dependabot[bot]
06b8eef0d8
Bump actions/setup-python from 4.5.0 to 4.6.0 ( flutter/engine#41444 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-python/releases ">actions/setup-python's releases</a>.</em></p>
<blockquote>
<h2>Add allow-prereleases input</h2>
<p>In scope of this release we added a new input (<code>allow-prereleases</code>) to allow <a href="https://redirect.github.com/actions/setup-python/pull/414 ">falling back to pre-release versions of Python when a matching GA version of Python is not available</a></p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.12
allow-prereleases: true
</code></pre>
<p>Besides, we added such changes as:</p>
<ul>
<li>Fix bug to trim new line for PyPy version: <a href="https://redirect.github.com/actions/setup-python/pull/610 ">actions/setup-python#610</a></li>
<li>Added pip dependency file to generate hash from it: <a href="https://redirect.github.com/actions/setup-python/pull/604 ">actions/setup-python#604</a></li>
<li>Improved error handling for saving and restoring cache: <a href="https://redirect.github.com/actions/setup-python/pull/618 ">actions/setup-python#618</a></li>
<li>Add warning if cache paths are empty: <a href="https://redirect.github.com/actions/setup-python/pull/642 ">actions/setup-python#642</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="57ded4d7d5 "><code>57ded4d</code></a> update <code>@âazure/storage-blob</code> (<a href="https://redirect.github.com/actions/setup-python/issues/655 ">#655</a>)</li>
<li><a href="df6abcc733 "><code>df6abcc</code></a> update xml2js (<a href="https://redirect.github.com/actions/setup-python/issues/652 ">#652</a>)</li>
<li><a href="7a4f344e33 "><code>7a4f344</code></a> Add warning for empty cache paths (<a href="https://redirect.github.com/actions/setup-python/issues/642 ">#642</a>)</li>
<li><a href="d1244c8404 "><code>d1244c8</code></a> Remove ubuntu-18.04 from e2e (<a href="https://redirect.github.com/actions/setup-python/issues/641 ">#641</a>)</li>
<li><a href="3091b37310 "><code>3091b37</code></a> Fix glob bug in package.json scripts section (<a href="https://redirect.github.com/actions/setup-python/issues/637 ">#637</a>)</li>
<li><a href="dfa76f8d0d "><code>dfa76f8</code></a> Update configuration files (<a href="https://redirect.github.com/actions/setup-python/issues/622 ">#622</a>)</li>
<li><a href="03eb867e3d "><code>03eb867</code></a> Add error handling for saving and restoring cache (<a href="https://redirect.github.com/actions/setup-python/issues/618 ">#618</a>)</li>
<li><a href="b41aaf9f0c "><code>b41aaf9</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-python/issues/621 ">#621</a> from akv-platform/reusable-workflow</li>
<li><a href="0ffa49cfca "><code>0ffa49c</code></a> Add update-config-files.yml</li>
<li><a href="ec365b4eba "><code>ec365b4</code></a> Add and configure ESLint and update configuration for Prettier (<a href="https://redirect.github.com/actions/setup-python/issues/617 ">#617</a>)</li>
<li>Additional commits viewable in <a href="d27e3f3d7c...57ded4d7d5 ">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
2023-04-24 10:13:05 +00:00
dependabot[bot]
c2a8a4d99b
Bump actions/checkout from 3.5.0 to 3.5.2 ( flutter/engine#41264 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases ">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v3.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: Use correct API url / endpoint in GHES by <a href="https://github.com/fhammerl "><code>@âfhammerl</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1289 ">actions/checkout#1289</a> based on <a href="https://redirect.github.com/actions/checkout/issues/1286 ">#1286</a> by <a href="https://github.com/1newsr "><code>@â1newsr</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2 ">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2 </a></p>
<h2>v3.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Improve checkout performance on Windows runners by upgrading <code>@âactions/github</code> dependency by <a href="https://github.com/BrettDong "><code>@âBrettDong</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1246 ">actions/checkout#1246</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/BrettDong "><code>@âBrettDong</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1246 ">actions/checkout#1246</a></li>
