chore: Bump crytic/slither-action from 0.3.2 to 0.4.0 (#306)

dependabot[bot] · web-flow · commit 236d66533043 · 2024-05-02T09:07:20.000+02:00
Bumps [crytic/slither-action](https://github.com/crytic/slither-action) from 0.3.2 to 0.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crytic/slither-action/releases">crytic/slither-action's releases</a>.</em></p> <blockquote> <h2>v0.4.0</h2> <h1>0.4.0 - 2024-05-01</h1> <p>This is a minor release for the Slither Action - the Github Action for <a href="https://github.com/crytic/slither">Slither</a>.</p> <p>This release introduces one new feature -- support for external Slither plugins.</p> <h4>Plugin support</h4> <p>You can now use the new <code>slither-plugins</code> property to point to a pip <a href="https://pip.pypa.io/en/stable/reference/requirements-file-format/">requirements</a> file to install alongside Slither. This may be used to install additional third-party or in-house detectors. Refer to the <a href="https://github.com/crytic/slither-action/tree/v0.4.0?tab=readme-ov-file#example-workflow-external-plugins">new example in the README</a> for a sample workflow using this new feature.</p> <h2>What's Changed</h2> <ul> <li>Add a way to install Slither plugins by <a href="https://github.com/elopez"><code>@​elopez</code></a> in <a href="https://redirect.github.com/crytic/slither-action/pull/21">crytic/slither-action#21</a></li> <li>Fix an issue where the stdout property may not be available if Slither has findings.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crytic/slither-action/compare/v0.3.2...v0.4.0">https://github.com/crytic/slither-action/compare/v0.3.2...v0.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crytic/slither-action/commit/f197989dea5b53e986d0f88c60a034ddd77ec9a8"><code>f197989</code></a> Merge pull request <a href="https://redirect.github.com/crytic/slither-action/issues/83">#83</a> from crytic/dev-readme-040</li> <li><a href="https://github.com/crytic/slither-action/commit/e97f27d02995cf0314d7d4fad6516191f86ba12f"><code>e97f27d</code></a> Update reference to other action in README</li> <li><a href="https://github.com/crytic/slither-action/commit/dfa999d3d19d8e1c57383968055e8e3a8e636467"><code>dfa999d</code></a> Update action version on README</li> <li><a href="https://github.com/crytic/slither-action/commit/25eb90b45a960ff87c2fd42be983122b856ee2ce"><code>25eb90b</code></a> Merge pull request <a href="https://redirect.github.com/crytic/slither-action/issues/21">#21</a> from crytic/dev-slither-plugins</li> <li><a href="https://github.com/crytic/slither-action/commit/46fbdf40e80c36c97aec7679e742f379fad55318"><code>46fbdf4</code></a> Always output stdout, even on failure</li> <li><a href="https://github.com/crytic/slither-action/commit/1a355584951192e232d9dc92a6e848900a828836"><code>1a35558</code></a> Document new <code>slither-plugins</code> option</li> <li><a href="https://github.com/crytic/slither-action/commit/a28260cc78a61b3c8ca5214e59ca3632ad5b2a9c"><code>a28260c</code></a> Add a way to install Slither plugins</li> <li>See full diff in <a href="https://github.com/crytic/slither-action/compare/v0.3.2...v0.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crytic/slither-action&package-manager=github_actions&previous-version=0.3.2&new-version=0.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/code-analysis.yml b/.github/workflows/code-analysis.yml
@@ -27,7 +27,7 @@ jobs:
         run: forge build --build-info --skip test script
 
       - name: Run Slither
-        uses: crytic/slither-action@v0.3.2
+        uses: crytic/slither-action@v0.4.0
         id: slither
         with:
           ignore-compile: true
