-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
📖 Move token discussion out of main README. #1279
Merged
spencerschrock
merged 4 commits into
ossf:main
from
spencerschrock:doc/authentication-repo-rules
Oct 25, 2023
Merged
📖 Move token discussion out of main README. #1279
spencerschrock
merged 4 commits into
ossf:main
from
spencerschrock:doc/authentication-repo-rules
Oct 25, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now that repo rules work with the default GITHUB_TOKEN, there's little need to recommend them. Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
pnacht
reviewed
Oct 16, 2023
Co-authored-by: Pedro Kaj Kjellerup Nacht <pedro.k.night@gmail.com> Signed-off-by: Spencer Schrock <sschrock@google.com>
laurentsimon
approved these changes
Oct 25, 2023
Signed-off-by: Spencer Schrock <sschrock@google.com>
ianlewis
referenced
this pull request
in slsa-framework/slsa-github-generator
May 17, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `b4ffde6` -> `a5ac7e5` | | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.6` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [ianlewis/todo-issue-reopener](https://togithub.com/ianlewis/todo-issue-reopener) | action | patch | `v1.2.0` -> `v1.2.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.3` | | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | minor | `v3.4.0` -> `v3.5.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>ianlewis/todo-issue-reopener (ianlewis/todo-issue-reopener)</summary> ### [`v1.2.1`](https://togithub.com/ianlewis/todo-issue-reopener/releases/tag/v1.2.1) [Compare Source](https://togithub.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1) ##### Fixed in 1.2.1 - Fixed the "error updating to TUF remote mirror: invalid key" error ([#​688](https://togithub.com/ianlewis/todo-issue-reopener/issues/688)). #### All changes - fix: Update slsa-verifier version by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/689](https://togithub.com/ianlewis/todo-issue-reopener/pull/689) - chore(deps): Bump github/codeql-action from 3.23.2 to 3.25.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/711](https://togithub.com/ianlewis/todo-issue-reopener/pull/711) - chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/705](https://togithub.com/ianlewis/todo-issue-reopener/pull/705) - chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/670](https://togithub.com/ianlewis/todo-issue-reopener/pull/670) - chore(deps-dev): Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.11 to 29.5.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/664](https://togithub.com/ianlewis/todo-issue-reopener/pull/664) - chore(deps): Bump actions/setup-node from 4.0.1 to 4.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/605](https://togithub.com/ianlewis/todo-issue-reopener/pull/605) - chore(deps): Bump yamllint from 1.33.0 to 1.35.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/598](https://togithub.com/ianlewis/todo-issue-reopener/pull/598) - chore(deps-dev): Bump eslint-plugin-github from 4.9.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/592](https://togithub.com/ianlewis/todo-issue-reopener/pull/592) - chore(deps): Bump thehanimo/pr-title-checker from 1.4.1 to 1.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/604](https://togithub.com/ianlewis/todo-issue-reopener/pull/604) - chore(deps): Bump yaml from 2.3.4 to 2.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/727](https://togithub.com/ianlewis/todo-issue-reopener/pull/727) - chore(deps-dev): Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to 0.38.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/635](https://togithub.com/ianlewis/todo-issue-reopener/pull/635) - chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/634](https://togithub.com/ianlewis/todo-issue-reopener/pull/634) - chore(release): v1.2.1 by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/833](https://togithub.com/ianlewis/todo-issue-reopener/pull/833) **Full Changelog**: ianlewis/todo-issue-reopener@v1.2.0...v1.2.1 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.5.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.5.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0) #### What's Changed - Bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/157](https://togithub.com/sigstore/cosign-installer/pull/157) - use go 1.22 now by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/160](https://togithub.com/sigstore/cosign-installer/pull/160) - bump default version to v2.2.4, prep for v3.5.0 release by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/159](https://togithub.com/sigstore/cosign-installer/pull/159) **Full Changelog**: sigstore/cosign-installer@v3.4.0...v3.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
Darkflame72
referenced
this pull request
in Tuhura-Tech/wiki
May 19, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Tuhura-Tech/wiki). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/maru-runner
May 22, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://togithub.com/actions/create-github-app-token) | action | minor | `v1.9.0` -> `v1.10.0` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [anchore/sbom-action](https://togithub.com/anchore/sbom-action) | action | minor | `v0.15.11` -> `v0.16.0` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.32.5` -> `v0.33.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0) ##### Features - **`private-key`:** escaped newlines will be replaced ([#​132](https://togithub.com/actions/create-github-app-token/issues/132)) ([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f)) ### [`v1.9.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.3) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3) ##### Bug Fixes - **deps:** bump undici from 6.10.2 to 6.11.1 ([#​125](https://togithub.com/actions/create-github-app-token/issues/125)) ([3c223c7](https://togithub.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)), closes [#​3024](https://togithub.com/actions/create-github-app-token/issues/3024) [nodejs/undici#3044](https://togithub.com/nodejs/undici/issues/3044) [#​3023](https://togithub.com/actions/create-github-app-token/issues/3023) [nodejs/undici#3025](https://togithub.com/nodejs/undici/issues/3025) [nodejs/undici#3024](https://togithub.com/nodejs/undici/issues/3024) [nodejs/undici#3034](https://togithub.com/nodejs/undici/issues/3034) [nodejs/undici#3038](https://togithub.com/nodejs/undici/issues/3038) [nodejs/undici#2947](https://togithub.com/nodejs/undici/issues/2947) [nodejs/undici#3040](https://togithub.com/nodejs/undici/issues/3040) [nodejs/undici#3036](https://togithub.com/nodejs/undici/issues/3036) [nodejs/undici#3041](https://togithub.com/nodejs/undici/issues/3041) [#​3024](https://togithub.com/actions/create-github-app-token/issues/3024) [#​3041](https://togithub.com/actions/create-github-app-token/issues/3041) [#​3036](https://togithub.com/actions/create-github-app-token/issues/3036) ### [`v1.9.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.2) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2) ##### Bug Fixes - **deps:** bump the production-dependencies group with 1 update ([#​123](https://togithub.com/actions/create-github-app-token/issues/123)) ([beea7b8](https://togithub.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)), closes [nodejs/undici#2978](https://togithub.com/nodejs/undici/issues/2978) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [#​2982](https://togithub.com/actions/create-github-app-token/issues/2982) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [#​2986](https://togithub.com/actions/create-github-app-token/issues/2986) [nodejs/undici#2992](https://togithub.com/nodejs/undici/issues/2992) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2993](https://togithub.com/nodejs/undici/issues/2993) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2998](https://togithub.com/nodejs/undici/issues/2998) [#​2863](https://togithub.com/actions/create-github-app-token/issues/2863) [nodejs/undici#2999](https://togithub.com/nodejs/undici/issues/2999) [nodejs/undici#3001](https://togithub.com/nodejs/undici/issues/3001) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2960](https://togithub.com/nodejs/undici/issues/2960) [nodejs/undici#2959](https://togithub.com/nodejs/undici/issues/2959) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2974](https://togithub.com/nodejs/undici/issues/2974) [nodejs/undici#2967](https://togithub.com/nodejs/undici/issues/2967) [nodejs/undici#2966](https://togithub.com/nodejs/undici/issues/2966) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2826](https://togithub.com/nodejs/undici/issues/2826) [nodejs/undici#2952](https://togithub.com/nodejs/undici/issues/2952) [#​3001](https://togithub.com/actions/create-github-app-token/issues/3001) [#​2863](https://togithub.com/actions/create-github-app-token/issues/2863) [#​2999](https://togithub.com/actions/create-github-app-token/issues/2999) [#​2998](https://togithub.com/actions/create-github-app-token/issues/2998) [#​2993](https://togithub.com/actions/create-github-app-token/issues/2993) [#​2986](https://togithub.com/actions/create-github-app-token/issues/2986) [#​2992](https://togithub.com/actions/create-github-app-token/issues/2992) [#​2991](https://togithub.com/actions/create-github-app-token/issues/2991) [#​2987](https://togithub.com/actions/create-github-app-token/issues/2987) ### [`v1.9.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.1) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1) ##### Bug Fixes - clarify `owner` input description ([#​118](https://togithub.com/actions/create-github-app-token/issues/118)) ([d9bc169](https://togithub.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f)) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>anchore/sbom-action (anchore/sbom-action)</summary> ### [`v0.16.0`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.0): v0.16 [Compare Source](https://togithub.com/anchore/sbom-action/compare/v0.15.11...v0.16.0) #### Changes in v0.16.0 - Update Syft to v1.4.1 ([#​465](https://togithub.com/anchore/sbom-action/issues/465)) - Update GitHub artifact client ([#​463](https://togithub.com/anchore/sbom-action/issues/463)) \[[kzantow](https://togithub.com/kzantow)] </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: zarf-dev/zarf@v0.33.1...v0.33.2 ### [`v0.33.