From 3ffacedfcc1e092d57886e756c1ea3241d30d86c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 06:31:02 -0400 Subject: [PATCH 01/13] chore(deps-dev): Bump typedoc from 0.23.28 to 0.24.6 (#641) Bumps [typedoc](https://github.com/TypeStrong/TypeDoc) from 0.23.28 to 0.24.6. - [Release notes](https://github.com/TypeStrong/TypeDoc/releases) - [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md) - [Commits](https://github.com/TypeStrong/TypeDoc/compare/v0.23.28...v0.24.6) --- updated-dependencies: - dependency-name: typedoc dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1ff889c4..6682792f 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "rollup-plugin-sourcemaps": "^0.6.2", "run-sequence": "^2.2.1", "tslib": "^2.2.0", - "typedoc": "^0.23.10", + "typedoc": "^0.24.6", "typescript": "^5.0.3" }, "overrides": { From 28002bb01bfab919ca9381beb78793373cd405cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:15:05 -0400 Subject: [PATCH 02/13] chore(deps-dev): Bump jasmine from 4.6.0 to 5.0.0 (#642) Bumps [jasmine](https://github.com/jasmine/jasmine-npm) from 4.6.0 to 5.0.0. - [Release notes](https://github.com/jasmine/jasmine-npm/releases) - [Changelog](https://github.com/jasmine/jasmine-npm/blob/main/RELEASE.md) - [Commits](https://github.com/jasmine/jasmine-npm/compare/v4.6.0...v5.0.0) --- updated-dependencies: - dependency-name: jasmine dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6682792f..3d1f3508 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "gulp-typescript": "^5.0.1", "gulp-uglify": "^3.0.2", "husky": "^8.0.1", - "jasmine": "^4.2.1", + "jasmine": "^5.0.0", "lint-staged": "^13.0.3", "merge2": "^1.4.1", "remap-istanbul": "^0.13.0", From 218348111a1ad9995b9d60244d9bd35e69c367a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 09:20:15 -0400 Subject: [PATCH 03/13] chore(deps-dev): Bump @rollup/plugin-commonjs from 24.1.0 to 25.0.0 (#643) Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 24.1.0 to 25.0.0. - [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/commonjs-v25.0.0/packages/commonjs) --- updated-dependencies: - dependency-name: "@rollup/plugin-commonjs" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian Ingenito <28159742+bingenito@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3d1f3508..b430762b 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "version": "npx lerna version --no-push --no-git-tag-version" }, "devDependencies": { - "@rollup/plugin-commonjs": "^24.0.0", + "@rollup/plugin-commonjs": "^25.0.0", "@rollup/plugin-replace": "^5.0.2", "@rollup/plugin-typescript": "^11.0.0", "@types/jasmine": "^4.0.2", From e3d6b3bbd7c420c06bd07a97dd0dfe533c49435f Mon Sep 17 00:00:00 2001 From: Brian Ingenito <28159742+bingenito@users.noreply.github.com> Date: Fri, 9 Jun 2023 12:07:52 -0400 Subject: [PATCH 04/13] Update openssf scorecard config to latest template. Use new token name. (#644) --- .github/workflows/scorecards.yml | 56 +++++++++++++++++++------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 619902fe..6537aba7 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -1,9 +1,16 @@ -name: Scorecards supply-chain security +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security on: - # Only the default branch is supported. + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '22 23 * * 1' + - cron: '20 13 * * 3' push: branches: [ "main" ] @@ -12,51 +19,54 @@ permissions: read-all jobs: analysis: - name: Scorecards analysis + name: Scorecard analysis runs-on: ubuntu-latest permissions: # Needed to upload the results to code-scanning dashboard. security-events: write - # Used to receive a badge. (Upcoming feature) + # Needed to publish results and get a badge (see publish_results below). id-token: write - # Needs for private repositories. - contents: read - actions: read - + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@v2.0.6 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository + # - you are installing Scorecard on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + repo_token: ${{ secrets.SCORECARD_TOKEN }} - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: false # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 with: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 with: - sarif_file: results.sarif + sarif_file: results.sarif \ No newline at end of file From 24d9d074d69ea6fc656948c46ff5460c718f46f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 08:52:51 -0400 Subject: [PATCH 05/13] chore(deps-dev): Bump @typescript-eslint/eslint-plugin from 5.62.0 to 6.2.1 (#645) * chore(deps-dev): Bump @typescript-eslint/eslint-plugin Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.62.0 to 6.2.