Closed dependabot[bot] closed 2 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 88.49%. Comparing base (
72d9304
) to head (55c62ec
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Bumps the github-actions group with 7 updates in the / directory:
2.7.0
2.7.1
4.1.3
4.1.5
4.2.5
4.3.2
5.0.0
5.0.1
4.0.0
6.0.1
2.3.1
2.3.3
4.3.0
4.3.1
Updates
step-security/harden-runner
from 2.7.0 to 2.7.1Release notes
Sourced from step-security/harden-runner's releases.
Commits
a4aa98b
Release v2.7.1 (#397)6c3b1c9
Merge pull request #379 from step-security/dependabot/github_actions/step-sec...3498091
Bump step-security/harden-runner from 2.6.1 to 2.7.063a88e2
Merge pull request #378 from step-security/update-readme307e5965
Update READMEUpdates
actions/checkout
from 4.1.3 to 4.1.5Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
44c2b7a
README: Suggestuser.email
to be `41898282+github-actions[bot]@users
.norepl...8459bc0
Bump actions/upload-artifact from 2 to 4 (#1695)3f603f6
Bump actions/setup-node from 1 to 4 (#1696)fd084cd
Bump github/codeql-action from 2 to 3 (#1694)9c1e94e
Update NPM dependencies (#1703)0ad4b8f
Prep Release v4.1.4 (#1704)43045ae
Disableextensions.worktreeConfig
when disablingsparse-checkout
(#1692)37b0821
Bump the minor-actions-dependencies group with 2 updates (#1693)9839dc1
Add dependabot config (#1688)9b4c13b
Bump word-wrap from 1.2.3 to 1.2.5 (#1643)Updates
actions/dependency-review-action
from 4.2.5 to 4.3.2Release notes
Sourced from actions/dependency-review-action's releases.
Commits
0c155c5
Merge pull request #762 from actions/juxtin/prepare-4.3.2f3dac32
Merge pull request #761 from actions/juxtin/fix-allow-dependencies-licensesd0d5cc3
Update version number to 4.3.249fbbe0
Fix package-url parsing for allow-dependencies-licensese58c696
Merge pull request #758 from actions/juxtin/prepare-4.3.19b7c72d
Change version to 4.3.17dcfabf
Merge pull request #753 from actions/juxtin/debug-purl5f0808f
Validate that deny-packages purls are completefcc66c2
Refine purl parsing and tests1dd418b
Basic tests for PURL validation in configUpdates
actions/setup-go
from 5.0.0 to 5.0.1Release notes
Sourced from actions/setup-go's releases.
Commits
cdcb360
Remove the description of the old go.mod specification (#458)99176a8
Update README.md with V5 release notes (#459)be1aa11
Bump undici from 5.28.2 to 5.28.3 (#465)6c1fd22
docs: bumpactions/setup-go
to v5 (#449)Updates
golangci/golangci-lint-action
from 4.0.0 to 6.0.1Release notes
Sourced from golangci/golangci-lint-action's releases.
... (truncated)
Commits
a4f60bb
fix: use 3-dots syntax for diff on push (#1040)5815a4b
doc: improve readme23faadf
doc: improve readmeb556f25
doc: improve readme789f114
feat: rewrite format handling (#1038)d36b91c
build(deps-dev): bump@typescript-eslint/parser
from 7.7.1 to 7.8.0 (#1035)a9eb115
build(deps): bump@types/node
from 20.12.7 to 20.12.8 (#1036)bd4fa7c
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 7.7.1 to 7.8.0 (#...38e1018
feat: improve log about pwd/cwd (#1033)21e9e6b
feat: use OS and working-directory as cache key (#1032)Updates
ossf/scorecard-action
from 2.3.1 to 2.3.3Release notes
Sourced from ossf/scorecard-action's releases.
Commits
dc50aa9
:seedling: Bump docker tag for v2.3.3 release (#1368)8ff5700
:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....8ba5e73
update api links to new scorecard.dev site (#1376)92ddde3
Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)6c55905
:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)09bb953
:seedling: Bump distroless/base in the docker-images group (#1372)1511e13
:seedling: Bump the github-actions group across 1 directory with 6 updates (#...df66cd8
:seedling: Bump the docker-images group with 2 updates (#1370)fad9a3c
:seedling: Bump distroless/base in the docker-images group (#1364)1e01a30
:seedling: Bump the github-actions group with 3 updates (#1365)Updates
codecov/codecov-action
from 4.3.0 to 4.3.1Release notes
Sourced from codecov/codecov-action's releases.
Commits
5ecb98a
chore(release): 4.3.1. (#1405)5a299d1
fix: bypass token checks for forks and OIDC (#1404)dad251d
docs: main branch (#1396)e8bbe5f
docs: Type Annotations (#1397)a6fd87f
build(deps-dev): bump@typescript-eslint/parser
from 7.7.1 to 7.8.0 (#1401)76c8cd6
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 7.7.1 to 7.8.0 (#...1290bdd
style: Node Packages (#1394)951ef79
build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#1391)bb71c1b
build(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1392)acc5d43
build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1393)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show