search

uwu-tools / peribolos

Apache License 2.0
20 stars 6 forks source link

build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 #276

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps ossf/scorecard-action from 2.3.0 to 2.3.1.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.1

What's Changed

  • :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by @​spencerschrock in ossf/scorecard-action#1282
    • Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the v4.13.1 release notes

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1

Commits
  • 0864cf1 :seedling: Bump docker tag to for v2.3.1 release (#1284)
  • 72df3bf :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (#1282)
  • 0ea411f :seedling: Bump the docker-images group with 1 update (#1281)
  • dbfd042 :seedling: Bump the github-actions group with 1 update (#1280)
  • 2fa1e2f :seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1278)
  • 652ddd0 :seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1277)
  • 28d0c92 :seedling: Group Dependabot updates for GitHub Actions and Dockerfiles (#1276)
  • cb50491 :seedling: Bump distroless/base from a35b652 to b31a6e0 (#1275)
  • 87157ac :seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (#1274)
  • 7c1648b :seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (#1273)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 8 months ago

Codecov Report

Merging #276 (74b1ba2) into main (117b64c) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #276   +/-   ##
=======================================
  Coverage   59.96%   59.96%           
=======================================
  Files           7        7           
  Lines        1144     1144           
=======================================
  Hits          686      686           
  Misses        422      422           
  Partials       36       36

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more