<li><a href="https://github.com/fhammerl "><code>@âfhammerl</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1284 ">actions/checkout#1284</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.0...v3.5.1 ">https://github.com/actions/checkout/compare/v3.5.0...v3.5.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289 ">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246 ">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237 ">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209 ">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210 ">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225 ">Upgrade <code>@âactions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045 ">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050 ">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770 ">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057 ">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942 ">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967 ">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002 ">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964 ">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029 ">Update <code>@âactions/io</code> to 1.1.2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1039 ">Upgrading version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939 ">Use <code>@âactions/core</code> <code>saveState</code> and <code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922 ">Add <code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770 ">Add input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/762 ">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/744 ">Bumped various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/689 ">Update to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/284 ">Fix default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8e5e7e5ab8 "><code>8e5e7e5</code></a> Release v3.5.2 (<a href="https://redirect.github.com/actions/checkout/issues/1291 ">#1291</a>)</li>
<li><a href="eb35239ec2 "><code>eb35239</code></a> Fix: convert baseUrl to serverApiUrl 'formatted' (<a href="https://redirect.github.com/actions/checkout/issues/1289 ">#1289</a>)</li>
<li><a href="83b7061638 "><code>83b7061</code></a> Release v3.5.1 (<a href="https://redirect.github.com/actions/checkout/issues/1284 ">#1284</a>)</li>
<li><a href="40a16ebeed "><code>40a16eb</code></a> Improve checkout performance on Windows runners by upgrading <code>@âactions/github</code> ...</li>
<li>See full diff in <a href="8f4b7f8486...8e5e7e5ab8 ">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
2023-04-17 09:44:23 +00:00
dependabot[bot]
5a91db530b
Bump github/codeql-action from 2.2.9 to 2.2.11 ( flutter/engine#41025 )
...
Bump github/codeql-action from 2.2.9 to 2.2.11
2023-04-10 09:39:17 +00:00
dependabot[bot]
d933f044c2
Bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( flutter/engine#40878 )
...
Bump ossf/scorecard-action from 2.1.2 to 2.1.3
2023-04-03 09:45:12 +00:00
dependabot[bot]
c15f2e9384
Bump github/codeql-action from 2.2.8 to 2.2.9 ( flutter/engine#40877 )
...
Bump github/codeql-action from 2.2.8 to 2.2.9
2023-04-03 09:43:26 +00:00
dependabot[bot]
8c5378eb5e
Bump github/codeql-action from 2.2.7 to 2.2.8 ( flutter/engine#40661 )
...
Bump github/codeql-action from 2.2.7 to 2.2.8
2023-03-30 21:15:57 +00:00
dependabot[bot]
8ca44c985b
Bump actions/checkout from 3.4.0 to 3.5.0 ( flutter/engine#40662 )
...
Bump actions/checkout from 3.4.0 to 3.5.0
2023-03-27 09:47:23 +00:00
Ricardo Amador
0fabddfb3b
Adding autosubmit configuration pointer file ( flutter/engine#40581 )
...
* Adding autosubmit config pointer file.
* Add wiki page to the file
2023-03-24 08:25:39 -07:00
dependabot[bot]
523ca1c2a1
Bump github/codeql-action from 2.2.6 to 2.2.7 ( flutter/engine#40447 )
...
Bump github/codeql-action from 2.2.6 to 2.2.7
2023-03-20 10:03:29 +00:00
dependabot[bot]
574e26f6b6
Bump actions/checkout from 3.3.0 to 3.4.0 ( flutter/engine#40446 )
...
Bump actions/checkout from 3.3.0 to 3.4.0
2023-03-20 09:51:30 +00:00
dependabot[bot]
2035dc18ba
Bump github/codeql-action from 2.2.5 to 2.2.6 ( flutter/engine#40246 )
...
Bump github/codeql-action from 2.2.5 to 2.2.6
2023-03-13 09:44:31 +00:00
dependabot[bot]
ea0c0286b6
Bump github/codeql-action from 2.2.4 to 2.2.5 ( flutter/engine#39908 )
...