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.1) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1) #### What's Changed - fix: add redirect so old zarf base link is compatiable by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2432](https://togithub.com/defenseunicorns/zarf/pull/2432) - ci: pin third-party gh actions by hash by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2433](https://togithub.com/defenseunicorns/zarf/pull/2433) - docs: add redirect for examples by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2438](https://togithub.com/defenseunicorns/zarf/pull/2438) - docs: update contributing and pre-commit by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2439](https://togithub.com/defenseunicorns/zarf/pull/2439) - ci: fix revive image ref in lint workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2436](https://togithub.com/defenseunicorns/zarf/pull/2436) - fix: filter on running pods when finding an image for injector pod by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2415](https://togithub.com/defenseunicorns/zarf/pull/2415) - fix: readme dead links by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2442](https://togithub.com/defenseunicorns/zarf/pull/2442) - fix: differential package create with non local sources by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2444](https://togithub.com/defenseunicorns/zarf/pull/2444) - refactor: move variables into separate package by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2414](https://togithub.com/defenseunicorns/zarf/pull/2414) - ci: add top level workflow permission to commitlint by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2449](https://togithub.com/defenseunicorns/zarf/pull/2449) - ci: remove unused env var from codeql workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2450](https://togithub.com/defenseunicorns/zarf/pull/2450) - chore: cleanup root level files and add SPDX check for Go files by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2431](https://togithub.com/defenseunicorns/zarf/pull/2431) - feat: config to enable resilient registry by [@​Michael-Kruggel](https://togithub.com/Michael-Kruggel) in [https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440) - docs: init package clarity and cleanup by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2447](https://togithub.com/defenseunicorns/zarf/pull/2447) - ci: compare cves to main by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2448](https://togithub.com/defenseunicorns/zarf/pull/2448) - test: unpin version in bigbang extension test by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2459](https://togithub.com/defenseunicorns/zarf/pull/2459) - fix: broken schema from unexpanded embedded variables by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2458](https://togithub.com/defenseunicorns/zarf/pull/2458) - fix: error on create if an index sha is used by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2429](https://togithub.com/defenseunicorns/zarf/pull/2429) #### New Contributors - [@​Michael-Kruggel](https://togithub.com/Michael-Kruggel) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440) **Full Changelog**: zarf-dev/zarf@v0.33.0...v0.33.1 ### [`v0.33.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0) #### What's Changed - fix: update deprecated syft packages command to syft scan by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2399](https://togithub.com/defenseunicorns/zarf/pull/2399) - chore: move helpers to defenseunicorns/pkg by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2402](https://togithub.com/defenseunicorns/zarf/pull/2402) - fix(deps): update github.com/anchore/clio digest to [`fb5fc4c`](https://togithub.com/defenseunicorns/zarf/commit/fb5fc4c) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2366](https://togithub.com/defenseunicorns/zarf/pull/2366) - feat(tools): add yq by [@​zachariahmiller](https://togithub.com/zachariahmiller) in [https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406) - chore: switch to use oci lib in defenseunicorns/pkg by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2404](https://togithub.com/defenseunicorns/zarf/pull/2404) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2411](https://togithub.com/defenseunicorns/zarf/pull/2411) - fix: use env var for PR title in commitlint workflow to prevent untrusted script injection by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2418](https://togithub.com/defenseunicorns/zarf/pull/2418) - fix: use default GITHUB_TOKEN for ossf/scorecard-action by [@​bburky](https://togithub.com/bburky) in [https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416) - fix: remove duplicate logic for writing image layers to disk concurrently by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2409](https://togithub.com/defenseunicorns/zarf/pull/2409) - feat: add option to skip cosign lookup during find images by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2427](https://togithub.com/defenseunicorns/zarf/pull/2427) - feat: allow chart deploy overrides ALPHA by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/zarf/pull/2403](https://togithub.com/defenseunicorns/zarf/pull/2403) - chore: update pull_request_template.md by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2428](https://togithub.com/defenseunicorns/zarf/pull/2428) - ci: pin k3s image version in k3d github action