-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit 7a43345
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
Update github-actions deps (#9420)
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action |
minor | `v3.1.0` -> `v3.6.0` |
|
[actions/upload-artifact](https://github.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.3` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | minor | `v2.2.4` -> `v2.23.2` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | patch | `v3.23.1` -> `v3.23.2` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
action | minor | `v2.1.2` -> `v2.3.1` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
###
[`v3.6.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)
[Compare
Source](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0)
- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://github.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://github.com/actions/checkout/pull/579)
###
[`v3.5.3`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353)
[Compare
Source](https://github.com/actions/checkout/compare/v3.5.2...v3.5.3)
- [Fix: Checkout fail in self-hosted runners when faulty submodule are
checked-in](https://github.com/actions/checkout/pull/1196)
- [Fix typos found by
codespell](https://github.com/actions/checkout/pull/1287)
- [Add support for sparse
checkouts](https://github.com/actions/checkout/pull/1369)
###
[`v3.5.2`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352)
[Compare
Source](https://github.com/actions/checkout/compare/v3.5.1...v3.5.2)
- [Fix api endpoint for
GHES](https://github.com/actions/checkout/pull/1289)
###
[`v3.5.1`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351)
[Compare
Source](https://github.com/actions/checkout/compare/v3.5.0...v3.5.1)
- [Fix slow checkout on
Windows](https://github.com/actions/checkout/pull/1246)
###
[`v3.5.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350)
[Compare
Source](https://github.com/actions/checkout/compare/v3.4.0...v3.5.0)
- [Add new public key for
known_hosts](https://github.com/actions/checkout/pull/1237)
###
[`v3.4.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340)
[Compare
Source](https://github.com/actions/checkout/compare/v3.3.0...v3.4.0)
- [Upgrade codeql actions to
v2](https://github.com/actions/checkout/pull/1209)
- [Upgrade
dependencies](https://github.com/actions/checkout/pull/1210)
- [Upgrade
@​actions/io](https://github.com/actions/checkout/pull/1225)
###
[`v3.3.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330)
[Compare
Source](https://github.com/actions/checkout/compare/v3.2.0...v3.3.0)
- [Implement branch list using callbacks from exec
function](https://github.com/actions/checkout/pull/1045)
- [Add in explicit reference to private checkout
options](https://github.com/actions/checkout/pull/1050)
- [Fix comment typos (that got added in
#​770)](https://github.com/actions/checkout/pull/1057)
###
[`v3.2.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v320)
[Compare
Source](https://github.com/actions/checkout/compare/v3.1.0...v3.2.0)
- [Add GitHub Action to perform
release](https://github.com/actions/checkout/pull/942)
- [Fix status badge](https://github.com/actions/checkout/pull/967)
- [Replace datadog/squid with ubuntu/squid Docker
image](https://github.com/actions/checkout/pull/1002)
- [Wrap pipeline commands for submoduleForeach in
quotes](https://github.com/actions/checkout/pull/964)
- [Update @​actions/io to
1.1.2](https://github.com/actions/checkout/pull/1029)
- [Upgrading version to
3.2.0](https://github.com/actions/checkout/pull/1039)
</details>
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
###
[`v3.1.3`](https://github.com/actions/upload-artifact/releases/tag/v3.1.3)
[Compare
Source](https://github.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)
#### What's Changed
- chore(github): remove trailing whitespaces by
[@​ljmf00](https://github.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://github.com/actions/upload-artifact/pull/313)
- Bump [@​actions/artifact](https://github.com/actions/artifact)
version to v1.1.2 by
[@​bethanyj28](https://github.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://github.com/actions/upload-artifact/pull/436)
**Full Changelog**:
actions/upload-artifact@v3...v3.1.3
###
[`v3.1.2`](https://github.com/actions/upload-artifact/releases/tag/v3.1.2)
[Compare
Source](https://github.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)
- Update all `@actions/*` NPM packages to their latest versions-
[#​374](https://github.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#​375](https://github.com/actions/upload-artifact/issues/375)
###
[`v3.1.1`](https://github.com/actions/upload-artifact/releases/tag/v3.1.1)
[Compare
Source](https://github.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)
- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#​351](https://github.com/actions/upload-artifact/issues/351)
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
###
[`v2.23.2`](https://github.com/github/codeql-action/compare/v2.23.1...v2.23.2)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.23.1...v2.23.2)
###
[`v2.23.1`](https://github.com/github/codeql-action/compare/v2.23.0...v2.23.1)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.23.0...v2.23.1)
###
[`v2.23.0`](https://github.com/github/codeql-action/compare/v2.22.12...v2.23.0)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.12...v2.23.0)
###
[`v2.22.12`](https://github.com/github/codeql-action/compare/v2.22.11...v2.22.12)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.11...v2.22.12)
###
[`v2.22.11`](https://github.com/github/codeql-action/compare/v2.22.10...v2.22.11)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.10...v2.22.11)
