79c2b2e8e83012b6a202f5"><code>ee9b8ab</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2057">#2057</a>
from github/dependabot/npm_and_yarn/npm-1688eb420c</li>
<li>See full diff in <a
href="https://github.com/github/codeql-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.1.2 to 2.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1282">ossf/scorecard-action#1282</a>
<ul>
<li>Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
<a
href="https://github.com/ossf/scorecard/releases/tag/v4.13.1">v4.13.1</a>
release notes</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1">https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1</a></p>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1270">ossf/scorecard-action#1270</a>
<ul>
<li>For a full changelist of what this includes, see the <a
href="https://github.com/ossf/scorecard/releases/tag/v4.12.0">v4.12.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v4.13.0">v4.13.0</a>
release notes</li>
</ul>
</li>
<li>:sparkles: Send rekor tlog index to webapp when publishing results
by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1169">ossf/scorecard-action#1169</a></li>
<li>:bug: Prevent url clipping for GHES instances by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1225">ossf/scorecard-action#1225</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>:book: Update access rights needed to see the results in code
scanning by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1229">ossf/scorecard-action#1229</a></li>
<li>:book: Add package comments. by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1221">ossf/scorecard-action#1221</a></li>
<li>:book: Add SECURITY.md file by <a
href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li>:book: Fix typo in token input docs by <a
href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li><a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0">https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0</a></p>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1192">ossf/scorecard-action#1192</a></li>
</ul>
<h2>Scorecard Result Viewer</h2>
<p>Thanks to contributions from <a
href="https://github.com/cynthia-sg"><code>@​cynthia-sg</code></a> and
<a href="https://github.com/tegioz"><code>@​tegioz</code></a> at <a
href="https://github.com/cncf/clomonitor">CLOMonitor</a>, there is a new
Scorecard Result visualization page at
<code>https://securityscorecards.dev/viewer/?uri=&lt;project-url&gt;</code>.</p>
<ul>
<li><a
href="https://redirect.github.com/ossf/scorecard-webapp/pull/406">ossf/scorecard-webapp#406</a></li>
<li><a
href="https://redirect.github.com/ossf/scorecard-webapp/pull/422">ossf/scorecard-webapp#422</a></li>
</ul>
<p>As an example, you can see our own score visualized <a
href="https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard">here</a>
Checkout our <a
href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge">README</a>
to learn how to link your README badge to the new visualization
page.</p>
<h2>Publishing Results</h2>
<p>This release contains two fixes which will improve the user
experience when <code>publish_results</code> is <code>true</code></p>
<ul>
<li>Runs that fail our <a
href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions">workflow
restrictions</a> will fail with a 400 response indicating the problem,
instead of a vague 500 status. (<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1156">ossf/scorecard-action#1156</a>,
resolved <a
href="https://redirect.github.com/ossf/scorecard-action/issues/1150">ossf/scorecard-action#1150</a>)</li>
<li>Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures. (<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1191">ossf/scorecard-action#1191</a>)</li>
</ul>
<h2>Docs</h2>
<ul>
<li>📖 Update README to accept fine-grained tokens by <a
href="https://github.com/pnacht"><code>@​pnacht</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
<li>📖 Update installation instructions to match current GitHub UI by <a
href="https://github.com/joycebrum"><code>@​joycebrum</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1153">ossf/scorecard-action#1153</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0864cf19026789058feabb7e87baa5f140aac736"><code>0864cf1</code></a>
:seedling: Bump docker tag to for v2.3.1 release (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1284">#1284</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/72df3bff668d052aaec251accaffec0b280410fb"><code>72df3bf</code></a>
:seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1282">#1282</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0ea411f94ac145b6fd793458b7f75ebbe7ae0a8f"><code>0ea411f</code></a>
:seedling: Bump the docker-images group with 1 update (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1281">#1281</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/dbfd042453ccc43ade96943685dbece2dd86bbae"><code>dbfd042</code></a>
:seedling: Bump the github-actions group with 1 update (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1280">#1280</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/2fa1e2fa153141e2950c7e1299ed05e2081ead0c"><code>2fa1e2f</code></a>
:seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1278">#1278</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/652ddd06c802ac1ba4021a9f02978dc5150b223e"><code>652ddd0</code></a>
:seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1277">#1277</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/28d0c92b8bb9dd266a8cf4dde7bae71c06a0c62f"><code>28d0c92</code></a>
:seedling: Group Dependabot updates for GitHub Actions and Dockerfiles
