⬆️ Bump returntocorp/semgrep-action from fcd5ab7459e8d91cb1777481980d1b18b4fc6735 to 713efdd345f3035192eaa63f56867b88e63e4e5d

[dependabot]

Bumps returntocorp/semgrep-action from fcd5ab7459e8d91cb1777481980d1b18b4fc6735 to 713efdd345f3035192eaa63f56867b88e63e4e5d.

Changelog

Sourced from returntocorp/semgrep-action's changelog.

Upcoming - Date

2022-06-23

Changed

• Use semgrep 0.100.0

2022-05-25

Changed

• Use semgrep 0.94.0

2022-05-12

Changed

• Use semgrep 0.92.0

2022-04-26

Changed

• Use semgrep 0.90.0

Fixed

• Allow --config and --audit-on multiple times (#566)

2022-04-20

Changed

• Use semgrep 0.89.0

• The version of Git included in the Docker image has been bumped to 2.35.2; this means that the safe directory check added in response to CVE-2022-24765 now applies to scans done with semgrep-agent.

  If the directory you scan is owned by a different user than semgrep-agent runs with, you will need to run git config --global --add safe.directory /YOUR/REPO/PATH before scanning, see discussion on the release PR.

2022-03-24

Changed

• Use semgrep 0.86.0
• Move all functionality to semgrep ci and run that command

... (truncated)

Commits

• 713efdd Update README.md
• 5497961 Merge pull request #756 from returntocorp/brendongo-patch-2
• ef27b52 Update README.md
• 0bdb313 Merge pull request #747 from returntocorp/gha/bump-version-1.36.0-5861876524-1
• 7a75d63 Bump semgrep to 1.36.0
• 483865d Merge pull request #745 from returntocorp/revert-744-gha/bump-version-1.35.0-...
• da78f37 Revert "chore: Release Version 1.35.0"
• b39e16e Merge pull request #744 from returntocorp/gha/bump-version-1.35.0-5814777398-1
• 51519dc Bump semgrep to 1.35.0
• 5f52783 Merge pull request #734 from returntocorp/gha/bump-version-1.32.0-5548538127-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

coverage: 99.191%. remained the same
when pulling 003d425 on dependabot/github_actions/returntocorp/semgrep-action-713efdd345f3035192eaa63f56867b88e63e4e5d
into c8b66cf on develop.

[nlohmann]

Looks good to me.