development/flutter
development/flutter
1
0
Fork 0
mirror of https://github.com/flutter/flutter synced 2024-10-12 19:23:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
35858 commits 770 branches 974 tags 1.7 GiB
Commit graph

116 commits

Author SHA1 Message Date
dependabot[bot] 910e87eb73
Bump github/codeql-action from 2.20.4 to 2.21.0 (#130941) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.4 to 2.21.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.21.0 - 19 Jul 2023</h2>
<ul>
<li>CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/1724">#1724</a></li>
</ul>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="1813ca74c3"><code>1813ca7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1791">#1791</a> from github/update-v2.21.0-6ae46f7a9</li>
<li><a href="6843540876"><code>6843540</code></a> Update changelog for v2.21.0</li>
<li><a href="6ae46f7a92"><code>6ae46f7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1790">#1790</a> from github/henrymercer/aborted-user-error</li>
<li><a href="0cae69e062"><code>0cae69e</code></a> Report user errors in the abort stage appropriately</li>
<li><a href="d2ed0a05b6"><code>d2ed0a0</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1786">#1786</a> from github/dependabot/npm_and_yarn/npm-0a410f26d2</li>
<li><a href="651d09131a"><code>651d091</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1788">#1788</a> from github/henrymercer/fix-feature-flag-usage</li>
<li><a href="e0f0892f83"><code>e0f0892</code></a> Add tests for new analysis summary feature flag</li>
<li><a href="27d3b2f857"><code>27d3b2f</code></a> Fix scaling reserved RAM feature flag naming</li>
<li><a href="da4e0a06c0"><code>da4e0a0</code></a> Fix CodeQL version checks</li>
<li><a href="e266801e21"><code>e266801</code></a> Update checked-in dependencies</li>
<li>Additional commits viewable in <a href="489225d82a...1813ca74c3">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.20.4&new-version=2.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-19 22:51:25 +00:00
Casey Hillers ab14a5c356
[labeler] Mark sync-labels as empty (#130642) 
https://github.com/flutter/flutter/issues/128440

Recommendation from https://github.com/actions/labeler/issues/112#issuecomment-1136485391
 2023-07-18 18:19:23 +00:00
dependabot[bot] 7064b4e935
Bump github/codeql-action from 2.2.9 to 2.20.4 (#130618) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.20.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.14.0</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.0">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0"><code>github/codeql@codeql-cli/v2.14.0</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.14.0/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.5</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.5">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5"><code>github/codeql@codeql-cli/v2.13.5</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.5/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.4</p>
<ul>
<li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>2.20.4 - 14 Jul 2023</h2>
<ul>
<li>This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/<em><a href="https://github.com/v2"><code>@​v2</code></a>' by 'github/codeql-action/</em><a href="https://github.com/v2"><code>@​v2</code></a>.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.</li>
</ul>
</li>
<li>We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. <a href="https://redirect.github.com/github/codeql-action/pull/1760">#1760</a></li>
<li>Update default CodeQL bundle version to 2.14.0. <a href="https://redirect.github.com/github/codeql-action/pull/1762">#1762</a></li>
</ul>
<h2>2.20.3 - 06 Jul 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.5. <a href="https://redirect.github.com/github/codeql-action/pull/1743">#1743</a></li>
</ul>
<h2>2.20.2 - 03 Jul 2023</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to <a href="cdcdbb5797"><code>cdcdbb5</code></a>, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in <a href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
<li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="489225d82a"><code>489225d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1777">#1777</a> from github/update-v2.20.4-a148c5807</li>
<li><a href="1b6383d6be"><code>1b6383d</code></a> Update changelog for v2.20.4</li>
<li><a href="a148c58075"><code>a148c58</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1776">#1776</a> from github/aeisenberg/changelog-releases</li>
<li><a href="50527c5dba"><code>50527c5</code></a> Add link to releases page in changelog</li>
<li><a href="814b2edab6"><code>814b2ed</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1762">#1762</a> from github/update-bundle/codeql-bundle-v2.14.0</li>
<li><a href="d2baed4b69"><code>d2baed4</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.14.0</li>
<li><a href="c5526174a5"><code>c552617</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1774">#1774</a> from github/dependabot/npm_and_yarn/npm-a34e423e98</li>
<li><a href="c1f49580cf"><code>c1f4958</code></a> Fix dependency incompatibilities</li>
<li><a href="40a500c743"><code>40a500c</code></a> Update checked-in dependencies</li>