(<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1276">#1276</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/cb50491a46a858cb57669a16a720b7a00e1f9d29"><code>cb50491</code></a>
:seedling: Bump distroless/base from <code>a35b652</code> to
<code>b31a6e0</code> (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1275">#1275</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/87157ac77d7ec18a631049bc92fdac7ee63a471a"><code>87157ac</code></a>
:seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1274">#1274</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7c1648b23e27a96acf7c3842fd1921d16bd8d4d2"><code>7c1648b</code></a>
:seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1273">#1273</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...0864cf19026789058feabb7e87baa5f140aac736">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 3.1.3 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add migrations docs by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/482">actions/upload-artifact#482</a></li>
<li>Update README.md by <a
href="https://github.com/samuelwine"><code>@​samuelwine</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li>
<li>Support artifact-url output by <a
href="https://github.com/konradpabjan"><code>@​konradpabjan</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/496">actions/upload-artifact#496</a></li>
<li>Update readme to reflect new 500 artifact per job limit by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/497">actions/upload-artifact#497</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/samuelwine"><code>@​samuelwine</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/492">actions/upload-artifact#492</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.1.0">https://github.com/actions/upload-artifact/compare/v4...v4.1.0</a></p>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<p>The release of upload-artifact@v4 and download-artifact@v4 are major
changes to the backend architecture of Artifacts. They have numerous
performance and behavioral improvements.</p>
<p>ℹ️ However, this is a major update that includes breaking changes.
Artifacts created with versions v3 and below are not compatible with the
v4 actions. Uploads and downloads <em>must</em> use the same major
actions versions. There are also key differences from previous versions
that may require updates to your workflows.</p>
<p>For more information, please see:</p>
<ol>
<li>The <a
href="https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/">changelog</a>
post.</li>
<li>The <a
href="https://github.com/actions/upload-artifact/blob/main/README.md">README</a>.</li>
<li>The <a
href="https://github.com/actions/upload-artifact/blob/main/docs/MIGRATION.md">migration
documentation</a>.</li>
<li>As well as the underlying npm package, <a
href="https://github.com/actions/toolkit/tree/main/packages/artifact"><code>@​actions/artifact</code></a>
documentation.</li>
</ol>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/464">actions/upload-artifact#464</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v3...v4.0.0">https://github.com/actions/upload-artifact/compare/v3...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/1eb3cb2b3e0f29609092a73eb033bb759a334595"><code>1eb3cb2</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/497">#497</a>
from actions/robherley/update-readme-limit</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/8688a86492f53c8d67423223a877bc9e3768fe95"><code>8688a86</code></a>
Update readme to reflect new artifact/job limit</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/73d8b66ede50d06e26f1d69f28e1652c702c56d8"><code>73d8b66</code></a>
Support artifact-url output (<a
href="https://redirect.github.com/actions/upload-artifact/issues/496">#496</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/c320f57948d137eb8c7f8e781ddcc0f61b04e834"><code>c320f57</code></a>
Update README.md (<a
href="https://redirect.github.com/actions/upload-artifact/issues/492">#492</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/cf8714cfeaba5687a442b9bcb85b29e23f468dfa"><code>cf8714c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/482">#482</a>
from actions/robherley/add-migration-docs</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/7f16e37e88af9d50a1db3c1e84660985ee8dd1ab"><code>7f16e37</code></a>
add migrations docs</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/353073034f1f3c6d1a65ede161c5a2ca79650a49"><code>3530730</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/468">#468</a>
from actions/robherley/misc-updates</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/6c139afa6f18a1359e5a9185f9415433473e3793"><code>6c139af</code></a>
update imports and old v4-beta references</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/c7d193f32edcb7bfad88892161225aeda64e9392"><code>c7d193f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/466">#466</a>
from actions/v4-beta</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/13131bb095770b4070a7477c3cd2d96e1c16d9f4"><code>13131bb</code></a>
licensed cache</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...1eb3cb2b3e0f29609092a73eb033bb759a334595">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>
  • Loading branch information
@zaibon
zaibon authored Jan 13, 2024
2 parents 8a0964b + e062493 commit fa597db
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -61,6 +61,6 @@ jobs:
# queries: security-extended,security-and-quality

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -55,14 +55,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
with:
sarif_file: results.sarif

0 comments on commit fa597db

Please sign in to comment.