search

GoogleCloudPlatform / functions-framework-nodejs

FaaS (Function as a service) framework for writing portable Node.js functions
Apache License 2.0
1.29k stars 160 forks source link

chore(deps): update all non-major dependencies #529

Closed renovate-bot closed 1 year ago

renovate-bot commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@types/node (source) 14.18.37 -> 14.18.43 age adoption passing confidence devDependencies patch
actions/checkout v3.3.0 -> v3.5.2 age adoption passing confidence action minor
github/codeql-action v2.2.5 -> v2.3.2 age adoption passing confidence action minor
ossf/scorecard-action v2.1.2 -> v2.1.3 age adoption passing confidence action patch
step-security/harden-runner v2.2.0 -> v2.3.1 age adoption passing confidence action minor

Release Notes

actions/checkout ### [`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2) - [Fix api endpoint for GHES](https://togithub.com/actions/checkout/pull/1289) ### [`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1) - [Fix slow checkout on Windows](https://togithub.com/actions/checkout/pull/1246) ### [`v3.5.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) - [Add new public key for known_hosts](https://togithub.com/actions/checkout/pull/1237) ### [`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://togithub.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://togithub.com/actions/checkout/pull/1210) - [Upgrade @​actions/io](https://togithub.com/actions/checkout/pull/1225)
github/codeql-action ### [`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) ### [`v2.3.0`](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) ### [`v2.2.12`](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) ### [`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) ### [`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) ### [`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) ### [`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) ### [`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) ### [`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6)
ossf/scorecard-action ### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: https://github.com/ossf/scorecard/compare/v4.10.2...v4.10.5 **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3
step-security/harden-runner ### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1) ##### What's Changed - Release v2.3.1 by [@​arjundashrath](https://togithub.com/arjundashrath) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281) Fixes [#​279](https://togithub.com/step-security/harden-runner/issues/279) and [#​275](https://togithub.com/step-security/harden-runner/issues/275) - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267) - Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268) - Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273) - Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265) - Bump actions/checkout from 3.3.0 to 3.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261) - Bump github/codeql-action from 2.2.6 to 2.2.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1 ### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0) ##### What's Changed - Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#​2-add-the-policy-using-the-policy-store)) by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266) The Policy Store helps you manage Harden Runner policies without altering your workflow files. - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255) - Bump github/codeql-action from 2.2.4 to 2.2.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254) - Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0 ### [`v2.2.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.2.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.0...v2.2.1) #### What's Changed - Fix issue to get cache endpoint by [@​h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/253](https://togithub.com/step-security/harden-runner/pull/253) Harden runner has the ability to automatically detect the cache endpoint used by each job. When Harden runner is used in block mode, this endpoint is added to the list of allowed endpoints. A fix has been implemented to improve this feature by updating the logic used to fetch the cache endpoint. This update involves using code from the actions/cache library to ensure the endpoint is properly retrieved. - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/247](https://togithub.com/step-security/harden-runner/pull/247) - Bump step-security/harden-runner from 2.1.0 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/248](https://togithub.com/step-security/harden-runner/pull/248) - Bump github/codeql-action from 2.1.38 to 2.2.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/244](https://togithub.com/step-security/harden-runner/pull/244) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.2.1

Configuration

πŸ“… Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ‘» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.