by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2430](https://togithub.com/defenseunicorns/zarf/pull/2430) - feat(docs): port docs to starlight by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2315](https://togithub.com/defenseunicorns/zarf/pull/2315) #### New Contributors - [@​zachariahmiller](https://togithub.com/zachariahmiller) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406) - [@​bburky](https://togithub.com/bburky) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416) **Full Changelog**: zarf-dev/zarf@v0.32.6...v0.33.0 ### [`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6) #### \[0.32.6] - 2024-03-22 > trying out some different release note generators, formatting may vary for a few releases while we figure out what works best ~[@​Noxsios](https://togithub.com/Noxsios) ##### 🚀 Features - \[**ALPHA**] feat: package generation ALPHA by [@​andrewg-xyz](https://togithub.com/andrewg-xyz) in [#​2269](https://togithub.com/defenseunicorns/zarf/pull/2269) - *(lib)* feat(lib): configurable log file location by [@​Noxsios](https://togithub.com/Noxsios) in [#​2380](https://togithub.com/defenseunicorns/zarf/pull/2380) - \[**BREAKING**] feat!: filter package components with strategy interface by [@​Noxsios](https://togithub.com/Noxsios) in [#​2321](https://togithub.com/defenseunicorns/zarf/pull/2321) ##### 🐛 Bug Fixes - fix: refactor create stages into separate lib by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2223](https://togithub.com/defenseunicorns/zarf/pull/2223) - fix: handle registry caBundle as a multiline string by [@​AbrohamLincoln](https://togithub.com/AbrohamLincoln) in [#​2381](https://togithub.com/defenseunicorns/zarf/pull/2381) - *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and `mirror` by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2386](https://togithub.com/defenseunicorns/zarf/pull/2386) - fix: allow absolute paths for differential packages by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [#​2397](https://togithub.com/defenseunicorns/zarf/pull/2397) - fix: hotfix skeleton publish by [@​Noxsios](https://togithub.com/Noxsios) in [#​2398](https://togithub.com/defenseunicorns/zarf/pull/2398) ##### 🚜 Refactor - refactor: split helpers/exec libs by [@​Racer159](https://togithub.com/Racer159) in [#​2379](https://togithub.com/defenseunicorns/zarf/pull/2379) ##### 🧪 Testing - test: data injection flake by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2361](https://togithub.com/defenseunicorns/zarf/pull/2361) ##### ⚙️ Miscellaneous Tasks - ci: add commitlint workflow and update contributing guide by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2391](https://togithub.com/defenseunicorns/zarf/pull/2391) ##### 🛡️ Security - *(release)* build: create PRs on `homebrew-tap` by [@​Noxsios](https://togithub.com/Noxsios) in [#​2385](https://togithub.com/defenseunicorns/zarf/pull/2385) **Full Changelog**: zarf-dev/zarf@v0.32.5...v0.32.6 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435) - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437) - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443) - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444) - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448) - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450) - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455) - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456) - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458) - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461) - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462) - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451) #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/maru-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-mattermost
May 22, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | patch | `v0.33.1` -> `v0.33.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint) | repository | patch | `v1.58.0` -> `v1.58.2` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | patch | `v4.1.0` -> `v4.1.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | | [python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema) | repository | patch | `0.28.2` -> `0.28.4` | | [renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks) | repository | minor | `37.342.1` -> `37.374.3` | | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | minor | `v2.7.1` -> `v2.8.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://togithub.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: zarf-dev/zarf@v0.33.1...v0.33.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>golangci/golangci-lint (golangci/golangci-lint)</summary> ### [`v1.58.2`](https://togithub.com/golangci/golangci-lint/compare/v1.58.1...v1.58.2) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.58.1...v1.58.2) ### [`v1.58.1`](https://togithub.