###
[`v2.22.10`](https://github.com/github/codeql-action/compare/v2.22.9...v2.22.10)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.9...v2.22.10)
###
[`v2.22.9`](https://github.com/github/codeql-action/compare/v2.22.8...v2.22.9)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.8...v2.22.9)
###
[`v2.22.8`](https://github.com/github/codeql-action/compare/v2.22.7...v2.22.8)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.7...v2.22.8)
###
[`v2.22.7`](https://github.com/github/codeql-action/compare/v2.22.6...v2.22.7)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.6...v2.22.7)
###
[`v2.22.6`](https://github.com/github/codeql-action/compare/v2.22.5...v2.22.6)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.5...v2.22.6)
###
[`v2.22.5`](https://github.com/github/codeql-action/compare/v2.22.4...v2.22.5)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.4...v2.22.5)
###
[`v2.22.4`](https://github.com/github/codeql-action/compare/v2.22.3...v2.22.4)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.3...v2.22.4)
###
[`v2.22.3`](https://github.com/github/codeql-action/compare/v2.22.2...v2.22.3)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.2...v2.22.3)
###
[`v2.22.2`](https://github.com/github/codeql-action/compare/v2.22.1...v2.22.2)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.1...v2.22.2)
###
[`v2.22.1`](https://github.com/github/codeql-action/compare/v2.22.0...v2.22.1)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.22.0...v2.22.1)
###
[`v2.22.0`](https://github.com/github/codeql-action/compare/v2.21.9...v2.22.0)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.9...v2.22.0)
###
[`v2.21.9`](https://github.com/github/codeql-action/compare/v2.21.8...v2.21.9)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.8...v2.21.9)
###
[`v2.21.8`](https://github.com/github/codeql-action/compare/v2.21.7...v2.21.8)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.7...v2.21.8)
###
[`v2.21.7`](https://github.com/github/codeql-action/compare/v2.21.6...v2.21.7)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.6...v2.21.7)
###
[`v2.21.6`](https://github.com/github/codeql-action/compare/v2.21.5...v2.21.6)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.5...v2.21.6)
###
[`v2.21.5`](https://github.com/github/codeql-action/compare/v2.21.4...v2.21.5)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.4...v2.21.5)
###
[`v2.21.4`](https://github.com/github/codeql-action/compare/v2.21.3...v2.21.4)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.3...v2.21.4)
###
[`v2.21.3`](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)
###
[`v2.21.2`](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)
###
[`v2.21.1`](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)
###
[`v2.21.0`](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)
###
[`v2.20.4`](https://github.com/github/codeql-action/compare/v2.20.3...v2.20.4)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.3...v2.20.4)
###
[`v2.20.3`](https://github.com/github/codeql-action/compare/v2.20.2...v2.20.3)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.2...v2.20.3)
###
[`v2.20.2`](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2)
###
[`v2.20.1`](https://github.com/github/codeql-action/compare/v2.20.0...v2.20.1)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.0...v2.20.1)
###
[`v2.20.0`](https://github.com/github/codeql-action/compare/v2.3.6...v2.20.0)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.6...v2.20.0)
###
[`v2.3.6`](https://github.com/github/codeql-action/compare/v2.3.5...v2.3.6)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.5...v2.3.6)
###
[`v2.3.5`](https://github.com/github/codeql-action/compare/v2.3.4...v2.3.5)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.4...v2.3.5)
###
[`v2.3.4`](https://github.com/github/codeql-action/compare/v2.3.3...v2.3.4)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.3...v2.3.4)
###
[`v2.3.3`](https://github.com/github/codeql-action/compare/v2.3.2...v2.3.3)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.2...v2.3.3)
###
[`v2.3.2`](https://github.com/github/codeql-action/compare/v2.3.1...v2.3.2)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.1...v2.3.2)
###
[`v2.3.1`](https://github.com/github/codeql-action/compare/v2.3.0...v2.3.1)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.3.0...v2.3.1)
###
[`v2.3.0`](https://github.com/github/codeql-action/compare/v2.2.12...v2.3.0)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.12...v2.3.0)
###
[`v2.2.12`](https://github.com/github/codeql-action/compare/v2.2.11...v2.2.12)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.11...v2.2.12)
###
[`v2.2.11`](https://github.com/github/codeql-action/compare/v2.2.10...v2.2.11)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.10...v2.2.11)
###
[`v2.2.10`](https://github.com/github/codeql-action/compare/v2.2.9...v2.2.10)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.9...v2.2.10)
###
[`v2.2.9`](https://github.com/github/codeql-action/compare/v2.2.8...v2.2.9)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.8...v2.2.9)
###
[`v2.2.8`](https://github.com/github/codeql-action/compare/v2.2.7...v2.2.8)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.7...v2.2.8)
###
[`v2.2.7`](https://github.com/github/codeql-action/compare/v2.2.6...v2.2.7)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.6...v2.2.7)
###
[`v2.2.6`](https://github.com/github/codeql-action/compare/v2.2.5...v2.2.6)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.5...v2.2.6)
###
[`v2.2.5`](https://github.com/github/codeql-action/compare/v2.2.4...v2.2.5)
[Compare
Source](https://github.com/github/codeql-action/compare/v2.2.4...v2.2.5)
</details>
<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>
###
[`v2.3.1`](https://github.com/ossf/scorecard-action/releases/tag/v2.3.1)
