Merge branch 'develop' into dependabot/github_actions/ossf/scorecard-…

…action-2.3.0
felddy · Oct 10, 2023 · 3d4fdf8 · 3d4fdf8
2 parents 4ad6564 + 5d85942
commit 3d4fdf8
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 11 deletions.
diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml
@@ -39,7 +39,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:
           egress-policy: block
           allowed-endpoints: >
@@ -64,7 +64,7 @@ jobs:
       platforms_json: ${{ steps.csv-to-json.outputs.platforms_json }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:
           egress-policy: block
           allowed-endpoints: >

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -44,13 +44,13 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:
           # TODO: change to 'egress-policy: block' after couple of runs
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac  # tag=v4.0.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608  # tag=v4.1.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:  # TODO: change to 'egress-policy: block' after couple of runs
           egress-policy: audit
       - name: 'Checkout Repository'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac  # tag=v4.0.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608  # tag=v4.1.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034  # tag=v3.1.0
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac  # tag=v4.0.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608  # tag=v4.1.0
         with:
           persist-credentials: false
 

diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:
           egress-policy: audit  # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09  # tag=v2.5.1
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423  # tag=v2.6.0
         with:
           egress-policy: audit  # TODO: change to 'egress-policy: block' after couple of runs
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac  # tag=v4.0.0
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608  # tag=v4.1.0
       - name: Sync repository labels
         if: success()
         uses: crazy-max/ghaction-github-labeler@de749cf181958193cb7debf1a9c5bb28922f3e1b  # tag=v5.0.0

diff --git a/setup.py b/setup.py
@@ -71,7 +71,7 @@ def package_vars(version_file):
         "paho-mqtt == 1.6.1",
         "pyserial == 3.5",
         "pyusb == 1.2.1",
-        "semver == 3.0.1",
+        "semver == 3.0.2",
         "setuptools == 68.2.2",
         "wheel == 0.41.2",
     ],