Bump github/codeql-action from 2.2.4 to 2.2.5
2023-03-01 02:04:05 +00:00
dependabot[bot]
ac7218fdbe
Bump github/codeql-action from 2.1.39 to 2.2.4 ( flutter/engine#39584 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...17573ee1cc )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-13 09:45:23 +00:00
dependabot[bot]
e5a84c1c94
Bump github/codeql-action from 2.1.38 to 2.1.39 ( flutter/engine#39065 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](515828d974...a34ca99b46 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-23 09:33:34 +00:00
dependabot[bot]
6576060a0e
Bump github/codeql-action from 2.1.37 to 2.1.38 ( flutter/engine#38910 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](959cbb7472...515828d974 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-16 08:58:41 +00:00
dependabot[bot]
3aa5e639ec
Bump actions/setup-python from 4.4.0 to 4.5.0 ( flutter/engine#38909 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](5ccb29d877...d27e3f3d7c )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-16 08:57:48 +00:00
dependabot[bot]
0e37dda533
Bump actions/checkout from 3.2.0 to 3.3.0 ( flutter/engine#38714 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 15:45:52 +00:00
dependabot[bot]
147beccf40
Bump actions/upload-artifact from 3.1.0 to 3.1.2 ( flutter/engine#38713 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...0b7f8abb1508181956e8e162db84b466c27e18ce )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 15:45:50 +00:00
dependabot[bot]
4fcae9ba57
Bump actions/checkout from 3.1.0 to 3.2.0 ( flutter/engine#38390 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-05 21:42:36 +00:00
dependabot[bot]
608828eb1a
Bump actions/setup-python from 4.3.0 to 4.4.0 ( flutter/engine#38502 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v4.3.0...5ccb29d8773c3f3f653e1705f474dfaa8a06a912 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-26 08:54:20 +00:00
dependabot[bot]
0da4eaef21
Bump ossf/scorecard-action from 2.1.1 to 2.1.2 ( flutter/engine#38501 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](15c10fcf1c...e38b1902ae )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-26 08:48:03 +00:00
dependabot[bot]
a2f12e9ffb
Bump ossf/scorecard-action from 2.0.4 to 2.1.1 ( flutter/engine#38406 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.4 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e363bfca00...15c10fcf1c )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 20:45:21 +00:00
dependabot[bot]
f4f74a8d15
Bump github/codeql-action from 2.1.36 to 2.1.37 ( flutter/engine#38391 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a669cc5936...959cbb7472 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 08:48:23 +00:00
dependabot[bot]
f95d5d7059
Bump github/codeql-action from 2.1.35 to 2.1.36 ( flutter/engine#38210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2a92eb56d...a669cc5936 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-15 21:53:49 +00:00
dependabot[bot]
a85a25a18d
Bump github/codeql-action from 2.1.31 to 2.1.35 ( flutter/engine#38066 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.31 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.31...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-05 08:51:24 +00:00
sealesj
53e7761af0
ubuntu version ( flutter/engine#37948 )
2022-11-30 14:12:36 -05:00
sealesj
4220be6c72
Vulnerability Scanning on Third Party Deps ( flutter/engine#36506 )
...
* initial flatten deps scan
* move 3rd party scan to separate action
* allow fork to run
* install requests
* use packages
* pip install
* rename
* conditional vuln report
* trailing whitespace
* trailing whitespace
* detailed print
* add testing file
* add upload test sarif
* results sarif
* move sarif
* upload modified sarif
* test flow
* test with results.sarif
* formatting
* test naming convention
* description with text in artifactLocation
* don't use locations
* use template sarif
* just use template
* add one field mod
* add another field mod
* use actual osvReport
* add field
* add field
* test
* no information uri
* no information uri
* add name
* template NA data for results
* back to minimal template
* dynamic rules
* template update
* no results
* only use template
* test
* new test
* new test
* add back locations
* descriptive fields
* test
* use package name
* variable commit hash
* add chromium accessibility readme support
* use batch query test
* clean up
* use variables for sarif template
* initial automating ancestor commit
* allow for workflow on testing
* install gitpython in workflow
* wrap in try
* expand try
* check commit is not none
* quiet clone
* fix commit newline
* proper print for failed deps
* remove gitpython
* remove import
* fix origin source
* remove .dart from dep names
* update dep
* typo
* update
* clone into controlled name repo now
* fix github upstream clone url
* test CVE finding
* use templated rule and result
* typo
* remove test CVE
* add link straight to OSV DB
* comments
* use os mkdir
* check time of pinned commit
* quiet git
* print osv api query results if vulns found
* move upstream mapping into DEPS file
* add testing for DEPS file
* add khronos exception
* add basic ancestor commit test
* no vulns message
* do not produce empty sarif
* add yaml
* remove unused python dep
* no change?