<li><a href="4fad06f438"><code>4fad06f</code></a> Bump the npm group with 21 updates</li>
<li>Additional commits viewable in <a href="04df1262e6...489225d82a">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.20.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-14 23:00:50 +00:00
dependabot[bot] 6865bb4c9b
Bump actions/labeler from 4.2.0 to 4.3.0 (#130291) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, the ability to specify pull request number(s) was added by <a href="https://github.com/credfeto"><code>@​credfeto</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/349">actions/labeler#349</a>.</p>
<p>Support for reading from the configuration file presented on the runner was added by <a href="https://github.com/lrstanley"><code>@​lrstanley</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/394">actions/labeler#394</a>. It allows you to use a configuration file generated during workflow run or uploaded from a separate repository.</p>
<p>Please refer to the <a href="https://github.com/actions/labeler#inputs">action documentation</a> for more information.</p>
<p>This release also includes the following changes:</p>
<ul>
<li>Improved Error message for missing config file by <a href="https://github.com/Gornoka"><code>@​Gornoka</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/475">actions/labeler#475</a></li>
<li>Early exit when no files are changed by <a href="https://github.com/nathanhammond"><code>@​nathanhammond</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/456">actions/labeler#456</a></li>
<li>Add examples to match all repo files by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/600">actions/labeler#600</a></li>
<li>Fix a typo in the example about using the action outputs by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/606">actions/labeler#606</a></li>
<li>Bump eslint from 8.43.0 to 8.44.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/601">actions/labeler#601</a></li>
<li>Bump <code>@​typescript-eslint/parser</code> from 5.60.1 to 5.61.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/602">actions/labeler#602</a></li>
<li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.1 to 5.61.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/604">actions/labeler#604</a></li>
<li>Bump tough-cookie from 4.1.2 to 4.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/609">actions/labeler#609</a></li>
<li>Bump <code>@​octokit/plugin-retry</code> from 5.0.4 to 5.0.5 by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/610">actions/labeler#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/credfeto"><code>@​credfeto</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/349">actions/labeler#349</a></li>
<li><a href="https://github.com/lrstanley"><code>@​lrstanley</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/394">actions/labeler#394</a></li>
<li><a href="https://github.com/nathanhammond"><code>@​nathanhammond</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/456">actions/labeler#456</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v4.3.0">https://github.com/actions/labeler/compare/v4...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ac9175f8a1"><code>ac9175f</code></a> Bump <code>@​octokit/plugin-retry</code> from 5.0.4 to 5.0.5 (<a href="https://redirect.github.com/actions/labeler/issues/610">#610</a>)</li>
<li><a href="7542ec79bb"><code>7542ec7</code></a> Bump tough-cookie from 4.1.2 to 4.1.3 (<a href="https://redirect.github.com/actions/labeler/issues/609">#609</a>)</li>
<li><a href="be13bbd1b7"><code>be13bbd</code></a> Early exit when no files are changed. (<a href="https://redirect.github.com/actions/labeler/issues/456">#456</a>)</li>
<li><a href="994304c5d5"><code>994304c</code></a> feat(config): support reading from local file if it exists (<a href="https://redirect.github.com/actions/labeler/issues/394">#394</a>)</li>
<li><a href="327d35fdca"><code>327d35f</code></a> Added ability to pass in an optional PR number as a parameter (<a href="https://redirect.github.com/actions/labeler/issues/349">#349</a>)</li>
<li><a href="65f306b6dd"><code>65f306b</code></a> Fix a typo in the example about using the action outputs (<a href="https://redirect.github.com/actions/labeler/issues/606">#606</a>)</li>
<li><a href="b669025b7c"><code>b669025</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.1 to 5.61.0 (<a href="https://redirect.github.com/actions/labeler/issues/604">#604</a>)</li>
<li><a href="52979ba0af"><code>52979ba</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.60.1 to 5.61.0 (<a href="https://redirect.github.com/actions/labeler/issues/602">#602</a>)</li>
<li><a href="5bea1458bb"><code>5bea145</code></a> Bump eslint from 8.43.0 to 8.44.0 (<a href="https://redirect.github.com/actions/labeler/issues/601">#601</a>)</li>
<li><a href="a212485147"><code>a212485</code></a> Add examples to match all repo files (<a href="https://redirect.github.com/actions/labeler/issues/600">#600</a>)</li>
<li>Additional commits viewable in <a href="0967ca812e...ac9175f8a1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-07-10 23:23:12 +00:00
godofredoc 732429e35b
Revert no-response to fork. (#129775) 
The core action is not scaling well for the # of Prs and bugs of the flutter project.

