Update README.md#146

Closed

mandelsoft wants to merge 1 commit intomandelsoft/workflow2from

mandelsoft/patch-1

Contributor

mandelsoft commented Oct 12, 2022

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:


          Update README.md

c49ed14

mandelsoft closed this

mandelsoft deleted the mandelsoft/patch-1 branch

October 12, 2022 18:32

frewilhelm pushed a commit that referenced this pull request


          chore(deps): bump the ci group across 1 directory with 5 updates (#1893)

221088a

Bumps the ci group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` |
`6.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.34.1` | `4.35.1` |
| [docker/login-action](https://github.com/docker/login-action) |
`4.0.0` | `4.1.0` |
|
[DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action)
| `21` | `22` |
|
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
| `4.1.0` | `4.1.1` |


Updates `actions/setup-go` from 6.3.0 to 6.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Add go-download-base-url input for custom Go distributions by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<h3>Dependency update</h3>
<ul>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li>
</ul>
<h3>Documentation update</h3>
<ul>
<li>Rearrange README.md, add advanced-usage.md by <a
href="https://github.com/priyagupta108"><code>@priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li>
<li>Fix Microsoft build of Go link by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gdams"><code>@gdams</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a>
docs: fix Microsoft build of Go link (<a
href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a>
feat: add go-download-base-url input for custom Go distributions (<a
href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a>
Rearrange README.md, add advanced-usage.md (<a
href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.34.1 to 4.35.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.1</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>v4.35.0</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a &quot;Multi select&quot; repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Once <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a> can be configured with OIDC-based authentication
for organizations, the CodeQL Action will now be able to accept such
configurations. <a
href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error &quot;Response body object should not be disturbed
or locked&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
<li>
<p>A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p>
</li>
</ul>
<h2>4.32.6 - 05 Mar 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li>
</ul>
<h2>4.32.5 - 02 Mar 2026</h2>
<ul>
<li>Repositories owned by an organization can now set up the
<code>github-codeql-disable-overlay</code> custom repository property to
disable <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis for CodeQL</a>. First, create a custom repository
property with the name <code>github-codeql-disable-overlay</code> and
the type &quot;True/false&quot; in the organization's settings. Then in
the repository's settings, set this property to <code>true</code> to
disable improved incremental analysis. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>. This
feature is not yet available on GitHub Enterprise Server. <a
href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li>
<li>Added an experimental change so that when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> fails on a runner — potentially due to
insufficient disk space — the failure is recorded in the Actions cache
so that subsequent runs will automatically skip improved incremental
analysis until something changes (e.g. a larger runner is provisioned or
a new CodeQL version is released). We expect to roll this change out to
everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/c10b8064de6f491fea524254123dbe5e09572f13"><code>c10b806</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3782">#3782</a>
from github/update-v4.35.1-d6d1743b8</li>
<li><a
href="https://github.com/github/codeql-action/commit/c5ffd0683786820677d054e3505e1c5bb4b8c227"><code>c5ffd06</code></a>
Update changelog for v4.35.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/d6d1743b8ec7ecd94f78ad1ce4cb3d8d2ba58001"><code>d6d1743</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3781">#3781</a>
from github/henrymercer/update-git-minimum-version</li>
<li><a
href="https://github.com/github/codeql-action/commit/65d2efa7333ad65f97cc54be40f4cd18630f884c"><code>65d2efa</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/2437b20ab31021229573a66717323dd5c6ce9319"><code>2437b20</code></a>
Update minimum git version for overlay to 2.36.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/ea5f71947c021286c99f61cc426a10d715fe4434"><code>ea5f719</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3775">#3775</a>
from github/dependabot/npm_and_yarn/node-forge-1.4.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/45ceeea896ba2293e10982f871198d1950ee13d6"><code>45ceeea</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3777">#3777</a>
from github/mergeback/v4.35.0-to-main-b8bb9f28</li>
<li><a
href="https://github.com/github/codeql-action/commit/24448c98434f429f901d27db7ddae55eec5cc1c4"><code>24448c9</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/7c510606312e5c68ac8b27c009e5254f226f5dfa"><code>7c51060</code></a>
Update changelog and version after v4.35.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/b8bb9f28b8d3f992092362369c57161b755dea45"><code>b8bb9f2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3776">#3776</a>
from github/update-v4.35.0-0078ad667</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/38697555549f1db7851b81482ff19f1fa5c4fedc...c10b8064de6f491fea524254123dbe5e09572f13">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/login-action` from 4.0.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Fix scoped Docker Hub cleanup path when registry is omitted by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/945">docker/login-action#945</a></li>
<li>Bump <code>@aws-sdk/client-ecr</code> and
<code>@aws-sdk/client-ecr-public</code> to 3.1020.0 in <a
href="https://redirect.github.com/docker/login-action/pull/930">docker/login-action#930</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.86.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/932">docker/login-action#932</a>
<a
href="https://redirect.github.com/docker/login-action/pull/936">docker/login-action#936</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a
href="https://redirect.github.com/docker/login-action/pull/952">docker/login-action#952</a></li>
<li>Bump fast-xml-parser from 5.3.4 to 5.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/942">docker/login-action#942</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/login-action/pull/944">docker/login-action#944</a></li>
<li>Bump glob from 10.3.12 to 10.5.0 in <a
href="https://redirect.github.com/docker/login-action/pull/940">docker/login-action#940</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/login-action/pull/949">docker/login-action#949</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 8.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/937">docker/login-action#937</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/login-action/pull/958">docker/login-action#958</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.5 in <a
href="https://redirect.github.com/docker/login-action/pull/941">docker/login-action#941</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/login-action/pull/948">docker/login-action#948</a></li>
<li>Bump undici from 6.23.0 to 6.24.1 in <a
href="https://redirect.github.com/docker/login-action/pull/938">docker/login-action#938</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.0.0...v4.1.0">https://github.com/docker/login-action/compare/v4.0.0...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121"><code>4907a6d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/930">#930</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636"><code>1e233e6</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb"><code>6c24ead</code></a>
build(deps): bump the aws-sdk-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6"><code>ee034d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/958">#958</a>
from docker/dependabot/npm_and_yarn/lodash-4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb"><code>1527209</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/937">#937</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b"><code>d39362a</code></a>
build(deps): bump lodash from 4.17.23 to 4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce"><code>a6f092b</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779"><code>60953f0</code></a>
build(deps): bump the proxy-agent-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340"><code>62c6885</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/936">#936</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a"><code>102c0e6</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121">compare
view</a></li>
</ul>
</details>
<br />

