 mandlil
|
55716be400
|
Update scorecards.yml (#3625)
Fixing the issue based on info from Scorecard workflow is failing: error signing scorecard json results ossf/scorecard-action#997
|
1 year ago |
 dependabot[bot]
|
e3b0e10884
|
Bump step-security/harden-runner from 2.5.0 to 2.5.1 (#3168)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](cba0d00b1f...8ca2b8b2ece13480cda6dacd3511b49857a23c09)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>
|
2 years ago |
|
dependabot[bot]
|
2ad1f064fe
|
Bump github/codeql-action from 2.21.1 to 2.21.3 (#3164)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.1 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](6ca1aa8c19...5b6282e01c62d02e720b81eb8a51204f527c3624)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>
|
2 years ago |
|
mandlil
|
d2ba31a255
|
Revert "Bump ossf/scorecard-action from 2.0.6 to 2.2.0 (#3130)" (#3137)
This reverts commit 22d14ae838.
|
2 years ago |
|
dependabot[bot]
|
3efe7291b0
|
Bump step-security/harden-runner from 2.2.1 to 2.5.0 (#3132)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](1f99358870...cba0d00b1fc9a034e1e642ea0f1103c282990604)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>
|
2 years ago |
|
dependabot[bot]
|
22d14ae838
|
Bump ossf/scorecard-action from 2.0.6 to 2.2.0 (#3130)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...08b4669551908b1024bb425080c797723083c031)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>
|
2 years ago |
|
dependabot[bot]
|
371883734c
|
Bump github/codeql-action from 2.2.9 to 2.21.1 (#3136)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04df1262e6...6ca1aa8c195c3ca3e77c174fe0356db1bce3b319)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2 years ago |
 StepSecurity Bot
|
64ddcd4dfe
|
[StepSecurity] Apply security best practices (#2913)
* [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* Update codeql.yml
* Update codeql.yml
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: penmetsaa <penmetsaa@google.com>
|
3 years ago |
