{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":475074978,"defaultBranch":"main","name":"slsa-github-generator","ownerLogin":"slsa-framework","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-03-28T15:57:17.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/80431187?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1713817562.0","currentOid":""},"activityList":{"items":[{"before":"556329ff88ff5cccd027a3121d63e67819d33cec","after":"40c607fde64a75eaaa47a6e41e674011d96060f1","ref":"refs/heads/main","pushedAt":"2024-05-23T08:51:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"feat: Record vars in SLSA generators (#3633)\n\n# Summary\r\n\r\nRecords the GitHub [vars\r\ncontext](https://docs.github.com/en/actions/learn-github-actions/contexts#vars-context)\r\nin the SLSA invocation in the generic generator and container generator.\r\n\r\nThe `vars` context is passed to the \"builder\" binary as a JSON blob via\r\nthe `GITHUB_VARS` environment variable. The values are then recorded in\r\nthe `invocation.parameters.vars` field of the provenance predicate.\r\nMasking of inputs or vars is not supported.\r\n\r\nNote that the `vars` context is set to the variables for the *repository\r\nthat initiated the GitHub Actions run* and not the reusable workflow's\r\nrepository.\r\n\r\nUpdates #1555\r\n\r\n## Testing Process\r\n\r\n- Set a variable on the test repo\r\n- Go to Settings -> Secrets & variables -> Actions and then click on the\r\nVariables tab.\r\n - Set some test variables.\r\n- Generate provenance as normal using the generic generator or container\r\ngenerator\r\n - Note that the `compile-generator: true` input must be set.\r\n- Examine the `invocation.parameters.vars` field in the resulting\r\nprovenance. The vars should be recorded there.\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable (added #3627 to track)\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ian Lewis \r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"feat: Record vars in SLSA generators (#3633)"}},{"before":"cd23e070072f31961c3657974cf81d3d8a276524","after":"556329ff88ff5cccd027a3121d63e67819d33cec","ref":"refs/heads/main","pushedAt":"2024-05-21T20:44:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): update npm dev (#3643)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|\r\n[@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest)\r\n([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest))\r\n| [`29.5.6` ->\r\n`29.5.12`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.6/29.5.12)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.6/29.5.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.6/29.5.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[@types/make-fetch-happen](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/make-fetch-happen)\r\n([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/make-fetch-happen))\r\n| [`10.0.3` ->\r\n`10.0.4`](https://renovatebot.com/diffs/npm/@types%2fmake-fetch-happen/10.0.3/10.0.4)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fmake-fetch-happen/10.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fmake-fetch-happen/10.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fmake-fetch-happen/10.0.3/10.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fmake-fetch-happen/10.0.3/10.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node)\r\n([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node))\r\n| [`20.10.0` ->\r\n`20.12.12`](https://renovatebot.com/diffs/npm/@types%2fnode/20.10.0/20.12.12)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/20.12.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/20.12.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/20.10.0/20.12.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/20.10.0/20.12.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[@typescript-eslint/eslint-plugin](https://typescript-eslint.io/packages/eslint-plugin)\r\n([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin))\r\n| [`6.12.0` ->\r\n`6.21.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/6.12.0/6.21.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2feslint-plugin/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@typescript-eslint%2feslint-plugin/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@typescript-eslint%2feslint-plugin/6.12.0/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2feslint-plugin/6.12.0/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser)\r\n([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser))\r\n| [`6.12.0` ->\r\n`6.21.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/6.12.0/6.21.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2fparser/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@typescript-eslint%2fparser/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@typescript-eslint%2fparser/6.12.0/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2fparser/6.12.0/6.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [eslint](https://eslint.org)\r\n([source](https://togithub.com/eslint/eslint)) | [`8.52.0` ->\r\n`8.57.0`](https://renovatebot.com/diffs/npm/eslint/8.52.0/8.57.0) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.52.0/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.52.0/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[eslint-plugin-github](https://togithub.com/github/eslint-plugin-github)\r\n| [`4.10.1` ->\r\n`4.10.2`](https://renovatebot.com/diffs/npm/eslint-plugin-github/4.10.1/4.10.2)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-github/4.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-github/4.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-github/4.10.1/4.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-github/4.10.1/4.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[eslint-plugin-prettier](https://togithub.com/prettier/eslint-plugin-prettier)\r\n| [`5.0.1` ->\r\n`5.1.3`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.0.1/5.1.3)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prettier/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prettier/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prettier/5.0.1/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prettier/5.0.1/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[markdownlint-cli](https://togithub.com/igorshubovych/markdownlint-cli)\r\n| [`0.37.0` ->\r\n`0.40.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.37.0/0.40.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/markdownlint-cli/0.40.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/markdownlint-cli/0.40.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/markdownlint-cli/0.37.0/0.40.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/markdownlint-cli/0.37.0/0.40.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [prettier](https://prettier.io)\r\n([source](https://togithub.com/prettier/prettier)) | [`3.0.3` ->\r\n`3.2.5`](https://renovatebot.com/diffs/npm/prettier/3.0.3/3.2.5) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/prettier/3.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/prettier/3.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/prettier/3.0.3/3.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/prettier/3.0.3/3.2.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [renovate](https://renovatebot.com)\r\n([source](https://togithub.com/renovatebot/renovate)) | [`37.363.4` ->\r\n`37.371.0`](https://renovatebot.com/diffs/npm/renovate/37.363.4/37.371.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/renovate/37.371.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/renovate/37.371.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/renovate/37.363.4/37.371.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/renovate/37.363.4/37.371.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[sigstore](https://togithub.com/sigstore/sigstore-js/tree/main/packages/client#readme)\r\n([source](https://togithub.com/sigstore/sigstore-js)) | [`2.2.2` ->\r\n`2.3.1`](https://renovatebot.com/diffs/npm/sigstore/2.2.2/2.3.1) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/sigstore/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/sigstore/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/sigstore/2.2.2/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sigstore/2.2.2/2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [ts-jest](https://kulshekhar.github.io/ts-jest)\r\n([source](https://togithub.com/kulshekhar/ts-jest)) | [`29.1.1` ->\r\n`29.1.3`](https://renovatebot.com/diffs/npm/ts-jest/29.1.1/29.1.3) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/ts-jest/29.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ts-jest/29.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ts-jest/29.1.1/29.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ts-jest/29.1.1/29.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [typescript](https://www.typescriptlang.org/)\r\n([source](https://togithub.com/Microsoft/TypeScript)) | [`5.2.2` ->\r\n`5.4.5`](https://renovatebot.com/diffs/npm/typescript/5.2.2/5.4.5) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/typescript/5.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typescript/5.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typescript/5.2.2/5.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript/5.2.2/5.4.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\ntypescript-eslint/typescript-eslint\r\n(@​typescript-eslint/eslint-plugin)\r\n\r\n###\r\n[`v6.21.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6210-2024-02-05)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.20.0...v6.21.0)\r\n\r\n##### 🚀 Features\r\n\r\n- export plugin metadata\r\n\r\n- allow `parserOptions.project: false`\r\n\r\n- **eslint-plugin:** add rule prefer-find\r\n\r\n##### 🩹 Fixes\r\n\r\n- **eslint-plugin:** \\[no-unused-vars] don't report on types referenced\r\nin export assignment expression\r\n\r\n- **eslint-plugin:** \\[switch-exhaustiveness-check] better support for\r\nintersections, infinite types, non-union values\r\n\r\n- **eslint-plugin:** \\[consistent-type-imports] dont report on types\r\nused in export assignment expressions\r\n\r\n- **eslint-plugin:** \\[no-unnecessary-condition] handle left-hand\r\noptional with exactOptionalPropertyTypes option\r\n\r\n- **eslint-plugin:** \\[class-literal-property-style] allow getter when\r\nsame key setter exists\r\n\r\n- **eslint-plugin:** \\[no-unnecessary-type-assertion] provide valid\r\nfixes for assertions with extra tokens before `as` keyword\r\n\r\n##### ❤️ Thank You\r\n\r\n- auvred\r\n- Brad Zacher\r\n- Kirk Waiblinger\r\n- Pete Gonzalez\r\n- YeonJuan\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.20.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6200-2024-01-29)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.19.1...v6.20.0)\r\n\r\n##### 🚀 Features\r\n\r\n- **eslint-plugin:** \\[member-ordering] allow easy reuse of the default\r\nordering\r\n\r\n##### 🩹 Fixes\r\n\r\n- **eslint-plugin:** \\[no-useless-template-literals] incorrect bigint\r\nautofix result\r\n\r\n- **eslint-plugin:** \\[prefer-nullish-coalescing] treat any/unknown as\r\nnon-nullable\r\n\r\n- **eslint-plugin:** \\[no-useless-template-literals] report Infinity &\r\nNaN\r\n\r\n- **eslint-plugin:** \\[prefer-readonly] disable checking accessors\r\n\r\n##### ❤️ Thank You\r\n\r\n- Alex Parloti\r\n- auvred\r\n- James Browning\r\n- StyleShit\r\n- YeonJuan\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.19.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6191-2024-01-22)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.19.0...v6.19.1)\r\n\r\n##### 🩹 Fixes\r\n\r\n- **type-utils:** preventing isUnsafeAssignment infinite recursive calls\r\n\r\n- **eslint-plugin:** \\[no-unnecessary-condition] fix false positive for\r\ntype variable\r\n\r\n##### ❤️ Thank You\r\n\r\n- YeonJuan\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.19.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6190-2024-01-15)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.18.1...v6.19.0)\r\n\r\n##### 🚀 Features\r\n\r\n- **eslint-plugin:** \\[prefer-promise-reject-errors] add rule\r\n\r\n- **eslint-plugin:** \\[no-array-delete] add new rule\r\n\r\n- **eslint-plugin:** \\[no-useless-template-literals] add fix suggestions\r\n\r\n##### 🩹 Fixes\r\n\r\n- **eslint-plugin:** \\[no-unnecessary-type-assertion] detect unnecessary\r\nnon-null-assertion on a call expression\r\n\r\n- **eslint-plugin:** \\[no-unnecesary-type-assertion] treat unknown/any\r\nas nullable\r\n\r\n##### ❤️ Thank You\r\n\r\n- auvred\r\n- Brad Zacher\r\n- Josh Goldberg ✨\r\n- Joshua Chen\r\n- LJX\r\n- Steven\r\n- StyleShit\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.18.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6181-2024-01-08)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.18.0...v6.18.1)\r\n\r\n##### 🩹 Fixes\r\n\r\n- **eslint-plugin:** \\[no-non-null-assertion] provide valid fix when\r\nmember access is on next line\r\n\r\n- **eslint-plugin:** \\[no-unnecessary-condition] improve checking\r\noptional callee\r\n\r\n- **eslint-plugin:** \\[prefer-readonly] support modifiers of unions and\r\nintersections\r\n\r\n- **eslint-plugin:** \\[switch-exhaustiveness-check] fix new\r\nallowDefaultCaseForExhaustiveSwitch option\r\n\r\n##### ❤️ Thank You\r\n\r\n- auvred\r\n- James\r\n- Josh Goldberg ✨\r\n- YeonJuan\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.18.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6180-2024-01-06)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.17.0...v6.18.0)\r\n\r\n##### 🚀 Features\r\n\r\n- **typescript-estree:** throw on invalid update expressions\r\n\r\n- **eslint-plugin:** \\[no-var-requires, no-require-imports] allow option\r\n\r\n##### ❤️ Thank You\r\n\r\n- auvred\r\n- Joshua Chen\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.17.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6170-2024-01-01)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.16.0...v6.17.0)\r\n\r\n##### Bug Fixes\r\n\r\n- **eslint-plugin:** \\[no-restricted-imports] prevent crash when\r\n`patterns` or `paths` in options are empty\r\n([#​8108](https://togithub.com/typescript-eslint/typescript-eslint/issues/8108))\r\n([675e987](https://togithub.com/typescript-eslint/typescript-eslint/commit/675e987ca1d13244c03d7e09d4e42c6539689d9a))\r\n\r\n##### Features\r\n\r\n- **eslint-plugin:** \\[no-floating-promises] flag result of .map(async)\r\n([#​7897](https://togithub.com/typescript-eslint/typescript-eslint/issues/7897))\r\n([5857356](https://togithub.com/typescript-eslint/typescript-eslint/commit/5857356962060b19aa792bee778f9167ee54154b))\r\n- **eslint-plugin:** \\[switch-exhaustiveness-check] add an option to\r\nwarn against a `default` case on an already exhaustive `switch`\r\n([#​7539](https://togithub.com/typescript-eslint/typescript-eslint/issues/7539))\r\n([6a219bd](https://togithub.com/typescript-eslint/typescript-eslint/commit/6a219bdfe6fcf86aae28158e0d855f87a8bac719))\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.16.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6160-2023-12-25)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.15.0...v6.16.0)\r\n\r\n##### Bug Fixes\r\n\r\n- **eslint-plugin:** \\[unbound-method] exempt all non-Promise built-in\r\nstatics\r\n([#​8096](https://togithub.com/typescript-eslint/typescript-eslint/issues/8096))\r\n([3182959](https://togithub.com/typescript-eslint/typescript-eslint/commit/31829591e2c5cf6bdbdd5da23b12c5782f710fa5))\r\n\r\n##### Features\r\n\r\n- **eslint-plugin:** deprecate formatting (meta.type: layout) rules\r\n([#​8073](https://togithub.com/typescript-eslint/typescript-eslint/issues/8073))\r\n([04dea84](https://togithub.com/typescript-eslint/typescript-eslint/commit/04dea84e8e934a415ec1381a90de3cde670d0dc3))\r\n- **eslint-plugin:** deprecate no-extra-semi in favor of ESLint\r\nStylistic equivalent\r\n([#​8123](https://togithub.com/typescript-eslint/typescript-eslint/issues/8123))\r\n([9368bf3](https://togithub.com/typescript-eslint/typescript-eslint/commit/9368bf390afc58a19123782f8dff2bb5cdd3cccc))\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.15.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6150-2023-12-18)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.14.0...v6.15.0)\r\n\r\n##### Features\r\n\r\n- **eslint-plugin:** \\[no-useless-template-literals] add new rule\r\n([#​7957](https://togithub.com/typescript-eslint/typescript-eslint/issues/7957))\r\n([ff75785](https://togithub.com/typescript-eslint/typescript-eslint/commit/ff75785f4c6cc41999f8ce946bfca469d6e40e50)),\r\ncloses\r\n[#​2846](https://togithub.com/typescript-eslint/typescript-eslint/issues/2846)\r\n- require-array-sort-compare + toSorted\r\n([#​8052](https://togithub.com/typescript-eslint/typescript-eslint/issues/8052))\r\n([c9661c8](https://togithub.com/typescript-eslint/typescript-eslint/commit/c9661c8bbf048e9fa3ef55985e1e2e82bc098b1a))\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.14.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6140-2023-12-11)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.2...v6.14.0)\r\n\r\n##### Bug Fixes\r\n\r\n- **eslint-plugin:** add no-unsafe-unary-minus, prefer-destructuring to\r\ndisable-type-checked\r\n([#​8038](https://togithub.com/typescript-eslint/typescript-eslint/issues/8038))\r\n([431cd15](https://togithub.com/typescript-eslint/typescript-eslint/commit/431cd1559f91795e958e03fd060ceaf79fb96f3a))\r\n- **eslint-plugin:** correct message for `no-unsafe-unary-minus`\r\n([#​7998](https://togithub.com/typescript-eslint/typescript-eslint/issues/7998))\r\n([705370a](https://togithub.com/typescript-eslint/typescript-eslint/commit/705370ac0d9c54081657b8855b398e57d6ea4ddb))\r\n\r\n##### Features\r\n\r\n- **eslint-plugin:** \\[explicit-function-return-type] add support for\r\ntyped class property definitions\r\n([#​8027](https://togithub.com/typescript-eslint/typescript-eslint/issues/8027))\r\n([bff47d7](https://togithub.com/typescript-eslint/typescript-eslint/commit/bff47d7885bee3bbcb3a81eff273fe2f48580940))\r\n- **eslint-plugin:** \\[require-await] allow yielding Promise in async\r\ngenerators\r\n([#​8003](https://togithub.com/typescript-eslint/typescript-eslint/issues/8003))\r\n([4c3e704](https://togithub.com/typescript-eslint/typescript-eslint/commit/4c3e704b97e698df7f72174c2d20714836d4d243))\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n####\r\n[6.13.2](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.1...v6.13.2)\r\n(2023-12-04)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n####\r\n[6.13.1](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.0...v6.13.1)\r\n(2023-11-28)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.2`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6132-2023-12-04)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.1...v6.13.2)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6131-2023-11-28)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.0...v6.13.1)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6130-2023-11-27)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.12.0...v6.13.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n
