Skip to content

build: update scorecard action dependencies#49609

Closed
angular-robot wants to merge 1 commit intoangular:mainfrom
angular-robot:ng-renovate/scorecard-action
Closed

build: update scorecard action dependencies#49609
angular-robot wants to merge 1 commit intoangular:mainfrom
angular-robot:ng-renovate/scorecard-action

Conversation

@angular-robot
Copy link
Contributor

@angular-robot angular-robot commented Mar 28, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v3.4.0 -> v3.5.0
github/codeql-action action patch v2.2.7 -> v2.2.9
ossf/scorecard-action action patch v2.1.2 -> v2.1.3

Release Notes

actions/checkout

v3.5.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v3.4.0...v3.5.0

github/codeql-action

v2.2.9

Compare Source

v2.2.8

Compare Source

ossf/scorecard-action

v2.1.3

Compare Source

What's Changed

Bug Fixes
  • Invalid SARIF files from a bug in scorecard
  • Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
  • Scorecard action not reporting binary artifacts in the repo

Full Scorecard Changelog: ossf/scorecard@v4.10.2...v4.10.5

Full Changelog: ossf/scorecard-action@v2.1.2...v2.1.3

Configuration

📅 Schedule: Branch creation - "after 10:00pm on monday,before 04:00am on tuesday" in timezone America/Tijuana, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@angular-robot angular-robot added action: review The PR is still awaiting reviews from at least one requested reviewer area: build & ci Related the build and CI infrastructure of the project target: patch This PR is targeted for the next patch release labels Mar 28, 2023
@ngbot ngbot bot modified the milestone: Backlog Mar 28, 2023
@pullapprove pullapprove bot requested a review from josephperrott March 28, 2023 05:07
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch 14 times, most recently from bba9384 to fa9a1ba Compare March 30, 2023 19:09
@angular-robot
build: update scorecard action dependencies
0655e47 
See associated pull request for more information.
@angular-robot angular-robot force-pushed the ng-renovate/scorecard-action branch from fa9a1ba to 0655e47 Compare March 31, 2023 00:10
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note PullApprove: disable and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Mar 31, 2023
@alan-agius4
Copy link
Contributor

alan-agius4 commented Mar 31, 2023

Caretaker note: my approval should be enough for this as it’s a safe change.

@alan-agius4 alan-agius4 removed the request for review from josephperrott March 31, 2023 18:23
@dylhunn
Copy link
Contributor

dylhunn commented Mar 31, 2023

This PR was merged into the repository by commit 12b2caa.

dylhunn pushed a commit that referenced this pull request Mar 31, 2023
@angular-robot @dylhunn
build: update scorecard action dependencies (#49609)
233f33e 
See associated pull request for more information.

PR Close #49609
@dylhunn dylhunn closed this in 12b2caa Mar 31, 2023
@angular-robot angular-robot deleted the ng-renovate/scorecard-action branch March 31, 2023 19:09
@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented May 1, 2023

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators May 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project merge: caretaker note Alert the caretaker performing the merge to check the PR for an out of normal action needed or note PullApprove: disable target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

3 participants

@angular-robot @alan-agius4 @dylhunn