Skip to content

Commit a16f149

Browse files
dependabot[bot]dependabot[bot]
authored
Bump the github-actions group with 5 updates (#2547)
Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0` | | [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.5` | Updates `actions/cache` from 4.2.4 to 4.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>Add note on runner versions by <a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> <li>Prepare <code>v4.3.0</code> release by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <ul> <li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li> <li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li> </ul> <h3>4.1.1</h3> <ul> <li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li> </ul> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/0057852bfaa89a56745cba8c7296529d2fc39830"><code>0057852</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1655">#1655</a> from actions/Link-/prepare-4.3.0</li> <li><a href="https://github.com/actions/cache/commit/4f5ea67f1cc87b2d4239690fa12a12fc32096d68"><code>4f5ea67</code></a> Update licensed cache</li> <li><a href="https://github.com/actions/cache/commit/9fcad95d03062fb8399cdbd79ae6041c7692b6c8"><code>9fcad95</code></a> Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release</li> <li><a href="https://github.com/actions/cache/commit/638ed79f9dc94c1de1baef91bcab5edaa19451f4"><code>638ed79</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1642">#1642</a> from actions/GhadimiR-patch-1</li> <li><a href="https://github.com/actions/cache/commit/3862dccb1765f1ff6e623be1f4fd3a5b47a30d27"><code>3862dcc</code></a> Add note on runner versions</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830">compare view</a></li> </ul> </details> <br /> Updates `actions/stale` from 9.1.0 to 10.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1279">actions/stale#1279</a> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></li> </ul> <h3>Enhancement</h3> <ul> <li>Introducing sort-by option by <a href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1254">actions/stale#1254</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1186">actions/stale#1186</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1201">actions/stale#1201</a></li> <li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1226">actions/stale#1226</a></li> <li>Upgrade <code>@​action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1233">actions/stale#1233</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1251">actions/stale#1251</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1277">actions/stale#1277</a></li> </ul> <h3>Documentation changes</h3> <ul> <li>Changelog update for recent releases by <a href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1224">actions/stale#1224</a></li> <li>Permissions update in Readme by <a href="https://github.com/ghadimir"><code>@​ghadimir</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1248">actions/stale#1248</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1224">actions/stale#1224</a></li> <li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1248">actions/stale#1248</a></li> <li><a href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1277">actions/stale#1277</a></li> <li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1279">actions/stale#1279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v9...v10.0.0">https://github.com/actions/stale/compare/v9...v10.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/3a9db7e6a41a89f618792c92c0e97cc736e1b13f"><code>3a9db7e</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/stale/issues/1279">#1279</a>)</li> <li><a href="https://github.com/actions/stale/commit/8f717f0dfca33b78d3c933452e42558e4456c8e7"><code>8f717f0</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/stale/issues/1277">#1277</a>)</li> <li><a href="https://github.com/actions/stale/commit/a92fd57ffeff1a7d5e9f90394c229c1cebb74321"><code>a92fd57</code></a> build(deps): bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/stale/issues/1251">#1251</a>)</li> <li><a href="https://github.com/actions/stale/commit/128b2c81d01bedfe5b59d56fc08176aecd3fe6b9"><code>128b2c8</code></a> Introducing sort-by option (<a href="https://redirect.github.com/actions/stale/issues/1254">#1254</a>)</li> <li><a href="https://github.com/actions/stale/commit/f78de9780efb7a789cf4745957fa3374cbb94fd5"><code>f78de97</code></a> Update README.md (<a href="https://redirect.github.com/actions/stale/issues/1248">#1248</a>)</li> <li><a href="https://github.com/actions/stale/commit/816d9db1aba399a7f70277f1a2b01a4d21497fdd"><code>816d9db</code></a> Upgrade <code>@​action/cache</code> from 4.0.2 to 4.0.3 (<a href="https://redirect.github.com/actions/stale/issues/1233">#1233</a>)</li> <li><a href="https://github.com/actions/stale/commit/ba23c1cb02e5cb8f885b0994d870e6032be00186"><code>ba23c1c</code></a> upgrade actions/cache from 4.0.0 to 4.0.2 (<a href="https://redirect.github.com/actions/stale/issues/1226">#1226</a>)</li> <li><a href="https://github.com/actions/stale/commit/a65e88a9b971cb99d742d9a25b2f8614e10577e9"><code>a65e88a</code></a> build(deps): bump undici from 5.28.4 to 5.28.5 (<a href="https://redirect.github.com/actions/stale/issues/1201">#1201</a>)</li> <li><a href="https://github.com/actions/stale/commit/d4df79c5919b10352b8f29b9699b7acdc5500ebc"><code>d4df79c</code></a> Updates to CHANGELOG.MD for recent releases (<a href="https://redirect.github.com/actions/stale/issues/1224">#1224</a>)</li> <li><a href="https://github.com/actions/stale/commit/ee7ef89499a3de6e4fe1fc1acb994e67c64e0a2a"><code>ee7ef89</code></a> build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (<a href="https://redirect.github.com/actions/stale/issues/1186">#1186</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/5bef64f19d7facfb25b37b414482c7164d639639...3a9db7e6a41a89f618792c92c0e97cc736e1b13f">compare view</a></li> </ul> </details> <br /> Updates `actions/labeler` from 5.0.0 to 6.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Upgrade publish-action from 0.2.2 to 0.4.0 by <a href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/901">actions/labeler#901</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/901">actions/labeler#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v6.0.0...v6.0.1">https://github.com/actions/labeler/compare/v6.0.0...