Skip to content

chore(deps): update all non-major dependencies #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Jun 1, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
cloudevents >=1.2.0,<=1.11.0 -> >=1.12.0,<=1.12.0 age adoption passing confidence project.dependencies minor
github/codeql-action v3.28.18 -> v3.29.0 age adoption passing confidence action minor
ossf/scorecard-action v2.4.1 -> v2.4.2 age adoption passing confidence action patch
step-security/harden-runner v2.12.0 -> v2.12.1 age adoption passing confidence action patch

Release Notes

cloudevents/sdk-python (cloudevents)

v1.12.0

Compare Source

Changed
  • Dropped Python3.8 support while it has reached EOL. ([])

v1.11.1

Compare Source

Fixed
  • Kafka conversion marshaller and unmarshaller typings ([#​240])
  • Improved public API type annotations and fixed unit test type errors ([#​248])
github/codeql-action (github/codeql-action)

v3.29.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #​2925
  • Bump minimum CodeQL bundle version to 2.16.6. #​2912

See the full CHANGELOG.md for more information.

v3.28.19

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.19 - 03 Jun 2025
  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview.
    The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned
    your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
    actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #​2910

See the full CHANGELOG.md for more information.

ossf/scorecard-action (ossf/scorecard-action)

v2.4.2

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

step-security/harden-runner (step-security/harden-runner)

v2.12.1

Compare Source

What's Changed
  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1


Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 8ba508a to c71b920 Compare June 9, 2025 20:25
@renovate-bot renovate-bot changed the title chore(deps): update ossf/scorecard-action action to v2.4.2 chore(deps): update all non-major dependencies Jun 9, 2025
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from c71b920 to 44ecfdf Compare June 10, 2025 19:44
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 44ecfdf to e3d497d Compare June 12, 2025 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant