dependabot[bot]
2764851c88
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-18 10:10:55 +00:00
Jussi Kukkonen
f005825955
workflows: Stop pinning actions that are not security relevant
...
These workflows have no real security relevance (runtime build or test)
in the sense that a compromise in the dependencies could compromise
python-tuf security:
* scorecards
* dependency-review
* codeql-analysis
Stop pinning the actions used in them (except the common actions that
are used everyewhere like actions/checkout: use the same version of
those everywhere). The benefit here is fewer Dependabot PRs: If we had
done this from the start we'd have skipped ~70 PRs by now.
The interesting permissions used in these workflows are
* security-events: write
This can add things onto the "Security" tab in GitHub
* id-token: write
This allows OIDC authentication, but only as this specific workflow
These permissions look completely acceptable to me.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-10-02 13:34:24 +03:00
dependabot[bot]
aaea6c29ab
build(deps): bump actions/checkout from 4.0.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 10:56:33 +00:00
dependabot[bot]
c672dfb7eb
build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.7 to 2.21.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04daf014b5...6a28655e3d
2023-09-19 10:32:26 +00:00
dependabot[bot]
dcf81b8748
build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...04daf014b5
2023-09-15 10:30:45 +00:00
dependabot[bot]
811bf02fb0
build(deps): bump actions/checkout from 3.6.0 to 4.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-07 12:36:36 +00:00
sumanth8495
1f676a8e34
version numbers are commented respectively
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-06 13:10:40 +05:30
sumanth8495
e3772c7082
workflows: Includes version comments in GH action uses-lines
...
Signed-off-by: sumanth8495 <msgupthamurukuri123@gmail.com>
2023-09-02 18:44:15 +05:30
dependabot[bot]
82c223cafe
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-31 09:14:00 +00:00
dependabot[bot]
2e82328f69
build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.4 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a09933a12a...00e563ead9
2023-08-29 10:32:24 +00:00
dependabot[bot]
11c67cc04d
build(deps): bump github/codeql-action from 2.21.3 to 2.21.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.3 to 2.21.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5b6282e01c...a09933a12a
2023-08-15 10:08:34 +00:00
dependabot[bot]
e11fe641ac
build(deps): bump github/codeql-action from 2.21.2 to 2.21.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...5b6282e01c
2023-08-09 10:10:30 +00:00
dependabot[bot]
34507c46ae
build(deps): bump github/codeql-action from 2.21.1 to 2.21.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19...0ba4244466
2023-07-31 10:57:23 +00:00
dependabot[bot]
f17c3b13ac
build(deps): bump github/codeql-action from 2.21.0 to 2.21.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1813ca74c3...6ca1aa8c19
2023-07-27 10:09:15 +00:00
dependabot[bot]
9ae7c20760
build(deps): bump github/codeql-action from 2.20.4 to 2.21.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.4 to 2.21.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](489225d82a...1813ca74c3
2023-07-20 10:30:25 +00:00
dependabot[bot]
c6c9644a1f
build(deps): bump github/codeql-action from 2.20.1 to 2.20.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.20.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...489225d82a
2023-07-17 10:55:18 +00:00
dependabot[bot]
121d672d20
build(deps): bump github/codeql-action from 2.20.0 to 2.20.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6c089f53dd...f6e388ebf0
2023-06-21 10:59:03 +00:00
dependabot[bot]
a8185d862e
build(deps): bump github/codeql-action from 2.3.6 to 2.20.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.20.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...6c089f53dd
2023-06-14 10:59:00 +00:00
dependabot[bot]
55a17cc3ee
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 11:00:10 +00:00
dependabot[bot]
1359485a67
build(deps): bump github/codeql-action from 2.3.3 to 2.3.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...83f0fe6c49
2023-06-02 10:58:18 +00:00
dependabot[bot]
224ce8ec8c
build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f3feb00acb...29b1f65c5e
2023-05-05 10:58:24 +00:00
dependabot[bot]
ac419451cc
build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...f3feb00acb
