empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9,069 Commits 3 Branches 0 Tags 561 MiB
7815a7f695
Commit Graph

22 Commits

Author SHA1 Message Date
dependabot[bot]
dbf87cbe62
Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.4 to 2.20.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.4</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle v2.6.0-beta.1</h2>
<p>Bundles CodeQL CLI <a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1">v2.6.0-beta.1</a></p>
<h3>⚠️ This is a beta release containing a new CodeQL packaging feature.
It may not be compatible with existing workflows.</h3>
<p>This release contains beta support for <strong>CodeQL packs</strong>.
Please read the documentation below for more information:</p>
<ul>
<li><a
href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs">Using
CodeQL packs with the CodeQL CLI</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs">Using
CodeQL packs in Code Scanning on GitHub Actions</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs">Using
CodeQL packs in Code Scanning on 3rd-party CI systems</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a
href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action
which attempts to infer a configuration for the build environment that
is required to build a given project. Do not use this in production as
it is part of an internal experiment and subject to change at any
time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users
who received a Dependabot upgrade to <a
href="cdcdbb5797"><code>cdcdbb5</code></a>,
which was mistakenly marked as Action version 2.13.4, continue to
receive updates to the CodeQL Action. Full details in <a
href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to
<code>artifactLocation.uri</code> properties. This reverses a change
from <a
href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a>
that inadvertently led to stricter validation of some URI values. <a
href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a
href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a
href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This
improves the speed of analysis while having only a very minor impact on
results. <a
href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
<li>We are improving the way that <a
href="https://github.com/github/codeql-action/releases">CodeQL
bundles</a> are tagged to make it possible to easily identify bundles by
their CodeQL semantic version. <a
href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using
semantic versions, for example <code>codeql-bundle-v2.13.4</code>,
instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will
not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format
of the CodeQL bundle tag may need to be updated. For example, if your
workflow matches CodeQL bundle tag names against a
<code>codeql-bundle-yyyymmdd</code> pattern, you should update it to
also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
<li>Remove the requirement for <code>on.push</code> and
<code>on.pull_request</code> to trigger on the same branches. <a
href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li>
</ul>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by
passing a <code>config</code> input to the <code>init</code> Action. See
<a href="https://aka.ms/code-scanning-docs/config-file">Using a custom
configuration file</a> for more information about configuring code
scanning. <a
href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f6e388ebf0"><code>f6e388e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1736">#1736</a>
from github/update-v2.20.1-4385ad556</li>
<li><a
href="2874247228"><code>2874247</code></a>
Update changelog for v2.20.1</li>
<li><a
href="4385ad5563"><code>4385ad5</code></a>
Send <code>job_run_uuid</code> to status report telemetry (<a
href="https://redirect.github.com/github/codeql-action/issues/1685">#1685</a>)</li>
<li><a
href="8ba77ef4d3"><code>8ba77ef</code></a>
Bump <code>@​octokit/types</code> from 9.0.0 to 10.0.0 (<a
href="https://redirect.github.com/github/codeql-action/issues/1734">#1734</a>)</li>
<li><a
href="82dbde173c"><code>82dbde1</code></a>
Fix setup-swift composite action for versions 5.8, 5.8.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/1735">#1735</a>)</li>
<li><a
href="c6dff3470e"><code>c6dff34</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1721">#1721</a>
from github/update-bundle/codeql-bundle-v2.13.4</li>
<li><a
href="3e0c87dc38"><code>3e0c87d</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.13.4</li>
<li><a
href="de74ca6211"><code>de74ca6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1732">#1732</a>
from github/henrymercer/tolerate-unexpected-processi...</li>
<li><a
href="d6201b58de"><code>d6201b5</code></a>
Improve logging messages</li>
<li><a
href="0ac18158d1"><code>0ac1815</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1684">#1684</a>
from github/mbg/add-resolve-environment</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.2.4...f6e388ebf0efc915c6c5b165b019ee61a6746a38">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-23 12:40:54 -07:00
dependabot[bot]
672c0d9239
Bump actions/upload-artifact from 3.1.0 to 3.1.2 (#10183) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 3.1.0 to 3.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.2</h2>
<ul>
<li>Update all <code>@actions/*</code> NPM packages to their latest
versions- <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/374">#374</a></li>
<li>Update all dev dependencies to their most recent versions - <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/375">#375</a></li>
</ul>
<h2>v3.1.1</h2>
<ul>
<li>Update actions/core package to latest version to remove
<code>set-output</code> deprecation warning <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/351">#351</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b7f8abb15"><code>0b7f8ab</code></a>
ci(github): update action/download-artifact from v1 to v3 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/312">#312</a>)</li>
<li><a
href="013d2b89ba"><code>013d2b8</code></a>
Create devcontainer for codespaces + update all dev dependencies (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/375">#375</a>)</li>
<li><a
href="055b8b3f04"><code>055b8b3</code></a>
Bump Actions NPM dependencies (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/374">#374</a>)</li>
<li><a
href="7a5d4831f7"><code>7a5d483</code></a>
ci(github): update action/checkout from v2 to v3 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/315">#315</a>)</li>
<li><a
href="e0057a5b76"><code>e0057a5</code></a>
README: Bump actions/checkout to v3 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/352">#352</a>)</li>
<li><a
href="7fe6c13ac8"><code>7fe6c13</code></a>
Update to latest <code>actions/publish-action</code> (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/363">#363</a>)</li>
<li><a
href="83fd05a356"><code>83fd05a</code></a>
Bump actions-core to v1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/356">#356</a>)</li>
<li>See full diff in <a
href="3cea537223...0b7f8abb15">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 11:27:56 -07:00
Zach Wasserman
f8f3a1e335
Update OSSF Scorecards action (#10255) 
Based on the current recommended configuration from
https://github.com/ossf/scorecard-action#installation.