Updates `DeterminateSystems/nix-installer-action` from 21 to 22
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/determinatesystems/nix-installer-action/releases">DeterminateSystems/nix-installer-action's
releases</a>.</em></p>
<blockquote>
<h2>v22</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>detsys-ts</code>: Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/116">#116</a>
from
DeterminateSystems/dependabot/github_actions/actions-deps-76468cb07f by
<a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/211">DeterminateSystems/nix-installer-action#211</a></li>
<li>Update <code>detsys-ts</code>: Update main and types fields in
package.json (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/119">#119</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/212">DeterminateSystems/nix-installer-action#212</a></li>
<li>Provide Determinate Nix vs. upstream Nix instructions by <a
href="https://github.com/lucperkins"><code>@lucperkins</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/210">DeterminateSystems/nix-installer-action#210</a></li>
<li>Update <code>detsys-ts</code>: Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/126">#126</a>
from DeterminateSystems/dependabot/npm_and_yarn/npm-deps-939209f320 by
<a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/220">DeterminateSystems/nix-installer-action#220</a></li>
<li>Add summary toggle option by <a
href="https://github.com/andre4ik3"><code>@andre4ik3</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/217">DeterminateSystems/nix-installer-action#217</a></li>
<li>Tidy up the macos runner list by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/224">DeterminateSystems/nix-installer-action#224</a></li>
<li>Update <code>detsys-ts</code>: Bumps (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/131">#131</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/223">DeterminateSystems/nix-installer-action#223</a></li>
<li>Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.3 to
5.3.4 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/134">#134</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/228">DeterminateSystems/nix-installer-action#228</a></li>
<li>Update <code>detsys-ts</code>: Bump the npm-deps group across 1
directory with 9 updates (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/138">#138</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/230">DeterminateSystems/nix-installer-action#230</a></li>
<li>Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.4 to
5.3.6 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/140">#140</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/231">DeterminateSystems/nix-installer-action#231</a></li>
<li>Update <code>detsys-ts</code>: Fix default value for Action option
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/144">#144</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/233">DeterminateSystems/nix-installer-action#233</a></li>
<li>Update <code>detsys-ts</code>: unoptional timeout (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/146">#146</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/235">DeterminateSystems/nix-installer-action#235</a></li>
<li>Attach build provenance by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/236">DeterminateSystems/nix-installer-action#236</a></li>
<li>Update <code>detsys-ts</code>: Drop the old schemas and integrate
the open PRs (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/162">#162</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/238">DeterminateSystems/nix-installer-action#238</a></li>
<li>Update deps, go to node24 by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/239">DeterminateSystems/nix-installer-action#239</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/andre4ik3"><code>@andre4ik3</code></a>
made their first contribution in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/217">DeterminateSystems/nix-installer-action#217</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/DeterminateSystems/nix-installer-action/compare/v21...v22">https://github.com/DeterminateSystems/nix-installer-action/compare/v21...v22</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/ef8a148080ab6020fd15196c2084a2eea5ff2d25"><code>ef8a148</code></a>
Update deps, go to node24 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/239">#239</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/e02dcf858cd1ca353a03986f1f6dc39ff9aa5ba2"><code>e02dcf8</code></a>
Update <code>detsys-ts</code>: Drop the old schemas and integrate the
open PRs (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/162">#162</a>)
(#...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/9a59e15a74545c99a626ba594edcd0d02189e670"><code>9a59e15</code></a>
Attach build provenance (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/236">#236</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/d96bc962e61b3049ce8128d03d57a1144fa96539"><code>d96bc96</code></a>
Update <code>detsys-ts</code> for: <code>unoptional timeout
([#146](https://github.com/determinatesystems/nix-installer-action/issues/146))</code>
(`a621ba724bb21cc2907e525...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/874a9842e1ba38da0fc8c32421672a81e9843295"><code>874a984</code></a>
Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/233">#233</a>
from detsys-pr-bot/detsys-ts-update-d0fa3dbd59ce2872d...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/1ae25535ec10252a19af344ef0f648e9ecb1c506"><code>1ae2553</code></a>
Update <code>detsys-ts</code> for: <code>Fix default value for Action
option
([#144](https://github.com/determinatesystems/nix-installer-action/issues/144))</code>
(`d0fa3d...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/d9137d7b28da568ff80d73130b026d655de5508d"><code>d9137d7</code></a>
flake.lock: Update</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/95f009f8cba987d36d7e3396d29de81b2883654a"><code>95f009f</code></a>
Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.4 to 5.3.6
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/140">#140</a>)
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/231">#231</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/86cbc893b3c44423bb3b27da33c306deba1e1ef4"><code>86cbc89</code></a>
Update <code>detsys-ts</code>: Bump the npm-deps group across 1
directory with 9 updates...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/500e7f9345c8f2d9f4e9f553c820978e6761c66b"><code>500e7f9</code></a>
Update <code>detsys-ts</code> for: <code>Bump fast-xml-parser from 5.3.3
to 5.3.4
([#134](https://github.com/determinatesystems/nix-installer-action/issues/134))</code>
(`1...</li>
<li>Additional commits viewable in <a
href="https://github.com/determinatesystems/nix-installer-action/compare/c5a866b6ab867e88becbed4467b93592bce69f8a...ef8a148080ab6020fd15196c2084a2eea5ff2d25">compare
view</a></li>
</ul>
</details>
<br />

Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: update default cosign-release to v3.0.5 in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/223">sigstore/cosign-installer#223</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1">https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003"><code>cad07c2</code></a>
chore: update default cosign-release to v3.0.5 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/223">#223</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22...cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

morri-son pushed a commit to morri-son/ocm that referenced this pull request


          chore(deps): bump the ci group across 1 directory with 5 updates (ope…

ce4beff

…n-component-model#1893)

Bumps the ci group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` |
`6.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.34.1` | `4.35.1` |
| [docker/login-action](https://github.com/docker/login-action) |
`4.0.0` | `4.1.0` |
|
[DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action)
| `21` | `22` |
|
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
| `4.1.0` | `4.1.1` |

Updates `actions/setup-go` from 6.3.0 to 6.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Add go-download-base-url input for custom Go distributions by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<h3>Dependency update</h3>
<ul>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li>
</ul>
<h3>Documentation update</h3>
<ul>
<li>Rearrange README.md, add advanced-usage.md by <a
href="https://github.com/priyagupta108"><code>@priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li>
<li>Fix Microsoft build of Go link by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gdams"><code>@gdams</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a>
docs: fix Microsoft build of Go link (<a
href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a>
feat: add go-download-base-url input for custom Go distributions (<a
href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a>
Rearrange README.md, add advanced-usage.md (<a
href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.34.1 to 4.35.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.1</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>v4.35.0</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a &quot;Multi select&quot; repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Once <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a> can be configured with OIDC-based authentication
for organizations, the CodeQL Action will now be able to accept such
configurations. <a
href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error &quot;Response body object should not be disturbed
or locked&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
<li>
<p>A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p>
</li>
</ul>
<h2>4.32.6 - 05 Mar 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li>
</ul>
<h2>4.32.5 - 02 Mar 2026</h2>
<ul>
<li>Repositories owned by an organization can now set up the
<code>github-codeql-disable-overlay</code> custom repository property to
disable <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis for CodeQL</a>. First, create a custom repository
property with the name <code>github-codeql-disable-overlay</code> and
the type &quot;True/false&quot; in the organization's settings. Then in
the repository's settings, set this property to <code>true</code> to
disable improved incremental analysis. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>. This
feature is not yet available on GitHub Enterprise Server. <a
href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li>
<li>Added an experimental change so that when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> fails on a runner — potentially due to
insufficient disk space — the failure is recorded in the Actions cache
so that subsequent runs will automatically skip improved incremental
analysis until something changes (e.g. a larger runner is provisioned or
a new CodeQL version is released). We expect to roll this change out to
everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/c10b8064de6f491fea524254123dbe5e09572f13"><code>c10b806</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3782">#3782</a>
from github/update-v4.35.1-d6d1743b8</li>
<li><a
href="https://github.com/github/codeql-action/commit/c5ffd0683786820677d054e3505e1c5bb4b8c227"><code>c5ffd06</code></a>
Update changelog for v4.35.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/d6d1743b8ec7ecd94f78ad1ce4cb3d8d2ba58001"><code>d6d1743</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3781">#3781</a>
from github/henrymercer/update-git-minimum-version</li>
<li><a