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/jcambass"><code>@​jcambass</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/802">actions/labeler#802</a></li> </ul> <h3>Breaking Changes</h3> <ul> <li>Upgrade Node.js version to 24 in action and dependencies <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/891">actions/labeler#891</a> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/711">actions/labeler#711</a></li> <li>Upgrade eslint from 8.52.0 to 8.55.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/720">actions/labeler#720</a></li> <li>Upgrade <code>@​types/jest</code> from 29.5.6 to 29.5.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/719">actions/labeler#719</a></li> <li>Upgrade <code>@​types/js-yaml</code> from 4.0.8 to 4.0.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/718">actions/labeler#718</a></li> <li>Upgrade <code>@​typescript-eslint/parser</code> from 6.9.0 to 6.14.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/717">actions/labeler#717</a></li> <li>Upgrade prettier from 3.0.3 to 3.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/726">actions/labeler#726</a></li> <li>Upgrade eslint from 8.55.0 to 8.56.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/725">actions/labeler#725</a></li> <li>Upgrade <code>@​typescript-eslint/parser</code> from 6.14.0 to 6.19.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/745">actions/labeler#745</a></li> <li>Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/744">actions/labeler#744</a></li> <li>Upgrade <code>@​typescript-eslint/eslint-plugin</code> from 6.9.0 to 6.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/750">actions/labeler#750</a></li> <li>Upgrade prettier from 3.1.1 to 3.2.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/752">actions/labeler#752</a></li> <li>Upgrade undici from 5.26.5 to 5.28.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/757">actions/labeler#757</a></li> <li>Upgrade braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/789">actions/labeler#789</a></li> <li>Upgrade minimatch from 9.0.3 to 10.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/805">actions/labeler#805</a></li> <li>Upgrade <code>@​actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/811">actions/labeler#811</a></li> <li>Upgrade typescript from 5.4.3 to 5.7.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/819">actions/labeler#819</a></li> <li>Upgrade <code>@​typescript-eslint/parser</code> from 7.3.1 to 8.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/824">actions/labeler#824</a></li> <li>Upgrade prettier from 3.2.5 to 3.4.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/825">actions/labeler#825</a></li> <li>Upgrade <code>@​types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/827">actions/labeler#827</a></li> <li>Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/832">actions/labeler#832</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/831">actions/labeler#831</a></li> <li>Upgrade <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/830">actions/labeler#830</a></li> <li>Upgrade typescript from 5.7.2 to 5.7.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/835">actions/labeler#835</a></li> <li>Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/839">actions/labeler#839</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/842">actions/labeler#842</a></li> <li>Upgrade <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/labeler/pull/846">actions/labeler#846</a></li> </ul> <h3>Documentation changes</h3> <ul> <li>Add note regarding <code>pull_request_target</code> to README.md by <a href="https://github.com/silverwind"><code>@​silverwind</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/669">actions/labeler#669</a></li> <li>Update readme with additional examples and important note about <code>pull_request_target</code> event by <a href="https://github.com/IvanZosimov"><code>@​IvanZosimov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/721">actions/labeler#721</a></li> <li>Document update - permission section by <a href="https://github.com/harithavattikuti"><code>@​harithavattikuti</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/840">actions/labeler#840</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/labeler/commit/634933edcd8ababfe52f92936142cc22ac488b1b"><code>634933e</code></a> publish-action upgrade to 0.4.0 from 0.2.2 (<a href="https://redirect.github.com/actions/labeler/issues/901">#901</a>)</li> <li><a href="https://github.com/actions/labeler/commit/f1a63e87db0c6baf19c5713083f8d00d789ca184"><code>f1a63e8</code></a> Update Node.js version to 24 in action and dependencies (<a href="https://redirect.github.com/actions/labeler/issues/891">#891</a>)</li> <li><a href="https://github.com/actions/labeler/commit/b0a1180683c9f17424de4d71c044bea4c7b9bc7c"><code>b0a1180</code></a> Bump <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 (<a href="https://redirect.github.com/actions/labeler/issues/846">#846</a>)</li> <li><a href="https://github.com/actions/labeler/commit/110d44140c9195b853f2f24044bbfed8f4968efb"><code>110d441</code></a> Update README.md (<a href="https://redirect.github.com/actions/labeler/issues/871">#871</a>)</li> <li><a href="https://github.com/actions/labeler/commit/bee50fefe18762fad67754b2f3bfff2c8082ebb8"><code>bee50fe</code></a> Bump undici from 5.28.4 to 5.28.5 (<a href="https://redirect.github.com/actions/labeler/issues/842">#842</a>)</li> <li><a href="https://github.com/actions/labeler/commit/6463cdb00ee92c05bec55dffc4e1fce250301945"><code>6463cdb</code></a> Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (<a href="https://redirect.github.com/actions/labeler/issues/839">#839</a>)</li> <li><a href="https://github.com/actions/labeler/commit/c209686724ee12fcc5e6294d1d569b91f86fa691"><code>c209686</code></a> Bump typescript from 5.7.2 to 5.7.3 (<a href="https://redirect.github.com/actions/labeler/issues/835">#835</a>)</li> <li><a href="https://github.com/actions/labeler/commit/5184940b544b0096088a7b42d1b8a551003d9eb1"><code>5184940</code></a> Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 (<a href="https://redirect.github.com/actions/labeler/issues/830">#830</a>)</li> <li><a href="https://github.com/actions/labeler/commit/3629d5568b59204f18786372f6d740d649719488"><code>3629d55</code></a> Document update - permission section (<a href="https://redirect.github.com/actions/labeler/issues/840">#840</a>)</li> <li><a href="https://github.com/actions/labeler/commit/d24f7f3731b2a06433c0bccc364d560c5329c48f"><code>d24f7f3</code></a> Bump ts-jest from 29.1.2 to 29.2.5 (<a href="https://redirect.github.com/actions/labeler/issues/831">#831</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/labeler/compare/8558fd74291d67161a8a78ce36a881fa63b766a9...634933edcd8ababfe52f92936142cc22ac488b1b">compare view</a></li> </ul> </details> <br /> Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.3</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the <a href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard v5.3.0 release notes</a>.