Bug: https://github.com/flutter/flutter/issues/129771
 2023-06-30 04:20:09 +00:00
dependabot[bot] 15513f2c73
Bump actions/labeler from 4.1.0 to 4.2.0 (#129797) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.1.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<p>In the scope of this release, the following outputs were added by <a href="https://github.com/danielsht86"><code>@​danielsht86</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/60">#60</a>:</p>
<ul>
<li><code>new-labels</code> - a comma-separated string that contains all newly added labels.</li>
<li><code>all-labels</code> - a comma-separated string that contains all labels currently assigned to the PR.</li>
</ul>
<p>For detailed information, please refer to our <a href="0967ca812e (outputs)">updated documentation</a>.</p>
<p>The issue of encountering an <code>HttpError: Server Error</code> when adding more than 50 labels has been successfully resolved by <a href="https://github.com/markmssd"><code>@​markmssd</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/497">#497</a>. However, it's important to note that the GitHub API imposes a limit of 100 labels. To ensure smooth operation, a warning message that will alert you if the number of labels exceeds this limit was implemented. From this point forward, if more than 100 labels are specified, only the first 100 will be assigned.</p>
<p>The error handling for the <code>Resource not accessible by integration</code> error was added by <a href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a href="https://redirect.github.com/actions/labeler/issues/405">#405</a>. Now, if the workflow is misconfigured, the labeler provides a clear warning and guidance for correction.</p>
<p>This release also includes the following changes:</p>
<ul>
<li>Warn about the limitations of GitHub tokens by <a href="https://github.com/dfandrich"><code>@​dfandrich</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/491">actions/labeler#491</a></li>
<li>Improve readme by <a href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/589">actions/labeler#589</a></li>
<li>Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/591">actions/labeler#591</a></li>
<li>Bump eslint from 8.42.0 to 8.43.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/592">actions/labeler#592</a></li>
<li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.0 to 5.60.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/598">actions/labeler#598</a></li>
<li>Bump <code>@​typescript-eslint/parser</code> from 5.60.0 to 5.60.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/597">actions/labeler#597</a></li>
<li>Bump <code>@​octokit/plugin-retry</code> from 5.0.2 to 5.0.4 by <a href="https://github.com/MaksimZhukov"><code>@​MaksimZhukov</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/599">actions/labeler#599</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dfandrich"><code>@​dfandrich</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/491">actions/labeler#491</a></li>
<li><a href="https://github.com/markmssd"><code>@​markmssd</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/497">actions/labeler#497</a></li>
<li><a href="https://github.com/danielsht86"><code>@​danielsht86</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/60">actions/labeler#60</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v4.2.0">https://github.com/actions/labeler/compare/v4...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0967ca812e"><code>0967ca8</code></a> Added output (<a href="https://redirect.github.com/actions/labeler/issues/60">#60</a>)</li>
<li><a href="375538a703"><code>375538a</code></a> Bump <code>@​octokit/plugin-retry</code> from 5.0.2 to 5.0.4 (<a href="https://redirect.github.com/actions/labeler/issues/599">#599</a>)</li>
<li><a href="8d17e8ac4c"><code>8d17e8a</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.60.0 to 5.60.1 (<a href="https://redirect.github.com/actions/labeler/issues/597">#597</a>)</li>
<li><a href="9d45a7438f"><code>9d45a74</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.60.0 to 5.60.1 (<a href="https://redirect.github.com/actions/labeler/issues/598">#598</a>)</li>
<li><a href="130636aba5"><code>130636a</code></a> Bump eslint from 8.42.0 to 8.43.0 (<a href="https://redirect.github.com/actions/labeler/issues/592">#592</a>)</li>
<li><a href="54aeabf7b5"><code>54aeabf</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.59.11 to 5.60.0 (<a href="https://redirect.github.com/actions/labeler/issues/593">#593</a>)</li>
<li><a href="899595ff01"><code>899595f</code></a> Bump eslint-plugin-jest from 27.2.1 to 27.2.2 (<a href="https://redirect.github.com/actions/labeler/issues/591">#591</a>)</li>
<li><a href="8056174ee0"><code>8056174</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.11 to 5.60.0 (<a href="https://redirect.github.com/actions/labeler/issues/594">#594</a>)</li>
<li><a href="7a202e6428"><code>7a202e6</code></a> fix: Limit number of labels added to 100 (<a href="https://redirect.github.com/actions/labeler/issues/497">#497</a>)</li>
<li><a href="b5ff161cf0"><code>b5ff161</code></a> Explain misconfigured workflow (<a href="https://redirect.github.com/actions/labeler/issues/405">#405</a>)</li>
<li>Additional commits viewable in <a href="9fcb2c2f55...0967ca812e">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.1.0&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-06-29 23:19:39 +00:00
Ricardo Amador 264526db87
Revert "Update labeler.yml to v5.0.0-beta.1" (#129673) 
Reverts flutter/flutter#129617
 2023-06-27 22:05:28 +00:00
Casey Hillers b359e9072f
Update labeler.yml to v5.0.0-beta.1 (#129617) 
https://github.com/flutter/flutter/issues/128440
 2023-06-27 17:52:04 +00:00
godofredoc 9f1809b578
Fix syntax error in no-response (#129588) 
The comma needs to be enclosed in the quotes.


## Pre-launch Checklist

- [X] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [X] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [X] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [X] I signed the [CLA].
- [X] I listed at least one issue that this PR fixes in the description
above.
- [X] I updated/added relevant documentation (doc comments with `///`).
- [X] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [X] All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-new channel
on [Discord].

<!-- Links -->
[Contributor Guide]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#overview
[Tree Hygiene]: https://github.com/flutter/flutter/wiki/Tree-hygiene
[test-exempt]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[flutter/tests]: https://github.com/flutter/tests
[breaking change policy]:
https://github.com/flutter/flutter/wiki/Tree-hygiene#handling-breaking-changes
[Discord]: https://github.com/flutter/flutter/wiki/Chat
 2023-06-26 16:22:55 -07:00
dependabot[bot] 96a2c05358
Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#129453) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1192">ossf/scorecard-action#1192</a></li>
</ul>
<h2>Scorecard Result Viewer</h2>
<p>Thanks to contributions from <a href="https://github.com/cynthia-sg"><code>@​cynthia-sg</code></a> and <a href="https://github.com/tegioz"><code>@​tegioz</code></a> at <a href="https://github.com/cncf/clomonitor">CLOMonitor</a>, there is a new Scorecard Result visualization page at <code>https://securityscorecards.dev/viewer/?uri=&lt;project-url&gt;</code>.</p>
<ul>
<li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/406">ossf/scorecard-webapp#406</a></li>
<li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/422">ossf/scorecard-webapp#422</a></li>
</ul>
<p>As an example, you can see our own score visualized <a href="https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard">here</a>
Checkout our <a href="08b4669551/README.md (scorecard-badge)">README</a> to learn how to link your README badge to the new visualization page.</p>
<h2>Publishing Results</h2>
<p>This release contains two fixes which will improve the user experience when <code>publish_results</code> is <code>true</code></p>
<ul>
<li>Runs that fail our <a href="08b4669551/README.md (workflow-restrictions)">workflow restrictions</a> will fail with a 400 response indicating the problem, instead of a vague 500 status. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1156">ossf/scorecard-action#1156</a>, resolved <a href="https://redirect.github.com/ossf/scorecard-action/issues/1150">ossf/scorecard-action#1150</a>)</li>
<li>Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1191">ossf/scorecard-action#1191</a>)</li>
</ul>
<h2>Docs</h2>
<ul>
<li>📖 Update README to accept fine-grained tokens by <a href="https://github.com/pnacht"><code>@​pnacht</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
<li>📖 Update installation instructions to match current GitHub UI  by <a href="https://github.com/joycebrum"><code>@​joycebrum</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1153">ossf/scorecard-action#1153</a></li>
<li>📖 Document the GitHub action workflow restrictions when publishing results. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1140">ossf/scorecard-action#1140</a></li>
<li><a href="https://github.com/pnacht"><code>@​pnacht</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0">https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="08b4669551"><code>08b4669</code></a> 🌱 Bump docker tag to for v2.2.0 release. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1194">#1194</a>)</li>
<li><a href="3c7470f58c"><code>3c7470f</code></a> 📖 Update README badge link to use new uri param. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1185">#1185</a>)</li>
<li><a href="a164dbc12a"><code>a164dbc</code></a> 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1192">#1192</a>)</li>
<li><a href="597960e1d9"><code>597960e</code></a> 📖 Update README to accept fine-grained tokens (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1175">#1175</a>)</li>
<li><a href="8808ed28c3"><code>8808ed2</code></a> 🌱 Retry external network calls when publishing results (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1191">#1191</a>)</li>
<li><a href="0eed6cb5da"><code>0eed6cb</code></a> 🌱 Bump golang.org/x/net from 0.10.0 to 0.11.0</li>
<li><a href="6c6335c126"><code>6c6335c</code></a> 🌱 Bump github/codeql-action from 2.3.6 to 2.20.0</li>
<li><a href="7f1baf380a"><code>7f1baf3</code></a> 📖 Switch recommended badge link to the new viewer. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1176">#1176</a>)</li>
<li><a href="df98bbc13d"><code>df98bbc</code></a> 🌱 Bump actions/checkout from 3.5.2 to 3.5.3</li>
<li><a href="75886d414a"><code>75886d4</code></a> 🌱 Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1172">#1172</a>)</li>
<li>Additional commits viewable in <a href="80e868c13c...08b4669551">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.3&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-06-26 18:42:13 +00:00
godofredoc bac0589539
Process only specific labels. (#129475) 
To avoid trying to process all the open bugs in flutter/flutter.
 2023-06-26 16:02:07 +00:00
godofredoc 0f006ea0dd
Fix issues with no response bot. (#129470) 
This is also increasing the number of items to be evaluated on each iteration.
 2023-06-24 04:03:59 +00:00
godofredoc 11f1ae6f83
Add r: timeout label to bugs/pr closed by no response bot. (#129408) 
Adds r: timeout to bugs closed by inactivity.

Bug: https://github.com/flutter/flutter/issues/104962
 2023-06-23 16:27:51 +00:00
godofredoc 3f90620ad0
Update no response to use core action. (#129405) 
This is to use a maintained version of the no-response action.