href="https://github.com/github/codeql-action/commit/65d2efa7333ad65f97cc54be40f4cd18630f884c"><code>65d2efa</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/2437b20ab31021229573a66717323dd5c6ce9319"><code>2437b20</code></a>
Update minimum git version for overlay to 2.36.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/ea5f71947c021286c99f61cc426a10d715fe4434"><code>ea5f719</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3775">#3775</a>
from github/dependabot/npm_and_yarn/node-forge-1.4.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/45ceeea896ba2293e10982f871198d1950ee13d6"><code>45ceeea</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3777">#3777</a>
from github/mergeback/v4.35.0-to-main-b8bb9f28</li>
<li><a
href="https://github.com/github/codeql-action/commit/24448c98434f429f901d27db7ddae55eec5cc1c4"><code>24448c9</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/7c510606312e5c68ac8b27c009e5254f226f5dfa"><code>7c51060</code></a>
Update changelog and version after v4.35.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/b8bb9f28b8d3f992092362369c57161b755dea45"><code>b8bb9f2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3776">#3776</a>
from github/update-v4.35.0-0078ad667</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/38697555549f1db7851b81482ff19f1fa5c4fedc...c10b8064de6f491fea524254123dbe5e09572f13">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/login-action` from 4.0.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Fix scoped Docker Hub cleanup path when registry is omitted by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/945">docker/login-action#945</a></li>
<li>Bump <code>@aws-sdk/client-ecr</code> and
<code>@aws-sdk/client-ecr-public</code> to 3.1020.0 in <a
href="https://redirect.github.com/docker/login-action/pull/930">docker/login-action#930</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.86.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/932">docker/login-action#932</a>
<a
href="https://redirect.github.com/docker/login-action/pull/936">docker/login-action#936</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a
href="https://redirect.github.com/docker/login-action/pull/952">docker/login-action#952</a></li>
<li>Bump fast-xml-parser from 5.3.4 to 5.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/942">docker/login-action#942</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/login-action/pull/944">docker/login-action#944</a></li>
<li>Bump glob from 10.3.12 to 10.5.0 in <a
href="https://redirect.github.com/docker/login-action/pull/940">docker/login-action#940</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/login-action/pull/949">docker/login-action#949</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 8.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/937">docker/login-action#937</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/login-action/pull/958">docker/login-action#958</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.5 in <a
href="https://redirect.github.com/docker/login-action/pull/941">docker/login-action#941</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/login-action/pull/948">docker/login-action#948</a></li>
<li>Bump undici from 6.23.0 to 6.24.1 in <a
href="https://redirect.github.com/docker/login-action/pull/938">docker/login-action#938</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.0.0...v4.1.0">https://github.com/docker/login-action/compare/v4.0.0...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121"><code>4907a6d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/930">#930</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636"><code>1e233e6</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb"><code>6c24ead</code></a>
build(deps): bump the aws-sdk-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6"><code>ee034d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/958">#958</a>
from docker/dependabot/npm_and_yarn/lodash-4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb"><code>1527209</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/937">#937</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b"><code>d39362a</code></a>
build(deps): bump lodash from 4.17.23 to 4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce"><code>a6f092b</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779"><code>60953f0</code></a>
build(deps): bump the proxy-agent-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340"><code>62c6885</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/936">#936</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a"><code>102c0e6</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121">compare
view</a></li>
</ul>
</details>
<br />

