Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	patch	v4.1.1 -> v4.1.7
actions/upload-artifact	action	patch	v4.3.1 -> v4.3.3
coverallsapp/github-action	action	minor	v2.2.3 -> v2.3.0
eslint (source)	devDependencies	major	^8.3.0 -> ^9.0.0
eslint-plugin-jest	devDependencies	major	^27.0.0 -> ^28.0.0
github/codeql-action	action	minor	v3.24.9 -> v3.25.10
ossf/scorecard-action	action	patch	v2.3.1 -> v2.3.3
step-security/harden-runner	action	minor	v2.7.0 -> v2.8.1

---

Release Notes

actions/checkout (actions/checkout)

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in https://github.com/actions/checkout/pull/1739
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1697
• Check out other refs/* by commit by @​orhantoy in https://github.com/actions/checkout/pull/1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in https://github.com/actions/checkout/pull/1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in https://github.com/actions/checkout/pull/1732

v4.1.5

Compare Source

What's Changed

• Update NPM dependencies by @​cory-miller in https://github.com/actions/checkout/pull/1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in https://github.com/actions/checkout/pull/1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in https://github.com/actions/checkout/pull/1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1692
• Add dependabot config by @​cory-miller in https://github.com/actions/checkout/pull/1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in https://github.com/actions/checkout/pull/1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in https://github.com/actions/checkout/pull/1643

v4.1.3

Compare Source

What's Changed

• Update actions/checkout version in update-main-version.yml by @​jww3 in https://github.com/actions/checkout/pull/1650
• Check git version before attempting to disable sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1656
• Add SSH user parameter by @​cory-miller in https://github.com/actions/checkout/pull/1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in https://github.com/actions/checkout/pull/1598

actions/upload-artifact (actions/upload-artifact)

v4.3.3

Compare Source

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in https://github.com/actions/upload-artifact/pull/565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in https://github.com/actions/upload-artifact/pull/516
• Minor fix to the migration readme by @​andrewakim in https://github.com/actions/upload-artifact/pull/523
• Update readme with v3/v2/v1 deprecation notice by @​robherley in https://github.com/actions/upload-artifact/pull/561
• updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @​eggyhead in https://github.com/actions/upload-artifact/pull/562

New Contributors

• @​andrewakim made their first contribution in https://github.com/actions/upload-artifact/pull/523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

coverallsapp/github-action (coverallsapp/github-action)

v2.3.0

Compare Source

What's Changed

• Set default values as strings per GH Action requirements by @​littleforest in https://github.com/coverallsapp/github-action/pull/204
• Allow pinning of coverage reporter version by @​littleforest in https://github.com/coverallsapp/github-action/pull/208

New Contributors

• @​littleforest made their first contribution in https://github.com/coverallsapp/github-action/pull/204

Full Changelog: coverallsapp/github-action@v2.2.3...v2.3.0

eslint/eslint (eslint)

v9.4.0

Compare Source

v9.3.0

Compare Source

v9.2.0

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.0

Compare Source

jest-community/eslint-plugin-jest (eslint-plugin-jest)

v28.6.0

Compare Source

Features

• prefer-jest-mocked: add new rule (#​1599) (4b6a4f2)
• valid-expect: supporting automatically fixing adding async in some cases (#​1579) (5b9b47e)

v28.5.0

Compare Source

Features

• allow @typescript-eslint/utils v7 as a direct dependency (#​1567) (1476f10)

v28.4.0

Compare Source

Features

• valid-expect: supporting automatically fixing missing await in some cases (#​1574) (a407098)

v28.3.0

Compare Source

Features

• prefer importing jest globals for specific types (#​1568) (c464ae3)

v28.2.0

Compare Source

Features

• support providing aliases for @jest/globals package (#​1543) (744d4f6)

28.1.1 (2024-04-06)

Bug Fixes

• max-expects: properly reset counter when exiting a test case (#​1550) (b4b7cbc)

v28.1.1

Compare Source

Bug Fixes

• max-expects: properly reset counter when exiting a test case (#​1550) (b4b7cbc)

v28.1.0

Compare Source

Features

• add prefer-importing-jest-globals rule (#​1490) (37478d8), closes #​1101

v28.0.0

Compare Source

Bug Fixes

• allow ESLint 9 as peer dependency (#​1547) (3c5e167)
• drop support for Node 19 (#​1548) (c87e388)
• no-large-snapshots: avoid instanceof RegExp check for ESLint v9 compatibility (#​1542) (af4a9c9)

Features

• drop support for @typescript-eslint/eslint-plugin v5 (#​1530) (150e355)
• drop support for Node v14 (#​1527) (df5e580)
• remove no-if rule (#​1528) (f976fc8)
• remove snapshot processor and flat/snapshot config (#​1532) (98087f9)
• upgrade @typescript-eslint/utils to v6 (#​1508) (dc6e8cd)

BREAKING CHANGES

• Node v19 is no longer supported
• removed unneeded snapshot processor and flat/snapshot config
• dropped support for @typescript-eslint/eslint-plugin v5
• dropped support for Node v14
• removed no-if in favor of no-conditional-in-test

github/codeql-action (github/codeql-action)

v3.25.10

Compare Source

v3.25.9

Compare Source

v3.25.8

Compare Source

v3.25.7

Compare Source

v3.25.6

Compare Source

v3.25.5

Compare Source

v3.25.4

Compare Source

v3.25.3

Compare Source

v3.25.2

Compare Source

v3.25.1

Compare Source

v3.25.0

Compare Source

v3.24.11

Compare Source

v3.24.10

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source

step-security/harden-runner (step-security/harden-runner)

v2.8.1

Compare Source

What's Changed

• Bug fix: Update isGitHubHosted implementation by @​varunsh-coder in https://github.com/step-security/harden-runner/pull/425
  The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.

Full Changelog: step-security/harden-runner@v2...v2.8.1

v2.8.0

Compare Source

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/416
This release includes:

• File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
• Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

Compare Source

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.