Bug: https://github.com/flutter/flutter/issues/127450
 2023-06-23 04:17:16 +00:00
dependabot[bot] e39ed8e86a
Bump actions/checkout from 3.5.2 to 3.5.3 (#128625) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v3.5.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by <a href="https://github.com/megamanics"><code>@​megamanics</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li>
<li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos"><code>@​DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li>
<li>Add support for sparse checkouts by <a href="https://github.com/dscho"><code>@​dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li>
<li>Release v3.5.3 by <a href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/megamanics"><code>@​megamanics</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li>
<li><a href="https://github.com/DimitriPapadopoulos"><code>@​DimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.5.3</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@​actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@​actions/io</code> to 1.1.2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@​actions/core</code> <code>saveState</code> and <code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c85c95e3d7"><code>c85c95e</code></a> Release v3.5.3 (<a href="https://redirect.github.com/actions/checkout/issues/1376">#1376</a>)</li>
<li><a href="d106d4669b"><code>d106d46</code></a> Add support for sparse checkouts (<a href="https://redirect.github.com/actions/checkout/issues/1369">#1369</a>)</li>
<li><a href="f095bcc56b"><code>f095bcc</code></a> Fix typos found by codespell (<a href="https://redirect.github.com/actions/checkout/issues/1287">#1287</a>)</li>
<li><a href="47fbe2df0a"><code>47fbe2d</code></a> Fix: Checkout fail in self-hosted runners when faulty submodule are checked-i...</li>
<li>See full diff in <a href="8e5e7e5ab8...c85c95e3d7">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.5.2&new-version=3.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-06-10 18:15:04 +00:00
Casey Hillers 6e254a3f9f
[labeler] Set sync labels to false to stop removing labels (#128446) 
https://github.com/flutter/flutter/issues/128440

The current version of the action has a bug where the sync-labels default value is not read correctly. Explicitly setting to see if that stops the removals.
 2023-06-08 15:44:37 +00:00
dependabot[bot] c792a1721c
Bump actions/labeler from 4.0.4 to 4.1.0 (#128290) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.4 to 4.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/labeler/releases">actions/labeler's releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, the <code>dot</code> input was added by <a href="https://github.com/kachkaev"><code>@​kachkaev</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/316">actions/labeler#316</a>. It allows patterns to match paths starting with a period. This input is set to <code>false</code> by default.</p>
<h3>Usage</h3>
<pre lang="yml"><code>name: &quot;Pull Request Labeler&quot;
on:
- pull_request_target
<p>jobs:
triage:
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
with:
dot: true
</code></pre></p>
<p>This release also includes the following changes:</p>
<ul>
<li>Simplify globbing examples in README by <a href="https://github.com/Youssef1313"><code>@​Youssef1313</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/451">actions/labeler#451</a></li>
<li>Bump <code>@​typescript-eslint/parser</code> from 5.59.7 to 5.59.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/577">actions/labeler#577</a></li>
<li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.7 to 5.59.8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/labeler/pull/578">actions/labeler#578</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Youssef1313"><code>@​Youssef1313</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/451">actions/labeler#451</a></li>
<li><a href="https://github.com/kachkaev"><code>@​kachkaev</code></a> made their first contribution in <a href="https://redirect.github.com/actions/labeler/pull/316">actions/labeler#316</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/labeler/compare/v4...v4.1.0">https://github.com/actions/labeler/compare/v4...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="9fcb2c2f55"><code>9fcb2c2</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/578">#578</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a href="0d06c50435"><code>0d06c50</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.7 to 5.59.8</li>
<li><a href="1d399c3ab6"><code>1d399c3</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/577">#577</a> from actions/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a href="82a4f6fc25"><code>82a4f6f</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/316">#316</a> from kachkaev/dot-option</li>
<li><a href="d40596e5db"><code>d40596e</code></a> micromatch → minimatch</li>
<li><a href="3cbc54c641"><code>3cbc54c</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/451">#451</a> from Youssef1313/patch-1</li>
<li><a href="639ba81ab1"><code>639ba81</code></a> Rebuild</li>
<li><a href="71d2484daa"><code>71d2484</code></a> Address review comment</li>
<li><a href="59d3310a72"><code>59d3310</code></a> Rebuild</li>
<li><a href="a78a6c7eb7"><code>a78a6c7</code></a> Update README.md</li>
<li>Additional commits viewable in <a href="0776a67936...9fcb2c2f55">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/labeler&package-manager=github_actions&previous-version=4.0.4&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-06-05 22:59:09 +00:00
dependabot[bot] 4d1c6a4346
Bump actions/labeler from 2713f7303c96cb1e69627957ec16eea0fd7f94a4 to 0776a679364a9a16110aac8d0f40f5e11009e327 (#127533) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 2713f7303c96cb1e69627957ec16eea0fd7f94a4 to 0776a679364a9a16110aac8d0f40f5e11009e327.
