Bump the github-actions group with 2 updates

Bumps the github-actions group with 2 updates: [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) and [github/codeql-action](https://github.com/github/codeql-action). Updates `slsa-framework/slsa-github-generator` from 1.9.1 to 1.10.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v1.9.1...v1.10.0) Updates `github/codeql-action` from 3.24.8 to 3.24.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@05963f4...1b1aada) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
FasterXML · Mar 25, 2024 · ba435fc · ba435fc
1 parent 4595716
commit ba435fc
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -75,7 +75,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.1
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
     with:
       base64-subjects: "${{ needs.release.outputs.hash }}"
       provenance-name: "${{ needs.release.outputs.artifact_name }}.jar.intoto.jsonl"

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -60,6 +60,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
+        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
         with:
           sarif_file: results.sarif