[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)
#### What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://github.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://github.com/ossf/scorecard/releases/tag/v4.13.1)
release notes
**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1
###
[`v2.3.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.3.0)
[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)
#### What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://github.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://github.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://github.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://github.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@​rajbos](https://github.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://github.com/ossf/scorecard-action/pull/1225)
##### Documentation
- 📖 Update access rights needed to see the results in code scanning
by [@​rajbos](https://github.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://github.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://github.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@​david-a-wheeler](https://github.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://github.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@​aabouzaid](https://github.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://github.com/ossf/scorecard-action/pull/1258)
#### New Contributors
- [@​david-a-wheeler](https://github.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://github.com/ossf/scorecard-action/pull/1250)
- [@​aabouzaid](https://github.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://github.com/ossf/scorecard-action/pull/1258)
**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0
###
[`v2.2.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.2.0)
[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)
#### What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1192](https://github.com/ossf/scorecard-action/pull/1192)
#### Scorecard Result Viewer
Thanks to contributions from
[@​cynthia-sg](https://github.com/cynthia-sg) and
[@​tegioz](https://github.com/tegioz) at
[CLOMonitor](https://github.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.
-
[https://github.com/ossf/scorecard-webapp/pull/406](https://github.com/ossf/scorecard-webapp/pull/406)
-
[https://github.com/ossf/scorecard-webapp/pull/422](https://github.com/ossf/scorecard-webapp/pull/422)
As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.
#### Publishing Results
This release contains two fixes which will improve the user experience
when `publish_results` is `true`
- Runs that fail our [workflow
restrictions](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([https://github.com/ossf/scorecard-action/pull/1156](https://github.com/ossf/scorecard-action/pull/1156),
resolved
[https://github.com/ossf/scorecard-action/issues/1150](https://github.com/ossf/scorecard-action/issues/1150))
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([https://github.com/ossf/scorecard-action/pull/1191](https://github.com/ossf/scorecard-action/pull/1191))
#### Docs
- 📖 Update README to accept fine-grained tokens by
[@​pnacht](https://github.com/pnacht) in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)
- 📖 Update installation instructions to match current GitHub UI by
[@​joycebrum](https://github.com/joycebrum) in
[https://github.com/ossf/scorecard-action/pull/1153](https://github.com/ossf/scorecard-action/pull/1153)
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@​spencerschrock](https://github.com/spencerschrock) in
#### New Contributors
- [@​bobcallaway](https://github.com/bobcallaway) made their
first contribution in
[https://github.com/ossf/scorecard-action/pull/1140](https://github.com/ossf/scorecard-action/pull/1140)
- [@​pnacht](https://github.com/pnacht) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)
**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0
###
[`v2.1.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.3)
[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)
#### What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@​spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1111](https://github.com/ossf/scorecard-action/pull/1111)
##### Bug Fixes
- Invalid SARIF files from a bug in scorecard
-
[#​1076](https://github.com/ossf/scorecard-action/issues/1076),
[#​1094](https://github.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#​1092](https://github.com/ossf/scorecard-action/issues/1092)
- Scorecard action not reporting binary artifacts in the repo
- [#​1116](https://github.com/ossf/scorecard-action/issues/1116)
**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5
**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Boten <[email protected]>](https://renovatebot.com){kind=link}
1 parent a224d33 commit 7a43345Copy full SHA for 7a43345
File tree
2 files changed
+7
-7
lines changedFilter options
- .github/workflows
2 files changed
+7
-7
lines changed.github/workflows/codeql-analysis.yml
Copy file name to clipboardExpand all lines: .github/workflows/codeql-analysis.yml+3-3
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | | - | |
| 41 | + | |
.github/workflows/scorecard.yml
Copy file name to clipboardExpand all lines: .github/workflows/scorecard.yml+4-4
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
32 | | - | |
| 32 | + | |
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | | - | |
| 37 | + | |
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| |||
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
59 | | - | |
| 59 | + | |
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | 66 | | |
67 | | - | |
| 67 | + | |
68 | 68 | | |
69 | 69 | | |
0 commit comments