chore(deps): bump distributhor/workflow-webhook from 1 to 3

[dependabot]

Bumps distributhor/workflow-webhook from 1 to 3.

Release notes

Sourced from distributhor/workflow-webhook's releases.

v3.0.0

• The X-GitHub-Delivery header now submits a UUID by default
• The name of the X-GitHub-Event can now be custom specified

v2.0.4

Added support for connection timeout to be set

v2.0.3

Output the unique request ID in the logs, unless silent=true

v2.0.2

Improvements have been made in performance, by using a pre-built docker image hosted in the GitHub container registry. Also see the release notes for v2.0.0 for other important changes if you are upgrading from v1.

v2.0.0

This is a major release, since some of the defaults that were previously applied have changed - the new defaults are more reasonable and secure. All v1 configurations options are still available, and the v1 tag will continue to exist in maintenance mode. To make use of the new features and defaults, use the v2 tag in your workflow config.

Two of the most important changes are:

• SSL certificates are now validated by default. For those who are not using verified SSL certs, and currently on v1 but wishes to use v2, should set verify_ssl: false (as per the README), otherwise your current workflow may fail.
• An additional log level has been added, which is something between verbose and silent. Those were the only two options available in v1 (and verbose may leak sensitive information in your logs). By default the logging in v2 will now give some basic output, and if you prefer verbose or silent instead, those options are still available.
• A unique requestID is set on each payload, which can be used to increase protection against replay attacks.

Thanks to @​johannes-huther for these contributions.

v1.1.1

Using a pre-built docker image hosted in GitHub container registry

v1.0.9

Bug fix: remove duplicate 'User-Agent' in header

v1.0.8

Support for sha256 header

v1.0.7

An additional configuration option, allowing curl to be run in silent mode

v1.0.5

Support an extended JSON webhook POST, which sends the complete GitHub even data, as found on GITHUB_EVENT_PATH

v1.0.4

• Support for webhook endpoints that expect urlencoded form data
• Correctly handle curl HTTP failures, by letting errors bubble up

v1.0.3

• Improved build time
• Allow unsigned SSL certificates
• Better curl usage
• Additional GitHub environment header

v1.0.2

... (truncated)

Commits

• 3d5f4dc Revert to built docker docker image
• 12d46aa Consistently handle custom event name throughout
• ad323b6 Revert dockerfile version change
• 3e02b08 Temporarily change action.yml for testing purposes
• c4e2e3d Update version
• dd99846 Merge pull request #34 from jamengual/adding_custom_event
• 8723730 Adding custom event_name and UUID to Delivery header
• 3b1dfb6 Output options if verbose is true
• 305ef88 Update docker image version
• 421ecb5 Add support for connection timeout
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)