From 330e6e3c1b0dc55eadb280591a1db1a440266ebf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 19 Aug 2023 07:34:59 +0000 Subject: Bump github/codeql-action from 2.2.9 to 2.21.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.21.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...a09933a12a80f87b87005513f0abb1494c27a716) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ac07d2d7..0351f75c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -63,6 +63,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: results.sarif -- cgit v1.2.3 From 5ad89cbdef5c3b439210d329462c60b58715875e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 19 Aug 2023 08:27:13 +0000 Subject: Bump ossf/scorecard-action from 2.1.3 to 2.2.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0351f75c..21927f18 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif -- cgit v1.2.3 From dea8898c9dbfefde038c1648580efd25f974126f Mon Sep 17 00:00:00 2001 From: Darius Jahandarie Date: Sun, 20 Aug 2023 11:21:42 +0900 Subject: Use a fine-grained PAT in scorecard.yml For additional checks in the scorecard, such as branch protection checks. --- .github/workflows/scorecard.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 21927f18..cb9db177 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -16,6 +16,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis + environment: scorecard runs-on: ubuntu-latest permissions: # Needed to upload the results to code-scanning dashboard. @@ -41,7 +42,7 @@ jobs: # - you want to enable the Branch-Protection check on a *public* repository, or # - you are installing Scorecard on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} + repo_token: ${{ secrets.SCORECARD_TOKEN }} # Public repositories: # - Publish results to OpenSSF REST API for easy access by consumers -- cgit v1.2.3 From 0a3420b9b57a96cbb5b7712951870db97bbdc822 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 03:15:51 +0000 Subject: Bump actions/upload-artifact from 2 to 3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-approve.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 250903fc..7e67a92b 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -11,7 +11,7 @@ jobs: PR_NUM: ${{ github.event.number }} run: echo $PR_NUM > pr_num.txt - name: Upload the PR number - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: pr_num path: ./pr_num.txt \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cb9db177..b03b17b4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -56,7 +56,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@v3 # v3.1.0 with: name: SARIF file path: results.sarif -- cgit v1.2.3 From 3c413737ba9ca0ea894dd1e4494bd3efff333c1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Sep 2023 14:26:45 +0000 Subject: Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/broken-links.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/create-prerelease-on-tag.yml | 2 +- .github/workflows/playwright.yml | 4 ++-- .github/workflows/publish-firefox-development.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/broken-links.yml b/.github/workflows/broken-links.yml index bb2028c6..45043e79 100644 --- a/.github/workflows/broken-links.yml +++ b/.github/workflows/broken-links.yml @@ -16,7 +16,7 @@ jobs: link-checker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 with: fail: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b81df2f..4a767541 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup node uses: actions/setup-node@v3 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a06541ca..bac2d4b8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/create-prerelease-on-tag.yml b/.github/workflows/create-prerelease-on-tag.yml index 0999c5ec..31c39bf1 100644 --- a/.github/workflows/create-prerelease-on-tag.yml +++ b/.github/workflows/create-prerelease-on-tag.yml @@ -13,7 +13,7 @@ jobs: actions: write contents: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup node uses: actions/setup-node@v3 diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 8efc184a..f84922d2 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -13,7 +13,7 @@ jobs: - name: Remove all fonts run: rm -rf /usr/share/fonts - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install CJK fonts uses: awalsh128/cache-apt-pkgs-action@1850ee53f6e706525805321a3f2f863dcf73c962 # v1.3.0 @@ -45,7 +45,7 @@ jobs: run: npx playwright install chromium - name: Grab latest dictionaries from dictionaries branch - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: themoeway/yomitan # so that this works on forks ref: dictionaries diff --git a/.github/workflows/publish-firefox-development.yml b/.github/workflows/publish-firefox-development.yml index 8d8cd616..d4800f49 100644 --- a/.github/workflows/publish-firefox-development.yml +++ b/.github/workflows/publish-firefox-development.yml @@ -55,7 +55,7 @@ jobs: # update update.json so that all people who have the dev version installed get the new update - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: metadata diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cb9db177..55807c25 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@v4 # v3.1.0 with: persist-credentials: false -- cgit v1.2.3 From 881f7ce612d7f5e7eb25bc9d3b90550802644440 Mon Sep 17 00:00:00 2001 From: Darius Jahandarie Date: Sat, 23 Sep 2023 23:47:07 +0900 Subject: Remove incorrect checkout version comment in scorecard.yml --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 55807c25..f502e784 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v4 # v3.1.0 + uses: actions/checkout@v4 with: persist-credentials: false -- cgit v1.2.3 From 81242a3acbea1455d535ddda78224e887a517cb3 Mon Sep 17 00:00:00 2001 From: Darius Jahandarie Date: Sat, 23 Sep 2023 23:48:48 +0900 Subject: Remove incorrect version comment in scorecard.yml --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/scorecard.yml') diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b03b17b4..f79530ac 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -56,7 +56,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v3 # v3.1.0 + uses: actions/upload-artifact@v3 with: name: SARIF file path: results.sarif -- cgit v1.2.3