2023-04-28 10:58:26 +00:00
dependabot[bot]
28ea174245
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 11:00:22 +00:00
dependabot[bot]
25cbdcaf32
build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-17 11:22:23 +00:00
dependabot[bot]
308c9874b7
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-04-14 10:58:57 +00:00
dependabot[bot]
64816c40f8
build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-07 10:58:40 +00:00
dependabot[bot]
d68cd71fcd
build(deps): bump github/codeql-action from 2.2.8 to 2.2.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-03-28 10:59:06 +00:00
dependabot[bot]
f86f656d3c
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-28 07:44:51 +00:00
dependabot[bot]
8eaa8dc377
build(deps): bump github/codeql-action from 2.2.7 to 2.2.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...67a35a0858
2023-03-23 10:59:10 +00:00
dependabot[bot]
a673ac3df5
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-20 08:21:35 +00:00
dependabot[bot]
b930e5328a
build(deps): bump github/codeql-action from 2.2.6 to 2.2.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16964e90ba...168b99b3c2
2023-03-16 10:22:59 +00:00
dependabot[bot]
8890b087cd
build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...16964e90ba
2023-03-13 11:01:00 +00:00
dependabot[bot]
3fd56facb0
build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 11:02:26 +00:00
dependabot[bot]
ed05a2c66c
build(deps): bump github/codeql-action from 2.2.3 to 2.2.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-13 11:05:51 +00:00
dependabot[bot]
15c0b40dce
build(deps): bump github/codeql-action from 2.2.2 to 2.2.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](39d8d7e78f...8775e86802
2023-02-09 10:03:50 +00:00
dependabot[bot]
932d72db3a
build(deps): bump github/codeql-action from 2.2.1 to 2.2.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...39d8d7e78f
2023-02-07 10:03:56 +00:00
dependabot[bot]
49b0385c40
build(deps): bump github/codeql-action from 2.1.39 to 2.2.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
2023-01-27 10:05:26 +00:00
dependabot[bot]
2a250df063
build(deps): bump github/codeql-action from 2.1.38 to 2.1.39
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46
2023-01-19 10:04:05 +00:00
dependabot[bot]
bfbfb55444
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-13 10:32:56 +00:00
dependabot[bot]
373f527de3
build(deps): bump github/codeql-action from 2.1.37 to 2.1.38
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](959cbb7472...515828d974
2023-01-13 10:04:32 +00:00
dependabot[bot]
8f3f5713c6
build(deps): bump github/codeql-action from 2.1.36 to 2.1.37
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...959cbb7472
2022-12-15 10:04:23 +00:00
dependabot[bot]
98991d8f50
build(deps): bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 10:04:50 +00:00
dependabot[bot]
9fd45d923d
build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936
2022-12-12 10:07:12 +00:00
dependabot[bot]
07940a1f92
build(deps): bump github/codeql-action from 2.1.33 to 2.1.35
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.33 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.33...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-02 10:04:16 +00:00
dependabot[bot]
878b7ff4d9
build(deps): bump github/codeql-action from 2.1.32 to 2.1.33
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.32 to 2.1.33.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4238421316...678fc3afe2
2022-11-17 10:11:41 +00:00
Lukas Pühringer
7568fc6a8e
Merge pull request #2177 from theupdateframework/dependabot/github_actions/github/codeql-action-2.1.32
...
build(deps): bump github/codeql-action from 2.1.31 to 2.1.32
2022-11-17 09:54:31 +01:00
Jussi Kukkonen
3bc24ad2c3
Merge pull request #2159 from jku/permissions-tweaks
...
Github workflows: Permissions tweaks
2022-11-15 14:34:48 +02:00
dependabot[bot]
eb8c4263ce
build(deps): bump github/codeql-action from 2.1.31 to 2.1.32
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.32.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c3b6fce4ee...4238421316
2022-11-15 10:04:06 +00:00
dependabot[bot]
8d0ae4f99d
build(deps): bump github/codeql-action from 2.1.30 to 2.1.31
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
2022-11-08 10:08:46 +00:00
dependabot[bot]
c12df73040
build(deps): bump github/codeql-action from 2.1.29 to 2.1.30
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
2022-11-03 10:03:51 +00:00
