This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch
dependabot/maven/com.github.spotbugs-spotbugs-maven-plugin-4.7.2.0
in repository https://gitbox.apache.org/repos/asf/commons-dbutils.git
discard 183ed80 Bump spotbugs-maven-plugin from 4.4.2 to 4.7.2.0
add c1b6d50 Add same scorecards-analysis.yml as Apache Log4j (except for
branches)
add ee1bfe6 Add ossf/scorecard-action badge to readme
add b579875 Bump mockito-core from 4.7.0 to 4.8.0 (#137)
add 4fbe894 Bump mockito-core from 4.7.0 to 4.8.0 #137
add 2135a0b Use GitHub cache for CodeQL
add 0d3f16c Bump commons-parent from 53 to 54 (#139)
add 61feae5 Bump commons-parent from 53 to 54 #139
add a3a4d41 Bump japicmp-maven-plugin from 0.15.2 to 0.16.0
add 05bcc4b Bump JUnit 4 to 5 vintage
add 2ecd135 Bump spotbugs-maven-plugin from 4.4.2 to 4.7.2.0
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (183ed80)
\
N -- N -- N
refs/heads/dependabot/maven/com.github.spotbugs-spotbugs-maven-plugin-4.7.2.0
(2ecd135)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
No new revisions were added by this update.
Summary of changes:
.github/workflows/codeql-analysis.yml | 6 +++
.github/workflows/scorecards-analysis.yml | 67 +++++++++++++++++++++++++++++++
README.md | 1 +
pom.xml | 12 +++---
src/changes/changes.xml | 10 ++---
5 files changed, 85 insertions(+), 11 deletions(-)
create mode 100644 .github/workflows/scorecards-analysis.yml