<details>
<summary>Commits</summary>
<ul>
<li><a href="0776a67936"><code>0776a67</code></a> Merge pull request <a href="https://redirect.github.com/actions/labeler/issues/571">#571</a> from akv-platform/remove-implicit-dependencies</li>
<li><a href="08382d15cb"><code>08382d1</code></a> Move eslint-plugin-node to dev dependencies</li>
<li><a href="d1dd326ccc"><code>d1dd326</code></a> Install eslint-plugin-node</li>
<li><a href="91076827ed"><code>9107682</code></a> Update configuration files</li>
<li>See full diff in <a href="2713f7303c...0776a67936">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-05-24 22:36:58 +00:00
dependabot[bot] 23fe4fca59
Bump actions/labeler from 6b107e7a7ee5e054e0bcce60de5181d21e2f00fb to 2713f7303c96cb1e69627957ec16eea0fd7f94a4 (#127438) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 6b107e7a7ee5e054e0bcce60de5181d21e2f00fb to 2713f7303c96cb1e69627957ec16eea0fd7f94a4.
<details>
<summary>Commits</summary>
<ul>
<li><a href="2713f7303c"><code>2713f73</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.6 to 5.59.7 (<a href="https://redirect.github.com/actions/labeler/issues/572">#572</a>)</li>
<li><a href="a4eda65d3d"><code>a4eda65</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.59.6 to 5.59.7 (<a href="https://redirect.github.com/actions/labeler/issues/573">#573</a>)</li>
<li><a href="5c4deb8a24"><code>5c4deb8</code></a> Revert &quot;fix: correct reading of sync-labels input. (<a href="https://redirect.github.com/actions/labeler/issues/480">#480</a>)&quot; (<a href="https://redirect.github.com/actions/labeler/issues/564">#564</a>)</li>
<li><a href="61662e8f41"><code>61662e8</code></a> Bump eslint from 8.40.0 to 8.41.0 (<a href="https://redirect.github.com/actions/labeler/issues/569">#569</a>)</li>
<li>See full diff in <a href="6b107e7a7e...2713f7303c">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-05-23 23:26:05 +00:00
dependabot[bot] a3a0ef0393
Bump actions/labeler from 9471598e3b7ff22b2fa181bd79addf94cb3e0847 to 6b107e7a7ee5e054e0bcce60de5181d21e2f00fb (#127056) 
Bumps [actions/labeler](https://github.com/actions/labeler) from 9471598e3b7ff22b2fa181bd79addf94cb3e0847 to 6b107e7a7ee5e054e0bcce60de5181d21e2f00fb.
<details>
<summary>Commits</summary>
<ul>
<li><a href="6b107e7a7e"><code>6b107e7</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.59.5 to 5.59.6 (<a href="https://redirect.github.com/actions/labeler/issues/565">#565</a>)</li>
<li><a href="d93c73a681"><code>d93c73a</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.5 to 5.59.6 (<a href="https://redirect.github.com/actions/labeler/issues/566">#566</a>)</li>
<li><a href="b6f708799c"><code>b6f7087</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.59.2 to 5.59.5 (<a href="https://redirect.github.com/actions/labeler/issues/559">#559</a>)</li>
<li><a href="2d89bd5059"><code>2d89bd5</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.59.2 to 5.59.5 (<a href="https://redirect.github.com/actions/labeler/issues/560">#560</a>)</li>
<li><a href="581d1100aa"><code>581d110</code></a> Bump eslint from 8.39.0 to 8.40.0 (<a href="https://redirect.github.com/actions/labeler/issues/558">#558</a>)</li>
<li><a href="8bb4872750"><code>8bb4872</code></a> Bump eslint from 8.38.0 to 8.39.0 (<a href="https://redirect.github.com/actions/labeler/issues/543">#543</a>)</li>
<li><a href="9c4ae1e112"><code>9c4ae1e</code></a> Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.58.0 to 5.59.2 (<a href="https://redirect.github.com/actions/labeler/issues/553">#553</a>)</li>
<li><a href="228fdad71d"><code>228fdad</code></a> Bump prettier from 2.8.7 to 2.8.8 (<a href="https://redirect.github.com/actions/labeler/issues/544">#544</a>)</li>
<li><a href="377691d3d6"><code>377691d</code></a> Bump <code>@​typescript-eslint/parser</code> from 5.58.0 to 5.59.2 (<a href="https://redirect.github.com/actions/labeler/issues/554">#554</a>)</li>
<li>See full diff in <a href="9471598e3b...6b107e7a7e">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-05-17 22:57:48 +00:00
Casey Hillers bf88f6053f
[github] Add labeler action (#126012) 
Part of https://github.com/flutter/flutter/issues/126002

Migrate the [Cocoon logic for labelling](https://cs.opensource.google/flutter/cocoon/+/main:app_dart/lib/src/request_handlers/github/webhook_subscription.dart;l=352) directly into the repo under test
 2023-05-09 18:23:43 +00:00
dependabot[bot] a6ea22c285
Bump codecov/codecov-action from 3.1.2 to 3.1.3 (#125253) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p>
<blockquote>
<h2>3.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/957">codecov/codecov-action#957</a></li>
<li>build(deps): bump openpgp from 5.7.0 to 5.8.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/958">codecov/codecov-action#958</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.15.10 to 18.15.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/959">codecov/codecov-action#959</a></li>
<li>fix: allow for aarch64 build by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/960">codecov/codecov-action#960</a></li>