\r\n\r\n
\r\ntypescript-eslint/typescript-eslint\r\n(@​typescript-eslint/parser)\r\n\r\n###\r\n[`v6.21.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6210-2024-02-05)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.20.0...v6.21.0)\r\n\r\n##### 🚀 Features\r\n\r\n- allow `parserOptions.project: false`\r\n\r\n##### ❤️ Thank You\r\n\r\n- auvred\r\n- Brad Zacher\r\n- Kirk Waiblinger\r\n- Pete Gonzalez\r\n- YeonJuan\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.20.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6200-2024-01-29)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.19.1...v6.20.0)\r\n\r\nThis was a version bump only for parser to align it with other projects,\r\nthere were no code changes.\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.19.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6191-2024-01-22)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.19.0...v6.19.1)\r\n\r\nThis was a version bump only for parser to align it with other projects,\r\nthere were no code changes.\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.19.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6190-2024-01-15)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.18.1...v6.19.0)\r\n\r\nThis was a version bump only for parser to align it with other projects,\r\nthere were no code changes.\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.18.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6181-2024-01-08)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.18.0...v6.18.1)\r\n\r\nThis was a version bump only for parser to align it with other projects,\r\nthere were no code changes.\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.18.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6180-2024-01-06)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.17.0...v6.18.0)\r\n\r\nThis was a version bump only for parser to align it with other projects,\r\nthere were no code changes.\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.17.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6170-2024-01-01)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.16.0...v6.17.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.16.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6160-2023-12-25)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.15.0...v6.16.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.15.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6150-2023-12-18)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.14.0...v6.15.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.14.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6140-2023-12-11)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.2...v6.14.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n####\r\n[6.13.2](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.1...v6.13.2)\r\n(2023-12-04)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n####\r\n[6.13.1](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.0...v6.13.1)\r\n(2023-11-28)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.2`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6132-2023-12-04)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.1...v6.13.2)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.1`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6131-2023-11-28)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.13.0...v6.13.1)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n###\r\n[`v6.13.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6130-2023-11-27)\r\n\r\n[Compare\r\nSource](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.12.0...v6.13.0)\r\n\r\n**Note:** Version bump only for package\r\n[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\n\r\nYou can read about our [versioning\r\nstrategy](https://main--typescript-eslint.netlify.app/users/versioning)\r\nand\r\n[releases](https://main--typescript-eslint.netlify.app/users/releases)\r\non our website.\r\n\r\n
\r\n\r\n
\r\neslint/eslint (eslint)\r\n\r\n### [`v8.57.0`](https://togithub.com/eslint/eslint/releases/tag/v8.57.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eslint/eslint/compare/v8.56.0...v8.57.0)\r\n\r\n#### Features\r\n\r\n-\r\n[`1120b9b`](https://togithub.com/eslint/eslint/commit/1120b9b7b97f10f059d8b7ede19de2572f892366)\r\nfeat: Add loadESLint() API method for v8\r\n([#​18098](https://togithub.com/eslint/eslint/issues/18098))\r\n(Nicholas C. Zakas)\r\n-\r\n[`dca7d0f`](https://togithub.com/eslint/eslint/commit/dca7d0f1c262bc72310147bcefe1d04ecf60acbc)\r\nfeat: Enable `eslint.config.mjs` and `eslint.config.cjs`\r\n([#​18066](https://togithub.com/eslint/eslint/issues/18066))\r\n(Nitin Kumar)\r\n\r\n#### Bug Fixes\r\n\r\n-\r\n[`2196d97`](https://togithub.com/eslint/eslint/commit/2196d97094ba94d6d750828879a29538d1600de5)\r\nfix: handle absolute file paths in `FlatRuleTester`\r\n([#​18064](https://togithub.com/eslint/eslint/issues/18064))\r\n(Nitin Kumar)\r\n-\r\n[`69dd1d1`](https://togithub.com/eslint/eslint/commit/69dd1d1387b7b53617548d1f9f2c149f179e6e17)\r\nfix: Ensure config keys are printed for config errors\r\n([#​18067](https://togithub.com/eslint/eslint/issues/18067))\r\n(Nitin Kumar)\r\n-\r\n[`9852a31`](https://togithub.com/eslint/eslint/commit/9852a31edcf054bd5d15753ef18e2ad3216b1b71)\r\nfix: deep merge behavior in flat config\r\n([#​18065](https://togithub.com/eslint/eslint/issues/18065))\r\n(Nitin Kumar)\r\n-\r\n[`4c7e9b0`](https://togithub.com/eslint/eslint/commit/4c7e9b0b539ba879ac1799e81f3b6add2eed4b2f)\r\nfix: allow circular references in config\r\n([#​18056](https://togithub.com/eslint/eslint/issues/18056))\r\n(Milos Djermanovic)\r\n\r\n#### Documentation\r\n\r\n-\r\n[`84922d0`](https://togithub.com/eslint/eslint/commit/84922d0bfa10689a34a447ab8e55975ff1c1c708)\r\ndocs: Show prerelease version in dropdown\r\n([#​18139](https://togithub.com/eslint/eslint/issues/18139))\r\n(Nicholas C. Zakas)\r\n-\r\n[`5b8c363`](https://togithub.com/eslint/eslint/commit/5b8c3636a3d7536535a6878eca0e5b773e4829d4)\r\ndocs: Switch to Ethical Ads\r\n([#​18117](https://togithub.com/eslint/eslint/issues/18117))\r\n(Milos Djermanovic)\r\n-\r\n[`77dbfd9`](https://togithub.com/eslint/eslint/commit/77dbfd9887b201a46fc68631cbde50c08e1a8dbf)\r\ndocs: show NEXT in version selectors\r\n([#​18052](https://togithub.com/eslint/eslint/issues/18052))\r\n(Milos Djermanovic)\r\n\r\n#### Chores\r\n\r\n-\r\n[`1813aec`](https://togithub.com/eslint/eslint/commit/1813aecc4660582b0678cf32ba466eb9674266c4)\r\nchore: upgrade\r\n[@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).57.0\r\n([#​18143](https://togithub.com/eslint/eslint/issues/18143))\r\n(Milos Djermanovic)\r\n-\r\n[`5c356bb`](https://togithub.com/eslint/eslint/commit/5c356bb0c6f53c570224f8e9f02c4baca8fc6d2f)\r\nchore: package.json update for\r\n[@​eslint/js](https://togithub.com/eslint/js) release (Jenkins)\r\n-\r\n[`f4a1fe2`](https://togithub.com/eslint/eslint/commit/f4a1fe2e45aa1089fe775290bf530de82f34bf16)\r\ntest: add more tests for ignoring files and directories\r\n([#​18068](https://togithub.com/eslint/eslint/issues/18068))\r\n(Nitin Kumar)\r\n-\r\n[`42c0aef`](https://togithub.com/eslint/eslint/commit/42c0aefaf6ea8b998b1c6db61906a79c046d301a)\r\nci: Enable CI for `v8.x` branch\r\n([#​18047](https://togithub.com/eslint/eslint/issues/18047))\r\n(Milos Djermanovic)\r\n\r\n### [`v8.56.0`](https://togithub.com/eslint/eslint/releases/tag/v8.56.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eslint/eslint/compare/v8.55.0...v8.56.0)\r\n\r\n##### Features\r\n\r\n-\r\n[`0dd9704`](https://togithub.com/eslint/eslint/commit/0dd9704c4751e1cd02039f7d6485fee09bbccbf6)\r\nfeat: Support custom severity when reporting unused disable directives\r\n([#​17212](https://togithub.com/eslint/eslint/issues/17212))\r\n(Bryan Mishkin)\r\n-\r\n[`31a7e3f`](https://togithub.com/eslint/eslint/commit/31a7e3fde491e36496b54e8905c766b31162d776)\r\nfeat: fix no-restricted-properties false negatives with unknown objects\r\n([#​17818](https://togithub.com/eslint/eslint/issues/17818)) (Arka\r\nPratim Chaudhuri)\r\n\r\n##### Bug Fixes\r\n\r\n-\r\n[`7d5e5f6`](https://togithub.com/eslint/eslint/commit/7d5e5f68849ae80caec0fc96ecceebccd348deec)\r\nfix: `TypeError: fs.exists is not a function` on read-only file system\r\n([#​17846](https://togithub.com/eslint/eslint/issues/17846))\r\n(Francesco Trotta)\r\n-\r\n[`74739c8`](https://togithub.com/eslint/eslint/commit/74739c849bbb6547b0e555ed8bb2ba1cbe0fdce4)\r\nfix: suggestion with invalid syntax in no-promise-executor-return rule\r\n([#​17812](https://togithub.com/eslint/eslint/issues/17812))\r\n(Bryan Mishkin)\r\n\r\n##### Documentation\r\n\r\n-\r\n[`9007719`](https://togithub.com/eslint/eslint/commit/90077199fe519953f9af8664bf947db4e4958514)\r\ndocs: update link in ways-to-extend.md\r\n([#​17839](https://togithub.com/eslint/eslint/issues/17839)) (Amel\r\nSELMANE)\r\n-\r\n[`3a22236`](https://togithub.com/eslint/eslint/commit/3a22236f8d10af8a5bcafe56092651d3d681c99d)\r\ndocs: Update README (GitHub Actions Bot)\r\n-\r\n[`54c3ca6`](https://togithub.com/eslint/eslint/commit/54c3ca6f2dcd2a7afd53f42fc32055a25587259e)\r\ndocs: fix migration-guide example\r\n([#​17829](https://togithub.com/eslint/eslint/issues/17829))\r\n(Tanuj Kanti)\r\n-\r\n[`4391b71`](https://togithub.com/eslint/eslint/commit/4391b71e62b15e54b0493f0dce1ea053ebbc0689)\r\ndocs: check config comments in rule examples\r\n([#​17815](https://togithub.com/eslint/eslint/issues/17815))\r\n(Francesco Trotta)\r\n-\r\n[`fd28363`](https://togithub.com/eslint/eslint/commit/fd2836342c2be4751b05fe0ba7cece17d1edecc8)\r\ndocs: remove mention about ESLint stylistic rules in readme\r\n([#​17810](https://togithub.com/eslint/eslint/issues/17810))\r\n(Zwyx)\r\n-\r\n[`48ed5a6`](https://togithub.com/eslint/eslint/commit/48ed5a6dad478a14d3e823f137455c523f373e0b)\r\ndocs: Update README (GitHub Actions Bot)\r\n\r\n##### Chores\r\n\r\n-\r\n[`ba6af85`](https://togithub.com/eslint/eslint/commit/ba6af85c7d8ba55d37f8663aee949d148e441c1a)\r\nchore: upgrade\r\n[@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).56.0\r\n([#​17864](https://togithub.com/eslint/eslint/issues/17864))\r\n(Milos Djermanovic)\r\n-\r\n[`60a531a`](https://togithub.com/eslint/eslint/commit/60a531a9c0811ddf718e26b9136e133f580b6c36)\r\nchore: package.json update for\r\n[@​eslint/js](https://togithub.com/eslint/js) release (Jenkins)\r\n-\r\n[`ba87a06`](https://togithub.com/eslint/eslint/commit/ba87a0651a65b52c3ac442b512dd9f4c2b4c5f57)\r\nchore: update dependency markdownlint to ^0.32.0\r\n([#​17783](https://togithub.com/eslint/eslint/issues/17783))\r\n(renovate\\[bot])\r\n-\r\n[`9271d10`](https://togithub.com/eslint/eslint/commit/9271d10d9eabeafb0129a090f29191bfd14273c0)\r\nchore: add GitHub issue template for docs issues\r\n([#​17845](https://togithub.com/eslint/eslint/issues/17845)) (Josh\r\nGoldberg ✨)\r\n-\r\n[`70a686b`](https://togithub.com/eslint/eslint/commit/70a686b3c1feac5eca98bbff9bd67175f550d5db)\r\nchore: Convert rule tests to FlatRuleTester\r\n([#​17819](https://togithub.com/eslint/eslint/issues/17819))\r\n(Nicholas C. Zakas)\r\n-\r\n[`f3a599d`](https://togithub.com/eslint/eslint/commit/f3a599d34c7080fc0b2c9a60b5e54dc98c22867c)\r\nchore: upgrade eslint-plugin-unicorn to v49.0.0\r\n([#​17837](https://togithub.com/eslint/eslint/issues/17837)) (唯然)\r\n-\r\n[`905d4b7`](https://togithub.com/eslint/eslint/commit/905d4b75ab2df42aba30622cee0f66b511397e2c)\r\nchore: upgrade eslint-plugin-eslint-plugin v5.2.1\r\n([#​17838](https://togithub.com/eslint/eslint/issues/17838)) (唯然)\r\n-\r\n[`4d7c3ce`](https://togithub.com/eslint/eslint/commit/4d7c3ce246e6b499f472342ef59496a47cc033d6)\r\nchore: update eslint-plugin-n v16.4.0\r\n([#​17836](https://togithub.com/eslint/eslint/issues/17836)) (唯然)\r\n-\r\n[`fd0c60c`](https://togithub.com/eslint/eslint/commit/fd0c60c3be1f213e5a6d69d8a3248e963619e155)\r\nci: unpin Node.js 21.2.0\r\n([#​17821](https://togithub.com/eslint/eslint/issues/17821))\r\n(Francesco Trotta)\r\n\r\n### [`v8.55.0`](https://togithub.com/eslint/eslint/releases/tag/v8.55.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eslint/eslint/compare/v8.54.0...v8.55.0)\r\n\r\n#### Features\r\n\r\n-\r\n[`8c9e6c1`](https://togithub.com/eslint/eslint/commit/8c9e6c100a6eb69da292463293b3b48cff911a01)\r\nfeat: importNamePattern option in no-restricted-imports\r\n([#​17721](https://togithub.com/eslint/eslint/issues/17721))\r\n(Tanuj Kanti)\r\n\r\n#### Documentation\r\n\r\n-\r\n[`83ece2a`](https://togithub.com/eslint/eslint/commit/83ece2afc2dc6c49efe82678663fe4cba590c0e5)\r\ndocs: fix typo `--rules` -> `--rule`\r\n([#​17806](https://togithub.com/eslint/eslint/issues/17806))\r\n(OKURA Masafumi)\r\n-\r\n[`fffca5c`](https://togithub.com/eslint/eslint/commit/fffca5c362bcd205dbf79d1bb52834f8a98fc6bd)\r\ndocs: remove \"Open in Playground\" buttons for removed rules\r\n([#​17791](https://togithub.com/eslint/eslint/issues/17791))\r\n(Francesco Trotta)\r\n-\r\n[`a6d9442`](https://togithub.com/eslint/eslint/commit/a6d9442a9ab34d5d19f78d8c8fd0767a1237bfe3)\r\ndocs: fix correct/incorrect examples of rules\r\n([#​17789](https://togithub.com/eslint/eslint/issues/17789))\r\n(Tanuj Kanti)\r\n-\r\n[`383e999`](https://togithub.com/eslint/eslint/commit/383e99928d7ce649ec9030c9856b03fbac0c3501)\r\ndocs: update and fix examples for `no-unused-vars`\r\n([#​17788](https://togithub.com/eslint/eslint/issues/17788))\r\n(Tanuj Kanti)\r\n-\r\n[`5a8efd5`](https://togithub.com/eslint/eslint/commit/5a8efd5b7ad13eb320a1f468d1d4ab3c8ab99214)\r\ndocs: add specific stylistic rule for each deprecated rule\r\n([#​17778](https://togithub.com/eslint/eslint/issues/17778))\r\n(Etienne)\r\n\r\n#### Chores\r\n\r\n-\r\n[`eb8950c`](https://togithub.com/eslint/eslint/commit/eb8950c3b811c9163b9aae23af8b6266ad98b295)\r\nchore: upgrade\r\n[@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).55.0\r\n([#​17811](https://togithub.com/eslint/eslint/issues/17811))\r\n(Milos Djermanovic)\r\n-\r\n[`93df384`](https://togithub.com/eslint/eslint/commit/93df3849a7a25ebe0502000bf0bfb80a6613a5ae)\r\nchore: package.json update for\r\n[@​eslint/js](https://togithub.com/eslint/js) release (Jenkins)\r\n-\r\n[`fe4b954`](https://togithub.com/eslint/eslint/commit/fe4b9545a83e9aca7ba4bb77bc9c868d57de777f)\r\nchore: upgrade\r\n[@​eslint/eslintrc](https://togithub.com/eslint/eslintrc)[@​2](https://togithub.com/2).1.4\r\n([#​17799](https://togithub.com/eslint/eslint/issues/17799))\r\n(Milos Djermanovic)\r\n-\r\n[`bd8911d`](https://togithub.com/eslint/eslint/commit/bd8911db85c7a1127543c9212c8cea47a5cb687d)\r\nci: pin Node.js 21.2.0\r\n([#​17809](https://togithub.com/eslint/eslint/issues/17809))\r\n(Milos Djermanovic)\r\n-\r\n[`b29a16b`](https://togithub.com/eslint/eslint/commit/b29a16b22f234f6134475efb6c7be5ac946556ee)\r\nchore: fix several `cli` tests to run in the intended flat config mode\r\n([#​17797](https://togithub.com/eslint/eslint/issues/17797))\r\n(Milos Djermanovic)\r\n-\r\n[`de165c1`](https://togithub.com/eslint/eslint/commit/de165c108203c6703516ac651f5b4cac5b241804)\r\nchore: remove unused config-extends fixtures\r\n([#​17781](https://togithub.com/eslint/eslint/issues/17781))\r\n(Milos Djermanovic)\r\n-\r\n[`d4304b8`](https://togithub.com/eslint/eslint/commit/d4304b8b66eac870ffbf4840d84add8a123b25fc)\r\nchore: remove formatting/stylistic rules from new rule templates\r\n([#​17780](https://togithub.com/eslint/eslint/issues/17780))\r\n(Francesco Trotta)\r\n-\r\n[`21024fe`](https://togithub.com/eslint/eslint/commit/21024fe2029420b413bed11d23761c87e9a02a1a)\r\nchore: check rule examples for syntax errors\r\n([#​17718](https://togithub.com/eslint/eslint/issues/17718))\r\n(Francesco Trotta)\r\n\r\n### [`v8.54.0`](https://togithub.com/eslint/eslint/releases/tag/v8.54.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eslint/eslint/compare/v8.53.0...v8.54.0)\r\n\r\n#### Features\r\n\r\n-\r\n[`a7a883b`](https://togithub.com/eslint/eslint/commit/a7a883bd6ba4f140b60cbbb2be5b53d750f6c8db)\r\nfeat: for-direction rule add check for condition in reverse order\r\n([#​17755](https://togithub.com/eslint/eslint/issues/17755))\r\n(Angelo Annunziata)\r\n-\r\n[`1452dc9`](https://togithub.com/eslint/eslint/commit/1452dc9f12c45c05d7c569f737221f0d988ecef1)\r\nfeat: Add suggestions to no-console\r\n([#​17680](https://togithub.com/eslint/eslint/issues/17680)) (Joel\r\nMathew Koshy)\r\n-\r\n[`21ebf8a`](https://togithub.com/eslint/eslint/commit/21ebf8a811be9f4b009cf70a10be5062d4fdc736)\r\nfeat: update `no-array-constructor` rule\r\n([#​17711](https://togithub.com/eslint/eslint/issues/17711))\r\n(Francesco Trotta)\r\n\r\n#### Bug Fixes\r\n\r\n-\r\n[`98926e6`](https://togithub.com/eslint/eslint/commit/98926e6e7323e5dd12a9f016cb558144296665af)\r\nfix: Ensure that extra data is not accidentally stored in the cache file\r\n([#​17760](https://togithub.com/eslint/eslint/issues/17760))\r\n(Milos Djermanovic)\r\n-\r\n[`e8cf9f6`](https://togithub.com/eslint/eslint/commit/e8cf9f6a524332293f8b2c90a2db4a532e47d919)\r\nfix: Make dark scroll bar in dark theme\r\n([#​17753](https://togithub.com/eslint/eslint/issues/17753))\r\n(Pavel)\r\n-\r\n[`3cbeaad`](https://togithub.com/eslint/eslint/commit/3cbeaad7b943c153937ce34365cec2c406f2b98b)\r\nfix: Use `cwd` constructor option as config `basePath` in Linter\r\n([#​17705](https://togithub.com/eslint/eslint/issues/17705))\r\n(Milos Djermanovic)\r\n\r\n#### Documentation\r\n\r\n-\r\n[`becfdd3`](https://togithub.com/eslint/eslint/commit/becfdd39b25d795e56c9a13eb3e77af6b9c86e8a)\r\ndocs: Make clear when rules are removed\r\n([#​17728](https://togithub.com/eslint/eslint/issues/17728))\r\n(Nicholas C. Zakas)\r\n-\r\n[`05d6e99`](https://togithub.com/eslint/eslint/commit/05d6e99153ed6d94eb30f46c57609371918a41f3)\r\ndocs: update \"Submit a Pull Request\" page\r\n([#​17712](https://togithub.com/eslint/eslint/issues/17712))\r\n(Francesco Trotta)\r\n-\r\n[`eb2279e`](https://togithub.com/eslint/eslint/commit/eb2279e5148cee8fdea7dae614f4f8af7a2d06c3)\r\ndocs: display info about deprecated rules\r\n([#​17749](https://togithub.com/eslint/eslint/issues/17749))\r\n(Percy Ma)\r\n-\r\n[`d245326`](https://togithub.com/eslint/eslint/commit/d24532601e64714ac5d08507e05aa5c14ecd1d5a)\r\ndocs: Correct working in migrating plugin docs\r\n([#​17722](https://togithub.com/eslint/eslint/issues/17722))\r\n(Filip Tammergård)\r\n\r\n#### Chores\r\n\r\n-\r\n[`d644de9`](https://togithub.com/eslint/eslint/commit/d644de9a4b593b565617303a095bc9aa69e7b768)\r\nchore: upgrade\r\n[@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).54.0\r\n([#​17773](https://togithub.com/eslint/eslint/issues/17773))\r\n(Milos Djermanovic)\r\n-\r\n[`1e6e314`](https://togithub.com/eslint/eslint/commit/1e6e31415cc429a3a9fc64b2ec03df0e0ec0c91b)\r\nchore: package.json update for\r\n[@​eslint/js](https://togithub.com/eslint/js) release (Jenkins)\r\n-\r\n[`6fb8805`](https://togithub.com/eslint/eslint/commit/6fb8805310afe7476d6c404f172177a6d15fcf11)\r\nchore: Fixed grammar in issue_templates/rule_change\r\n([#​17770](https://togithub.com/eslint/eslint/issues/17770)) (Joel\r\nMathew Koshy)\r\n-\r\n[`85db724`](https://togithub.com/eslint/eslint/commit/85db7243ddb8706ed60ab64a7ddf604d0d7de493)\r\nchore: upgrade `markdownlint` to 0.31.1\r\n([#​17754](https://togithub.com/eslint/eslint/issues/17754))\r\n(Nitin Kumar)\r\n-\r\n[`6d470d2`](https://togithub.com/eslint/eslint/commit/6d470d2e74535761bd56dcb1c021b463ef9e8a9c)\r\nchore: update dependency recast to ^0.23.0\r\n([#​17736](https://togithub.com/eslint/eslint/issues/17736))\r\n(renovate\\[bot])\r\n-\r\n[`b7121b5`](https://togithub.com/eslint/eslint/commit/b7121b590d578c9c9b38ee481313317f30e54817)\r\nchore: update dependency markdownlint-cli to ^0.37.0\r\n([#​17735](https://togithub.com/eslint/eslint/issues/17735))\r\n(renovate\\[bot])\r\n-\r\n[`633b9a1`](https://togithub.com/eslint/eslint/commit/633b9a19752b6a22ab4d6c824f27a75ac0e4151b)\r\nchore: update dependency regenerator-runtime to ^0.14.0\r\n([#​17739](https://togithub.com/eslint/eslint/issues/17739))\r\n(renovate\\[bot])\r\n-\r\n[`acac16f`](https://togithub.com/eslint/eslint/commit/acac16fdf8540f7ba86cf637e3c1b253bd35a268)\r\nchore: update dependency vite-plugin-commonjs to ^0.10.0\r\n([#​17740](https://togithub.com/eslint/eslint/issues/17740))\r\n(renovate\\[bot])\r\n-\r\n[`ba8ca7e`](https://togithub.com/eslint/eslint/commit/ba8ca7e3debcba68ee7015b9221cf5acd7870206)\r\nchore: add .github/renovate.json5\r\n([#​17567](https://togithub.com/eslint/eslint/issues/17567)) (Josh\r\nGoldberg ✨)\r\n\r\n### [`v8.53.0`](https://togithub.com/eslint/eslint/releases/tag/v8.53.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eslint/eslint/compare/v8.52.0...v8.53.0)\r\n\r\n#### Features\r\n\r\n-\r\n[`528e1c0`](https://togithub.com/eslint/eslint/commit/528e1c00dc2aa8636e5b706c4270dc655cfa17e3)\r\nfeat: Deprecate formatting rules\r\n([#​17696](https://togithub.com/eslint/eslint/issues/17696))\r\n(Nicholas C. Zakas)\r\n-\r\n[`c0b11dd`](https://togithub.com/eslint/eslint/commit/c0b11ddb9f8aacc64c3933b9f278939aa7bea481)\r\nfeat: Add suggestions for no-prototype-builtins\r\n([#​17677](https://togithub.com/eslint/eslint/issues/17677))\r\n(Yonathan Randolph)\r\n\r\n#### Bug Fixes\r\n\r\n-\r\n[`1ad6257`](https://togithub.com/eslint/eslint/commit/1ad6257744d63281235fcc33288394b1d69b34ce)\r\nfix: ensure that exit code for fatal errors is not overwritten\r\n([#​17683](https://togithub.com/eslint/eslint/issues/17683))\r\n(Milos Djermanovic)\r\n-\r\n[`b329ea7`](https://togithub.com/eslint/eslint/commit/b329ea748dff45f11c7e218208244dc24fcb5c8f)\r\nfix: add `;` after JSX nodes in `no-object-constructor` autofix\r\n([#​17672](https://togithub.com/eslint/eslint/issues/17672))\r\n(Francesco Trotta)\r\n\r\n#### Documentation\r\n\r\n-\r\n[`ab8c60d`](https://togithub.com/eslint/eslint/commit/ab8c60d4f859cec787b5a12f7271b40e666235f5)\r\ndocs: change position of return to top button\r\n([#​17688](https://togithub.com/eslint/eslint/issues/17688))\r\n(Tanuj Kanti)\r\n-\r\n[`4fc44c0`](https://togithub.com/eslint/eslint/commit/4fc44c0b8c5dca466bffdfe01dfd80794d7762b7)\r\ndocs: update twitter icon to new X icon\r\n([#​17687](https://togithub.com/eslint/eslint/issues/17687))\r\n(Tanuj Kanti)\r\n-\r\n[`4164b2c`](https://togithub.com/eslint/eslint/commit/4164b2ceec89726b18ea0b0e34fab05735d55a09)\r\ndocs: Update README (GitHub Actions Bot)\r\n-\r\n[`8651895`](https://togithub.com/eslint/eslint/commit/8651895ca7ae15e13d74c8be67d9eebd63a7ce1f)\r\ndocs: Fix tabs in rule examples\r\n([#​17653](https://togithub.com/eslint/eslint/issues/17653))\r\n(Francesco Trotta)\r\n-\r\n[`3aec1c5`](https://togithub.com/eslint/eslint/commit/3aec1c55ba2c6d2833e1c0afe0a58f0cc6bbc0a4)\r\ndocs: explained rule fixers and suggestions\r\n([#​17657](https://togithub.com/eslint/eslint/issues/17657)) (Josh\r\nGoldberg ✨)\r\n\r\n#### Chores\r\n\r\n-\r\n[`ba4d4d5`](https://togithub.com/eslint/eslint/commit/ba4d4d567a82554250dd8c7933322824e6a73944)\r\nchore: remove metascraper\r\n([#​17707](https://togithub.com/eslint/eslint/issues/17707))\r\n(Milos Djermanovic)\r\n-\r\n[`0d07338`](https://togithub.com/eslint/eslint/commit/0d0733882944b4849d71a40723c251213698cef9)\r\nchore: Update dependencies\r\n([#​17706](https://togithub.com/eslint/eslint/issues/17706))\r\n(Milos Djermanovic)\r\n-\r\n[`93256a3`](https://togithub.com/eslint/eslint/commit/93256a32e312f3f4e5c532762df71bdc06bded20)\r\nchore: package.json update for\r\n[@​eslint/js](https://togithub.com/eslint/js) release (ESLint\r\nJenkins)\r\n-\r\n[`485ec7d`](https://togithub.com/eslint/eslint/commit/485ec7d08ed2040c292f52bf9b9152f6c8ef4809)\r\ntest: fix ESLint tests for caching\r\n([#​17699](https://togithub.com/eslint/eslint/issues/17699))\r\n(Milos Djermanovic)\r\n-\r\n[`db06a7f`](https://togithub.com/eslint/eslint/commit/db06a7ff7992a74368f03d1f21beb00df0407021)\r\nci: bump actions/setup-node from 3 to 4\r\n([#​17676](https://togithub.com/eslint/eslint/issues/17676))\r\n(dependabot\\[bot])\r\n-\r\n[`994596b`](https://togithub.com/eslint/eslint/commit/994596b07f5ff20a615a4be1ea03e5fd59cdb84b)\r\nci: run tests in Node.js 21\r\n([#​17673](https://togithub.com/eslint/eslint/issues/17673))\r\n(Francesco Trotta)\r\n\r\n
\r\n\r\n
\r\ngithub/eslint-plugin-github (eslint-plugin-github)\r\n\r\n###\r\n[`v4.10.2`](https://togithub.com/github/eslint-plugin-github/releases/tag/v4.10.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/eslint-plugin-github/compare/v4.10.1...v4.10.2)\r\n\r\n#### What's Changed\r\n\r\n##### Functionality\r\n\r\n- Update no-then.md by [@​cefn](https://togithub.com/cefn) in\r\n[https://github.com/github/eslint-plugin-github/pull/503](https://togithub.com/github/eslint-plugin-github/pull/503)\r\n- fix `a11y-svg-has-accessible-name` considering whitespace JSXText by\r\n[@​nnmrts](https://togithub.com/nnmrts) in\r\n[https://github.com/github/eslint-plugin-github/pull/508](https://togithub.com/github/eslint-plugin-github/pull/508)\r\n\r\n##### Dependancy updates\r\n\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/482](https://togithub.com/github/eslint-plugin-github/pull/482)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/484](https://togithub.com/github/eslint-plugin-github/pull/484)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/485](https://togithub.com/github/eslint-plugin-github/pull/485)\r\n- chore(deps): bump the all-dependencies group with 4 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/486](https://togithub.com/github/eslint-plugin-github/pull/486)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/487](https://togithub.com/github/eslint-plugin-github/pull/487)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/489](https://togithub.com/github/eslint-plugin-github/pull/489)\r\n- chore(deps): bump actions/setup-node from 3 to 4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/488](https://togithub.com/github/eslint-plugin-github/pull/488)\r\n- chore(deps): bump the all-dependencies group with 5 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/490](https://togithub.com/github/eslint-plugin-github/pull/490)\r\n- chore(deps): bump the all-dependencies group with 2 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/491](https://togithub.com/github/eslint-plugin-github/pull/491)\r\n- chore(deps): bump the all-dependencies group with 5 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/492](https://togithub.com/github/eslint-plugin-github/pull/492)\r\n- chore(deps): bump the all-dependencies group with 2 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/493](https://togithub.com/github/eslint-plugin-github/pull/493)\r\n- chore(deps): bump the all-dependencies group with 4 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/494](https://togithub.com/github/eslint-plugin-github/pull/494)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/495](https://togithub.com/github/eslint-plugin-github/pull/495)\r\n- chore(deps): bump the all-dependencies group with 5 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/496](https://togithub.com/github/eslint-plugin-github/pull/496)\r\n- chore(deps): bump the all-dependencies group with 4 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/498](https://togithub.com/github/eslint-plugin-github/pull/498)\r\n- chore(deps): bump the all-dependencies group with 2 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/499](https://togithub.com/github/eslint-plugin-github/pull/499)\r\n- chore(deps): bump the all-dependencies group with 5 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/500](https://togithub.com/github/eslint-plugin-github/pull/500)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/501](https://togithub.com/github/eslint-plugin-github/pull/501)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/502](https://togithub.com/github/eslint-plugin-github/pull/502)\r\n- chore(deps): bump the all-dependencies group with 3 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/github/eslint-plugin-github/pull/504](https://togithub.com/github/eslint-plugin-github/pull/504)\r\n- chore(deps): bump the all-dependencies group with 5 updates by\r\n[@​dependabot](https://togithub.com/dep\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\n---------\r\n\r\nSigned-off-by: Mend Renovate \r\nSigned-off-by: github-actions \r\nCo-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>\r\nCo-authored-by: github-actions ","shortMessageHtmlLink":"chore(deps): update npm dev (#3643)"}},{"before":"0d22a386d5cb772b18a04681a55628571a2f70d2","after":"cd23e070072f31961c3657974cf81d3d8a276524","ref":"refs/heads/main","pushedAt":"2024-05-21T20:15:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: Fix markdown issues (#3658)\n\n# Summary\r\n\r\nFix a couple small issues with markdown files.\r\n\r\n- Add alt text to images\r\n- Fix table row\r\n\r\nFixes a couple issues in an upcoming version of markdown lint\r\n\r\nhttps://github.com/slsa-framework/slsa-github-generator/pull/3643/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5\r\n\r\n## Testing Process\r\n\r\nN/A\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"chore: Fix markdown issues (#3658)"}},{"before":"0b39686cfa48c0c52fa108a4e9fab78efaf00893","after":"0d22a386d5cb772b18a04681a55628571a2f70d2","ref":"refs/heads/main","pushedAt":"2024-05-17T16:01:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: allow Renovate to create new config warning issues (#3662)\n\n# Summary\r\n\r\n- Set `configWarningReuseIssue` to `false`.\r\n\r\nOld behavior: Renovate re-opens a old config warning issue.\r\n\r\nNew behavior: Renovate creates a new config warning issue.\r\n\r\nRead the [Renovate docs, `configWarningReuseIssue` config\r\noption](https://docs.renovatebot.com/configuration-options/#configwarningreuseissue)\r\nto learn more.\r\n\r\n## More context\r\n\r\n@ianlewis mentioned they want Renovate to create a _new issue_ instead\r\nof _re-opening_ an old one:\r\n\r\n-\r\nhttps://github.com/slsa-framework/slsa-github-generator/pull/3635#issuecomment-2116420633\r\n\r\nHere's an example of a Renovate config warning issue that was re-opened\r\nby Renovate recently:\r\n\r\n- https://github.com/slsa-framework/slsa-github-generator/issues/404\r\n\r\n## Testing Process\r\n\r\n- Manually reviewed configuration change\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [ ] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>","shortMessageHtmlLink":"chore: allow Renovate to create new config warning issues (#3662)"}},{"before":"288dcd68ac666460af1849a0c3af6a142a05cb2d","after":"0b39686cfa48c0c52fa108a4e9fab78efaf00893","ref":"refs/heads/main","pushedAt":"2024-05-17T10:44:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 (#3645)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [org.apache.maven:maven-plugin-api](https://maven.apache.org/) |\r\n`3.6.3` -> `3.9.6` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/maven/org.apache.maven:maven-plugin-api/3.9.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.apache.maven:maven-plugin-api/3.9.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.apache.maven:maven-plugin-api/3.6.3/3.9.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.apache.maven:maven-plugin-api/3.6.3/3.9.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.…"}},{"before":"5917e48aaf2530adfcf1b8f8dc4b449bb9b6d9e6","after":"288dcd68ac666460af1849a0c3af6a142a05cb2d","ref":"refs/heads/main","pushedAt":"2024-05-17T04:57:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"laurentsimon","name":null,"path":"/laurentsimon","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64505099?s=80&v=4"},"commit":{"message":"Add openfga as another user of slsa-github-generator via Github Actions (#2950)\n\nSigned-off-by: Andrés Aguiar ","shortMessageHtmlLink":"Add openfga as another user of slsa-github-generator via Github Actio…"}},{"before":"a14d8105ab1ef72aa5b3214b95b1c062822038e9","after":"5917e48aaf2530adfcf1b8f8dc4b449bb9b6d9e6","ref":"refs/heads/main","pushedAt":"2024-05-17T01:25:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"chore(deps): update github-actions (#3642)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| actions/checkout | action | digest | `b4ffde6` -> `a5ac7e5` |\r\n| [actions/checkout](https://togithub.com/actions/checkout) | action |\r\npatch | `v4.1.1` -> `v4.1.6` |\r\n|\r\n[actions/download-artifact](https://togithub.com/actions/download-artifact)\r\n| action | patch | `v4.1.4` -> `v4.1.7` |\r\n|\r\n[actions/upload-artifact](https://togithub.com/actions/upload-artifact)\r\n| action | patch | `v4.3.1` -> `v4.3.3` |\r\n|\r\n[ianlewis/todo-issue-reopener](https://togithub.com/ianlewis/todo-issue-reopener)\r\n| action | patch | `v1.2.0` -> `v1.2.1` |\r\n| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |\r\naction | patch | `v2.3.0` -> `v2.3.3` |\r\n|\r\n[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)\r\n| action | minor | `v3.4.0` -> `v3.5.0` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/checkout (actions/checkout)\r\n\r\n###\r\n[`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6)\r\n\r\n- Check platform to set archive extension appropriately by\r\n[@​cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732)\r\n\r\n###\r\n[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)\r\n\r\n#### What's Changed\r\n\r\n- Update NPM dependencies by\r\n[@​cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703)\r\n- Bump github/codeql-action from 2 to 3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694)\r\n- Bump actions/setup-node from 1 to 4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696)\r\n- Bump actions/upload-artifact from 2 to 4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695)\r\n- README: Suggest `user.email` to be\r\n`41898282+github-actions[bot]@​users.noreply.github.com` by\r\n[@​cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/checkout/compare/v4.1.4...v4.1.5\r\n\r\n###\r\n[`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4)\r\n\r\n- Disable `extensions.worktreeConfig` when disabling `sparse-checkout`\r\nby [@​jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692)\r\n- Add dependabot config by\r\n[@​cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688)\r\n- Bump the minor-actions-dependencies group with 2 updates by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693)\r\n- Bump word-wrap from 1.2.3 to 1.2.5 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643)\r\n\r\n###\r\n[`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3)\r\n\r\n#### What's Changed\r\n\r\n- Update `actions/checkout` version in `update-main-version.yml` by\r\n[@​jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650)\r\n- Check git version before attempting to disable `sparse-checkout` by\r\n[@​jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656)\r\n- Add SSH user parameter by\r\n[@​cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/checkout/compare/v4.1.2...v4.1.3\r\n\r\n###\r\n[`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2)\r\n\r\n- Fix: Disable sparse checkout whenever `sparse-checkout` option is not\r\npresent [@​dscho](https://togithub.com/dscho) in\r\n[https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)\r\n\r\n
\r\n\r\n
\r\nactions/download-artifact (actions/download-artifact)\r\n\r\n###\r\n[`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7)\r\n\r\n#### What's Changed\r\n\r\n- Update\r\n[@​actions/artifact](https://togithub.com/actions/artifact)\r\ndependency by [@​bethanyj28](https://togithub.com/bethanyj28) in\r\n[https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7\r\n\r\n###\r\n[`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6)\r\n\r\n#### What's Changed\r\n\r\n- updating `@actions/artifact` dependency to v2.1.6 by\r\n[@​eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6\r\n\r\n###\r\n[`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5)\r\n\r\n#### What's Changed\r\n\r\n- Update readme with v3/v2/v1 deprecation notice by\r\n[@​robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322)\r\n- Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact`\r\nto v2.1.5\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5\r\n\r\n
\r\n\r\n
