From b139601ce0cecf4c42fa2eb69a7129684e2e92ff Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Tue, 9 Jan 2024 23:55:50 +0100 Subject: [PATCH] chore(deps): update workflows (#1882) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gaurav-nelson/github-action-markdown-link-check | action | digest | `a996638` -> `0f074c8` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.21.9` -> `v2.23.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.2.0` -> `v2.3.1` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.10` -> `v1.8.11` | --- ### Release Notes
github/codeql-action (github/codeql-action) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) ### [`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)
ossf/scorecard-action (ossf/scorecard-action) ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - :sparkles: Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169) - :bug: Prevent url clipping for GHES instances by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225) ##### Documentation - :book: Update access rights needed to see the results in code scanning by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229) - :book: Add package comments. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221) - :book: Add SECURITY.md file by [@​david-a-wheeler](https://togithub.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - :book: Fix typo in token input docs by [@​aabouzaid](https://togithub.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish) ### [`v1.8.11`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.11) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11) #### :nail_care: Cosmetic output improvements [@​woodruffw](https://togithub.com/woodruffw) added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in [https://github.com/pypa/gh-action-pypi-publish/pull/190](https://togithub.com/pypa/gh-action-pypi-publish/pull/190). This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024. #### :memo: What's Documented [@​di](https://togithub.com/di) linked the configuration docs for Trusted Publishing in README via [https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179). #### :hammer_and_wrench: Internal dependencies - Cryptography was bumped from 41.0.3 to 41.0.6 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/194](https://togithub.com/pypa/gh-action-pypi-publish/pull/194)ll/194 - Pip was bumped from 22.3.1 to 23.3 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/189](https://togithub.com/pypa/gh-action-pypi-publish/pull/189)ll/189 - pre-commit linters got autoupdated @&#[https://github.com/pypa/gh-action-pypi-publish/pull/184](https://togithub.com/pypa/gh-action-pypi-publish/pull/184)ll/184 - Urllib3 was bumped from 2.0.3 to 2.0.7 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/183](https://togithub.com/pypa/gh-action-pypi-publish/pull/183)ll/18[https://github.com/pypa/gh-action-pypi-publish/pull/185](https://togithub.com/pypa/gh-action-pypi-publish/pull/185)ll/185 #### :muscle: New Contributors - [@​di](https://togithub.com/di) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179) **:mirror: Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). --- .github/workflows/link-checker-on-push.yml | 2 +- .github/workflows/link-checker.yml | 2 +- .github/workflows/publish-to-pypi.yaml | 2 +- .github/workflows/scorecards.yml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/link-checker-on-push.yml b/.github/workflows/link-checker-on-push.yml index db694b11efd..1c63468b9c0 100644 --- a/.github/workflows/link-checker-on-push.yml +++ b/.github/workflows/link-checker-on-push.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154 + - uses: gaurav-nelson/github-action-markdown-link-check@0f074c8562c5a8fed38282b7c741d1970bb1512d with: use-quiet-mode: "yes" check-modified-files-only: "yes" diff --git a/.github/workflows/link-checker.yml b/.github/workflows/link-checker.yml index 1300bc338e1..8b56e121b76 100644 --- a/.github/workflows/link-checker.yml +++ b/.github/workflows/link-checker.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154 + - uses: gaurav-nelson/github-action-markdown-link-check@0f074c8562c5a8fed38282b7c741d1970bb1512d with: use-quiet-mode: "yes" diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml index fe6c4489204..17a8c6e3a0a 100644 --- a/.github/workflows/publish-to-pypi.yaml +++ b/.github/workflows/publish-to-pypi.yaml @@ -44,7 +44,7 @@ jobs: build --sdist --wheel --outdir dist/ . - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10 + uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11 with: password: ${{ secrets.PYPI_API_TOKEN }} packages_dir: dist/ diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 82ceed7c67c..1d51cdb29dd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 + uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 with: sarif_file: results.sarif