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1) </details> <details> <summary>google-github-actions/release-please-action (google-github-actions/release-please-action)</summary> ### [`v4.1.1`](https://togithub.com/google-github-actions/release-please-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/google-github-actions/release-please-action/compare/v4.1.0...v4.1.1) ##### Bug Fixes - add deprecation warning to workflow run ([#​1](https://togithub.com/google-github-actions/release-please-action/issues/1)) ([edb78cf](https://togithub.com/google-github-actions/release-please-action/commit/edb78cf884d22d5d991d94144d031fce49cadbea)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.28.4`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0284) [Compare Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.3...0.28.4) - Update vendored schemas: buildkite, github-workflows, gitlab-ci, renovate, taskfile, woodpecker-ci (2024-05-19) ### [`v0.28.3`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0283) [Compare Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.2...0.28.3) - Update vendored schemas: dependabot, github-workflows, gitlab-ci, renovate, woodpecker-ci (2024-05-05) - Update Cloud Build pre-commit hook to support JSON Cloud Build config. Thanks :user:`jrdnbradford`! (:pr:`427`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v37.374.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.374.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.374.0...37.374.3) See https://github.com/renovatebot/renovate/releases/tag/37.374.3 for more changes ### [`v37.374.0`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.373.0...37.374.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.373.0...37.374.0) ### [`v37.373.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.373.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.371.1...37.373.0) See https://github.com/renovatebot/renovate/releases/tag/37.373.0 for more changes ### [`v37.371.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.371.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.371.0...37.371.1) See https://github.com/renovatebot/renovate/releases/tag/37.371.1 for more changes ### [`v37.371.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.371.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.10...37.371.0) See https://github.com/renovatebot/renovate/releases/tag/37.371.0 for more changes ### [`v37.368.10`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.10) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.9...37.368.10) See https://github.com/renovatebot/renovate/releases/tag/37.368.10 for more changes ### [`v37.368.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.8...37.368.9) See https://github.com/renovatebot/renovate/releases/tag/37.368.9 for more changes ### [`v37.368.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.8) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.7...37.368.8) See https://github.com/renovatebot/renovate/releases/tag/37.368.8 for more changes ### [`v37.368.7`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.7) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.6...37.368.7) See https://github.com/renovatebot/renovate/releases/tag/37.368.7 for more changes ### [`v37.368.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.5...37.368.6) See https://github.com/renovatebot/renovate/releases/tag/37.368.6 for more changes ### [`v37.368.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.4...37.368.5) See https://github.com/renovatebot/renovate/releases/tag/37.368.5 for more changes ### [`v37.368.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.3...37.368.4) See https://github.com/renovatebot/renovate/releases/tag/37.368.4 for more changes ### [`v37.368.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.2...37.368.3) See https://github.com/renovatebot/renovate/releases/tag/37.368.3 for more changes ### [`v37.368.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.0...37.368.2) See https://github.com/renovatebot/renovate/releases/tag/37.368.2 for more changes ### [`v37.368.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.366.1...37.368.0) See https://github.com/renovatebot/renovate/releases/tag/37.368.0 for more changes ### [`v37.366.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.366.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.9...37.366.1) See https://github.com/renovatebot/renovate/releases/tag/37.366.1 for more changes ### [`v37.363.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.6...37.363.9) See https://github.com/renovatebot/renovate/releases/tag/37.363.9 for more changes ### [`v37.363.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.4...37.363.6) See https://github.com/renovatebot/renovate/releases/tag/37.363.6 for more changes ### [`v37.363.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.3...37.363.4) See https://github.com/renovatebot/renovate/releases/tag/37.363.4 for more changes ### [`v37.363.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.1...37.363.3) See https://github.com/renovatebot/renovate/releases/tag/37.363.3 for more changes ### [`v37.363.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.359.0...37.363.1) See https://github.com/renovatebot/renovate/releases/tag/37.363.1 for more changes ### [`v37.359.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.359.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.2...37.359.0) See https://github.com/renovatebot/renovate/releases/tag/37.359.0 for more changes ### [`v37.358.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.1...37.358.2) See https://github.com/renovatebot/renovate/releases/tag/37.358.2 for more changes ### [`v37.358.