* no more print, causing recipe issues
* string test
* string test
* no more fstrings
* convert to .format
* syntax
* remove unused dep
* test
* switch test script
* no encoding
* add back test
* typo
* remove scan flat deps tests again
* update
* fix tests
* typo
* newline
* use checkout dir
* prefix
* update to use prefix
* lint
* runhook attempt
* lint
* lint
* lint
* lint
* no license blurb
* cleanup
* enable for main
* do not raise error
* run on branch
* data indentation
* check file existence
* workflow updates
* add push for testing
* syntax
* workflow test
* test github action
* syntax
* allow empty report
* update cron
* pin hash
* newline
* sort by key with prefix omitted
* alphabetize, copyright header
* pylint tests
* lint
* lint
* trailing whitespace?
* lint
* update
* get error types
* allow test
* use output
* only main branch
* licenses check
* results.sarif
* revert
* license updates
* add upstream
* replace Requests library with urllib, remove pylint wrapper
* lint
* undo license
* clone test nit
* isinstance
* DEPS formatting
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* use subprocess.check_output
* lint
* lint
* review syntax from comments
* remove line
* more description in error
* lint
* fix checkout path
* remove duplicate eval
* lint
* lint
* lint
* clone-test mkdir and cleanup
* use shutil.rmtree for non-empty dir
* lint
* linting
* linting
* var name
* Update ci/deps_parser_tests.py
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* Update ci/deps_parser_tests.py
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* more description
* lint
* refactor deps file parsing
* early return
* lint
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
2022-11-23 15:07:43 -05:00
dependabot[bot]
a65707c87d
Bump github/codeql-action from 2.1.29 to 2.1.31 ( flutter/engine#37374 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...c3b6fce4ee )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-07 08:53:22 +00:00
dependabot[bot]
03585a78cc
Bump github/codeql-action from 2.1.28 to 2.1.29 ( flutter/engine#37169 )
2022-10-31 09:13:13 +00:00
fzyzcjy
76ac27ca0d
Fix incorrect newline in pull request template ( flutter/engine#36918 )
2022-10-27 20:06:35 +00:00
dependabot[bot]
7da05d549a
Bump github/codeql-action from 2.1.27 to 2.1.28 ( flutter/engine#36961 )
2022-10-24 09:27:16 +00:00
dependabot[bot]
7fa82ac844
Bump actions/setup-python from 4.2.0 to 4.3.0 ( flutter/engine#36794 )
2022-10-17 09:44:31 +00:00
dependabot[bot]
ee7c458779
Bump github/codeql-action from 2.1.26 to 2.1.27 ( flutter/engine#36684 )
2022-10-10 09:28:22 +00:00
dependabot[bot]
6abd0639a1
Bump actions/checkout from 3.0.2 to 3.1.0 ( flutter/engine#36683 )
2022-10-10 09:24:22 +00:00
dependabot[bot]
857c56454f
Bump github/codeql-action from 2.1.25 to 2.1.26 ( flutter/engine#36563 )
2022-10-03 09:21:12 +00:00
dependabot[bot]
b07254d691
Bump ossf/scorecard-action from 2.0.3 to 2.0.4 ( flutter/engine#36562 )
2022-10-03 09:11:22 +00:00
sealesj
8c24c0eb88
Revert "OSV Vulnerabiltiy Scanning ( #36355 )" ( flutter/engine#36477 )
...
This reverts commit 67333ec64c77c195dd764682a3095c4c1744cbc2.
2022-09-28 13:12:25 -04:00
sealesj
67333ec64c
OSV Vulnerabiltiy Scanning ( flutter/engine#36355 )
...