 2023-03-02 09:14:42 -08:00
dependabot[bot]
05d38abc35
Bump github/codeql-action from 2.1.21 to 2.2.5 (#10220) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.21 to 2.2.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307"><code>32dc499</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2"><code>b742728</code></a>
Update changelog for v2.2.5</li>
<li><a
href="237a258d2b"><code>237a258</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e"><code>5972e6d</code></a>
Fix lib file</li>
<li><a
href="164027e682"><code>164027e</code></a>
Fix bundle versions</li>
<li><a
href="3dde1f3512"><code>3dde1f3</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e"><code>d7d7567</code></a>
Unit tests for optimizeForLastQueryRun</li>
<li><a
href="0e4e857bab"><code>0e4e857</code></a>
Set optimizeForLastQueryRun on last run</li>
<li><a
href="08d1f21d4f"><code>08d1f21</code></a>
Calculate customQueryIndices early</li>
<li><a
href="f3bd25eefa"><code>f3bd25e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.1.21...32dc499307d133bb5085bae78498c0ac2cf762d5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.21&new-version=2.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
 2023-03-01 11:39:55 -08:00
dependabot[bot]
56b26753a5
Bump ossf/scorecard-action from 1.1.2 to 2.1.2 (#10180) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 1.1.2 to 2.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054">ossf/scorecard-action#1054</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2">https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2</a></p>
<h2>v2.1.1</h2>
<h2>Scorecard version</h2>
<p>This release use <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.1">Scorecard's
v4.10.1</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1">https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1</a></p>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<h3>Scorecard version</h3>
<p>This release uses <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.0">scorecard
v4.10.0</a>.</p>
<h3>Improvements</h3>
<ul>
<li>Docker build workflow by <a
href="https://github.com/naveensrinivasan"><code>@​naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981">ossf/scorecard-action#981</a></li>
<li>Use root user in distroless to support GitHub Actions by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994">ossf/scorecard-action#994</a></li>
<li>Disable pull_request_target by <a
href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031">ossf/scorecard-action#1031</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add PAT section explaining risks by <a
href="https://github.com/olivekl"><code>@​olivekl</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024">ossf/scorecard-action#1024</a></li>
<li>Make the badge text easier to copy by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joycebrum"><code>@​joycebrum</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984">ossf/scorecard-action#984</a></li>
<li><a href="https://github.com/rajbos"><code>@​rajbos</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0</a></p>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix - Broken dockerfile by <a
href="https://github.com/naveensrinivasan"><code>@​naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/979">ossf/scorecard-action#979</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6">https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6</a></p>
<h2>v2.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove trailing space from example by <a
href="https://github.com/jamacku"><code>@​jamacku</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/955">ossf/scorecard-action#955</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e38b1902ae"><code>e38b190</code></a>
Bump docker tag for release. (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055">#1055</a>)</li>
<li><a
href="7da02bf0d5"><code>7da02bf</code></a>
Bump scorecard to v4.10.2 to remove a CODEOWNERS printf statement. (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054">#1054</a>)</li>
<li><a
href="013c0f8bd2"><code>013c0f8</code></a>
🌱 Bump actions/dependency-review-action from 3.0.1 to
3.0.2</li>
<li><a
href="f93c094f4a"><code>f93c094</code></a>
🌱 Bump github/codeql-action from 2.1.36 to 2.1.37</li>
<li><a
href="ce8978e058"><code>ce8978e</code></a>
🌱 Bump actions/upload-artifact from 3.1.0 to 3.1.1</li>
<li><a
href="5ce49db1aa"><code>5ce49db</code></a>
🌱 Bump actions/setup-go from 3.4.0 to 3.5.0</li>
<li><a
href="15c10fcf1c"><code>15c10fc</code></a>
Update tag to v2.1.1 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047">#1047</a>)</li>
<li><a
href="f96da1a128"><code>f96da1a</code></a>
🌱 Update scorecard for the panic (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045">#1045</a>)</li>
<li><a
href="813a825152"><code>813a825</code></a>
Complete the list of required actions (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044">#1044</a>)</li>
<li><a
href="be62ea89c1"><code>be62ea8</code></a>
Update RELEASE.md (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042">#1042</a>)</li>
<li>Additional commits viewable in <a
href="ce330fde6b...e38b1902ae">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=1.1.2&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-28 17:17:15 -08:00
Michal Nicpon
56f3cb62ef
add concurrency to ci (#8271) 
* add concurrency to ci

* add readme for workflows
 2022-10-24 14:01:00 -06:00
Michal Nicpon
9056b22874
set default shell in workflows (#8108) 
* wait for mysql in workflows
 2022-10-07 09:43:56 -06:00
dependabot[bot]
200ddfaaff
Bump actions/checkout from 2 to 3.0.2 (#7301) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-31 07:44:22 -03:00
dependabot[bot]
fda99bf3ca
Bump github/codeql-action from 2.1.17 to 2.1.21 (#7400) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0c670bbf04...c7f292ea4f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-31 07:42:53 -03:00
dependabot[bot]
a8a41fce31
Bump github/codeql-action from 2.1.16 to 2.1.17 (#6952) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3e7e3b32d0...0c670bbf04)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-02 09:18:44 -03:00
dependabot[bot]
f30a31012e
Bump github/codeql-action from 2.1.15 to 2.1.16 (#6646) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...3e7e3b32d0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-18 14:23:31 -03:00
dependabot[bot]
3da9f6cb38
Bump ossf/scorecard-action from 1.0.4 to 1.1.2 (#6419) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](c1aec4ac82...ce330fde6b)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-28 18:31:37 -07:00
dependabot[bot]
c90b4b8d50
Bump github/codeql-action from 2.1.11 to 2.1.15 (#6416) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a3a6c128d7...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-28 18:26:55 -07:00
dependabot[bot]
3b86836c3f
Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#5835) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](6673cd052c...3cea537223)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-22 16:07:08 -03:00
dependabot[bot]
ade929bc90
Bump github/codeql-action (#5779) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.11. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](75b4f1c466...a3a6c128d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-17 16:36:47 -03:00
dependabot[bot]
85013e87a4
Bump github/codeql-action from 2.1.9 to 2.1.10 (#5668) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7502d6e991...75b4f1c466)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-10 18:18:15 -07:00
dependabot[bot]
86c62a6cc4
Bump github/codeql-action from 2.1.8 to 2.1.9 (#5419) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1ed1437484...7502d6e991)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 11:57:42 -07:00
dependabot[bot]
63df041ecc
Update github/codeql-action requirement to 1ed1437484560351c5be56cf73a48a279d116b78 (#5213) 
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1ed1437484)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-19 16:52:17 -07:00
dependabot[bot]
83ffcc4b7d
Bump actions/upload-artifact from 2.3.1 to 3 (#4637) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](82c141cc51...6673cd052c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-18 19:09:17 -07:00
Guillaume Ross
befbe88eb8
Adding manual execution to ossf scorecard workflow 2022-03-18 14:36:10 -04:00
Guillaume Ross
0ac0c9de3e
Update scorecards-analysis.yml (#4322) 
Update scorecard analysis version from 1.0.2 to 1.0.4 - has updates on how env variables are handled, need to update and see if it fixes the issue we have with the cron job.
 2022-02-22 20:00:41 -05:00
Guillaume Ross
05431b556a
Configuring OSSF Scorecard (#3960) 
From https://github.com/ossf/scorecard-action#installation

Configuring the OSSF Scorecard on the Fleet repo and configuring it so results are sent back to dashboard and github codescanning alerts.
 2022-02-01 09:31:07 -05:00