\r\nactions/upload-artifact (actions/upload-artifact)\r\n\r\n###\r\n[`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)\r\n\r\n##### What's Changed\r\n\r\n- updating `@actions/artifact` dependency to v2.1.6 by\r\n[@​eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3\r\n\r\n###\r\n[`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)\r\n\r\n#### What's Changed\r\n\r\n- Update release-new-action-version.yml by\r\n[@​konradpabjan](https://togithub.com/konradpabjan) in\r\n[https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516)\r\n- Minor fix to the migration readme by\r\n[@​andrewakim](https://togithub.com/andrewakim) in\r\n[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)\r\n- Update readme with v3/v2/v1 deprecation notice by\r\n[@​robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561)\r\n- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`\r\nto v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562)\r\n\r\n#### New Contributors\r\n\r\n- [@​andrewakim](https://togithub.com/andrewakim) made their first\r\ncontribution in\r\n[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2\r\n\r\n
\r\n\r\n
\r\nianlewis/todo-issue-reopener\r\n(ianlewis/todo-issue-reopener)\r\n\r\n###\r\n[`v1.2.1`](https://togithub.com/ianlewis/todo-issue-reopener/releases/tag/v1.2.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1)\r\n\r\n##### Fixed in 1.2.1\r\n\r\n- Fixed the \"error updating to TUF remote mirror: invalid key\" error\r\n([#​688](https://togithub.com/ianlewis/todo-issue-reopener/issues/688)).\r\n\r\n#### All changes\r\n\r\n- fix: Update slsa-verifier version by\r\n[@​ianlewis](https://togithub.com/ianlewis) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/689](https://togithub.com/ianlewis/todo-issue-reopener/pull/689)\r\n- chore(deps): Bump github/codeql-action from 3.23.2 to 3.25.5 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/711](https://togithub.com/ianlewis/todo-issue-reopener/pull/711)\r\n- chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.4.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/705](https://togithub.com/ianlewis/todo-issue-reopener/pull/705)\r\n- chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/670](https://togithub.com/ianlewis/todo-issue-reopener/pull/670)\r\n- chore(deps-dev): Bump\r\n[@​types/jest](https://togithub.com/types/jest) from 29.5.11 to\r\n29.5.12 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/664](https://togithub.com/ianlewis/todo-issue-reopener/pull/664)\r\n- chore(deps): Bump actions/setup-node from 4.0.1 to 4.0.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/605](https://togithub.com/ianlewis/todo-issue-reopener/pull/605)\r\n- chore(deps): Bump yamllint from 1.33.0 to 1.35.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/598](https://togithub.com/ianlewis/todo-issue-reopener/pull/598)\r\n- chore(deps-dev): Bump eslint-plugin-github from 4.9.1 to 4.10.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/592](https://togithub.com/ianlewis/todo-issue-reopener/pull/592)\r\n- chore(deps): Bump thehanimo/pr-title-checker from 1.4.1 to 1.4.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/604](https://togithub.com/ianlewis/todo-issue-reopener/pull/604)\r\n- chore(deps): Bump yaml from 2.3.4 to 2.4.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/727](https://togithub.com/ianlewis/todo-issue-reopener/pull/727)\r\n- chore(deps-dev): Bump\r\n[@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to\r\n0.38.1 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/635](https://togithub.com/ianlewis/todo-issue-reopener/pull/635)\r\n- chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/634](https://togithub.com/ianlewis/todo-issue-reopener/pull/634)\r\n- chore(release): v1.2.1 by\r\n[@​ianlewis](https://togithub.com/ianlewis) in\r\n[https://github.com/ianlewis/todo-issue-reopener/pull/833](https://togithub.com/ianlewis/todo-issue-reopener/pull/833)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1\r\n\r\n
\r\n\r\n
\r\nossf/scorecard-action (ossf/scorecard-action)\r\n\r\n###\r\n[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)\r\n\r\n> \\[!NOTE]\\\r\n> There is no v2.3.2 release as a step was skipped in the release\r\nprocess. This was fixed and re-released under the v2.3.3 tag\r\n\r\n#### What's Changed\r\n\r\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366)\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374)\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377)\r\n\r\nFor a full changelist of what these include, see the\r\n[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)\r\nand\r\n[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)\r\nrelease notes.\r\n\r\n##### Documentation\r\n\r\n- :book: Move token discussion out of main README. by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279)\r\n- :book: link to `ossf/scorecard` workflow instead of maintaining an\r\nexample by [@​spencerschrock](https://togithub.com/spencerschrock)\r\nin\r\n[https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352)\r\n- :book: update api links to new scorecard.dev site by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3\r\n\r\n###\r\n[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)\r\n\r\n###\r\n[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)\r\n\r\n#### What's Changed\r\n\r\n- :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1\r\nby [@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)\r\n- Adds additional Fuzzing detection and fixes a SAST bug related to\r\ndetecting CodeQL. For a full changelist of what this includes, see the\r\n[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)\r\nrelease notes\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1\r\n\r\n
\r\n\r\n
\r\nsigstore/cosign-installer (sigstore/cosign-installer)\r\n\r\n###\r\n[`v3.5.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.5.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0)\r\n\r\n#### What's Changed\r\n\r\n- Bump actions/checkout from 4.1.1 to 4.1.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/sigstore/cosign-installer/pull/157](https://togithub.com/sigstore/cosign-installer/pull/157)\r\n- use go 1.22 now by\r\n[@​bobcallaway](https://togithub.com/bobcallaway) in\r\n[https://github.com/sigstore/cosign-installer/pull/160](https://togithub.com/sigstore/cosign-installer/pull/160)\r\n- bump default version to v2.2.4, prep for v3.5.0 release by\r\n[@​bobcallaway](https://togithub.com/bobcallaway) in\r\n[https://github.com/sigstore/cosign-installer/pull/159](https://togithub.com/sigstore/cosign-installer/pull/159)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"chore(deps): update github-actions (#3642)"}},{"before":"58899814927dd464e6d4e1ec95e332148c63b2da","after":"a14d8105ab1ef72aa5b3214b95b1c062822038e9","ref":"refs/heads/main","pushedAt":"2024-05-17T00:30:58.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: formatting (#3655)\n\n# Summary\r\n\r\nFormatted code in the repository. This is the result of running `make\r\nformat`.\r\n\r\n## Testing Process\r\n\r\nN/A\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"chore: formatting (#3655)"}},{"before":"378b4cf5424ea60cff8b672b31f2d608c8f5692d","after":"58899814927dd464e6d4e1ec95e332148c63b2da","ref":"refs/heads/main","pushedAt":"2024-05-16T18:08:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix(deps): update npm (#3647)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [@octokit/webhooks-types](https://togithub.com/octokit/webhooks) |\r\n[`7.3.1` ->\r\n`7.5.1`](https://renovatebot.com/diffs/npm/@octokit%2fwebhooks-types/7.3.1/7.5.1)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@octokit%2fwebhooks-types/7.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@octokit%2fwebhooks-types/7.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@octokit%2fwebhooks-types/7.3.1/7.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@octokit%2fwebhooks-types/7.3.1/7.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[sigstore](https://togithub.com/sigstore/sigstore-js/tree/main/packages/client#readme)\r\n([source](https://togithub.com/sigstore/sigstore-js)) | [`2.2.2` ->\r\n`2.3.0`](https://renovatebot.com/diffs/npm/sigstore/2.2.2/2.3.0) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/sigstore/2.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/sigstore/2.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/sigstore/2.2.2/2.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sigstore/2.2.2/2.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [yaml](https://eemeli.org/yaml/)\r\n([source](https://togithub.com/eemeli/yaml)) | [`2.3.3` ->\r\n`2.4.2`](https://renovatebot.com/diffs/npm/yaml/2.3.3/2.4.2) |\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.3/2.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.3/2.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\noctokit/webhooks (@​octokit/webhooks-types)\r\n\r\n###\r\n[`v7.5.1`](https://togithub.com/octokit/webhooks/releases/tag/v7.5.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/octokit/webhooks/compare/v7.5.0...v7.5.1)\r\n\r\n##### Bug Fixes\r\n\r\n- **schema:** correct some schema IDs\r\n([#​921](https://togithub.com/octokit/webhooks/issues/921))\r\n([babdb8a](https://togithub.com/octokit/webhooks/commit/babdb8a21566f1521007e8979c29cbeca2e358ed))\r\n\r\n###\r\n[`v7.5.0`](https://togithub.com/octokit/webhooks/releases/tag/v7.5.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/octokit/webhooks/compare/v7.4.0...v7.5.0)\r\n\r\n##### Features\r\n\r\n- **security:** Add provenance\r\n([#​916](https://togithub.com/octokit/webhooks/issues/916))\r\n([b28ee22](https://togithub.com/octokit/webhooks/commit/b28ee220ca96db44a8555551ccd6cf06c8b37052))\r\n\r\n###\r\n[`v7.4.0`](https://togithub.com/octokit/webhooks/releases/tag/v7.4.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/octokit/webhooks/compare/v7.3.2...v7.4.0)\r\n\r\n##### Features\r\n\r\n- schema updates (adds custom_properties field) to\r\nbranch_protection_rule, check_suite, code_scanning_alert,\r\ncommit_comment, create, delete, dependabot_alert, deploy_key,\r\ndeployment, deployment_review, deployment_status, discussion,\r\ndisscussion_comment, fork, gollum, issue_comment, issues, label, member,\r\nmerge_group, meta, milestone, package, page_build. ping, project,\r\nproject_card, project_column, public, pull_request, pull_request_review,\r\npull_request_review_comment, pull_request_review_thread, push,\r\nregistry_package, release, repository, repository_dispatch,\r\nrepository_import, repository_vulnerability_alert,\r\nsecret_scanning_alert, star, status, team, team_add, watch,\r\nworkflow_dispatch, workflow_job, workflow_run,\r\nbranch_protection_configuration, common, custom_property,\r\ncustom_property_values\r\n([#​904](https://togithub.com/octokit/webhooks/issues/904))\r\n([bc5f6fd](https://togithub.com/octokit/webhooks/commit/bc5f6fd16b0df0e3058512e7d44dcba9ba3e0bb0))\r\n\r\n###\r\n[`v7.3.2`](https://togithub.com/octokit/webhooks/releases/tag/v7.3.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/octokit/webhooks/compare/v7.3.1...v7.3.2)\r\n\r\n##### Bug Fixes\r\n\r\n- add \"cancelled\" as possible conclusion of a completed workflow step\r\n([#​892](https://togithub.com/octokit/webhooks/issues/892))\r\n([6df0bc4](https://togithub.com/octokit/webhooks/commit/6df0bc4cf83a86f170369263dfa1f2e104b93ff4))\r\n\r\n
\r\n\r\n
\r\nsigstore/sigstore-js (sigstore)\r\n\r\n###\r\n[`v2.3.0`](https://togithub.com/sigstore/sigstore-js/releases/tag/sigstore%402.3.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/sigstore/sigstore-js/compare/sigstore@2.2.2...sigstore@2.3.0)\r\n\r\n##### Minor Changes\r\n\r\n- [`ef7a2e6`](https://togithub.com/sigstore/sigstore-js/commit/ef7a2e6):\r\nAdd support for verifying new v0.3 Sigstore bundles\r\n\r\n##### Patch Changes\r\n\r\n- [`ef7a2e6`](https://togithub.com/sigstore/sigstore-js/commit/ef7a2e6):\r\nBump\r\n[@​sigstore/protobuf-specs](https://togithub.com/sigstore/protobuf-specs)\r\nfrom 0.3.0 to 0.3.1\r\n- [`ef7a2e6`](https://togithub.com/sigstore/sigstore-js/commit/ef7a2e6):\r\nBump [@​sigstore/bundle](https://togithub.com/sigstore/bundle)\r\nfrom 2.2.0 to 2.3.1\r\n- [`ef7a2e6`](https://togithub.com/sigstore/sigstore-js/commit/ef7a2e6):\r\nbump [@​sigstore/sign](https://togithub.com/sigstore/sign) from\r\n2.2.3 to 2.3.0\r\n- [`ef7a2e6`](https://togithub.com/sigstore/sigstore-js/commit/ef7a2e6):\r\nBump [@​sigstore/verify](https://togithub.com/sigstore/verify)\r\nfrom 1.1.0 to 1.2.0\r\n\r\n
\r\n\r\n
\r\neemeli/yaml (yaml)\r\n\r\n### [`v2.4.2`](https://togithub.com/eemeli/yaml/releases/tag/v2.4.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/eemeli/yaml/compare/v2.4.1...v2.4.2)\r\n\r\n- Restrict YAML 1.1 boolean strings to their explicit capitalization\r\n([#​530](https://togithub.com/eemeli/yaml/issues/530))\r\n- Add sponsorship by [Scipress](https://www.scipress.io/)\r\n([#​536](https://togithub.com/eemeli/yaml/issues/536))\r\n\r\n###\r\n[`v2.4.1`](https://togithub.com/eemeli/yaml/compare/v2.4.0...4aa56d337dc5e286eb0c9111a3b370f21e321117)\r\n\r\n[Compare\r\nSource](https://togithub.com/eemeli/yaml/compare/v2.4.0...v2.4.1)\r\n\r\n### [`v2.4.0`](https://togithub.com/eemeli/yaml/releases/tag/v2.4.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/eemeli/yaml/compare/v2.3.4...v2.4.0)\r\n\r\n- Add a command-line tool\r\n([#​523](https://togithub.com/eemeli/yaml/issues/523))\r\n- Use the `lineWidth` option for line breaking in flow collections\r\n([#​522](https://togithub.com/eemeli/yaml/issues/522))\r\n\r\n### [`v2.3.4`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/eemeli/yaml/compare/v2.3.3...v2.3.4)\r\n\r\n- Do not throw for carriage return in tag shorthand\r\n([#​501](https://togithub.com/eemeli/yaml/issues/501))\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\n---------\r\n\r\nSigned-off-by: Mend Renovate \r\nSigned-off-by: github-actions \r\nCo-authored-by: github-actions ","shortMessageHtmlLink":"fix(deps): update npm (#3647)"}},{"before":"f29a845b00f0afdac8d8e0104c8a9c717706e7b3","after":"378b4cf5424ea60cff8b672b31f2d608c8f5692d","ref":"refs/heads/main","pushedAt":"2024-05-16T17:44:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#3646)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| golang.org/x/oauth2 | `v0.19.0` -> `v0.20.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2foauth2/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2foauth2/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2foauth2/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2foauth2/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#3646)"}},{"before":"ecc53bbac572bc670f5c2563a1b5f98adf06479e","after":"f29a845b00f0afdac8d8e0104c8a9c717706e7b3","ref":"refs/heads/main","pushedAt":"2024-05-16T17:02:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix(deps): update dependency @actions/github to v6 (#3649)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|\r\n[@actions/github](https://togithub.com/actions/toolkit/tree/main/packages/github)\r\n([source](https://togithub.com/actions/toolkit/tree/HEAD/packages/github))\r\n| [`5.1.1` ->\r\n`6.0.0`](https://renovatebot.com/diffs/npm/@actions%2fgithub/5.1.1/6.0.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@actions%2fgithub/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@actions%2fgithub/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@actions%2fgithub/5.1.1/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@actions%2fgithub/5.1.1/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/toolkit (@​actions/github)\r\n\r\n###\r\n[`v6.0.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/github/RELEASES.md#600)\r\n\r\n- Support the latest Octokit in\r\n[@​actions/github](https://togithub.com/actions/github)\r\n[#​1553](https://togithub.com/actions/toolkit/pull/1553)\r\n - Drop support of NodeJS v14, v16\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\n---------\r\n\r\nSigned-off-by: Mend Renovate \r\nSigned-off-by: github-actions \r\nCo-authored-by: github-actions ","shortMessageHtmlLink":"fix(deps): update dependency @actions/github to v6 (#3649)"}},{"before":"b69adaa07206fb3682d4291fd29367ab04dc2326","after":"ecc53bbac572bc670f5c2563a1b5f98adf06479e","ref":"refs/heads/main","pushedAt":"2024-05-16T16:32:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): update dependency pathspec to v0.12.1 (#3644)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [pathspec](https://togithub.com/cpburnz/python-pathspec) | `==0.11.1`\r\n-> `==0.12.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/pypi/pathspec/0.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pathspec/0.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pathspec/0.11.1/0.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pathspec/0.11.1/0.12.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\ncpburnz/python-pathspec (pathspec)\r\n\r\n###\r\n[`v0.12.1`](https://togithub.com/cpburnz/python-pathspec/blob/HEAD/CHANGES.rst#0121-2023-12-10)\r\n\r\n[Compare\r\nSource](https://togithub.com/cpburnz/python-pathspec/compare/v0.12.0...v0.12.1)\r\n\r\nBug fixes:\r\n\r\n- `Issue #​84`\\_: PathSpec.match_file() returns None since 0.12.0.\r\n\r\n.. \\_`Issue #​84`:\r\n[https://github.com/cpburnz/python-pathspec/issues/84](https://togithub.com/cpburnz/python-pathspec/issues/84)\r\n\r\n###\r\n[`v0.12.0`](https://togithub.com/cpburnz/python-pathspec/blob/HEAD/CHANGES.rst#0120-2023-12-09)\r\n\r\n[Compare\r\nSource](https://togithub.com/cpburnz/python-pathspec/compare/v0.11.2...v0.12.0)\r\n\r\nMajor changes:\r\n\r\n- Dropped support of EOL Python 3.7. See `Pull #​82`\\_.\r\n\r\nAPI changes:\r\n\r\n- Signature of protected method\r\n`pathspec.pathspec.PathSpec._match_file()` (with a leading underscore)\r\nhas been changed from `def _match_file(patterns: Iterable[Pattern],\r\nfile: str) -> bool` to `def _match_file(patterns: Iterable[Tuple[int,\r\nPattern]], file: str) -> Tuple[Optional[bool], Optional[int]]`.\r\n\r\nNew features:\r\n\r\n- Added `pathspec.pathspec.PathSpec.check_*()` methods. These methods\r\nbehave similarly to `.match_*()` but return additional information in\r\nthe `pathspec.util.CheckResult` objects (e.g., `CheckResult.index`\r\nindicates the index of the last pattern that matched the file).\r\n- Added `pathspec.pattern.RegexPattern.pattern` attribute which stores\r\nthe original, uncompiled pattern.\r\n\r\nBug fixes:\r\n\r\n- `Issue #​81`\\_: GitIgnoreSpec behaviors differ from git.\r\n- `Pull #​83`\\_: Fix ReadTheDocs builds.\r\n\r\nImprovements:\r\n\r\n- Mark Python 3.12 as supported. See `Pull #​82`\\_.\r\n- Improve test debugging.\r\n- Improve type hint on *on_error* parameter on\r\n`pathspec.pathspec.PathSpec.match_tree_entries()`.\r\n- Improve type hint on *on_error* parameter on\r\n`pathspec.util.iter_tree_entries()`.