build(deps): bump peter-evans/create-pull-request from 76c6f5c20e2111bfee3cd30fae52a25e410f5efc to d8c15c739ffb916295c3e41a2e70c38504c0f6dc

[dependabot]

Bumps peter-evans/create-pull-request from 76c6f5c20e2111bfee3cd30fae52a25e410f5efc to d8c15c739ffb916295c3e41a2e70c38504c0f6dc.

Commits

• d8c15c7 build(deps-dev): bump the npm group with 2 updates (#4372)
• eec7ab7 build: update distribution (#4361)
• 5f6978f fix: retry post-creation API calls on 422 eventual consistency errors (#4356)
• d32e88d build(deps-dev): bump the npm group with 3 updates (#4349)
• 8170bcc build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)
• 0041819 build(deps): bump picomatch (#4339)
• b993918 build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)
• 36d7c84 build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)
• a45d1fb build(deps): bump @​tootallnate/once and jest-environment-jsdom (#4323)
• 3499eb6 build(deps): bump the github-actions group with 2 updates (#4316)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/publish_deriv_charts_and_update_deriv_app.yml

Package	Version	License	Issue Type
peter-evans/create-pull-request	d8c15c739ffb916295c3e41a2e70c38504c0f6dc	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
actions/peter-evans/create-pull-request	d8c15c739ffb916295c3e41a2e70c38504c0f6dc	🟢 4.8	Details Check Score Reason Code-Review 🟢 4 Found 5/12 approved changesets -- score normalized to 4 Maintained 🟢 10 11 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/peter-evans/create-pull-request	76c6f5c20e2111bfee3cd30fae52a25e410f5efc	🟢 4.8	Details Check Score Reason Code-Review 🟢 4 Found 5/12 approved changesets -- score normalized to 4 Maintained 🟢 10 11 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

.github/workflows/publish_deriv_charts_and_update_deriv_app.yml

• peter-evans/create-pull-request@d8c15c7
• peter-evans/create-pull-request@76c6f5c

[dependabot]

Superseded by #1785.