<li>chore(release): bump to 3.1.3 by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/961">codecov/codecov-action#961</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.2...v3.1.3">https://github.com/codecov/codecov-action/compare/v3.1.2...v3.1.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p>
<blockquote>
<h2>3.1.3</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a> fix: allow for aarch64 build</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a> build(deps): bump openpgp from 5.7.0 to 5.8.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.10 to 18.15.12</li>
</ul>
<h2>3.1.2</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a> Update README.md</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a> Remove unsupported path_to_write_report argument</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a> codeql-analysis.yml</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a> Update README to contain correct information - inputs and negate feature</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a> fix: add in all the extra arguments for uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a> build(deps): bump openpgp from 5.4.0 to 5.5.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a> build(deps): bump node-fetch from 3.2.4 to 3.2.10</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a> build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a> build(deps): bump <code>@​actions/github</code> from 5.0.3 to 5.1.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a> build(deps): bump node-fetch from 3.2.10 to 3.3.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a> build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a> build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/889">#889</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/895">#895</a> build(deps): bump json5 from 2.2.1 to 2.2.3</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/896">#896</a> build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/900">#900</a> build(deps-dev): bump <code>@​vercel/ncc</code> from 0.34.0 to 0.36.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/905">#905</a> build(deps-dev): bump typescript from 4.7.4 to 4.9.5</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/911">#911</a> build(deps-dev): bump <code>@​types/node</code> from 16.11.40 to 18.13.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/922">#922</a> build(deps-dev): bump <code>@​types/node</code> from 18.13.0 to 18.14.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/924">#924</a> build(deps): bump openpgp from 5.5.0 to 5.7.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/927">#927</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.0 to 18.14.2</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/933">#933</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.2 to 18.14.6</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/937">#937</a> build(deps-dev): bump <code>@​types/node</code> from 18.14.6 to 18.15.0</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/938">#938</a> build(deps): bump node-fetch from 3.3.0 to 3.3.1</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/945">#945</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.0 to 18.15.5</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/946">#946</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.5 to 18.15.6</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/947">#947</a> build(deps-dev): bump <code>@​types/node</code> from 18.15.6 to 18.15.10</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/951">#951</a> build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3</li>
</ul>
<h2>3.1.1</h2>
<h3>Fixes</h3>
<ul>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/661">#661</a> Update deprecation warning</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/593">#593</a> Create codeql-analysis.yml</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/712">#712</a> README: fix typo</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/725">#725</a> fix: Remove a blank row</li>
<li><a href="https://redirect.github.com/codecov/codecov-action/issues/726">#726</a> Update README.md with correct badge version</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="894ff025c7"><code>894ff02</code></a> chore(release): bump to 3.1.3 (<a href="https://redirect.github.com/codecov/codecov-action/issues/961">#961</a>)</li>
<li><a href="f539f977d5"><code>f539f97</code></a> fix: allow for aarch64 build (<a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a>)</li>
<li><a href="6757614f24"><code>6757614</code></a> build(deps-dev): bump <code>@​types/node</code> from 18.15.10 to 18.15.12 (<a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a>)</li>
<li><a href="cdee249da5"><code>cdee249</code></a> build(deps): bump openpgp from 5.7.0 to 5.8.0 (<a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a>)</li>
<li><a href="ce548e935a"><code>ce548e9</code></a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 (<a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a>)</li>
<li>See full diff in <a href="40a12dcee2...894ff025c7">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
 2023-04-20 22:41:49 +00:00
godofredoc 8bbe71787a
Remove token permissions for coverage. (#124909) 
The coverage build does not require write access to checks.
