Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.0.6` -> `v2.1.2` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.6.1` -> `v1.6.4` | --- ### Release Notes <details> <summary>actions/checkout</summary> ### [`v3.2.0`](https://togithub.com/actions/checkout/releases/tag/v3.2.0) [Compare Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0) #### What's Changed - Add GitHub Action to perform release by [@​rentziass](https://togithub.com/rentziass) in [actions/checkout#942 - Fix status badge by [@​ScottBrenner](https://togithub.com/ScottBrenner) in [actions/checkout#967 - Replace datadog/squid with ubuntu/squid Docker image by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1002 - Wrap pipeline commands for submoduleForeach in quotes by [@​jokreliable](https://togithub.com/jokreliable) in [actions/checkout#964 - Update [@​actions/io](https://togithub.com/actions/io) to 1.1.2 by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1029 - Upgrading version to 3.2.0 by [@​vmjoseph](https://togithub.com/vmjoseph) in [actions/checkout#1039 #### New Contributors - [@​ScottBrenner](https://togithub.com/ScottBrenner) made their first contribution in [actions/checkout#967 - [@​cory-miller](https://togithub.com/cory-miller) made their first contribution in [actions/checkout#1002 - [@​jokreliable](https://togithub.com/jokreliable) made their first contribution in [actions/checkout#964 - [@​vmjoseph](https://togithub.com/vmjoseph) made their first contribution in [actions/checkout#1039 **Full Changelog**: actions/checkout@v3...v3.2.0 </details> <details> <summary>ossf/scorecard-action</summary> ### [`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2) #### What's Changed ##### Fixes - 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1054 **Full Changelog**: ossf/scorecard-action@v2.1.1...v2.1.2 ### [`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1) #### Scorecard version This release use [Scorecard's v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1) **Full Changelog**: ossf/scorecard-action@v2.1.0...v2.1.1 ### [`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0) #### What's Changed ##### Scorecard version This release uses [scorecard v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0). ##### Improvements - Docker build workflow by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [ossf/scorecard-action#981 - Use root user in distroless to support GitHub Actions by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#994 - Disable pull_request_target by [@​laurentsimon](https://togithub.com/laurentsimon) in [ossf/scorecard-action#1031 ##### Documentation - Add PAT section explaining risks by [@​olivekl](https://togithub.com/olivekl) in [ossf/scorecard-action#1024 - Make the badge text easier to copy by [@​rajbos](https://togithub.com/rajbos) in [ossf/scorecard-action#1026 #### New Contributors - [@​joycebrum](https://togithub.com/joycebrum) made their first contribution in [ossf/scorecard-action#984 - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [ossf/scorecard-action#1026 **Full Changelog**: ossf/scorecard-action@v2.0.6...v2.1.0 </details> <details> <summary>pypa/gh-action-pypi-publish</summary> ### [`v1.6.4`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.4) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4) #### oh, boi! again? This is the last one tonight, promise! It fixes this embarrassing bug that was actually caught by the CI but got overlooked due to the lack of sleep. TL;DR GH passed `$HOME` from the external env into the container and that tricked the Python's `site` module to think that the home directory is elsewhere, adding non-existent paths to the env vars. See [#​115](https://togithub.com/pypa/gh-action-pypi-publish/issues/115). **Full Diff**: pypa/gh-action-pypi-publish@v1.6.3...v1.6.4 ### [`v1.6.3`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.3) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3) ### Another Release!? Why? In [pypa/gh-action-pypi-publish#112 (comment), it was discovered that passing a `$PATH` variable even breaks the shebang. So this version adds more safeguards to make sure it keeps working with a fully broken `$PATH`. **Full Diff**: pypa/gh-action-pypi-publish@v1.6.2...v1.6.3 ### [`v1.6.2`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.2) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2) #### What's Fixed - Made the `$PATH` and `$PYTHONPATH` environment variables resilient to broken values passed from the host runner environment, which previously allowed the users to accidentally break the container's internal runtime as reported in [pypa/gh-action-pypi-publish#112 #### Internal Maintenance Improvements - Added a devpi-based smoke-test GitHub Actions CI/CD workflow by [@​sesdaile-varmour](https://togithub.com/sesdaile-varmour) in [pypa/gh-action-pypi-publish#111 #### New Contributors - [@​sesdaile-varmour](https://togithub.com/sesdaile-varmour) made their first contribution in [pypa/gh-action-pypi-publish#111 **Full Diff**: pypa/gh-action-pypi-publish@v1.6.1...v1.6.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuNzMuMyJ9-->
- Loading branch information