Updates `DeterminateSystems/nix-installer-action` from 21 to 22
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/determinatesystems/nix-installer-action/releases">DeterminateSystems/nix-installer-action's
releases</a>.</em></p>
<blockquote>
<h2>v22</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>detsys-ts</code>: Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/116">#116</a>
from
DeterminateSystems/dependabot/github_actions/actions-deps-76468cb07f by
<a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/211">DeterminateSystems/nix-installer-action#211</a></li>
<li>Update <code>detsys-ts</code>: Update main and types fields in
package.json (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/119">#119</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/212">DeterminateSystems/nix-installer-action#212</a></li>
<li>Provide Determinate Nix vs. upstream Nix instructions by <a
href="https://github.com/lucperkins"><code>@lucperkins</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/210">DeterminateSystems/nix-installer-action#210</a></li>
<li>Update <code>detsys-ts</code>: Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/126">#126</a>
from DeterminateSystems/dependabot/npm_and_yarn/npm-deps-939209f320 by
<a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/220">DeterminateSystems/nix-installer-action#220</a></li>
<li>Add summary toggle option by <a
href="https://github.com/andre4ik3"><code>@andre4ik3</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/217">DeterminateSystems/nix-installer-action#217</a></li>
<li>Tidy up the macos runner list by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/224">DeterminateSystems/nix-installer-action#224</a></li>
<li>Update <code>detsys-ts</code>: Bumps (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/131">#131</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/223">DeterminateSystems/nix-installer-action#223</a></li>
<li>Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.3 to
5.3.4 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/134">#134</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/228">DeterminateSystems/nix-installer-action#228</a></li>
<li>Update <code>detsys-ts</code>: Bump the npm-deps group across 1
directory with 9 updates (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/138">#138</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/230">DeterminateSystems/nix-installer-action#230</a></li>
<li>Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.4 to
5.3.6 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/140">#140</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/231">DeterminateSystems/nix-installer-action#231</a></li>
<li>Update <code>detsys-ts</code>: Fix default value for Action option
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/144">#144</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/233">DeterminateSystems/nix-installer-action#233</a></li>
<li>Update <code>detsys-ts</code>: unoptional timeout (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/146">#146</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/235">DeterminateSystems/nix-installer-action#235</a></li>
<li>Attach build provenance by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/236">DeterminateSystems/nix-installer-action#236</a></li>
<li>Update <code>detsys-ts</code>: Drop the old schemas and integrate
the open PRs (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/162">#162</a>)
by <a
href="https://github.com/detsys-pr-bot"><code>@detsys-pr-bot</code></a>
in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/238">DeterminateSystems/nix-installer-action#238</a></li>
<li>Update deps, go to node24 by <a
href="https://github.com/grahamc"><code>@grahamc</code></a> in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/239">DeterminateSystems/nix-installer-action#239</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/andre4ik3"><code>@andre4ik3</code></a>
made their first contribution in <a
href="https://redirect.github.com/DeterminateSystems/nix-installer-action/pull/217">DeterminateSystems/nix-installer-action#217</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/DeterminateSystems/nix-installer-action/compare/v21...v22">https://github.com/DeterminateSystems/nix-installer-action/compare/v21...v22</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/ef8a148080ab6020fd15196c2084a2eea5ff2d25"><code>ef8a148</code></a>
Update deps, go to node24 (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/239">#239</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/e02dcf858cd1ca353a03986f1f6dc39ff9aa5ba2"><code>e02dcf8</code></a>
Update <code>detsys-ts</code>: Drop the old schemas and integrate the
open PRs (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/162">#162</a>)
(#...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/9a59e15a74545c99a626ba594edcd0d02189e670"><code>9a59e15</code></a>
Attach build provenance (<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/236">#236</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/d96bc962e61b3049ce8128d03d57a1144fa96539"><code>d96bc96</code></a>
Update <code>detsys-ts</code> for: <code>unoptional timeout
([open-component-model#146](https://github.com/determinatesystems/nix-installer-action/issues/146))</code>
(`a621ba724bb21cc2907e525...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/874a9842e1ba38da0fc8c32421672a81e9843295"><code>874a984</code></a>
Merge pull request <a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/233">#233</a>
from detsys-pr-bot/detsys-ts-update-d0fa3dbd59ce2872d...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/1ae25535ec10252a19af344ef0f648e9ecb1c506"><code>1ae2553</code></a>
Update <code>detsys-ts</code> for: <code>Fix default value for Action
option
([open-component-model#144](https://github.com/determinatesystems/nix-installer-action/issues/144))</code>
(`d0fa3d...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/d9137d7b28da568ff80d73130b026d655de5508d"><code>d9137d7</code></a>
flake.lock: Update</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/95f009f8cba987d36d7e3396d29de81b2883654a"><code>95f009f</code></a>
Update <code>detsys-ts</code>: Bump fast-xml-parser from 5.3.4 to 5.3.6
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/140">#140</a>)
(<a
href="https://redirect.github.com/determinatesystems/nix-installer-action/issues/231">#231</a>)</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/86cbc893b3c44423bb3b27da33c306deba1e1ef4"><code>86cbc89</code></a>
Update <code>detsys-ts</code>: Bump the npm-deps group across 1
directory with 9 updates...</li>
<li><a
href="https://github.com/DeterminateSystems/nix-installer-action/commit/500e7f9345c8f2d9f4e9f553c820978e6761c66b"><code>500e7f9</code></a>
Update <code>detsys-ts</code> for: <code>Bump fast-xml-parser from 5.3.3
to 5.3.4
([open-component-model#134](https://github.com/determinatesystems/nix-installer-action/issues/134))</code>
(`1...</li>
<li>Additional commits viewable in <a
href="https://github.com/determinatesystems/nix-installer-action/compare/c5a866b6ab867e88becbed4467b93592bce69f8a...ef8a148080ab6020fd15196c2084a2eea5ff2d25">compare
view</a></li>
</ul>
</details>
<br />

Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: update default cosign-release to v3.0.5 in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/223">sigstore/cosign-installer#223</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1">https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003"><code>cad07c2</code></a>
chore: update default cosign-release to v3.0.5 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/223">#223</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22...cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Gerald Morrison (SAP) <gerald.morrison@sap.com>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet