From 86df0e7bcda38159045820522f446efbc08205ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 23:23:32 +0000 Subject: [PATCH] fix(deps): bump the minor-and-patch group with 2 updates Bumps the minor-and-patch group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter). Updates `github/codeql-action` from 3.28.16 to 3.28.17 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...60168efe1c415ce0f5521ea06d5c2062adbeed1b) Updates `oxsecurity/megalinter` from 8.6.0 to 8.7.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/04cf22b980c2e9c2121553417ed651c944afc8e1...5a91fb06c83d0e69fbd23756d47438aa723b4a5a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: oxsecurity/megalinter dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/megalinter.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 68707ce..ab5b869 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Initialize CodeQL - uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # pin@v3 + uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # pin@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -54,6 +54,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # pin@v3 + uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # pin@v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml index 65f2546..f747211 100644 --- a/.github/workflows/megalinter.yml +++ b/.github/workflows/megalinter.yml @@ -78,7 +78,7 @@ jobs: # Run MegaLinter - name: MegaLinter id: ml - uses: oxsecurity/megalinter/flavors/security@04cf22b980c2e9c2121553417ed651c944afc8e1 # pin@v8.6.0 + uses: oxsecurity/megalinter/flavors/security@5a91fb06c83d0e69fbd23756d47438aa723b4a5a # pin@v8.7.0 env: GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} @@ -228,6 +228,6 @@ jobs: if: | steps.sarif_file_exists.outputs.files_exists == 'true' && github.event.repository.visibility == 'public' - uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # pin@v3.28.16 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # pin@v3.28.17 with: sarif_file: "megalinter-reports/megalinter-report.sarif" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0f79929..3c54760 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # pin@v3 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # pin@v3 with: sarif_file: results.sarif