Google Git
Sign in
flutter/third_party/protobuf/92619cdd433c5eed314d6b871060ac2340f52906
commit
92619cdd433c5eed314d6b871060ac2340f52906
[log]
author
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fri Nov 10 20:09:18 2023 -0800
committer
Copybara-Service <copybara-worker@google.com>
Fri Nov 10 20:11:17 2023 -0800
tree
0008d8a68c5411549e21c13c1d2b38d1ac094157
parent
7c1ec5a801890b0fd6f8383495fa7ecd63752dd2 [diff]
Bump ossf/scorecard-action from 2.1.2 to 2.3.1 (#14554)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1282">ossf/scorecard-action#1282</a>
<ul>
<li>Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the  <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.1">v4.13.1</a> release notes</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1">https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1</a></p>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1270">ossf/scorecard-action#1270</a>
<ul>
<li>For a full changelist of what this includes, see the <a href="https://github.com/ossf/scorecard/releases/tag/v4.12.0">v4.12.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.0">v4.13.0</a> release notes</li>
</ul>
</li>
<li>:sparkles: Send rekor tlog index to webapp when publishing results by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1169">ossf/scorecard-action#1169</a></li>
<li>:bug: Prevent url clipping for GHES instances by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1225">ossf/scorecard-action#1225</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>:book: Update access rights needed to see the results in code scanning by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1229">ossf/scorecard-action#1229</a></li>
<li>:book: Add package comments. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1221">ossf/scorecard-action#1221</a></li>
<li>:book: Add SECURITY.md file by <a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li>:book: Fix typo in token input docs by <a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li><a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0">https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0</a></p>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1192">ossf/scorecard-action#1192</a></li>
</ul>
<h2>Scorecard Result Viewer</h2>
<p>Thanks to contributions from <a href="https://github.com/cynthia-sg"><code>@​cynthia-sg</code></a> and <a href="https://github.com/tegioz"><code>@​tegioz</code></a> at <a href="https://github.com/cncf/clomonitor">CLOMonitor</a>, there is a new Scorecard Result visualization page at <code>https://securityscorecards.dev/viewer/?uri=&lt;project-url&gt;</code>.</p>
<ul>
<li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/406">ossf/scorecard-webapp#406</a></li>
<li><a href="https://redirect.github.com/ossf/scorecard-webapp/pull/422">ossf/scorecard-webapp#422</a></li>
</ul>
<p>As an example, you can see our own score visualized <a href="https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard">here</a>
Checkout our <a href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge">README</a> to learn how to link your README badge to the new visualization page.</p>
<h2>Publishing Results</h2>
<p>This release contains two fixes which will improve the user experience when <code>publish_results</code> is <code>true</code></p>
<ul>
<li>Runs that fail our <a href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions">workflow restrictions</a> will fail with a 400 response indicating the problem, instead of a vague 500 status. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1156">ossf/scorecard-action#1156</a>, resolved <a href="https://redirect.github.com/ossf/scorecard-action/issues/1150">ossf/scorecard-action#1150</a>)</li>
<li>Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (<a href="https://redirect.github.com/ossf/scorecard-action/pull/1191">ossf/scorecard-action#1191</a>)</li>
</ul>
<h2>Docs</h2>
<ul>
<li>📖 Update README to accept fine-grained tokens by <a href="https://github.com/pnacht"><code>@​pnacht</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
<li>📖 Update installation instructions to match current GitHub UI  by <a href="https://github.com/joycebrum"><code>@​joycebrum</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1153">ossf/scorecard-action#1153</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ossf/scorecard-action/commit/0864cf19026789058feabb7e87baa5f140aac736"><code>0864cf1</code></a> :seedling: Bump docker tag to for v2.3.1 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1284">#1284</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/72df3bff668d052aaec251accaffec0b280410fb"><code>72df3bf</code></a> :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1282">#1282</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/0ea411f94ac145b6fd793458b7f75ebbe7ae0a8f"><code>0ea411f</code></a> :seedling: Bump the docker-images group with 1 update (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1281">#1281</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/dbfd042453ccc43ade96943685dbece2dd86bbae"><code>dbfd042</code></a> :seedling: Bump the github-actions group with 1 update (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1280">#1280</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/2fa1e2fa153141e2950c7e1299ed05e2081ead0c"><code>2fa1e2f</code></a> :seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1278">#1278</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/652ddd06c802ac1ba4021a9f02978dc5150b223e"><code>652ddd0</code></a> :seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1277">#1277</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/28d0c92b8bb9dd266a8cf4dde7bae71c06a0c62f"><code>28d0c92</code></a> :seedling: Group Dependabot updates for GitHub Actions and Dockerfiles (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1276">#1276</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/cb50491a46a858cb57669a16a720b7a00e1f9d29"><code>cb50491</code></a> :seedling: Bump distroless/base from <code>a35b652</code> to <code>b31a6e0</code> (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1275">#1275</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/87157ac77d7ec18a631049bc92fdac7ee63a471a"><code>87157ac</code></a> :seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1274">#1274</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/7c1648b23e27a96acf7c3842fd1921d16bd8d4d2"><code>7c1648b</code></a> :seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1273">#1273</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...0864cf19026789058feabb7e87baa5f140aac736">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.2&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Closes #14554

