Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #51

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate-coveo[bot]
Copy link
Contributor

@renovate-coveo renovate-coveo bot commented Sep 30, 2024

DEF-160

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v4.1.1 -> v4.2.2
actions/dependency-review-action action minor v4.3.3 -> v4.5.0
actions/upload-artifact action minor v4.3.1 -> v4.4.3
ossf/scorecard-action action minor v2.3.1 -> v2.4.0

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.7

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

v4.1.4

Compare Source

v4.1.3

Compare Source

v4.1.2

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v4.5.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed
New Contributors

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/upload-artifact (actions/upload-artifact)

v4.4.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Compare Source

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.3.6

v4.3.5

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

v4.3.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source


Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copy link

github-actions bot commented Sep 30, 2024

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 5 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/dependency-review-v2.yml

PackageVersionLicenseIssue Type
actions/dependency-review-action4.5.0MITIncompatible License

.github/workflows/dependency-review.yml

PackageVersionLicenseIssue Type
actions/dependency-review-action4.5.0MITIncompatible License

.github/workflows/scorecard.yml

PackageVersionLicenseIssue Type
actions/checkout11bd71901bbe5b1630ceea73d27597364c9af683MITIncompatible License
actions/upload-artifactb4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882MITIncompatible License
ossf/scorecard-action62b2cac7ed8198b15735ed49ab1e5cf35480ba46Apache-2.0Incompatible License
Allowed Licenses: 0BSD, Apache-2.0, Apache-2.0 AND MIT, Apache-2.0 AND BSD-3-Clause AND Python-2.0, Beerware, BlueOak-1.0.0, BSD-1-Clause, BSD-2-Clause, BSD-1-Clause AND BSD-2-Clause, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-2-Clause AND MIT, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSL-1.0, CC-BY-3.0, CC-BY-4.0, CC0-1.0, CNRI-Python, curl, HPND, IBM-pibs, ImageMagick, ISC, JSON, MIT, MIT-0, MIT AND ISC, MIT AND Python-2.0, MIT-advertising, mpi-permissive, NCSA, ODC-By-1.0, PDDL-1.0, Plexus, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0.1, SAX-PD, Unlicense, UPL-1.0, W3C, Wsuipa, WTFPL, X11, X11-distribute-modifications-variant, Xerox, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/dependency-review-action 4.5.0 🟢 7.2
Details
CheckScoreReason
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/dependency-review-action 4.5.0 🟢 7.2
Details
CheckScoreReason
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 7.3
Details
CheckScoreReason
Maintained🟢 1013 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/upload-artifact b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 🟢 7.1
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/ossf/scorecard-action 62b2cac7ed8198b15735ed49ab1e5cf35480ba46 🟢 8.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 1020 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1027 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 10no vulnerabilities detected

Scanned Files

  • .github/workflows/dependency-review-v2.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/scorecard.yml

@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 8882307 to 6d7bde5 Compare October 2, 2024 18:07
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 011ea32 to ed1ca71 Compare October 16, 2024 17:38
@renovate-coveo renovate-coveo bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from bd93fac to eac1ad7 Compare November 4, 2024 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants