search

step-security / harden-runner

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
https://www.stepsecurity.io
Apache License 2.0
597 stars 47 forks source link

Bump actions/dependency-review-action from 3.1.0 to 3.1.1 #357

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps actions/dependency-review-action from 3.1.0 to 3.1.1.

Release notes

Sourced from actions/dependency-review-action's releases.

3.1.1

What's Changed

  • Update a bunch of dependencies, including major version upgrades for octokit, @actions/github and typescript.

Full Changelog: https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1

Commits
  • 9f45b24 bumping to 3.1.1
  • 559513a Merge pull request #606 from actions/dependabot/npm_and_yarn/actions/github-6...
  • 8edc431 Merge branch 'main' into dependabot/npm_and_yarn/actions/github-6.0.0
  • 3e8322e Merge pull request #605 from actions/dependabot/npm_and_yarn/yaml-2.3.4
  • 5a55885 adding dist
  • f952b5a Merge branch 'main' into dependabot/npm_and_yarn/yaml-2.3.4
  • 8678cfa Merge pull request #607 from actions/dependabot/npm_and_yarn/typescript-eslin...
  • aa8e70d adding dist
  • 3331d25 adding dist
  • 2af83f5 Bump @​actions/github from 5.1.1 to 6.0.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov-commenter commented 10 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (2579b52) 60.46% compared to head (ddc9e30) 60.46%.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #357 +/- ## ======================================= Coverage 60.46% 60.46% ======================================= Files 3 3 Lines 129 129 Branches 30 30 ======================================= Hits 78 78 Misses 46 46 Partials 5 5 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

dependabot[bot] commented 10 months ago

Superseded by #358.