From 4bd680665a83192c729bcce1fa52168609f403a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Nov 2023 11:18:16 +0100
Subject: [PATCH] Bump actions/upload-artifact from 3.1.0 to 3.1.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 3.1.0 to 3.1.3.
Release notes
Sourced from actions/upload-artifact's
releases.
v3.1.3
What's Changed
Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3
v3.1.2
- Update all
@actions/* NPM packages to their latest
versions- #374
- Update all dev dependencies to their most recent versions - #375
v3.1.1
- Update actions/core package to latest version to remove
set-output deprecation warning #351
Commits
a8a3f3a
Merge pull request #436
from bethanyj28/main7b48769
update dependency cache6663039
update dist/index.js55e76b7
bump @actions/artifact version65d8626
chore(github): remove trailing whitespaces (#313)0b7f8ab
ci(github): update action/download-artifact from v1 to v3 (#312)013d2b8
Create devcontainer for codespaces + update all dev dependencies (#375)055b8b3
Bump Actions NPM dependencies (#374)7a5d483
ci(github): update action/checkout from v2 to v3 (#315)e0057a5
README: Bump actions/checkout to v3 (#352)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/scorecard.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index fb7d84a..eb4f6cb 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -58,7 +58,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+ uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: SARIF file
path: results.sarif