Skip to content

Commit 33f323e

Browse files
chore(deps): update workflows (#238)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/ruff-action](https://redirect.github.com/astral-sh/ruff-action) | action | minor | `v4.0.0` → `v4.1.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v4.36.2` → `v4.37.0` | --- ### Release Notes <details> <summary>astral-sh/ruff-action (astral-sh/ruff-action)</summary> ### [`v4.1.0`](https://redirect.github.com/astral-sh/ruff-action/releases/tag/v4.1.0): 🌈 Skip Astral mirror and support uv.lock [Compare Source](https://redirect.github.com/astral-sh/ruff-action/compare/v4.0.0...v4.1.0) ##### Changes Among some minor bugfixes this release adds the option to skip the astral-sh mirror and download directly from GitHub releases. Useful if the Astral mirror can't or shouldn't be used. Also big thanks to [@&#8203;somaz94](https://redirect.github.com/somaz94) for adding support for reading the desired ruff version from `uv.lock`. This works automatically if you haven't overridden the version discovery by using the inputs `version` or `version-file` ##### 🐛 Bug fixes - Fix wildcard src input [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;368](https://redirect.github.com/astral-sh/ruff-action/issues/368)) ##### 🚀 Enhancements - Add option to skip Astral mirror downloads [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;387](https://redirect.github.com/astral-sh/ruff-action/issues/387)) - feat: support uv.lock as version-file [@&#8203;somaz94](https://redirect.github.com/somaz94) ([#&#8203;379](https://redirect.github.com/astral-sh/ruff-action/issues/379)) ##### 🧰 Maintenance - Add Dependabot rollup skill [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;385](https://redirect.github.com/astral-sh/ruff-action/issues/385)) - chore: update known checksums for 0.15.20 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;383](https://redirect.github.com/astral-sh/ruff-action/issues/383)) - chore: update known checksums for 0.15.19 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;382](https://redirect.github.com/astral-sh/ruff-action/issues/382)) - chore: update known checksums for 0.15.18 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;381](https://redirect.github.com/astral-sh/ruff-action/issues/381)) - chore: update known checksums for 0.15.17 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;380](https://redirect.github.com/astral-sh/ruff-action/issues/380)) - chore: update known checksums for 0.15.16 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;378](https://redirect.github.com/astral-sh/ruff-action/issues/378)) - chore: update known checksums for 0.15.15 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;377](https://redirect.github.com/astral-sh/ruff-action/issues/377)) - chore: update known checksums for 0.15.14 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;376](https://redirect.github.com/astral-sh/ruff-action/issues/376)) - chore: update known checksums for 0.15.13 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;372](https://redirect.github.com/astral-sh/ruff-action/issues/372)) - Update the release process to match setup-uv [@&#8203;zanieb](https://redirect.github.com/zanieb) ([#&#8203;364](https://redirect.github.com/astral-sh/ruff-action/issues/364)) - chore: update known checksums for 0.15.12 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;365](https://redirect.github.com/astral-sh/ruff-action/issues/365)) - chore: update known checksums for 0.15.11 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;360](https://redirect.github.com/astral-sh/ruff-action/issues/360)) - Draft commitish releases [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;359](https://redirect.github.com/astral-sh/ruff-action/issues/359)) ##### 📚 Documentation - Use v4.0.0 in README.md [@&#8203;doctaphred](https://redirect.github.com/doctaphred) ([#&#8203;371](https://redirect.github.com/astral-sh/ruff-action/issues/371)) ##### ⬆️ Dependency updates - chore: roll up Dependabot updates [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;386](https://redirect.github.com/astral-sh/ruff-action/issues/386)) - Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 @&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#&#8203;356](https://redirect.github.com/astral-sh/ruff-action/issues/356)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v4.37.0`](https://redirect.github.com/github/codeql-action/releases/tag/v4.37.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.36.3...v4.37.0) - Update default CodeQL bundle version to [2.26.0](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0). [#&#8203;3995](https://redirect.github.com/github/codeql-action/pull/3995) - In addition to the existing input format, the `config-file` input for the `codeql-action/init` step will soon support a new `[owner/]repo[@&#8203;ref][:path]` format. All components except the repository name are optional. If omitted, `owner` defaults to the same owner as the repository the analysis is running for, `ref` to `main`, and `path` to `.github/codeql-action.yaml`. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. [#&#8203;3973](https://redirect.github.com/github/codeql-action/pull/3973) ### [`v4.36.3`](https://redirect.github.com/github/codeql-action/releases/tag/v4.36.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.36.2...v4.36.3) No user facing changes. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/DrupalSecurityTeam/drupal-advisory-database). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent afaa204 commit 33f323e

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,11 +45,11 @@ jobs:
4545
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
4646
with:
4747
persist-credentials: false
48-
- uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # v4.0.0
48+
- uses: astral-sh/ruff-action@278981a28ce3188b1e39527901f38254bf3aac89 # v4.1.0
4949
with:
5050
version-file: 'pyproject.toml'
5151
args: 'check'
52-
- uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # v4.0.0
52+
- uses: astral-sh/ruff-action@278981a28ce3188b1e39527901f38254bf3aac89 # v4.1.0
5353
with:
5454
version-file: 'pyproject.toml'
5555
args: 'format --check --diff'

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,6 @@ jobs:
7575
# Upload the results to GitHub's code scanning dashboard (optional).
7676
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7777
- name: 'Upload to code-scanning'
78-
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
78+
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
7979
with:
8080
sarif_file: results.sarif

0 commit comments

Comments
 (0)