* initial flatten deps scan
* move 3rd party scan to separate action
* allow fork to run
* install requests
* use packages
* pip install
* rename
* conditional vuln report
* trailing whitespace
* trailing whitespace
* detailed print
* add testing file
* add upload test sarif
* results sarif
* move sarif
* upload modified sarif
* test flow
* test with results.sarif
* formatting
* test naming convention
* description with text in artifactLocation
* don't use locations
* use template sarif
* just use template
* add one field mod
* add another field mod
* use actual osvReport
* add field
* add field
* test
* no information uri
* no information uri
* add name
* template NA data for results
* back to minimal template
* dynamic rules
* template update
* no results
* only use template
* test
* new test
* new test
* add back locations
* descriptive fields
* test
* use package name
* variable commit hash
* add chromium accessibility readme support
* use batch query test
* clean up
* use variables for sarif template
* initial automating ancestor commit
* allow for workflow on testing
* install gitpython in workflow
* wrap in try
* expand try
* check commit is not none
* quiet clone
* fix commit newline
* proper print for failed deps
* remove gitpython
* remove import
* fix origin source
* remove .dart from dep names
* update dep
* typo
* update
* clone into controlled name repo now
* fix github upstream clone url
* test CVE finding
* use templated rule and result
* typo
* remove test CVE
* add link straight to OSV DB
* comments
* use os mkdir
* check time of pinned commit
* quiet git
* print osv api query results if vulns found
* move upstream mapping into DEPS file
* add testing for DEPS file
* add khronos exception
* add basic ancestor commit test
* no vulns message
* do not produce empty sarif
* add yaml
* remove unused python dep
* no change?
* no more print, causing recipe issues
* string test
* string test
* no more fstrings
* convert to .format
* syntax
* remove unused dep
* test
* switch test script
* no encoding
* add back test
* typo
* remove scan flat deps tests again
* update
* fix tests
* typo
* newline
* use checkout dir
* prefix
* update to use prefix
* lint
* runhook attempt
* lint
* lint
* lint
* lint
* no license blurb
* cleanup
* enable for main
* do not raise error
* run on branch
* data indentation
* check file existence
2022-09-28 12:56:31 -04:00
dependabot[bot]
31399ab183
Bump github/codeql-action from 2.1.24 to 2.1.25 ( flutter/engine#36409 )
2022-09-26 09:18:22 +00:00
dependabot[bot]
247f2b74b6
Bump github/codeql-action from 2.1.22 to 2.1.24 ( flutter/engine#36245 )
2022-09-19 09:34:23 +00:00
sealesj
94f887388f
Separate GitHub workflow jobs ( flutter/engine#36152 )
...
* boringssl metadata for vuln scan
* update date, add owners test
* move unsupported actions into new job
* temp remove branch protection for test
* minor change
* fake change
* no branch check
* re-enable branch protection
* updates
* refactor further into generic setup
* remove setup stage
* no more needs
2022-09-14 16:20:40 -04:00
sealesj
34860c0d50
Separate GitHub workflow jobs ( flutter/engine#36127 )
...
* boringssl metadata for vuln scan
* update date, add owners test
* move unsupported actions into new job
* temp remove branch protection for test
* minor change
* fake change
* no branch check
* re-enable branch protection
* updates
* refactor further into generic setup
2022-09-14 15:47:44 -04:00
godofredoc
e69e84f0ee
Manual update of scorecards 2.0.3 ( flutter/engine#36112 )
2022-09-13 15:28:46 +00:00
dependabot[bot]
2eb31ffb36
Bump ossf/scorecard-action from 1.1.2 to 2.0.2 ( flutter/engine#36089 )
2022-09-12 09:38:11 +00:00
dependabot[bot]
244a38c703
Bump github/codeql-action from 2.1.21 to 2.1.22 ( flutter/engine#35927 )
2022-09-05 15:35:24 +00:00
dependabot[bot]
7a93830e5d
Bump github/codeql-action from 2.1.19 to 2.1.21 ( flutter/engine#35773 )
2022-08-29 09:42:21 +00:00
dependabot[bot]
8014946bca
Bump github/codeql-action from 2.1.18 to 2.1.19 ( flutter/engine#35595 )
2022-08-22 09:20:05 +00:00
dependabot[bot]
d42b1487f2
Bump github/codeql-action from 2.1.16 to 2.1.18 ( flutter/engine#35226 )
2022-08-08 09:52:13 +00:00
dependabot[bot]
057884114c
Bump actions/setup-python from 4.1.0 to 4.2.0 ( flutter/engine#35227 )
2022-08-08 09:22:13 +00:00
dependabot[bot]
b0ed3717c2
Bump github/codeql-action from 2.1.15 to 2.1.16 ( flutter/engine#34711 )
2022-07-18 11:58:05 +00:00