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.2.1/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * Sync @typescript-eslint package versions * Backcompat disable some ts/eslint rules --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: bingenito <28159742+bingenito@users.noreply.github.com> --- .eslintrc.json | 2 ++ package.json | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.eslintrc.json b/.eslintrc.json index 51337adc..e5e193f2 100644 --- a/.eslintrc.json +++ b/.eslintrc.json @@ -9,6 +9,8 @@ ], "rules": { "@typescript-eslint/no-inferrable-types": ["error", { "ignoreProperties": true, "ignoreParameters": true}], + "@typescript-eslint/no-unused-vars" : "off", + "@typescript-eslint/no-explicit-any" : "off", "no-console": "error" }, "overrides": [ diff --git a/package.json b/package.json index b430762b..33840b67 100644 --- a/package.json +++ b/package.json @@ -21,8 +21,8 @@ "@rollup/plugin-typescript": "^11.0.0", "@types/jasmine": "^4.0.2", "@types/node": "^18.11.18", - "@typescript-eslint/eslint-plugin": "^5.30.5", - "@typescript-eslint/parser": "^5.30.5", + "@typescript-eslint/eslint-plugin": "^6.2.1", + "@typescript-eslint/parser": "^6.2.1", "copyfiles": "^2.4.1", "dts-bundle": "^0.7.3", "eslint": "^8.12.0", From a371b97356439491f7b3839d572e24eb1d7fa393 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 10:34:54 -0400 Subject: [PATCH 06/13] chore(deps-dev): Bump typedoc from 0.24.8 to 0.25.0 (#646) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 33840b67..7aa5423c 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "rollup-plugin-sourcemaps": "^0.6.2", "run-sequence": "^2.2.1", "tslib": "^2.2.0", - "typedoc": "^0.24.6", + "typedoc": "^0.25.0", "typescript": "^5.0.3" }, "overrides": { From ee82e65dcab4f0aff150963e9ff2dc4cb3499f10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 10:40:09 -0400 Subject: [PATCH 07/13] chore(deps-dev): Bump lint-staged from 13.3.0 to 14.0.1 (#647) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7aa5423c..14339662 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "gulp-uglify": "^3.0.2", "husky": "^8.0.1", "jasmine": "^5.0.0", - "lint-staged": "^13.0.3", + "lint-staged": "^14.0.1", "merge2": "^1.4.1", "remap-istanbul": "^0.13.0", "rollup": "^3.9.0", From 380b979058ab78948554d1bac747cef299971703 Mon Sep 17 00:00:00 2001 From: Brian Ingenito <28159742+bingenito@users.noreply.github.com> Date: Wed, 4 Oct 2023 04:48:03 -0400 Subject: [PATCH 08/13] Scope GitHub Actions into dependabot (#648) --- .github/dependabot.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fe250ebd..b9c973f8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,7 +5,14 @@ version: 2 updates: - - package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests + # Maintain dependencies for npm + - package-ecosystem: "npm" + directory: "/" schedule: interval: "monthly" + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" From 647f5ebb1cb1faef8e931ccbdd90efa1cf27fb35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 04:52:45 -0400 Subject: [PATCH 09/13] chore(deps): Bump actions/upload-artifact from 3.1.0 to 3.1.3 (#649) --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6537aba7..562fe634 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif From 735e9049c6671a743dfc70022eca2a83a838873d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 06:33:27 -0400 Subject: [PATCH 10/13] chore(deps): Bump ossf/scorecard-action from 2.1.2 to 2.2.0 (#650) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian Ingenito <28159742+bingenito@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 562fe634..a967e990 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif From 5d4e74323f63f8bcc81a026e340627455b6e8b47 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 06:38:03 -0400 Subject: [PATCH 11/13] chore(deps): Bump codecov/codecov-action from 3.0.0 to 3.1.4 (#651) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.0.0...v3.1.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian Ingenito <28159742+bingenito@users.noreply.github.com> --- .github/workflows/continuous-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 62da437f..ca409d8a 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -29,7 +29,7 @@ jobs: - run: npm run docs - name: Codecov - uses: codecov/codecov-action@v3.0.0 + uses: codecov/codecov-action@v3.1.4 with: directory: ./build/coverage flags: unittests From 3ba3fa99db486d6ba7437bd4149c41d360d0337b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 06:43:11 -0400 Subject: [PATCH 12/13] chore(deps): Bump github/codeql-action from 1 to 2 (#653) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian Ingenito <28159742+bingenito@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7d6d81ed..31dff1d9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,14 +28,14 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -49,4 +49,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a967e990..7dda2b85 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 with: sarif_file: results.sarif \ No newline at end of file From 805616d5a338086619e0c7686f3bbeb1a61c3d1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 06:46:17 -0400 Subject: [PATCH 13/13] chore(deps): Bump actions/checkout from 2 to 4 (#652) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian Ingenito <28159742+bingenito@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/continuous-integration.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 31dff1d9..b912f8d3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index ca409d8a..e212479d 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -17,7 +17,7 @@ jobs: NODE_VERSION: '16' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Use Node.js ${{ env.NODE_VERSION }} uses: actions/setup-node@v2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 956c2091..0a8746cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Use Node.js ${{ env.NODE_VERSION }} uses: actions/setup-node@v2 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7dda2b85..37ac70da 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: persist-credentials: false