\r\n\r\n.. \\_`Issue #​81`:\r\n[https://github.com/cpburnz/python-pathspec/issues/81](https://togithub.com/cpburnz/python-pathspec/issues/81)\r\n.. \\_`Pull #​82`:\r\n[https://github.com/cpburnz/python-pathspec/pull/82](https://togithub.com/cpburnz/python-pathspec/pull/82)\r\n.. \\_`Pull #​83`:\r\n[https://github.com/cpburnz/python-pathspec/pull/83](https://togithub.com/cpburnz/python-pathspec/pull/83)\r\n\r\n###\r\n[`v0.11.2`](https://togithub.com/cpburnz/python-pathspec/blob/HEAD/CHANGES.rst#0112-2023-07-28)\r\n\r\n[Compare\r\nSource](https://togithub.com/cpburnz/python-pathspec/compare/v0.11.1...v0.11.2)\r\n\r\nNew features:\r\n\r\n- `Issue #​80`\\_: match_files with negated path spec.\r\n`pathspec.PathSpec.match_*()` now have a `negate` parameter to make\r\nusing *.gitignore* logic easier and more efficient.\r\n\r\nBug fixes:\r\n\r\n- `Pull #​76`\\_: Add edge case: patterns that end with an escaped\r\nspace\r\n- `Issue #​77`*/`Pull #​78`*: Negate with caret symbol as\r\nwith the exclamation mark.\r\n\r\n.. \\_`Pull #​76`:\r\n[https://github.com/cpburnz/python-pathspec/pull/76](https://togithub.com/cpburnz/python-pathspec/pull/76)\r\n.. \\_`Issue #​77`:\r\n[https://github.com/cpburnz/python-pathspec/issues/77](https://togithub.com/cpburnz/python-pathspec/issues/77)\r\n.. \\_`Pull #​78`:\r\n[https://github.com/cpburnz/python-pathspec/pull/78](https://togithub.com/cpburnz/python-pathspec/pull/78)/\r\n.. \\_`Issue #​80`:\r\n[https://github.com/cpburnz/python-pathspec/issues/80](https://togithub.com/cpburnz/python-pathspec/issues/80)\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate \r\nCo-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update dependency pathspec to v0.12.1 (#3644)"}},{"before":"fd73514722da63d500d1aeb57b99482218a160cd","after":"b69adaa07206fb3682d4291fd29367ab04dc2326","ref":"refs/heads/main","pushedAt":"2024-05-16T07:01:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] (#3640)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [github.com/sigstore/cosign/v2](https://togithub.com/sigstore/cosign)\r\n| `v2.2.3` -> `v2.2.4` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fsigstore%2fcosign%2fv2/v2.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fsigstore%2fcosign%2fv2/v2.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fsigstore%2fcosign%2fv2/v2.2.3/v2.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fsigstore%2fcosign%2fv2/v2.2.3/v2.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n### GitHub Vulnerability Alerts\r\n\r\n####\r\n[CVE-2024-29902](https://togithub.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc)\r\n\r\n### Summary\r\nA remote image with a malicious attachment can cause denial of service\r\nof the host machine running Cosign. This can impact other services on\r\nthe machine that rely on having memory available such as a Redis\r\ndatabase which can result in data loss. It can also impact the\r\navailability of other services on the machine that will not be available\r\nfor the duration of the machine denial.\r\n\r\n### Details\r\nThe root cause of this issue is that Cosign reads the attachment from a\r\nremote image entirely into memory without checking the size of the\r\nattachment first. As such, a large attachment can make Cosign read a\r\nlarge attachment into memory; If the attachments size is larger than the\r\nmachine has memory available, the machine will be denied of service. The\r\nGo runtime will make a `SIGKILL` after a few seconds of system-wide\r\ndenial.\r\n\r\nThe root cause is that Cosign reads the contents of the attachments\r\nentirely into memory on line 238 below:\r\n\r\n\r\nhttps://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239\r\n\r\n...and prior to that, neither Cosign nor go-containerregistry checks the\r\nsize of the attachment and enforces a max cap. In the case of a remote\r\nlayer of `f *attached`, go-containerregistry will invoke this API:\r\n\r\n\r\nhttps://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40\r\n```golang\r\nfunc (rl *remoteLayer) Compressed() (io.ReadCloser, error) {\r\n\t// We don't want to log binary layers -- this can break terminals.\r\n\tctx := redact.NewContext(rl.ctx, \"omitting binary blobs from logs\")\r\n\treturn rl.fetcher.fetchBlob(ctx, verify.SizeUnknown, rl.digest)\r\n}\r\n```\r\n\r\nNotice that the second argument to `rl.fetcher.fetchBlob` is\r\n`verify.SizeUnknown` which results in not using the `io.LimitReader` in\r\n`verify.ReadCloser`:\r\n\r\nhttps://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/internal/verify/verify.go#L82-L100\r\n```golang\r\nfunc ReadCloser(r io.ReadCloser, size int64, h v1.Hash) (io.ReadCloser, error) {\r\n\tw, err := v1.Hasher(h.Algorithm)\r\n\tif err != nil {\r\n\t\treturn nil, err\r\n\t}\r\n\tr2 := io.TeeReader(r, w) // pass all writes to the hasher.\r\n\tif size != SizeUnknown {\r\n\t\tr2 = io.LimitReader(r2, size) // if we know the size, limit to that size.\r\n\t}\r\n\treturn &and.ReadCloser{\r\n\t\tReader: &verifyReader{\r\n\t\t\tinner: r2,\r\n\t\t\thasher: w,\r\n\t\t\texpected: h,\r\n\t\t\twantSize: size,\r\n\t\t},\r\n\t\tCloseFunc: r.Close,\r\n\t}, nil\r\n}\r\n```\r\n\r\n### Impact\r\nThis issue can allow a supply-chain escalation from a compromised\r\nregistry to the Cosign user: If an attacher has compromised a registry\r\nor the account of an image vendor, they can include a malicious\r\nattachment and hurt the image consumer.\r\n\r\n### Remediation\r\nUpdate to the latest version of Cosign, which limits the number of\r\nattachments. An environment variable can override this value.\r\n\r\n####\r\n[CVE-2024-29903](https://togithub.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv)\r\n\r\nMaliciously-crafted software artifacts can cause denial of service of\r\nthe machine running Cosign, thereby impacting all services on the\r\nmachine. The root cause is that Cosign creates slices based on the\r\nnumber of signatures, manifests or attestations in untrusted artifacts.\r\nAs such, the untrusted artifact can control the amount of memory that\r\nCosign allocates.\r\n\r\nAs an example, these lines demonstrate the problem:\r\n\r\n\r\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70\r\n\r\nThis `Get()` method gets the manifest of the image, allocates a slice\r\nequal to the length of the layers in the manifest, loops through the\r\nlayers and adds a new signature to the slice.\r\n\r\nThe exact issue is Cosign allocates excessive memory on the lines that\r\ncreates a slice of the same length as the manifests.\r\n\r\n## Remediation\r\n\r\nUpdate to the latest version of Cosign, where the number of\r\nattestations, signatures and manifests has been limited to a reasonable\r\nvalue.\r\n\r\n## Cosign PoC\r\n\r\nIn the case of this API (also referenced above):\r\n\r\n\r\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L70\r\n\r\n… The first line can contain a length that is safe for the system and\r\nwill not throw a runtime panic or be blocked by other safety mechanisms.\r\nFor the sake of argument, let’s say that the length of `m, err :=\r\ns.Manifest()` is the max allowed (by the machine without throwing OOM\r\npanics) manifests minus 1. When Cosign then allocates a new slice on\r\nthis line: `signatures := make([]oci.Signature, 0, len(m.Layers))`,\r\nCosign will allocate more memory than is available and the machine will\r\nbe denied of service, causing Cosign and all other services on the\r\nmachine to be unavailable.\r\n\r\nTo illustrate the issue here, we run a modified version of\r\n`TestSignedImageIndex()` in `pkg/oci/remote`:\r\n\r\n\r\nhttps://github.com/sigstore/cosign/blob/14795db16417579fac0c00c11e166868d7976b61/pkg/oci/remote/index_test.go#L31-L57\r\n\r\nHere, `wantLayers` is the number of manifests from these lines:\r\n\r\n\r\nhttps://github.com/sigstore/cosign/blob/286a98a4a99c1b2f32f84b0d560e324100312280/pkg/oci/remote/signatures.go#L56-L60\r\n\r\nTo test this, we want to make `wantLayers` high enough to not cause a\r\nmemory on its own but still trigger the machine-wide OOM when a slice\r\ngets create with the same length. On my local machine, it would take\r\nhours to create a slice of layers that fulfils that criteria, so instead\r\nI modify the Cosign production code to reflect a long list of manifests:\r\n\r\n```golang\r\n// Get implements oci.Signatures\r\nfunc (s *sigs) Get() ([]oci.Signature, error) {\r\n m, err := s.Manifest()\r\n if err != nil {\r\n return nil, err\r\n }\r\n // Here we imitate a long list of manifests\r\n ms := make([]byte, 2600000000) // imitate a long list of manifests\r\n signatures := make([]oci.Signature, 0, len(ms))\r\n panic(\"Done\")\r\n //signatures := make([]oci.Signature, 0, len(m.Layers))\r\n for _, desc := range m.Layers {\r\n```\r\n\r\nWith this modified code, if we can cause an OOM without triggering the\r\n`panic(\"Done\")`, we have succeeded.\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nsigstore/cosign (github.com/sigstore/cosign/v2)\r\n\r\n###\r\n[`v2.2.4`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v224)\r\n\r\n[Compare\r\nSource](https://togithub.com/sigstore/cosign/compare/v2.2.3...v2.2.4)\r\n\r\n#### Bug Fixes\r\n\r\n- Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv\r\n([#​3661](https://togithub.com/sigstore/cosign/issues/3661))\r\n- ErrNoSignaturesFound should be used when there is no signature\r\nattached to an image.\r\n([#​3526](https://togithub.com/sigstore/cosign/issues/3526))\r\n- fix semgrep issues for dgryski.semgrep-go ruleset\r\n([#​3541](https://togithub.com/sigstore/cosign/issues/3541))\r\n- Honor creation timestamp for signatures again\r\n([#​3549](https://togithub.com/sigstore/cosign/issues/3549))\r\n\r\n#### Features\r\n\r\n- Adds Support for Fulcio Client Credentials Flow, and Argument to Set\r\nFlow Explicitly\r\n([#​3578](https://togithub.com/sigstore/cosign/issues/3578))\r\n\r\n#### Documentation\r\n\r\n- add oci bundle spec\r\n([#​3622](https://togithub.com/sigstore/cosign/issues/3622))\r\n- Correct help text of triangulate cmd\r\n([#​3551](https://togithub.com/sigstore/cosign/issues/3551))\r\n- Correct help text of verify-attestation policy argument\r\n([#​3527](https://togithub.com/sigstore/cosign/issues/3527))\r\n- feat: add OVHcloud MPR registry tested with cosign\r\n([#​3639](https://togithub.com/sigstore/cosign/issues/3639))\r\n\r\n#### Testing\r\n\r\n- Refactor e2e-tests.yml workflow\r\n([#​3627](https://togithub.com/sigstore/cosign/issues/3627))\r\n- Clean up and clarify e2e scripts\r\n([#​3628](https://togithub.com/sigstore/cosign/issues/3628))\r\n- Don't ignore transparency log in tests if possible\r\n([#​3528](https://togithub.com/sigstore/cosign/issues/3528))\r\n- Make E2E tests hermetic\r\n([#​3499](https://togithub.com/sigstore/cosign/issues/3499))\r\n- add e2e test for pkcs11 token signing\r\n([#​3495](https://togithub.com/sigstore/cosign/issues/3495))\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"* 0-4 * * *\" (UTC), Automerge - At\r\nany time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [sec…"}},{"before":"2d17c08caa2b3ec469d48ad9126a1214a741035b","after":"fd73514722da63d500d1aeb57b99482218a160cd","ref":"refs/heads/main","pushedAt":"2024-05-16T06:53:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"fix(deps): update dependency org.json:json to v20231013 [security] (#3641)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [org.json:json](https://togithub.com/douglascrockford/JSON-java) |\r\n`20230618` -> `20231013` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/maven/org.json:json/20231013?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.json:json/20231013?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.json:json/20230618/20231013?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.json:json/20230618/20231013?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n### GitHub Vulnerability Alerts\r\n\r\n####\r\n[CVE-2023-5072](https://togithub.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7)\r\n\r\n### Summary\r\nA denial of service vulnerability in JSON-Java was discovered by\r\n[ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the\r\nparser means that an input string of modest size can lead to indefinite\r\namounts of memory being used. There are two issues: (1) the parser bug\r\ncan be used to circumvent a check that is supposed to prevent the key in\r\na JSON object from itself being another JSON object; (2) if a key does\r\nend up being a JSON object then it gets converted into a string, using\r\n`\\` to escape special characters, including `\\` itself. So by nesting\r\nJSON objects, with a key that is a JSON object that has a key that is a\r\nJSON object, and so on, we can get an exponential number of `\\`\r\ncharacters in the escaped string.\r\n\r\n### Severity\r\nHigh - Because this is an already-fixed DoS vulnerability, the only\r\nremaining impact possible is for existing binaries that have not been\r\nupdated yet.\r\n\r\n### Proof of Concept\r\n```java\r\npackage orgjsonbug;\r\n\r\nimport org.json.JSONObject;\r\n\r\n/**\r\n * Illustrates a bug in JSON-Java.\r\n */\r\npublic class Bug {\r\n private static String makeNested(int depth) {\r\n if (depth == 0) {\r\n return \"{\\\"a\\\":1}\";\r\n }\r\n return \"{\\\"a\\\":1;\\t\\0\" + makeNested(depth - 1) + \":1}\";\r\n }\r\n\r\n public static void main(String[] args) {\r\n String input = makeNested(30);\r\n System.out.printf(\"Input string has length %d: %s\\n\", input.length(), input);\r\n JSONObject output = new JSONObject(input);\r\n System.out.printf(\"Output JSONObject has length %d: %s\\n\", output.toString().length(), output);\r\n }\r\n}\r\n```\r\nWhen run, this reports that the input string has length 367. Then, after\r\na long pause, the program crashes inside new JSONObject with\r\nOutOfMemoryError.\r\n\r\n### Further Analysis\r\nThe issue is fixed by [this\r\nPR](https://togithub.com/stleary/JSON-java/pull/759).\r\n\r\n### Timeline\r\n**Date reported**: 07/14/2023\r\n**Date fixed**: \r\n**Date disclosed**: 10/12/2023\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\ndouglascrockford/JSON-java (org.json:json)\r\n\r\n###\r\n[`v20231013`](https://togithub.com/stleary/JSON-java/releases/tag/20231013)\r\n\r\n[Compare\r\nSource](https://togithub.com/douglascrockford/JSON-java/compare/20230618...20231013)\r\n\r\n| Pull Request | Description |\r\n|-----|-----|\r\n\r\n|[#​793](https://togithub.com/douglascrockford/JSON-java/issues/793)|\r\nReverted\r\n[#​761](https://togithub.com/douglascrockford/JSON-java/issues/761)|\r\n\r\n|[#​792](https://togithub.com/douglascrockford/JSON-java/issues/792)|\r\nupdate the docs for release\r\n[`2023101`](https://togithub.com/douglascrockford/JSON-java/commit/20231013)|\r\n\r\n|[#​783](https://togithub.com/douglascrockford/JSON-java/issues/783)\r\n|optLong vs getLong inconsistencies| \r\n\r\n|[#​782](https://togithub.com/douglascrockford/JSON-java/issues/782)|\r\nFix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for\r\nWindows|\r\n\r\n|[#​779](https://togithub.com/douglascrockford/JSON-java/issues/779)\r\n|add validity check for JSONObject constructors|\r\n\r\n|[#​778](https://togithub.com/douglascrockford/JSON-java/issues/778)\r\n|Fix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for\r\nWindows|\r\n\r\n|[#​776](https://togithub.com/douglascrockford/JSON-java/issues/776)\r\n|Update \\[JUnit to version 4.13.2|\r\n\r\n|[#​774](https://togithub.com/douglascrockford/JSON-java/issues/774)\r\n|Removing unneeded synchronization|\r\n\r\n|[#​773](https://togithub.com/douglascrockford/JSON-java/issues/773)\r\n|Add optJSONArray method to JSONObject with a default value|\r\n\r\n|[#​772](https://togithub.com/douglascrockford/JSON-java/issues/772)\r\n|Disallow nested objects and arrays as keys in objects|\r\n\r\n|[#​779](https://togithub.com/douglascrockford/JSON-java/issues/779)\r\n|Unit test cleanup|\r\n\r\n|[#​769](https://togithub.com/douglascrockford/JSON-java/issues/769)\r\n|Addressed Java 17 compile warnings|\r\n\r\n|[#​764](https://togithub.com/douglascrockford/JSON-java/issues/764)|\r\nUpdate CodeQL action version|\r\n\r\n|[#​761](https://togithub.com/douglascrockford/JSON-java/issues/761)\r\n|Add module-info|\r\n\r\n|[#​759](https://togithub.com/douglascrockford/JSON-java/issues/759)\r\n|JSON parsing should detect embedded |\r\n\r\n|[#​753](https://togithub.com/douglascrockford/JSON-java/issues/753)|\r\nUpdated new object methods|\r\n\r\n|[#​752](https://togithub.com/douglascrockford/JSON-java/issues/752)|Fixes\r\npossible unit test bug when compiling/testing on Windows|\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"* 0-4 * * *\" (UTC), Automerge - At\r\nany time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"fix(deps): update dependency org.json:json to v20231013 [security] (#…"}},{"before":"225f0f949ff17882c09c6b360a0cf7c63ae6c847","after":"2d17c08caa2b3ec469d48ad9126a1214a741035b","ref":"refs/heads/main","pushedAt":"2024-05-16T02:42:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"chore(deps): update github-actions (major) (#3648)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [actions/setup-java](https://togithub.com/actions/setup-java) | action\r\n| major | `v3.13.0` -> `v4.2.1` |\r\n| [actions/setup-node](https://togithub.com/actions/setup-node) | action\r\n| major | `v3.8.1` -> `v4.0.2` |\r\n| [actions/setup-node](https://togithub.com/actions/setup-node) | action\r\n| major | `v3` -> `v4` |\r\n|\r\n[bazelbuild/setup-bazelisk](https://togithub.com/bazelbuild/setup-bazelisk)\r\n| action | major | `v2.0.0` -> `v3.0.0` |\r\n|\r\n[geekyeggo/delete-artifact](https://togithub.com/geekyeggo/delete-artifact)\r\n| action | major | `v2.0.0` -> `v5.0.0` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | major | `v2.22.4` -> `v3.25.5` |\r\n|\r\n[google-github-actions/auth](https://togithub.com/google-github-actions/auth)\r\n| action | major | `v1.1.1` -> `v2.1.3` |\r\n|\r\n[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)\r\n| action | major | `v2.9.0` -> `v3.3.2` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/setup-java (actions/setup-java)\r\n\r\n###\r\n[`v4.2.1`](https://togithub.com/actions/setup-java/releases/tag/v4.2.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-java/compare/v4.2.0...v4.2.1)\r\n\r\n##### What's Changed\r\n\r\n- Patch for java version file to accept it from any path by\r\n[@​mahabaleshwars](https://togithub.com/mahabaleshwars) in\r\n[https://github.com/actions/setup-java/pull/610](https://togithub.com/actions/setup-java/pull/610)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-java/compare/v4...v4.2.1\r\n\r\n###\r\n[`v4.2.0`](https://togithub.com/actions/setup-java/releases/tag/v4.2.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-java/compare/v4.1.0...v4.2.0)\r\n\r\n##### What's Changed\r\n\r\n- Updated actions/httpclient version to 2.2.1 and other dependencies by\r\n[@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in\r\n[https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607)\r\n- Added .tool-versions file support along with .java-version file by\r\n[@​mahabaleshwars](https://togithub.com/mahabaleshwars) in\r\n[https://github.com/actions/setup-java/pull/606](https://togithub.com/actions/setup-java/pull/606)\r\n\r\n##### New Contributors\r\n\r\n- [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) made\r\ntheir first contribution in\r\n[https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607)\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-java/compare/v4...v4.2.0\r\n\r\n###\r\n[`v4.1.0`](https://togithub.com/actions/setup-java/releases/tag/v4.1.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-java/compare/v4.0.0...v4.1.0)\r\n\r\n#### What's Changed\r\n\r\n- Added Windows Arm64 Support for Windows Arm64 Runners by\r\n[@​mahabaleshwars](https://togithub.com/mahabaleshwars) in\r\n[https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595)\r\n- feat: bump actions/checkout and actions/setup-java to v4 by\r\n[@​kbdharun](https://togithub.com/kbdharun) in\r\n[https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533)\r\n- Handle authorization when the token is undefined by\r\n[@​peter-murray](https://togithub.com/peter-murray) in\r\n[https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556)\r\n- Documentation update of Java 21 by\r\n[@​Okeanos](https://togithub.com/Okeanos) in\r\n[https://github.com/actions/setup-java/pull/566](https://togithub.com/actions/setup-java/pull/566)\r\n- Documentation update about maven-gpg-plugin version note by\r\n[@​IvanZosimov](https://togithub.com/IvanZosimov) in\r\n[https://github.com/actions/setup-java/pull/570](https://togithub.com/actions/setup-java/pull/570)\r\n- Oracle JDK 21 support by\r\n[@​jdubois](https://togithub.com/jdubois) in\r\n[https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538)\r\n- Fix typo in configuration example by\r\n[@​Bananeweizen](https://togithub.com/Bananeweizen) in\r\n[https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572)\r\n\r\n#### New Contributors\r\n\r\n- [@​kbdharun](https://togithub.com/kbdharun) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533)\r\n- [@​peter-murray](https://togithub.com/peter-murray) made their\r\nfirst contribution in\r\n[https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556)\r\n- [@​jdubois](https://togithub.com/jdubois) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538)\r\n- [@​Bananeweizen](https://togithub.com/Bananeweizen) made their\r\nfirst contribution in\r\n[https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572)\r\n- [@​mahabaleshwars](https://togithub.com/mahabaleshwars) made\r\ntheir first contribution in\r\n[https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-java/compare/v4...v4.1.0\r\n\r\n###\r\n[`v4.0.0`](https://togithub.com/actions/setup-java/releases/tag/v4.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-java/compare/v3.13.0...v4.0.0)\r\n\r\n#### What's Changed\r\n\r\nIn the scope of this release, the version of the Node.js runtime was\r\nupdated to 20. The majority of dependencies were updated to the latest\r\nversions. From now on, the code for the setup-java will run on Node.js\r\n20 instead of Node.js 16.\r\n\r\n#### Breaking changes\r\n\r\n- Update Node.js runtime to version 20 by\r\n[@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) in\r\n[https://github.com/actions/setup-java/pull/558](https://togithub.com/actions/setup-java/pull/558)\r\n\r\n#### Non-breaking changes\r\n\r\n- Adding support for microsoft openjdk 21.0.0 by\r\n[@​ralfstuckert](https://togithub.com/ralfstuckert) in\r\n[https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546)\r\n- Update [@​actions/cache](https://togithub.com/actions/cache)\r\ndependency and documentation by\r\n[@​IvanZosimov](https://togithub.com/IvanZosimov) in\r\n[https://github.com/actions/setup-java/pull/549](https://togithub.com/actions/setup-java/pull/549)\r\n- Implementation of the cache-dependency-path option to control caching\r\ndependency by [@​itchyny](https://togithub.com/itchyny) in\r\n[https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499)\r\n\r\n#### New Contributors\r\n\r\n- [@​ralfstuckert](https://togithub.com/ralfstuckert) made their\r\nfirst contribution in\r\n[https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546)\r\n- [@​itchyny](https://togithub.com/itchyny) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-java/compare/v3...v4.0.0\r\n\r\n
\r\n\r\n
\r\nactions/setup-node (actions/setup-node)\r\n\r\n###\r\n[`v4.0.2`](https://togithub.com/actions/setup-node/releases/tag/v4.0.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-node/compare/v4.0.1...v4.0.2)\r\n\r\n##### What's Changed\r\n\r\n- Add support for `volta.extends` by\r\n[@​ThisIsManta](https://togithub.com/ThisIsManta) in\r\n[https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921)\r\n- Add support for arm64 Windows by\r\n[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in\r\n[https://github.com/actions/setup-node/pull/927](https://togithub.com/actions/setup-node/pull/927)\r\n\r\n##### New Contributors\r\n\r\n- [@​ThisIsManta](https://togithub.com/ThisIsManta) made their\r\nfirst contribution in\r\n[https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-node/compare/v4.0.1...v4.0.2\r\n\r\n###\r\n[`v4.0.1`](https://togithub.com/actions/setup-node/releases/tag/v4.0.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-node/compare/v4.0.0...v4.0.1)\r\n\r\n##### What's Changed\r\n\r\n- Ignore engines in Yarn 1 e2e-cache tests by\r\n[@​trivikr](https://togithub.com/trivikr) in\r\n[https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882)\r\n- Update setup-node references in the README.md file to setup-node@v4 by\r\n[@​jwetzell](https://togithub.com/jwetzell) in\r\n[https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884)\r\n- Update reusable workflows to use Node.js v20 by\r\n[@​MaksimZhukov](https://togithub.com/MaksimZhukov) in\r\n[https://github.com/actions/setup-node/pull/889](https://togithub.com/actions/setup-node/pull/889)\r\n- Add fix for cache to resolve slow post action step by\r\n[@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) in\r\n[https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917)\r\n- Fix README.md by [@​takayamaki](https://togithub.com/takayamaki)\r\nin\r\n[https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898)\r\n- Add `package.json` to `node-version-file` list of examples. by\r\n[@​TWiStErRob](https://togithub.com/TWiStErRob) in\r\n[https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879)\r\n- Fix node-version-file interprets entire package.json as a version by\r\n[@​NullVoxPopuli](https://togithub.com/NullVoxPopuli) in\r\n[https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865)\r\n\r\n##### New Contributors\r\n\r\n- [@​trivikr](https://togithub.com/trivikr) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882)\r\n- [@​jwetzell](https://togithub.com/jwetzell) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884)\r\n- [@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) made\r\ntheir first contribution in\r\n[https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917)\r\n- [@​takayamaki](https://togithub.com/takayamaki) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898)\r\n- [@​TWiStErRob](https://togithub.com/TWiStErRob) made their first\r\ncontribution in\r\n[https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879)\r\n- [@​NullVoxPopuli](https://togithub.com/NullVoxPopuli) made their\r\nfirst contribution in\r\n[https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-node/compare/v4...v4.0.1\r\n\r\n###\r\n[`v4.0.0`](https://togithub.com/actions/setup-node/releases/tag/v4.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-node/compare/v3.8.2...v4.0.0)\r\n\r\n##### What's Changed\r\n\r\nIn scope of this release we changed version of node runtime for action\r\nfrom node16 to node20 and updated dependencies in\r\n[https://github.com/actions/setup-node/pull/866](https://togithub.com/actions/setup-node/pull/866)\r\n\r\nBesides, release contains such changes as:\r\n\r\n- Upgrade actions/checkout to v4 by\r\n[@​gmembre-zenika](https://togithub.com/gmembre-zenika) in\r\n[https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868)\r\n- Update actions/checkout for documentation and yaml by\r\n[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in\r\n[https://github.com/actions/setup-node/pull/876](https://togithub.com/actions/setup-node/pull/876)\r\n\r\n##### New Contributors\r\n\r\n- [@​gmembre-zenika](https://togithub.com/gmembre-zenika) made\r\ntheir first contribution in\r\n[https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-node/compare/v3...v4.0.0\r\n\r\n###\r\n[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)\r\n\r\n##### What's Changed\r\n\r\n- Update semver by\r\n[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in\r\n[https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861)\r\n- Update temp directory creation by\r\n[@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in\r\n[https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859)\r\n- Bump [@​babel/traverse](https://togithub.com/babel/traverse)\r\nfrom 7.15.4 to 7.23.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870)\r\n- Add notice about binaries not being updated yet by\r\n[@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in\r\n[https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872)\r\n- Update toolkit cache and core by\r\n[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and\r\n[@​seongwon-privatenote](https://togithub.com/seongwon-privatenote)\r\nin\r\n[https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-node/compare/v3...v3.8.2\r\n\r\n
\r\n\r\n
\r\nbazelbuild/setup-bazelisk (bazelbuild/setup-bazelisk)\r\n\r\n###\r\n[`v3.0.0`](https://togithub.com/bazelbuild/setup-bazelisk/releases/tag/v3.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/bazelbuild/setup-bazelisk/compare/v2.0.0...v3.0.0)\r\n\r\n#### What's Changed\r\n\r\n- Update README.md for v2 by\r\n[@​mishas](https://togithub.com/mishas) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20)\r\n- Bump prettier from 2.6.1 to 2.6.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/21](https://togithub.com/bazelbuild/setup-bazelisk/pull/21)\r\n- Bump [@​actions/github](https://togithub.com/actions/github)\r\nfrom 5.0.0 to 5.0.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/22](https://togithub.com/bazelbuild/setup-bazelisk/pull/22)\r\n- Bump\r\n[@​actions/tool-cache](https://togithub.com/actions/tool-cache)\r\nfrom 1.6.1 to 1.7.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/23](https://togithub.com/bazelbuild/setup-bazelisk/pull/23)\r\n- Bump semver from 7.3.5 to 7.3.6 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/25](https://togithub.com/bazelbuild/setup-bazelisk/pull/25)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n2.0.0 to 2.0.2 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/24](https://togithub.com/bazelbuild/setup-bazelisk/pull/24)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.3\r\nto 0.33.4 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/26](https://togithub.com/bazelbuild/setup-bazelisk/pull/26)\r\n- Bump semver from 7.3.6 to 7.3.7 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/27](https://togithub.com/bazelbuild/setup-bazelisk/pull/27)\r\n- Bump typescript from 4.6.3 to 4.6.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/30](https://togithub.com/bazelbuild/setup-bazelisk/pull/30)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.6.0 to 1.7.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/29](https://togithub.com/bazelbuild/setup-bazelisk/pull/29)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.7.0 to 1.8.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/31](https://togithub.com/bazelbuild/setup-bazelisk/pull/31)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n2.0.2 to 2.0.4 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/32](https://togithub.com/bazelbuild/setup-bazelisk/pull/32)\r\n- Bump\r\n[@​actions/tool-cache](https://togithub.com/actions/tool-cache)\r\nfrom 1.7.2 to 2.0.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/34](https://togithub.com/bazelbuild/setup-bazelisk/pull/34)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.8.0 to 1.8.2 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/33](https://togithub.com/bazelbuild/setup-bazelisk/pull/33)\r\n- Bump [@​actions/github](https://togithub.com/actions/github)\r\nfrom 5.0.1 to 5.0.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/35](https://togithub.com/bazelbuild/setup-bazelisk/pull/35)\r\n- Bump\r\n[@​actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 1.0.11 to 2.0.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/36](https://togithub.com/bazelbuild/setup-bazelisk/pull/36)\r\n- Bump typescript from 4.6.4 to 4.7.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/37](https://togithub.com/bazelbuild/setup-bazelisk/pull/37)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.4\r\nto 0.34.0 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/38](https://togithub.com/bazelbuild/setup-bazelisk/pull/38)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n2.0.4 to 2.0.5 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/39](https://togithub.com/bazelbuild/setup-bazelisk/pull/39)\r\n- Bump typescript from 4.7.2 to 4.7.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/40](https://togithub.com/bazelbuild/setup-bazelisk/pull/40)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n2.0.5 to 2.0.6 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/41](https://togithub.com/bazelbuild/setup-bazelisk/pull/41)\r\n- Bump typescript from 4.7.3 to 4.7.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/42](https://togithub.com/bazelbuild/setup-bazelisk/pull/42)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.8.2 to 1.9.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/43](https://togithub.com/bazelbuild/setup-bazelisk/pull/43)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.3.9 to 7.3.10 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/44](https://togithub.com/bazelbuild/setup-bazelisk/pull/44)\r\n- Bump prettier from 2.6.2 to 2.7.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/45](https://togithub.com/bazelbuild/setup-bazelisk/pull/45)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n2.0.6 to 3.0.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/46](https://togithub.com/bazelbuild/setup-bazelisk/pull/46)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.0 to 3.0.1 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/47](https://togithub.com/bazelbuild/setup-bazelisk/pull/47)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.1 to 3.0.3 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/48](https://togithub.com/bazelbuild/setup-bazelisk/pull/48)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.3.10 to 7.3.12 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/50](https://togithub.com/bazelbuild/setup-bazelisk/pull/50)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.9.0 to 1.9.1 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/49](https://togithub.com/bazelbuild/setup-bazelisk/pull/49)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.3 to 3.0.4 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/51](https://togithub.com/bazelbuild/setup-bazelisk/pull/51)\r\n- Bump typescript from 4.7.4 to 4.8.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/52](https://togithub.com/bazelbuild/setup-bazelisk/pull/52)\r\n- Bump typescript from 4.8.2 to 4.8.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/53](https://togithub.com/bazelbuild/setup-bazelisk/pull/53)\r\n- Bump [@​actions/github](https://togithub.com/actions/github)\r\nfrom 5.0.3 to 5.1.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/54](https://togithub.com/bazelbuild/setup-bazelisk/pull/54)\r\n- Bump [@​actions/github](https://togithub.com/actions/github)\r\nfrom 5.1.0 to 5.1.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/55](https://togithub.com/bazelbuild/setup-bazelisk/pull/55)\r\n- Bump typescript from 4.8.3 to 4.8.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/56](https://togithub.com/bazelbuild/setup-bazelisk/pull/56)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.9.1 to 1.10.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/57](https://togithub.com/bazelbuild/setup-bazelisk/pull/57)\r\n- Bump semver from 7.3.7 to 7.3.8 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/58](https://togithub.com/bazelbuild/setup-bazelisk/pull/58)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.4 to 3.0.5 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/59](https://togithub.com/bazelbuild/setup-bazelisk/pull/59)\r\n- Add support for ARM64. by\r\n[@​junyer](https://togithub.com/junyer) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.5 to 3.0.6 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/62](https://togithub.com/bazelbuild/setup-bazelisk/pull/62)\r\n- Get `npm run build` working again. by\r\n[@​junyer](https://togithub.com/junyer) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/63](https://togithub.com/bazelbuild/setup-bazelisk/pull/63)\r\n- Bump typescript from 4.8.4 to 4.9.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/64](https://togithub.com/bazelbuild/setup-bazelisk/pull/64)\r\n- Bump prettier from 2.7.1 to 2.8.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/65](https://togithub.com/bazelbuild/setup-bazelisk/pull/65)\r\n- Bump prettier from 2.8.0 to 2.8.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/67](https://togithub.com/bazelbuild/setup-bazelisk/pull/67)\r\n- Bump typescript from 4.9.3 to 4.9.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/69](https://togithub.com/bazelbuild/setup-bazelisk/pull/69)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.34.0\r\nto 0.36.0 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/68](https://togithub.com/bazelbuild/setup-bazelisk/pull/68)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.0.6 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/72](https://togithub.com/bazelbuild/setup-bazelisk/pull/72)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/73](https://togithub.com/bazelbuild/setup-bazelisk/pull/73)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.1.1 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/74](https://togithub.com/bazelbuild/setup-bazelisk/pull/74)\r\n- Bump prettier from 2.8.1 to 2.8.