chore(deps): update workflows (#1393)

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.27.0` -> `v3.27.4` | | [goreleaser/goreleaser-action](https://redirect.github.com/goreleaser/goreleaser-action) | action | minor | `v6.0.0` -> `v6.1.0` | | [r-lib/actions](https://redirect.github.com/r-lib/actions) | action | minor | `v2.10.1` -> `v2.11.0` | | [ruby/setup-ruby](https://redirect.github.com/ruby/setup-ruby) | action | minor | `v1.200.0` -> `v1.202.0` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.27.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.3...v3.27.4) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.4 - 14 Nov 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.4/CHANGELOG.md) for more information. ### [`v3.27.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.2...v3.27.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.3 - 12 Nov 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.3/CHANGELOG.md) for more information. ### [`v3.27.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.1...v3.27.2) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". [#2590](https://redirect.github.com/github/codeql-action/pull/2590) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.2/CHANGELOG.md) for more information. ### [`v3.27.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.0...v3.27.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.1 - 08 Nov 2024 - The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. [#2573](https://redirect.github.com/github/codeql-action/pull/2573) - Update default CodeQL bundle version to 2.19.3. [#2576](https://redirect.github.com/github/codeql-action/pull/2576) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.1/CHANGELOG.md) for more information. </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v6.1.0`](https://redirect.github.com/goreleaser/goreleaser-action/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/goreleaser/goreleaser-action/compare/v6.0.0...v6.1.0) ##### What's Changed - chore(deps): bump braces from 3.0.2 to 3.0.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/467](https://redirect.github.com/goreleaser/goreleaser-action/pull/467) - chore(deps): bump docker/bake-action from 4 to 5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/468](https://redirect.github.com/goreleaser/goreleaser-action/pull/468) - chore(deps): bump semver from 7.6.2 to 7.6.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/470](https://redirect.github.com/goreleaser/goreleaser-action/pull/470) - chore(deps): bump [@actions/http-client](https://redirect.github.com/actions/http-client) from 2.2.1 to 2.2.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/473](https://redirect.github.com/goreleaser/goreleaser-action/pull/473) - chore(deps): bump [@actions/http-client](https://redirect.github.com/actions/http-client) from 2.2.2 to 2.2.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/474](https://redirect.github.com/goreleaser/goreleaser-action/pull/474) - chore(deps): bump micromatch from 4.0.5 to 4.0.8 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/475](https://redirect.github.com/goreleaser/goreleaser-action/pull/475) - chore(deps): bump [@actions/core](https://redirect.github.com/actions/core) from 1.10.1 to 1.11.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/478](https://redirect.github.com/goreleaser/goreleaser-action/pull/478) - docs: bump upload-artifact version by [@dunglas](https://redirect.github.com/dunglas) in [https://github.com/goreleaser/goreleaser-action/pull/479](https://redirect.github.com/goreleaser/goreleaser-action/pull/479) - chore: update generated content by [@crazy-max](https://redirect.github.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/480](https://redirect.github.com/goreleaser/goreleaser-action/pull/480) ##### New Contributors - [@dunglas](https://redirect.github.com/dunglas) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/479](https://redirect.github.com/goreleaser/goreleaser-action/pull/479) **Full Changelog**: goreleaser/goreleaser-action@v6.0.0...v6.1.0 </details> <details> <summary>r-lib/actions (r-lib/actions)</summary> ### [`v2.11.0`](https://redirect.github.com/r-lib/actions/compare/v2.10.1...v2.11.0) [Compare Source](https://redirect.github.com/r-lib/actions/compare/v2.10.1...v2.11.0) </details> <details> <summary>ruby/setup-ruby (ruby/setup-ruby)</summary> ### [`v1.202.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.202.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.201.0...v1.202.0) #### What's Changed - Update CRuby releases on Windows by [@ruby-builder-bot](https://redirect.github.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/669](https://redirect.github.com/ruby/setup-ruby/pull/669) **Full Changelog**: ruby/setup-ruby@v1.201.0...v1.202.0 ### [`v1.201.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.201.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.200.0...v1.201.0) #### What's Changed - Update CRuby releases on Windows by [@ruby-builder-bot](https://redirect.github.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/667](https://redirect.github.com/ruby/setup-ruby/pull/667) **Full Changelog**: ruby/setup-ruby@v1.200.0...v1.201.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv-scanner).
google · Nov 19, 2024 · b119f08 · b119f08
1 parent c917c73
commit b119f08
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 9 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -48,7 +48,7 @@ jobs:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -40,7 +40,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
         with:
           distribution: goreleaser
           version: "~> v2"

diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -108,6 +108,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml
@@ -91,6 +91,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml
@@ -106,7 +106,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
         with:
           ruby-version: "3.1"
       - name: setup dependencies
@@ -152,7 +152,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: r-lib/actions/setup-r@e6be4b3706e0f39bc7a4cf4496a5f2c4cb840040 # v2.10.1
+      - uses: r-lib/actions/setup-r@e8c60692f29164895fbcdbebf2fde501a1f7e07f # v2.11.0
         with:
           r-version: "3.5.3"
       - run: Rscript scripts/generators/generate-cran-versions.R