From 26428685cfcdae7a7b8f72cc687d993d0648136e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Mar 2025 21:24:07 +0000 Subject: [PATCH] Bump the minor-and-patch group with 3 updates Bumps the minor-and-patch group with 3 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [msys2/setup-msys2](https://github.com/msys2/setup-msys2) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `actions/attest-build-provenance` from 2.1.0 to 2.2.2 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/7668571508540a607bdfd90a87a560489fe372eb...bd77c077858b8d561b7a36cbe48ef4cc642ca39d) Updates `msys2/setup-msys2` from 2.26.0 to 2.27.0 - [Release notes](https://github.com/msys2/setup-msys2/releases) - [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md) - [Commits](https://github.com/msys2/setup-msys2/compare/d44ca8e88d8b43d56cf5670f91747359d5537f97...61f9e5e925871ba6c9e3e8da24ede83ea27fa91f) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: msys2/setup-msys2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/dev.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fb6784882..b8b1f1804 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -378,7 +378,7 @@ jobs: if-no-files-found: error - name: Attest - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 if: | github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/heads/release/') || diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index f113750ba..5b6542dfe 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -313,7 +313,7 @@ jobs: submodules: true - name: Setup - uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2.26.0 + uses: msys2/setup-msys2@61f9e5e925871ba6c9e3e8da24ede83ea27fa91f # v2.27.0 with: msystem: ${{ matrix.msystem }} update: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 841b5cfe8..98f15abed 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # tag=v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # tag=v2.4.1 with: results_file: results.sarif results_format: sarif