 2023-04-17 17:31:30 +00:00
dependabot[bot] afdb2fac05
Bump actions/checkout from 3.5.1 to 3.5.2 (#124822) 
Bump actions/checkout from 3.5.1 to 3.5.2
 2023-04-13 23:45:05 +00:00
dependabot[bot] b95b86f820
Bump actions/checkout from 3.5.0 to 3.5.1 (#124731) 
Bump actions/checkout from 3.5.0 to 3.5.1
 2023-04-12 23:39:38 +00:00
dependabot[bot] 6e654d3605
Bump codecov/codecov-action from 3.1.1 to 3.1.2 (#124633) 
Bump codecov/codecov-action from 3.1.1 to 3.1.2
 2023-04-11 23:20:14 +00:00
dependabot[bot] 1a4f7584d9
Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#123725) 
Bump ossf/scorecard-action from 2.1.2 to 2.1.3
 2023-03-29 23:03:46 +00:00
dependabot[bot] d6287cc417
Bump github/codeql-action from 2.2.8 to 2.2.9 (#123564) 
Bump github/codeql-action from 2.2.8 to 2.2.9
 2023-03-27 22:49:35 +00:00
dependabot[bot] 4831dd99ef
Bump actions/checkout from 3.4.0 to 3.5.0 (#123431) 
Bump actions/checkout from 3.4.0 to 3.5.0
 2023-03-24 23:17:14 +00:00
dependabot[bot] 789982896a
Bump github/codeql-action from 2.2.7 to 2.2.8 (#123359) 
Bump github/codeql-action from 2.2.7 to 2.2.8
 2023-03-23 23:09:05 +00:00
dependabot[bot] 267e8896c5
Bump actions/checkout from 3.3.0 to 3.4.0 (#122764) 
Bump actions/checkout from 3.3.0 to 3.4.0
 2023-03-15 23:10:36 +00:00
dependabot[bot] 502cff69ba
Bump github/codeql-action from 2.2.6 to 2.2.7 (#122763) 
Bump github/codeql-action from 2.2.6 to 2.2.7
 2023-03-15 23:07:38 +00:00
dependabot[bot] f9ad42a32d
Bump github/codeql-action from 2.2.5 to 2.2.6 (#122431) 
Bump github/codeql-action from 2.2.5 to 2.2.6
 2023-03-11 03:32:04 +00:00
dependabot[bot] b891465e5c
Bump github/codeql-action from 2.1.39 to 2.2.5 (#121429) 
Bump github/codeql-action from 2.1.39 to 2.2.5
 2023-03-01 01:27:48 +00:00
dependabot[bot] 2b3ca0dc46
Bump github/codeql-action from 2.1.38 to 2.1.39 (#118735) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](515828d974...a34ca99b46)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-18 22:10:55 +00:00
dependabot[bot] 13a8dce22d
Bump github/codeql-action from 2.1.37 to 2.1.38 (#118482) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](959cbb7472...515828d974)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-13 22:07:50 +00:00
dependabot[bot] aabf146f32
Bump github/codeql-action from 2.1.35 to 2.1.37 (#117104) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b2a92eb56d...959cbb7472)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-11 16:55:18 +00:00
dependabot[bot] 2e0849e9dc
Bump actions/checkout from 3.1.0 to 3.3.0 (#118052) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](93ea575cb5...ac59398561)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-11 16:53:50 +00:00
dependabot[bot] 33c71beee4
Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#118116) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](83fd05a356...0b7f8abb15)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-11 16:53:49 +00:00
dependabot[bot] abd5217f48
Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#117554) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](15c10fcf1c...e38b1902ae)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 23:22:08 +00:00
dependabot[bot] d71fa885ef
Bump ossf/scorecard-action from 2.1.0 to 2.1.1 (#117337) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](937ffa90d7...15c10fcf1c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-20 20:08:41 +00:00
dependabot[bot] 91c1c70bd0
Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#117170) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...937ffa90d7)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-15 22:25:55 +00:00
dependabot[bot] 5d042eb350
Bump dessant/lock-threads from 3.0.0 to 4.0.0 (#116545) 
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 3.0.0 to 4.0.0.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md)
- [Commits](e460dfeb36...c1b35aecc5)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-05 21:41:25 +00:00
dependabot[bot] 4e8dacac8a
Bump github/codeql-action from 2.1.32 to 2.1.35 (#116379) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.32 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4238421316...b2a92eb56d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 21:44:10 +00:00
dependabot[bot] 9c54635570
Bump codecov/codecov-action from 3.1.0 to 3.1.1 (#113126) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](81cd2dc814...d9f34f8cd5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-17 02:32:02 +00:00
dependabot[bot] e66183da33
Bump github/codeql-action from 2.1.25 to 2.1.32 (#115394) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.32.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](86f3159a69...4238421316)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-15 23:33:08 +00:00
dependabot[bot] 44c146abb8
Bump actions/upload-artifact from 3.1.0 to 3.1.1 (#113859) 2022-10-21 22:11:16 +00:00
dependabot[bot] a97dcc0da6
Bump ossf/scorecard-action from 2.0.3 to 2.0.6 (#113735) 2022-10-20 05:52:31 +00:00
Jenn Magder 3f89d6393f
Limit coverage workflow to packages/flutter (#113627) 2022-10-18 15:24:17 -07:00
godofredoc bd4376ca0a
Report coverage to codecov rather than coveralls. (#113084) 2022-10-07 19:50:46 +00:00