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/75](https://togithub.com/bazelbuild/setup-bazelisk/pull/75)\r\n- Bump prettier from 2.8.2 to 2.8.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/76](https://togithub.com/bazelbuild/setup-bazelisk/pull/76)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.0\r\nto 0.36.1 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/77](https://togithub.com/bazelbuild/setup-bazelisk/pull/77)\r\n- Bump typescript from 4.9.4 to 4.9.5 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/78](https://togithub.com/bazelbuild/setup-bazelisk/pull/78)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.1.2 to 3.1.3 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/79](https://togithub.com/bazelbuild/setup-bazelisk/pull/79)\r\n- Bump prettier from 2.8.3 to 2.8.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/80](https://togithub.com/bazelbuild/setup-bazelisk/pull/80)\r\n- Bump\r\n[@​actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 2.0.1 to 2.1.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/82](https://togithub.com/bazelbuild/setup-bazelisk/pull/82)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.1.3 to 3.2.1 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/83](https://togithub.com/bazelbuild/setup-bazelisk/pull/83)\r\n- Bump typescript from 4.9.5 to 5.0.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/84](https://togithub.com/bazelbuild/setup-bazelisk/pull/84)\r\n- Bump prettier from 2.8.4 to 2.8.7 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/85](https://togithub.com/bazelbuild/setup-bazelisk/pull/85)\r\n- Bump typescript from 5.0.2 to 5.0.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/86](https://togithub.com/bazelbuild/setup-bazelisk/pull/86)\r\n- Bump typescript from 5.0.3 to 5.0.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/87](https://togithub.com/bazelbuild/setup-bazelisk/pull/87)\r\n- Bump semver from 7.3.8 to 7.4.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/88](https://togithub.com/bazelbuild/setup-bazelisk/pull/88)\r\n- Bump prettier from 2.8.7 to 2.8.8 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/89](https://togithub.com/bazelbuild/setup-bazelisk/pull/89)\r\n- Bump semver from 7.4.0 to 7.5.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/90](https://togithub.com/bazelbuild/setup-bazelisk/pull/90)\r\n- Bump typescript from 5.0.4 to 5.1.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/93](https://togithub.com/bazelbuild/setup-bazelisk/pull/93)\r\n- Bump semver and\r\n[@​types/semver](https://togithub.com/types/semver) by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/92](https://togithub.com/bazelbuild/setup-bazelisk/pull/92)\r\n- Bump semver from 7.5.1 to 7.5.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/94](https://togithub.com/bazelbuild/setup-bazelisk/pull/94)\r\n- Bump semver from 7.5.2 to 7.5.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/95](https://togithub.com/bazelbuild/setup-bazelisk/pull/95)\r\n- Bump typescript from 5.1.3 to 5.1.6 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/96](https://togithub.com/bazelbuild/setup-bazelisk/pull/96)\r\n- Bump semver from 7.5.3 to 7.5.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/98](https://togithub.com/bazelbuild/setup-bazelisk/pull/98)\r\n- Bump prettier from 2.8.8 to 3.0.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/97](https://togithub.com/bazelbuild/setup-bazelisk/pull/97)\r\n- Bump cachedir from 2.3.0 to 2.4.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/99](https://togithub.com/bazelbuild/setup-bazelisk/pull/99)\r\n- Bump\r\n[@​actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 2.1.0 to 2.1.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/100](https://togithub.com/bazelbuild/setup-bazelisk/pull/100)\r\n- Bump prettier from 3.0.0 to 3.0.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/101](https://togithub.com/bazelbuild/setup-bazelisk/pull/101)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.2.1 to 3.2.2 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/102](https://togithub.com/bazelbuild/setup-bazelisk/pull/102)\r\n- Bump tough-cookie and\r\n[@​azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/103](https://togithub.com/bazelbuild/setup-bazelisk/pull/103)\r\n- Bump xml2js and\r\n[@​azure/core-http](https://togithub.com/azure/core-http) by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/105](https://togithub.com/bazelbuild/setup-bazelisk/pull/105)\r\n- Bump prettier from 3.0.1 to 3.0.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/106](https://togithub.com/bazelbuild/setup-bazelisk/pull/106)\r\n- Bump typescript from 5.1.6 to 5.2.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/107](https://togithub.com/bazelbuild/setup-bazelisk/pull/107)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.0 to 7.5.1 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/108](https://togithub.com/bazelbuild/setup-bazelisk/pull/108)\r\n- Bump prettier from 3.0.2 to 3.0.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/109](https://togithub.com/bazelbuild/setup-bazelisk/pull/109)\r\n- Bump actions/checkout from 3 to 4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/110](https://togithub.com/bazelbuild/setup-bazelisk/pull/110)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1\r\nto 0.38.0 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/111](https://togithub.com/bazelbuild/setup-bazelisk/pull/111)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.1 to 7.5.2 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/113](https://togithub.com/bazelbuild/setup-bazelisk/pull/113)\r\n- Bump [@​actions/core](https://togithub.com/actions/core) from\r\n1.10.0 to 1.10.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/112](https://togithub.com/bazelbuild/setup-bazelisk/pull/112)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.2 to 7.5.3 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/114](https://togithub.com/bazelbuild/setup-bazelisk/pull/114)\r\n- Bump\r\n[@​actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 2.1.1 to 2.2.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/115](https://togithub.com/bazelbuild/setup-bazelisk/pull/115)\r\n- Bump [@​actions/github](https://togithub.com/actions/github)\r\nfrom 5.1.1 to 6.0.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/116](https://togithub.com/bazelbuild/setup-bazelisk/pull/116)\r\n- Bump undici from 5.25.4 to 5.26.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/117](https://togithub.com/bazelbuild/setup-bazelisk/pull/117)\r\n- Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.38.0\r\nto 0.38.1 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/118](https://togithub.com/bazelbuild/setup-bazelisk/pull/118)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.3 to 7.5.4 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/119](https://togithub.com/bazelbuild/setup-bazelisk/pull/119)\r\n- Bump prettier from 3.0.3 to 3.1.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/123](https://togithub.com/bazelbuild/setup-bazelisk/pull/123)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.4 to 7.5.5 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/122](https://togithub.com/bazelbuild/setup-bazelisk/pull/122)\r\n- Bump typescript from 5.2.2 to 5.3.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/124](https://togithub.com/bazelbuild/setup-bazelisk/pull/124)\r\n- Bump [@​types/semver](https://togithub.com/types/semver) from\r\n7.5.5 to 7.5.6 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/125](https://togithub.com/bazelbuild/setup-bazelisk/pull/125)\r\n- Bump typescript from 5.3.2 to 5.3.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/126](https://togithub.com/bazelbuild/setup-bazelisk/pull/126)\r\n- Bump prettier from 3.1.0 to 3.1.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/127](https://togithub.com/bazelbuild/setup-bazelisk/pull/127)\r\n- Bump prettier from 3.1.1 to 3.2.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/128](https://togithub.com/bazelbuild/setup-bazelisk/pull/128)\r\n- Bump [@​actions/cache](https://togithub.com/actions/cache) from\r\n3.2.2 to 3.2.3 by [@​dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/129](https://togithub.com/bazelbuild/setup-bazelisk/pull/129)\r\n- Bump prettier from 3.2.2 to 3.2.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/130](https://togithub.com/bazelbuild/setup-bazelisk/pull/130)\r\n- Update from Node 16 to Node 20. by\r\n[@​junyer](https://togithub.com/junyer) in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/132](https://togithub.com/bazelbuild/setup-bazelisk/pull/132)\r\n\r\n#### New Contributors\r\n\r\n- [@​mishas](https://togithub.com/mishas) made their first\r\ncontribution in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20)\r\n- [@​junyer](https://togithub.com/junyer) made their first\r\ncontribution in\r\n[https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/bazelbuild/setup-bazelisk/compare/v2...v3.0.0\r\n\r\n
\r\n\r\n
\r\ngeekyeggo/delete-artifact (geekyeggo/delete-artifact)\r\n\r\n###\r\n[`v5.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v5.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/geekyeggo/delete-artifact/compare/v4.1.0...v5.0.0)\r\n\r\n- Switch to\r\n[@​actions/artifact](https://www.npmjs.com/package/@​actions/artifact),\r\nremoving the need for a `token` parameter (Sebastian Weigand)\r\n[#​24](https://togithub.com/GeekyEggo/delete-artifact/pull/24)\r\n\r\n###\r\n[`v4.1.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.1.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/geekyeggo/delete-artifact/compare/v4.0.0...v4.1.0)\r\n\r\n- Add default token.\r\n- Fix over-arching `catch` output; errors now correctly result in a\r\nfailed run\r\n([@​TheMrMilchmann](https://togithub.com/TheMrMilchmann)).\r\n\r\n###\r\n[`v4.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.0.0):\r\nSupport for actions/upload-artifact@v4\r\n\r\n[Compare\r\nSource](https://togithub.com/geekyeggo/delete-artifact/compare/v2.0.0...v4.0.0)\r\n\r\n- Add support for artifacts uploaded with `actions/upload-artifact@v4`.\r\n- Add requirement of `token` with read and write access to actions.\r\n- Update requests to use GitHub REST API.\r\n- Deprecate support for `actions/upload-artifact@v1`,\r\n`actions/upload-artifact@v2`, and `actions/upload-artifact@v3` (please\r\nuse `geekyeggo/delete-artifact@v2`).\r\n\r\n
\r\n\r\n
\r\ngithub/codeql-action (github/codeql-action)\r\n\r\n###\r\n[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)\r\n\r\n###\r\n[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)\r\n\r\n###\r\n[`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)\r\n\r\n###\r\n[`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)\r\n\r\n###\r\n[`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)\r\n\r\n###\r\n[`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0)\r\n\r\n###\r\n[`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)\r\n\r\n###\r\n[`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)\r\n\r\n###\r\n[`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9)\r\n\r\n###\r\n[`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8)\r\n\r\n###\r\n[`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7)\r\n\r\n###\r\n[`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6)\r\n\r\n###\r\n[`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5)\r\n\r\n###\r\n[`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4)\r\n\r\n###\r\n[`v3.24.3`](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3)\r\n\r\n###\r\n[`v3.24.2`](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2)\r\n\r\n###\r\n[`v3.24.1`](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1)\r\n\r\n###\r\n[`v3.24.0`](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0)\r\n\r\n###\r\n[`v3.23.2`](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2)\r\n\r\n###\r\n[`v3.23.1`](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1)\r\n\r\n###\r\n[`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0)\r\n\r\n###\r\n[`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12)\r\n\r\n###\r\n[`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.5...v3.22.11)\r\n\r\n###\r\n[`v2.25.5`](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5)\r\n\r\n###\r\n[`v2.25.4`](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4)\r\n\r\n###\r\n[`v2.25.3`](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3)\r\n\r\n###\r\n[`v2.25.2`](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2)\r\n\r\n###\r\n[`v2.25.1`](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1)\r\n\r\n###\r\n[`v2.25.0`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.25.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.11...v2.25.0)\r\n\r\n###\r\n[`v2.24.11`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11)\r\n\r\n###\r\n[`v2.24.10`](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10)\r\n\r\n###\r\n[`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9)\r\n\r\n###\r\n[`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)\r\n\r\n###\r\n[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)\r\n\r\n###\r\n[`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)\r\n\r\n###\r\n[`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)\r\n\r\n###\r\n[`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)\r\n\r\n###\r\n[`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)\r\n\r\n###\r\n[`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)\r\n\r\n###\r\n[`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)\r\n\r\n###\r\n[`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)\r\n\r\n###\r\n[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)\r\n\r\n###\r\n[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)\r\n\r\n###\r\n[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)\r\n\r\n###\r\n[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)\r\n\r\n###\r\n[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)\r\n\r\n###\r\n[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)\r\n\r\n###\r\n[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)\r\n\r\n###\r\n[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)\r\n\r\n###\r\n[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)\r\n\r\n###\r\n[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)\r\n\r\n###\r\n[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)\r\n\r\n
\r\n\r\n
\r\ngoogle-github-actions/auth\r\n(google-github-actions/auth)\r\n\r\n###\r\n[`v2.1.3`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v2.1.2...v2.1.3)\r\n\r\n##### What's Changed\r\n\r\n- Security considerations: ids are strings, not integers by\r\n[@​ewjoachim](https://togithub.com/ewjoachim) in\r\n[https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400)\r\n- security: bump undici from 5.28.3 to 5.28.4 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/google-github-actions/auth/pull/405](https://togithub.com/google-github-actions/auth/pull/405)\r\n- Fix typo by [@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/408](https://togithub.com/google-github-actions/auth/pull/408)\r\n- Switch to using universe helpers by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/410](https://togithub.com/google-github-actions/auth/pull/410)\r\n- Add request_reason for plumbing though user-supplied audit information\r\nby [@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/413](https://togithub.com/google-github-actions/auth/pull/413)\r\n- Release: v2.1.3 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/414](https://togithub.com/google-github-actions/auth/pull/414)\r\n\r\n##### New Contributors\r\n\r\n- [@​ewjoachim](https://togithub.com/ewjoachim) made their first\r\ncontribution in\r\n[https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v2.1.2...v2.1.3\r\n\r\n###\r\n[`v2.1.2`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v2.1.1...v2.1.2)\r\n\r\n##### What's Changed\r\n\r\n- Remove documentation on retries (deprecated) by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/392](https://togithub.com/google-github-actions/auth/pull/392)\r\n- Add security considerations for Attribute Conditions by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/393](https://togithub.com/google-github-actions/auth/pull/393)\r\n- security: bump undici from 5.28.2 to 5.28.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394)\r\n- Reduce warnings to info level with a warning icon by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/397](https://togithub.com/google-github-actions/auth/pull/397)\r\n- Release: v2.1.2 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/399](https://togithub.com/google-github-actions/auth/pull/399)\r\n\r\n##### New Contributors\r\n\r\n- [@​dependabot](https://togithub.com/dependabot) made their first\r\ncontribution in\r\n[https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v2...v2.1.2\r\n\r\n###\r\n[`v2.1.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v2.1.0...v2.1.1)\r\n\r\n##### What's Changed\r\n\r\n- Remove retry logic by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/389](https://togithub.com/google-github-actions/auth/pull/389)\r\n- Use an OAuth 2.0 access token for Domain-Wide Delegation by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/388](https://togithub.com/google-github-actions/auth/pull/388)\r\n- Release: v2.1.1 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/390](https://togithub.com/google-github-actions/auth/pull/390)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v2...v2.1.1\r\n\r\n###\r\n[`v2.1.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v2.0.1...v2.1.0)\r\n\r\n##### What's Changed\r\n\r\n- Update deps by [@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/384](https://togithub.com/google-github-actions/auth/pull/384)\r\n- Release: v2.1.0 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/385](https://togithub.com/google-github-actions/auth/pull/385)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v2...v2.1.0\r\n\r\n###\r\n[`v2.0.