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.0...37.358.1) See https://github.com/renovatebot/renovate/releases/tag/37.358.1 for more changes ### [`v37.358.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.356.1...37.358.0) See https://github.com/renovatebot/renovate/releases/tag/37.358.0 for more changes ### [`v37.356.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.356.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.356.0...37.356.1) See https://github.com/renovatebot/renovate/releases/tag/37.356.1 for more changes ### [`v37.356.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.356.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.355.1...37.356.0) See https://github.com/renovatebot/renovate/releases/tag/37.356.0 for more changes ### [`v37.355.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.355.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.6...37.355.1) See https://github.com/renovatebot/renovate/releases/tag/37.355.1 for more changes ### [`v37.354.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.5...37.354.6) See https://github.com/renovatebot/renovate/releases/tag/37.354.6 for more changes ### [`v37.354.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.4...37.354.5) See https://github.com/renovatebot/renovate/releases/tag/37.354.5 for more changes ### [`v37.354.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.3...37.354.4) See https://github.com/renovatebot/renovate/releases/tag/37.354.4 for more changes ### [`v37.354.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.2...37.354.3) See https://github.com/renovatebot/renovate/releases/tag/37.354.3 for more changes ### [`v37.354.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.1...37.354.2) See https://github.com/renovatebot/renovate/releases/tag/37.354.2 for more changes ### [`v37.354.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.1...37.354.1) See https://github.com/renovatebot/renovate/releases/tag/37.354.1 for more changes ### [`v37.353.1`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.0...37.353.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.0...37.353.1) ### [`v37.353.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.353.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.352.0...37.353.0) See https://github.com/renovatebot/renovate/releases/tag/37.353.0 for more changes ### [`v37.352.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.352.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.4...37.352.0) See https://github.com/renovatebot/renovate/releases/tag/37.352.0 for more changes ### [`v37.351.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.2...37.351.4) See https://github.com/renovatebot/renovate/releases/tag/37.351.4 for more changes ### [`v37.351.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.1...37.351.2) See https://github.com/renovatebot/renovate/releases/tag/37.351.2 for more changes ### [`v37.351.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.0...37.351.1) See https://github.com/renovatebot/renovate/releases/tag/37.351.1 for more changes ### [`v37.351.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.3...37.351.0) See https://github.com/renovatebot/renovate/releases/tag/37.351.0 for more changes ### [`v37.349.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.2...37.349.3) See https://github.com/renovatebot/renovate/releases/tag/37.349.3 for more changes ### [`v37.349.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.0...37.349.2) See https://github.com/renovatebot/renovate/releases/tag/37.349.2 for more changes ### [`v37.349.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.347.2...37.349.0) See https://github.com/renovatebot/renovate/releases/tag/37.349.0 for more changes ### [`v37.347.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.347.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.347.0...37.347.2) See https://github.com/renovatebot/renovate/releases/tag/37.347.2 for more changes ### [`v37.347.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.347.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.345.0...37.347.0) See https://github.com/renovatebot/renovate/releases/tag/37.347.0 for more changes ### [`v37.345.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.345.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.344.0...37.345.0) See https://github.com/renovatebot/renovate/releases/tag/37.345.0 for more changes ### [`v37.344.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.344.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.342.1...37.344.0) See https://github.com/renovatebot/renovate/releases/tag/37.344.0 for more changes </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0) #### What's Changed Release v2.8.0 by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416) This release includes: - File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process. - Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process. These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process. **Full Changelog**: step-security/harden-runner@v2...v2.8.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Release-As: v9.8.0-uds.0
cuixq
referenced
this pull request
