From 7099c0acfd6f3507dbcc84eda5435086e60cb763 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Jan 2025 14:32:24 +0000
Subject: [PATCH] Bump the all group with 4 updates (#105)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps the all group with 4 updates:
[awalsh128/cache-apt-pkgs-action](https://github.com/awalsh128/cache-apt-pkgs-action),
[actions/upload-artifact](https://github.com/actions/upload-artifact),
[step-security/harden-runner](https://github.com/step-security/harden-runner)
and [github/codeql-action](https://github.com/github/codeql-action).
Updates `awalsh128/cache-apt-pkgs-action` from 1.4.2 to 1.4.3
Release notes
Sourced from awalsh128/cache-apt-pkgs-action's
releases.
v1.4.3
What's Changed
New Contributors
Full Changelog: https://github.com/awalsh128/cache-apt-pkgs-action/compare/v1.4.2...v1.4.3
Commits
Updates `actions/upload-artifact` from 4.5.0 to 4.6.0
Release notes
Sourced from actions/upload-artifact's
releases.
v4.6.0
What's Changed
Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.0
Commits
65c4c4a
Merge pull request #662
from actions/yacaovsnc/add_variable_for_concurrency_a...0207619
move files back to satisfy licensed ci1ecca81
licensed cache updates9742269
Expose env vars to controll concurrency and timeout- See full diff in compare
view
Updates `step-security/harden-runner` from 2.10.2 to 2.10.3
Release notes
Sourced from step-security/harden-runner's
releases.
v2.10.3
What's Changed
Fixed an issue where DNS requests using uppercase characters (e.g.,
EXAMPLE.com) were blocked even when the domain was present in the
allowed list. This update standardizes domain names to lowercase for
consistent comparison.
Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.10.3
Commits
Updates `github/codeql-action` from 3.28.0 to 3.28.1
Release notes
Sourced from github/codeql-action's
releases.
v3.28.1
CodeQL Action Changelog
See the releases
page for the relevant changes to the CodeQL CLI and language
packs.
3.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see this
changelog post. #2677
- Update default CodeQL bundle version to 2.20.1. #2678
See the full CHANGELOG.md
for more information.
Changelog
Sourced from github/codeql-action's
changelog.
CodeQL Action Changelog
See the releases
page for the relevant changes to the CodeQL CLI and language
packs.
[UNRELEASED]
No user facing changes.
3.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see this
changelog post. #2677
- Update default CodeQL bundle version to 2.20.1. #2678
3.28.0 - 20 Dec 2024
- Bump the minimum CodeQL bundle version to 2.15.5. #2655
- Don't fail in the unusual case that a file is on the search path. #2660.
3.27.9 - 12 Dec 2024
No user facing changes.
3.27.8 - 12 Dec 2024
- Fixed an issue where streaming the download and extraction of the
CodeQL bundle did not respect proxy settings. #2624
3.27.7 - 10 Dec 2024
- We are rolling out a change in December 2024 that will extract the
CodeQL bundle directly to the toolcache to improve performance. #2631
- Update default CodeQL bundle version to 2.20.0. #2636
3.27.6 - 03 Dec 2024
- Update default CodeQL bundle version to 2.19.4. #2626
3.27.5 - 19 Nov 2024
No user facing changes.
3.27.4 - 14 Nov 2024
No user facing changes.
3.27.3 - 12 Nov 2024
No user facing changes.
3.27.2 - 12 Nov 2024
- Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message "Invalid value 'undefined' for header
'authorization'". #2590
... (truncated)
Commits
b6a472f
Merge pull request #2681
from github/update-v3.28.1-ea6acbfeabb999b4
Update changelog for v3.28.1ea6acbf
Merge pull request #2677
from github/angelapwen/deprecate-action-v24df151e
Merge branch 'main' into angelapwen/deprecate-action-v2a05a7eb
Fix PR number in changenote8d2753b
Add public changelog blog post linke83e0a4
Merge pull request #2673
from github/dependabot/npm_and_yarn/npm-877f465710b7ff308
Merge pull request #2678
from github/update-bundle/codeql-bundle-v2.20.11aa16c2
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1fb65b6c
Merge pull request #2672
from github/mbg/start-proxy/include-type-in-urls-output- Additional commits viewable in compare
view
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/dependency-review.yml | 2 +-
.github/workflows/scorecard.yml | 6 +++---
.github/workflows/test.yml | 4 ++--
action.yml | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 21a469b..922916c 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+ uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 87c5157..b6b1611 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,7 +32,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+ uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
egress-policy: audit
@@ -64,7 +64,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: SARIF file
path: results.sarif
@@ -73,6 +73,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+ uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
with:
sarif_file: results.sarif
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5fe279e..b37bf44 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Harden Runner
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+ uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -39,7 +39,7 @@ jobs:
poetry run coverage run --branch -m unittest discover -b
poetry run coverage xml
- name: Save debug.log file
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: debug-log
diff --git a/action.yml b/action.yml
index b8a9d37..394d0cc 100644
--- a/action.yml
+++ b/action.yml
@@ -8,7 +8,7 @@ runs:
using: composite
steps:
- name: Install cairo
- uses: awalsh128/cache-apt-pkgs-action@a6c3917cc929dd0345bfb2d3feaf9101823370ad # v1.4.2
+ uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3
with:
packages: libcairo2-dev
version: 1.0
@@ -59,7 +59,7 @@ runs:
GITHUB_TOKEN: ${{ env.token }}
GH_TOKEN: ${{ env.token }}
- name: Save missing.csv file
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: missing-members
path: ./landscape/missing.csv