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v2.0.0...v2.0.1)\r\n\r\n##### What's Changed\r\n\r\n- Trigger release on pushes to release branches by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/358](https://togithub.com/google-github-actions/auth/pull/358)\r\n- Fix a small docs issue by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/359](https://togithub.com/google-github-actions/auth/pull/359)\r\n- Remove broken markdown links by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/362](https://togithub.com/google-github-actions/auth/pull/362)\r\n- Document that project_id might be required by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/367](https://togithub.com/google-github-actions/auth/pull/367)\r\n- Update README and CI to use latest version by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/365](https://togithub.com/google-github-actions/auth/pull/365)\r\n- Add service_account to WIF through SA example by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/369](https://togithub.com/google-github-actions/auth/pull/369)\r\n- Use new markdown syntax for alerts by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/371](https://togithub.com/google-github-actions/auth/pull/371)\r\n- Note .dockerignore in the exclusion for credentials by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/376](https://togithub.com/google-github-actions/auth/pull/376)\r\n- Support newline-separated inputs for delegates and access_token_scopes\r\nby [@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/381](https://togithub.com/google-github-actions/auth/pull/381)\r\n- Release: v2.0.1 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/382](https://togithub.com/google-github-actions/auth/pull/382)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v2...v2.0.1\r\n\r\n###\r\n[`v2.0.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v1.3.0...v2.0.0)\r\n\r\n**⚠️ This version requires Node 20 or later on the runner!** If you are\r\nusing GitHub-managed runners, no action is needed. If you are using\r\nself-hosted runners, make sure the system version of Node is version 20\r\nor higher.\r\n\r\n##### What's Changed\r\n\r\n- Add support for Direct Workload Identity auth by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/348](https://togithub.com/google-github-actions/auth/pull/348)\r\n- Add protection for release branches by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/351](https://togithub.com/google-github-actions/auth/pull/351)\r\n- Make auth universe-aware by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/352](https://togithub.com/google-github-actions/auth/pull/352)\r\n- Fix some examples to include project_id by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/353](https://togithub.com/google-github-actions/auth/pull/353)\r\n- Release: v2.0.0 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/355](https://togithub.com/google-github-actions/auth/pull/355)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v1...v2.0.0\r\n\r\n###\r\n[`v1.3.0`](https://togithub.com/google-github-actions/auth/releases/tag/v1.3.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/google-github-actions/auth/compare/v1.2.0...v1.3.0)\r\n\r\n#### What's Changed\r\n\r\n- Revert back to Node 16 for v1 series by\r\n[@​sethvargo](https://togithub.com/sethvargo) in\r\n[https://github.com/google-github-actions/auth/pull/356](https://togithub.com/google-github-actions/auth/pull/356)\r\n- Release: v1.3.0 by\r\n[@​google-github-actions-bot](https://togithub.com/google-github-actions-bot)\r\nin\r\n[https://github.com/google-github-actions/auth/pull/357](https://togithub.com/google-github-actions/auth/pull/357)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/google-github-actions/auth/compare/v1...v1.3.0\r\n\r\n###\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"chore(deps): update github-actions (major) (#3648)"}},{"before":"75daab2c18e8cd42418cc702714936a4465a0918","after":"225f0f949ff17882c09c6b360a0cf7c63ae6c847","ref":"refs/heads/main","pushedAt":"2024-05-16T02:11:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"fix(deps): update dependency @sigstore/rekor-types to v2 (#3650)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|\r\n[@sigstore/rekor-types](https://togithub.com/sigstore/sigstore-js/tree/main/packages/rekor-types#readme)\r\n([source](https://togithub.com/sigstore/sigstore-js)) | [`1.0.0` ->\r\n`2.0.0`](https://renovatebot.com/diffs/npm/@sigstore%2frekor-types/1.0.0/2.0.0)\r\n|\r\n[![age](https://developer.mend.io/api/mc/badges/age/npm/@sigstore%2frekor-types/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@sigstore%2frekor-types/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@sigstore%2frekor-types/1.0.0/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@sigstore%2frekor-types/1.0.0/2.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nsigstore/sigstore-js (@​sigstore/rekor-types)\r\n\r\n###\r\n[`v2.0.0`](https://togithub.com/sigstore/sigstore-js/releases/tag/%40sigstore/rekor-types%402.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/sigstore/sigstore-js/compare/@sigstore/rekor-types@1.0.0...@sigstore/rekor-types@2.0.0)\r\n\r\n##### Major Changes\r\n\r\n- [`d0053a3`](https://togithub.com/sigstore/sigstore-js/commit/d0053a3):\r\nDrop node 14 support\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"fix(deps): update dependency @sigstore/rekor-types to v2 (#3650)"}},{"before":"89cdf20aef57d990c755a80f56c62aba60e805ac","after":"75daab2c18e8cd42418cc702714936a4465a0918","ref":"refs/heads/main","pushedAt":"2024-05-16T01:58:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"feat: workflow to update actions dist (#3653)\n\n# Summary\r\n\r\nSimilar to slsa-verifier's\r\nhttps://github.com/slsa-framework/slsa-verifier/pull/760\r\n\r\nThis PR adds a manually-invoked workflow to run against renovate-bot's\r\nPRs to update the node `dist` folders.\r\n\r\nI made one small change to use the `${{ inputs.pr_number }} ` as an\r\nenvironment variable, to harden against [script\r\ninjection](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#good-practices-for-mitigating-script-injection-attacks).\r\nSee also https://github.com/slsa-framework/slsa-verifier/pull/771\r\n\r\nAlso updating shellckeck to fix this lint error:\r\n-\r\nhttps://github.com/slsa-framework/slsa-github-generator/actions/runs/9101693389/job/25019502486#step:4:21\r\n\r\n```\r\nError: input type of workflow_dispatch event must be one of \"string\", \"boolean\", \"choice\", \"environment\" but got \"number\"\r\n```\r\n\r\n## Testing Process\r\n\r\nI ran this against my fork's version of PR #3649. It did update the dist\r\nfolders and the check-dists checks pass\r\n-\r\nhttps://github.com/ramonpetgrave64/slsa-github-generator/actions/runs/9101190828/job/25017786420?pr=9\r\n-\r\nhttps://github.com/slsa-framework/slsa-verifier/pull/760/files#diff-4c6b93aa75d5affde60dc3849606c9acd75ed444d52e99f3055fc0c7aa77e9e0\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"feat: workflow to update actions dist (#3653)"}},{"before":"a9e209a689973f6756240af05d7f89ab61e79504","after":"89cdf20aef57d990c755a80f56c62aba60e805ac","ref":"refs/heads/main","pushedAt":"2024-05-15T16:31:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: Fix Renovate config (#3635)\n\n# Summary\r\n\r\nFixes renovate config to use the\r\n[`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices)\r\npreset rather than the `config:base` preset since `config:base` seems to\r\nhave gone away at some point.\r\n\r\nAlso fixes the `schedule` config by using the\r\n[`schedule:monthly`](https://docs.renovatebot.com/presets-schedule/#schedulemonthly)\r\npreset. The previous `schedule` config seems to have been invalid\r\nbecause \"4 am\" had space between \"4\" and \"am\" (this was fixed in the\r\n`slsa-verifier` repo on\r\nhttps://github.com/slsa-framework/slsa-verifier/pull/727 but was never\r\nfixed here).\r\n\r\nAlso adds a pre-submit to run the\r\n[`renovate-config-validator`](https://docs.renovatebot.com/config-validation/)\r\nto ensure that renovate config is valid. This pre-submit will need to be\r\nmade required in the repository branch protection rule for `main` in the\r\nrepository settings after this PR is merged.\r\n\r\nFixes #3634 #404 \r\n\r\n## Testing Process\r\n\r\n- Run `make renovate-config-validator` to check that the config is\r\nvalid.\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ian Lewis \r\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>\r\nCo-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"chore: Fix Renovate config (#3635)"}},{"before":"1e31946584bcb471d7704641fd2a4511cb8bd7e4","after":"a9e209a689973f6756240af05d7f89ab61e79504","ref":"refs/heads/main","pushedAt":"2024-05-15T16:08:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(renovate): use cron syntax for schedule (#3638)\n\n# Summary\r\n\r\nChange Renovate schedule to cron syntax.\r\n\r\nFixes #404\r\n\r\n## Testing Process\r\n\r\nCode inspection only\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: Rhys Arkins ","shortMessageHtmlLink":"chore(renovate): use cron syntax for schedule (#3638)"}},{"before":"2125f2186e92930348828c0bfb97898ab1501516","after":"1e31946584bcb471d7704641fd2a4511cb8bd7e4","ref":"refs/heads/main","pushedAt":"2024-05-14T20:47:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix: update softprops/action-gh-release to v2.0.5 (#3619)\n\n# Summary\r\n\r\nTo resolve the deprecation warning of Node.js v16.\r\nsoftprops/action-gh-release updated Node.js to v20 at v2.0.0.\r\n\r\nhttps://github.com/softprops/action-gh-release/releases/tag/v2.0.0\r\n\r\nNode.js 16 was deprecated.\r\n\r\n\r\nhttps://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/\r\n\r\nSo we need to update softprops/action-gh-release to v2.0.0 or newer.\r\n\r\nCurrently, slsa-framework/slsa-github-generator outputs the following\r\nwarning.\r\n\r\n```\r\nNode.js 16 actions are deprecated. Please update the following actions to use Node.js 20: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.\r\n```\r\n\r\n## Testing Process\r\n\r\n\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: Shunsuke Suzuki \r\nCo-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"fix: update softprops/action-gh-release to v2.0.5 (#3619)"}},{"before":"2c95ae4aa3b1ff9d6b5993d3ac270877ddcdffd3","after":"2125f2186e92930348828c0bfb97898ab1501516","ref":"refs/heads/main","pushedAt":"2024-05-14T19:12:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"ci: Add issue reopener (#3629)\n\n# Summary\r\n\r\nAdds a new workflow to run\r\n[`ianlewis/todo-issue-reopener`](https://github.com/ianlewis/todo-issue-reopener)\r\nto reopen issues that are still referenced by TODO comments.\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"ci: Add issue reopener (#3629)"}},{"before":"eb2531cf69d6bdc1ca4829c56cb4fd532a1f642b","after":"2c95ae4aa3b1ff9d6b5993d3ac270877ddcdffd3","ref":"refs/heads/main","pushedAt":"2024-05-14T19:02:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"ci: fix PR title checker (#3632)\n\n# Summary\r\n\r\nUpdates `thehanimo/pr-title-checker` to v1.4.2 and fixes the version\r\ncomment. This should allow renovate to create PRs to update dependencies\r\nagain since it's been broken since early Dec 2023.\r\n\r\nFixes #3022\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"ci: fix PR title checker (#3632)"}},{"before":"7d60844f3c2afd0ae97a49545cd93fa70190c905","after":"eb2531cf69d6bdc1ca4829c56cb4fd532a1f642b","ref":"refs/heads/main","pushedAt":"2024-05-14T18:58:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"docs: Add links to CHANGELOG (#3631)\n\n# Summary\r\n\r\nAdds links to issues referenced in the CHANGELOG\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\nSigned-off-by: Ian Lewis ","shortMessageHtmlLink":"docs: Add links to CHANGELOG (#3631)"}},{"before":"f8e470688f4d6523b8afa65618cf5e8a1183fcf4","after":"7d60844f3c2afd0ae97a49545cd93fa70190c905","ref":"refs/heads/main","pushedAt":"2024-05-14T09:40:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"docs: Add v2.0.0 to SECURITY.md (#3630)\n\n# Summary\r\n\r\nUpdating SECURITY.md has been missed for the last several releases. This\r\nPR adds v2.0.x to SECURITY.md as supported versions. v1.10.x is still\r\nincluded as a version that will receive security updates for now.\r\n\r\nNOTE: should have approval from someone listed in the [Security\r\nTeam](https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md#security-team)\r\n(@laurentsimon, @kpk47, @joshuagl)\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [x] Add unit tests if applicable.\r\n- [x] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ian Lewis \r\nCo-authored-by: Joshua Lock ","shortMessageHtmlLink":"docs: Add v2.0.0 to SECURITY.md (#3630)"}},{"before":"2f113ffa96f45c20f09c3cd15831d24d32cffa3d","after":"f8e470688f4d6523b8afa65618cf5e8a1183fcf4","ref":"refs/heads/main","pushedAt":"2024-05-14T08:06:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ianlewis","name":"Ian Lewis","path":"/ianlewis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/49289?s=80&v=4"},"commit":{"message":"docs: Add Atsign-Foundation NoPorts to the Hall of Fame (#3616)\n\n# Summary\r\n\r\nWe're using generators for our Dart and Python release artifacts e.g.\r\nhttps://github.com/atsign-foundation/noports/releases/tag/v5.2.1-rc1\r\nhttps://github.com/atsign-foundation/noports/releases/tag/p0.4.9\r\n\r\n## Testing Process\r\n\r\nN/A - docs update\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing\r\n[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the\r\n[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)\r\nif applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Chris Swan <478926+cpswan@users.noreply.github.com>","shortMessageHtmlLink":"docs: Add Atsign-Foundation NoPorts to the Hall of Fame (#3616)"}},{"before":"88d8fa6c096d3bbea3d8a843ffaa28b08d7441fb","after":"2f113ffa96f45c20f09c3cd15831d24d32cffa3d","ref":"refs/heads/main","pushedAt":"2024-05-08T14:01:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix: Update release docs (#3589)\n\n# Summary\r\n\r\nA few fixes and additions to the release docs.\r\n\r\n- fix the `sed` commands\r\n- add Github container registry auth instructions\r\n\r\nrelated PR https://github.com/slsa-framework/slsa-verifier/pull/761\r\n\r\n## Testing Process\r\n\r\nManual testing locally.\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing [guidelines](./../CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [x] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave \r\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"fix: Update release docs (#3589)"}},{"before":"799b48e80c5a13bc995cb523a2ebf491a391c876","after":"88d8fa6c096d3bbea3d8a843ffaa28b08d7441fb","ref":"refs/heads/main","pushedAt":"2024-05-07T16:19:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(setup-go): update actions/setup-go to resolve the warning (#3604)\n\n# Summary\r\n\r\nUpdate actions/setup-go to v5.0.0 to resolve the warning.\r\n\r\n```\r\nNode.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.\r\n```\r\n\r\n\r\nhttps://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/\r\n\r\nhttps://github.com/actions/setup-go/releases/tag/v5.0.0\r\n\r\n> In scope of this release, we change Nodejs runtime from node16 to\r\nnode20 (https://github.com/actions/setup-go/pull/421).\r\n\r\n## Testing Process\r\n\r\n...\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing [guidelines](./../CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [ ] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Shunsuke Suzuki \r\nCo-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"chore(setup-go): update actions/setup-go to resolve the warning (#3604)"}},{"before":"8332e56d482c28cf186c93eec3f8660d937d9554","after":"799b48e80c5a13bc995cb523a2ebf491a391c876","ref":"refs/heads/main","pushedAt":"2024-05-06T16:14:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"docs: fix broken links (#3605)\n\n# Summary\r\n\r\nFix broken links.\r\n\r\nNot found.\r\n\r\nhttps://github.com/slsa-framework/slsa-github-generator/CONTRIBUTING.md\r\nhttps://github.com/slsa-framework/slsa-github-generator/CHANGELOG.md\r\n\r\nhttps://github.com/actions/starter-workflows/blob/main/ci/generic-generator-ossf-slsa3-publish.yml\r\n\r\n## Testing Process\r\n\r\n\r\n## Checklist\r\n\r\n- [ ] Review the contributing [guidelines](./../CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [ ] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.\r\n\r\nSigned-off-by: Shunsuke Suzuki ","shortMessageHtmlLink":"docs: fix broken links (#3605)"}},{"before":"472fb17d7c6d1af4cd32e8402054e318b63ec904","after":"8332e56d482c28cf186c93eec3f8660d937d9554","ref":"refs/heads/main","pushedAt":"2024-04-24T20:22:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml (#3572)\n\n# Summary\r\n\r\nAddresses\r\nhttps://github.com/slsa-framework/slsa-github-generator/issues/3002\r\n\r\nFixes the .github/workflows/e2e.sign-attestations.schedule.yml workflow.\r\nsigstore-js now has its cli tools in a separate package, to be installed\r\nwith `install -g @sigstore/cli`.\r\n\r\n## Testing Process\r\n\r\nInvoked the workflow from my personal fork\r\n\r\n-\r\nhttps://github.com/ramonpetgrave64/slsa-github-generator/actions/runs/8757196289/job/24035331070#step:6:11\r\n\r\n```\r\nVerification succeeded\r\nVerification succeeded\r\n```\r\n\r\nWe can't add this to a pre-submit, because it requires token permissions\r\nthat are not available to forks' PR runs.\r\n\r\n## Checklist\r\n\r\n- [x] Review the contributing [guidelines](./../CONTRIBUTING.md)\r\n- [x] Add a reference to related issues in the PR description.\r\n- [ ] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml (#3572)"}},{"before":"5a775b367a56d5bd118a224a811bba288150a563","after":"472fb17d7c6d1af4cd32e8402054e318b63ec904","ref":"refs/heads/main","pushedAt":"2024-04-22T21:30:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: v2.0.0: update tags to v2.0.0 (#3584)\n\n# Summary\r\n\r\nhttps://github.com/slsa-framework/slsa-github-generator/issues/3576\r\n\r\nfollowup to\r\nhttps://github.com/slsa-framework/slsa-github-generator/pull/3578\r\n\r\nnext step in\r\nhttps://github.com/slsa-framework/slsa-github-generator/blob/main/RELEASE.md#reference-actions-at-main\r\n\r\nChanging all the actions to point back to main.\r\n\r\n## Testing Process\r\n\r\npre-submit workflows\r\n\r\n## Checklist\r\n\r\n- [ ] Review the contributing [guidelines](./../CONTRIBUTING.md)\r\n- [ ] Add a reference to related issues in the PR description.\r\n- [ ] Update documentation if applicable.\r\n- [ ] Add unit tests if applicable.\r\n- [ ] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable.\r\n\r\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"chore: v2.0.0: update tags to v2.0.0 (#3584)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEUci0VAA","startCursor":null,"endCursor":null}},"title":"Activity · slsa-framework/slsa-github-generator"}