COPYBARA_INTEGRATE_REVIEW=https://github.com/protocolbuffers/protobuf/pull/14554 from protocolbuffers:dependabot/github_actions/ossf/scorecard-action-2.3.1 543f85ba25bf9f766566cf77bd0fbc73e81bcc76
PiperOrigin-RevId: 581438189
1 file changed
tree: 0008d8a68c5411549e21c13c1d2b38d1ac094157
  1. .github/
  2. bazel/
  3. benchmarks/
  4. build_defs/
  5. ci/
  6. cmake/
  7. conformance/
  8. csharp/
  9. docs/
  10. editors/
  11. examples/
  12. java/
  13. lua/
  14. objectivec/
  15. php/
  16. pkg/
  17. protos/
  18. protos_generator/
  19. python/
  20. ruby/
  21. rust/
  22. src/
  23. third_party/
  24. toolchain/
  25. upb/
  26. upb_generator/
  27. .bazelignore
  28. .bazelrc
  29. .clang-format
  30. .gitignore
  31. .gitmodules
  32. .readthedocs.yml
  33. appveyor.bat
  34. appveyor.yml
  35. BUILD.bazel
  36. Cargo.bazel.lock
  37. Cargo.lock
  38. CMakeLists.txt
  39. CODE_OF_CONDUCT.md
  40. CONTRIBUTING.md
  41. CONTRIBUTORS.txt
  42. fix_permissions.sh
  43. generate_descriptor_proto.sh
  44. global.json
  45. google3_export_generated_files.sh
  46. LICENSE
  47. maven_install.json
  48. MODULE.bazel
  49. Protobuf-C++.podspec
  50. protobuf.bzl
  51. Protobuf.podspec
  52. protobuf_deps.bzl
  53. protobuf_release.bzl
  54. protobuf_version.bzl
  55. README.md
  56. regenerate_stale_files.sh
  57. SECURITY.md
  58. version.json
  59. WORKSPACE
README.md

Protocol Buffers - Google's data interchange format

OpenSSF Scorecard

Copyright 2023 Google LLC

Overview

Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can learn more about it in protobuf's documentation.

This README file contains protobuf installation instructions. To install protobuf, you need to install the protocol compiler (used to compile .proto files) and the protobuf runtime for your chosen programming language.

Protobuf Compiler Installation

The protobuf compiler is written in C++. If you are using C++, please follow the C++ Installation Instructions to install protoc along with the C++ runtime.

For non-C++ users, the simplest way to install the protocol compiler is to download a pre-built binary from our GitHub release page.

In the downloads section of each release, you can find pre-built binaries in zip packages: protoc-$VERSION-$PLATFORM.zip. It contains the protoc binary as well as a set of standard .proto files distributed along with protobuf.

If you are looking for an old version that is not available in the release page, check out the Maven repository.

These pre-built binaries are only provided for released versions. If you want to use the github main version at HEAD, or you need to modify protobuf code, or you are using C++, it's recommended to build your own protoc binary from source.

If you would like to build protoc binary from source, see the C++ Installation Instructions.

Protobuf Runtime Installation

Protobuf supports several different programming languages. For each programming language, you can find instructions in the corresponding source directory about how to install protobuf runtime for that specific language:

LanguageSource
C++ (include C++ runtime and protoc)src
Javajava
Pythonpython
Objective-Cobjectivec
C#csharp
Rubyruby
Goprotocolbuffers/protobuf-go
PHPphp
Dartdart-lang/protobuf
JavaScriptprotocolbuffers/protobuf-javascript

Quick Start

The best way to learn how to use protobuf is to follow the tutorials in our developer guide.

If you want to learn from code examples, take a look at the examples in the examples directory.

Documentation

The complete documentation is available at the Protocol Buffers doc site.

Support Policy

Read about our version support policy to stay current on support timeframes for the language libraries.

Developer Community

To be alerted to upcoming changes in Protocol Buffers and connect with protobuf developers and users, join the Google Group.