search

mimmi20 / browser-detector

Library for PHP 8.1+ to detect Browsers and Devices
https://github.com/mimmi20/BrowserDetector
MIT License
43 stars 12 forks source link

github-actions: bump codecov/codecov-action from 4.3.0 to 4.3.1 in the minor-patch-dependencies group across 1 directory #778

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the minor-patch-dependencies group with 1 update in the / directory: codecov/codecov-action.

Updates codecov/codecov-action from 4.3.0 to 4.3.1

Commits
  • 6020e12 chore(release): 4.3.1.
  • 5a299d1 fix: bypass token checks for forks and OIDC (#1404)
  • dad251d docs: main branch (#1396)
  • e8bbe5f docs: Type Annotations (#1397)
  • a6fd87f build(deps-dev): bump @​typescript-eslint/parser from 7.7.1 to 7.8.0 (#1401)
  • 76c8cd6 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.7.1 to 7.8.0 (#...
  • 1290bdd style: Node Packages (#1394)
  • 951ef79 build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#1391)
  • bb71c1b build(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#1392)
  • acc5d43 build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#1393)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 6 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/codecov/codecov-action 4.3.1 :green_circle: 7.5
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 9found 1 unreviewed changesets out of 12 -- score normalized to 9
Contributors:green_circle: 109 different organizations found -- score normalized to 10
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1030 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging:warning: -1no published package detected
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:green_circle: 7SAST tool detected but not run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities:green_circle: 10no vulnerabilities detected
actions/codecov/codecov-action 4.3.0 :green_circle: 7.5
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 9found 1 unreviewed changesets out of 12 -- score normalized to 9
Contributors:green_circle: 109 different organizations found -- score normalized to 10
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1030 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging:warning: -1no published package detected
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:green_circle: 7SAST tool detected but not run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities:green_circle: 10no vulnerabilities detected

Scanned Manifest Files

.github/workflows/continuous-integration.yml
  • codecov/codecov-action@4.3.1
  • codecov/codecov-action@4.3.0
codeclimate[bot] commented 6 months ago

Code Climate has analyzed commit 9de3d7a9 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 98.3% (0.0% change).

View more on Code Climate.