From cdb9887cc553037fb259f6608b7d8bb697a92d9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Jan 2025 13:19:25 +0000 Subject: [PATCH 1/5] Bump webrick from 1.8.1 to 1.8.2 in /docs Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](https://github.com/ruby/webrick/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index d252aed..ff7f86e 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -111,7 +111,7 @@ GEM tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (2.5.0) - webrick (1.8.1) + webrick (1.8.2) PLATFORMS x86_64-linux From c1d0641f85ad322a9f9384061866b91951bae157 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Mar 2025 20:55:56 +0000 Subject: [PATCH 2/5] Bump cgi from 0.4.1 to 0.4.2 in /docs Bumps [cgi](https://github.com/ruby/cgi) from 0.4.1 to 0.4.2. - [Release notes](https://github.com/ruby/cgi/releases) - [Commits](https://github.com/ruby/cgi/compare/v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: cgi dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index d252aed..7af9d8f 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -15,7 +15,7 @@ GEM public_suffix (>= 2.0.2, < 6.0) base64 (0.2.0) bigdecimal (3.1.8) - cgi (0.4.1) + cgi (0.4.2) colorator (1.1.0) concurrent-ruby (1.2.3) connection_pool (2.4.1) From 8ca2d16f223208ee1ce1a5f6936378d446a7c338 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 04:00:12 +0000 Subject: [PATCH 3/5] Bump jinja2 in /scripts/docker/examples/python/assets/hello_world Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.6. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.6) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../docker/examples/python/assets/hello_world/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/examples/python/assets/hello_world/requirements.txt b/scripts/docker/examples/python/assets/hello_world/requirements.txt index c981d5d..60f362a 100644 --- a/scripts/docker/examples/python/assets/hello_world/requirements.txt +++ b/scripts/docker/examples/python/assets/hello_world/requirements.txt @@ -3,7 +3,7 @@ click==8.1.7 Flask-WTF==1.2.0 Flask==2.3.3 itsdangerous==2.1.2 -Jinja2==3.1.4 +Jinja2==3.1.6 MarkupSafe==2.1.3 pip==23.3 setuptools==65.5.1 From db70a6aae9686d84a6f3afb3ebb8b6d3e72a1d69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Apr 2025 15:28:34 +0000 Subject: [PATCH 4/5] Bump nokogiri from 1.16.5 to 1.18.4 in /docs Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.5 to 1.18.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.5...v1.18.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index 8a99b57..331ffd6 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -91,14 +91,14 @@ GEM jekyll-seo-tag (~> 2.1) minitest (5.24.1) mutex_m (0.2.0) - nokogiri (1.16.5-arm64-darwin) + nokogiri (1.18.4-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.5-x86_64-linux) + nokogiri (1.18.4-x86_64-linux-gnu) racc (~> 1.4) pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (5.0.5) - racc (1.8.0) + racc (1.8.1) rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.11.1) From 582ceda30d5305af8fd325cfb08155bd7fb06a75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 02:54:28 +0000 Subject: [PATCH 5/5] Bump github/codeql-action from 3.28.1 to 3.28.15 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...45775bd8235c68ba998cffa5171334d58593da47) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 24fb4e3..ca5237a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: results.sarif