Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the version-updates group across 1 directory with 5 updates #227

Merged
merged 1 commit into from
Sep 13, 2024
Merged

Bump the version-updates group across 1 directory with 5 updates #227

merged 1 commit into from
Sep 13, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 13, 2024

Bumps the version-updates group with 5 updates in the / directory:

Package From To
fish-shop/install-fish-shell 1.0.16 1.0.18
fish-shop/indent-check 1.0.1 1.0.4
fish-shop/syntax-check 2.2.2 2.2.5
fish-shop/install-plugin 2.3.5 2.3.7
fish-shop/run-fishtape-tests 2.3.3 2.3.5

Updates fish-shop/install-fish-shell from 1.0.16 to 1.0.18

Release notes

Sourced from fish-shop/install-fish-shell's releases.

v1.0.18

What's Changed

Full Changelog: fish-shop/install-fish-shell@v1.0.17...v1.0.18

v1.0.17

What's Changed

Full Changelog: fish-shop/install-fish-shell@v1.0.16...v1.0.17

Commits
  • 7efaf34 Merge pull request #58 from fish-shop/dependabot/github_actions/version-updat...
  • 3e68484 Bump github/codeql-action in the version-updates group
  • 5aeaae2 Merge pull request #56 from fish-shop/dependabot/github_actions/version-updat...
  • 1a0b5bb Bump the version-updates group with 2 updates
  • ac22592 Merge pull request #55 from fish-shop/openssf-scorecard-badge
  • 08f03f8 Add OpenSSF Scorecard badge
  • See full diff in compare view

Updates fish-shop/indent-check from 1.0.1 to 1.0.4

Release notes

Sourced from fish-shop/indent-check's releases.

v1.0.4

What's Changed

Full Changelog: fish-shop/indent-check@v1.0.3...v1.0.4

v1.0.3

What's Changed

Full Changelog: fish-shop/indent-check@v1.0.2...v1.0.3

v1.0.2

What's Changed

Full Changelog: fish-shop/indent-check@v1.0.1...v1.0.2

Commits
  • 11bb405 Merge pull request #12 from fish-shop/dependabot/github_actions/version-updat...
  • 68a7cfb Bump fish-shop/install-fish-shell in the version-updates group
  • c1493f1 Merge pull request #10 from fish-shop/dependabot/github_actions/version-updat...
  • 9a8ca9e Bump github/codeql-action in the version-updates group
  • 5f9c717 Merge pull request #8 from fish-shop/dependabot/github_actions/version-update...
  • 4add05f Bump the version-updates group with 3 updates
  • 744e4cb Merge pull request #7 from fish-shop/openssf-scorecard-badge
  • 19de3a8 Add OpenSSF Scorecard badge
  • See full diff in compare view

Updates fish-shop/syntax-check from 2.2.2 to 2.2.5

Release notes

Sourced from fish-shop/syntax-check's releases.

v2.2.5

What's Changed

Full Changelog: fish-shop/syntax-check@v2.2.4...v2.2.5

v2.2.4

What's Changed

Full Changelog: fish-shop/syntax-check@v2.2.3...v2.2.4

v2.2.3

What's Changed

Full Changelog: fish-shop/syntax-check@v2.2.2...v2.2.3

Commits
  • bb1a88b Merge pull request #122 from fish-shop/dependabot/github_actions/version-upda...
  • 6b9827a Bump the version-updates group with 2 updates
  • 1685806 Merge pull request #120 from fish-shop/dependabot/github_actions/version-upda...
  • 017b559 Bump fish-shop/install-fish-shell in the version-updates group
  • 824a087 Merge pull request #118 from fish-shop/dependabot/github_actions/version-upda...
  • 21750b5 Bump the version-updates group with 2 updates
  • f5d813c Merge pull request #117 from fish-shop/openssf-scorecard-badge
  • 580078a Add OpenSSF Scorecard badge
  • See full diff in compare view

Updates fish-shop/install-plugin from 2.3.5 to 2.3.7

Release notes

Sourced from fish-shop/install-plugin's releases.

v2.3.7

What's Changed

Full Changelog: fish-shop/install-plugin@v2.3.6...v2.3.7

v2.3.6

What's Changed

Full Changelog: fish-shop/install-plugin@v2.3.5...v2.3.6

Commits
  • 47c18e0 Merge pull request #146 from fish-shop/dependabot/github_actions/version-upda...
  • 77852f2 Bump the version-updates group across 1 directory with 3 updates
  • f238be5 Merge pull request #143 from fish-shop/dependabot/github_actions/version-upda...
  • eaaff6b Bump the version-updates group with 4 updates
  • fef0022 Merge pull request #142 from fish-shop/openssf-scorecard-badge
  • 85fe786 Add OpenSSF Scorecard badge
  • See full diff in compare view

Updates fish-shop/run-fishtape-tests from 2.3.3 to 2.3.5

Release notes

Sourced from fish-shop/run-fishtape-tests's releases.

v2.3.5

What's Changed

Full Changelog: fish-shop/run-fishtape-tests@v2.3.4...v2.3.5

v2.3.4

What's Changed

Full Changelog: fish-shop/run-fishtape-tests@v2.3.3...v2.3.4

Commits
  • ecd102b Merge pull request #148 from fish-shop/dependabot/github_actions/version-upda...
  • 98469a2 Bump the version-updates group with 3 updates
  • a67cf89 Merge pull request #146 from fish-shop/dependabot/github_actions/version-upda...
  • e1f82bb Bump the version-updates group with 4 updates
  • 110d02a Merge pull request #145 from fish-shop/openssf-scorecard-badge
  • 5e35faf Add OpenSSF Scorecard badge
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the version-updates group across 1 directory with 5 updates
92180f5 
Bumps the version-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fish-shop/install-fish-shell](https://github.com/fish-shop/install-fish-shell) | `1.0.16` | `1.0.18` |
| [fish-shop/indent-check](https://github.com/fish-shop/indent-check) | `1.0.1` | `1.0.4` |
| [fish-shop/syntax-check](https://github.com/fish-shop/syntax-check) | `2.2.2` | `2.2.5` |
| [fish-shop/install-plugin](https://github.com/fish-shop/install-plugin) | `2.3.5` | `2.3.7` |
| [fish-shop/run-fishtape-tests](https://github.com/fish-shop/run-fishtape-tests) | `2.3.3` | `2.3.5` |



Updates `fish-shop/install-fish-shell` from 1.0.16 to 1.0.18
- [Release notes](https://github.com/fish-shop/install-fish-shell/releases)
- [Commits](fish-shop/install-fish-shell@1491042...7efaf34)

Updates `fish-shop/indent-check` from 1.0.1 to 1.0.4
- [Release notes](https://github.com/fish-shop/indent-check/releases)
- [Commits](fish-shop/indent-check@24ed85a...11bb405)

Updates `fish-shop/syntax-check` from 2.2.2 to 2.2.5
- [Release notes](https://github.com/fish-shop/syntax-check/releases)
- [Commits](fish-shop/syntax-check@ae0b9d4...bb1a88b)

Updates `fish-shop/install-plugin` from 2.3.5 to 2.3.7
- [Release notes](https://github.com/fish-shop/install-plugin/releases)
- [Commits](fish-shop/install-plugin@bc81c41...47c18e0)

Updates `fish-shop/run-fishtape-tests` from 2.3.3 to 2.3.5
- [Release notes](https://github.com/fish-shop/run-fishtape-tests/releases)
- [Commits](fish-shop/run-fishtape-tests@f182fe8...ecd102b)

---
updated-dependencies:
- dependency-name: fish-shop/install-fish-shell
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
- dependency-name: fish-shop/indent-check
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
- dependency-name: fish-shop/syntax-check
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
- dependency-name: fish-shop/install-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
- dependency-name: fish-shop/run-fishtape-tests
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from marcransome as a code owner September 13, 2024 18:46
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 13, 2024
@dependabot dependabot bot mentioned this pull request Sep 13, 2024
Closed
@github-actions GitHub Actions
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/fish-shop/indent-check 11bb4058403623b9ac88cffe9b21d85eb5bcd74f 🟢 6.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 108 out of 8 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained⚠️ 0project was created in last 90 days. please review its contents carefully
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/fish-shop/install-fish-shell 7efaf348a2248a6ea62fe53bf9f9fbd501d71925 🟢 6.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1015 out of 15 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/3 approved changesets -- score normalized to 0
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained⚠️ 0project was created in last 90 days. please review its contents carefully
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/fish-shop/install-plugin 47c18e00a3feb0b780f74cb37707e2eabc91dfa9 🟢 7.7
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1015 out of 15 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/3 approved changesets -- score normalized to 0
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/fish-shop/run-fishtape-tests ecd102b1d3ef1079881561437aaeb94fce37bd40 🟢 7.7
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1015 out of 15 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/5 approved changesets -- score normalized to 0
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/fish-shop/syntax-check bb1a88b5c1015d01f616f2102207f918894579f3 🟢 7.7
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/4 approved changesets -- score normalized to 0
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/test.yml

@marcransome
Copy link
Owner

@dependabot merge.

@dependabot dependabot bot merged commit 0a21c6e into main Sep 13, 2024
10 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/version-updates-148bc52fa1 branch September 13, 2024 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcransome marcransome marcransome approved these changes

Assignees

@marcransome marcransome

Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marcransome