</p> <h2>Documentation</h2> <ul> <li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for private repos by <a href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li>:book: Fix recommended command to test the image in development by <a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li> </ul> <h2>Other</h2> <ul> <li>add missing top-level token permissions to workflows by <a href="https://github.com/timothyklee"><code>@​timothyklee</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li>setup codeowners for requesting reviews by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li> <li>:seedling: Improve printing options by <a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/timothyklee"><code>@​timothyklee</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li><a href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li><a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a> bump docker to ghcr v2.4.3 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a> 🌱 Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a> 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a> 📖 Fix recommended command to test the image in development (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a> 🌱 Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a> 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a> 🌱 Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a> 🌱 Improve printing options (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a> 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3.29.11 to 3.30.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.5</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.4</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.3</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.2</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.1</h2> <h1>CodeQL Action Changelog</h1> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li> </ul> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li> </ul> <h2>3.30.1 - 05 Sep 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.0. <a href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li> </ul> <h2>3.30.0 - 01 Sep 2025</h2> <ul> <li>Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. <a href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li> </ul> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93"><code>3599b3b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3161">#3161</a> from github/update-v3.30.5-0a67bd46a</li> <li><a href="https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46"><code>2ca0085</code></a> Update changelog for v3.30.5</li> <li><a href="https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db"><code>0a67bd4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3160">#3160</a> from github/mbg/fix/upload-sarif</li> <li><a href="https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b"><code>8e34f2f</code></a> Add changelog</li> <li><a href="https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5"><code>0b7fc56</code></a> Fix <code>upload-sarif</code> not uploading non-<code>.sarif</code> files</li> <li><a href="https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca"><code>94a9b7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3155">#3155</a> from github/mbg/node/no-install-in-actions</li> <li><a href="https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9"><code>a0ae9ba</code></a> Log what the script is doing</li> <li><a href="https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9"><code>b27a8ef</code></a> Exit if running in an Actions workflow</li> <li><a href="https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742"><code>6592567</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3139">#3139</a> from github/henrymercer/fix-log-message</li> <li><a href="https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97"><code>fa64a7d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3154">#3154</a> from github/mbg/node/check-up-to-date-deps</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...3599b3baa15b485a2e49ef411a7a4bb2452e7f93">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
1 parent b99d556 commit a16f149

File tree

4 files changed

+37
-37
lines changed

4 files changed

+37
-37
lines changed

.github/workflows/dart.yml

Lines changed: 33 additions & 33 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/no-response.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
runs-on: ubuntu-latest
2020
if: ${{ github.repository_owner == 'dart-lang' }}
2121
steps:
22-
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639
22+
- uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f
2323
with:
2424
days-before-stale: -1
2525
days-before-close: 14

.github/workflows/pull_request_label.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
pull-requests: write
1717
runs-on: ubuntu-latest
1818
steps:
19-
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9
19+
- uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b
2020
with:
2121
repo-token: "${{ secrets.GITHUB_TOKEN }}"
2222
sync-labels: true

.github/workflows/scorecards-analysis.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
persist-credentials: false
2828

2929
- name: "Run analysis"
30-
uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde
30+
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a
3131
with:
3232
results_file: results.sarif
3333
results_format: sarif
@@ -50,6 +50,6 @@ jobs:
5050

5151
# Upload the results to GitHub's code scanning dashboard.
5252
- name: "Upload to code-scanning"
53-
uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
53+
uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
5454
with:
5555
sarif_file: results.sarif

0 commit comments

Comments
 (0)