search

mm2 / Little-CMS

A free, open source, CMM engine. It provides fast transforms between ICC profiles.
https://www.littlecms.com
MIT License
549 stars 174 forks source link

Bump the github-actions group with 4 updates #433

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the github-actions group with 4 updates: actions/checkout, github/codeql-action, ossf/scorecard-action and actions/upload-artifact.

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Commits


Updates github/codeql-action from 2 to 3

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.16.1

Bundles CodeQL CLI v2.16.1

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.16.1:

CodeQL Bundle v2.16.0

Bundles CodeQL CLI v2.16.0

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.16.0:

CodeQL Bundle v2.15.5

Bundles CodeQL CLI v2.15.5

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.5:

... (truncated)

Commits
  • e86ee7f fix typo in comment
  • 4f9fb97 update wording of deprecation warning
  • a854253 ensure deprecation warning is only shown once per job
  • f72cffc add v2 deprecation warning
  • d13ca04 Merge pull request #2090 from github/mergeback/v3.23.1-to-main-0b21cf24
  • 475e2af Update checked-in dependencies
  • See full diff in compare view


Updates ossf/scorecard-action from 2.1.2 to 2.3.1

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.1

What's Changed

  • :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by @​spencerschrock in ossf/scorecard-action#1282
    • Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the v4.13.1 release notes

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1

v2.3.0

What's Changed

Documentation

New Contributors

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0

v2.2.0

What's Changed

Scorecard Result Viewer

Thanks to contributions from @​cynthia-sg and @​tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

As an example, you can see our own score visualized here Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

Docs

... (truncated)

Commits
  • 0864cf1 :seedling: Bump docker tag to for v2.3.1 release (#1284)
  • 72df3bf :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (#1282)
  • 0ea411f :seedling: Bump the docker-images group with 1 update (#1281)
  • dbfd042 :seedling: Bump the github-actions group with 1 update (#1280)
  • 2fa1e2f :seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1278)
  • 652ddd0 :seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1277)
  • 28d0c92 :seedling: Group Dependabot updates for GitHub Actions and Dockerfiles (#1276)
  • cb50491 :seedling: Bump distroless/base from a35b652 to b31a6e0 (#1275)
  • 87157ac :seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (#1274)
  • 7c1648b :seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (#1273)
  • Additional commits viewable in compare view


Updates actions/upload-artifact from 3.1.0 to 4.3.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.0

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.3.0

v4.2.0

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.2.0

v4.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

  1. The changelog post.
  2. The README.
  3. The migration documentation.
  4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v4.0.0

v3.1.3

What's Changed

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 7 months ago

Superseded by #435.