in google/osv-scanner
May 23, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `v4.3.1` -> `v4.4.1` | | gaurav-nelson/github-action-markdown-link-check | action | digest | `25b2c43` -> `7d83e59` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) #### What's Changed - chore: Clarify isPullRequestFromFork by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/codecov/codecov-action/pull/1411](https://togithub.com/codecov/codecov-action/pull/1411) - build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1423](https://togithub.com/codecov/codecov-action/pull/1423) - build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1421](https://togithub.com/codecov/codecov-action/pull/1421) - build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1420](https://togithub.com/codecov/codecov-action/pull/1420) - feat: remove GPG and run on spawn by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1426](https://togithub.com/codecov/codecov-action/pull/1426) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.8.0 to 7.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1428](https://togithub.com/codecov/codecov-action/pull/1428) - chore(release): 4.4.0 by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1430](https://togithub.com/codecov/codecov-action/pull/1430) **Full Changelog**: codecov/codecov-action@v4.3.1...v4.4.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435) - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437) - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443) - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444) - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448) - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450) - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455) - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456) - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458) - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461) - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462) - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451) #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-gitlab
May 24, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.4.2` -> `v0.4.3` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | patch | `v0.4.2` -> `v0.4.3` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.33.1` -> `v0.34.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint) | repository | minor | `v1.57.2` -> `v1.58.2` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | patch | `v4.1.0` -> `v4.1.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | | [python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema) | repository | patch | `0.28.2` -> `0.28.4` | | [renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks) | repository | minor | `37.338.0` -> `37.377.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://togithub.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.4.3`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.3) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.2...v0.4.3) ##### Bug Fixes - update renovate config to use docker versioning for zarf images ([#​128](https://togithub.com/defenseunicorns/uds-common/issues/128)) ([c18e125](https://togithub.com/defenseunicorns/uds-common/commit/c18e12507384328bb53b81c096bc9827f96ba114)) ##### Miscellaneous - add an airgap note to UDS Package Practices (clarity is kindness) ([#​126](https://togithub.com/defenseunicorns/uds-common/issues/126)) ([b70e1fe](https://togithub.com/defenseunicorns/uds-common/commit/b70e1fe165a521a33789298a7e69aa6a59d54968)) - adjust UDS package practice formatting ([#​123](https://togithub.com/defenseunicorns/uds-common/issues/123)) ([f351d04](https://togithub.com/defenseunicorns/uds-common/commit/f351d04732a6e6e6fc2c62eff13f625a613effcc)) - **deps:** update uds common package dependencies to v6.6.3 ([#​132](https://togithub.com/defenseunicorns/uds-common/issues/132)) ([0ebdd1f](https://togithub.com/defenseunicorns/uds-common/commit/0ebdd1f5f2aa32720c88347027215305573bc716)) - **deps:** update uds common support dependencies ([#​125](https://togithub.com/defenseunicorns/uds-common/issues/125)) ([e014724](https://togithub.com/defenseunicorns/uds-common/commit/e01472454d2b3ef9665546fbb24c9980f090d238)) - **deps:** update uds common support dependencies to v0.22.0 ([#​133](https://togithub.com/defenseunicorns/uds-common/issues/133)) ([2cf903d](https://togithub.com/defenseunicorns/uds-common/commit/2cf903d41d0dbfda1baaa9629d1fa3c5d1a88110)) - initial package practices ([#​117](https://togithub.com/defenseunicorns/uds-common/issues/117)) ([d292b21](https://togithub.com/defenseunicorns/uds-common/commit/d292b216da73493743cd0a67b9763549c87c1819)) - update package practices with a bit more feedback ([#​129](https://togithub.com/defenseunicorns/uds-common/issues/129)) ([af34fc9](https://togithub.com/defenseunicorns/uds-common/commit/af34fc90104c57d11a08678186b8b2aeaaac135d)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.34.0`](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0) ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: zarf-dev/zarf@v0.33.1...v0.33.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>golangci/golangci-lint (golangci/golangci-lint)</summary> ### [`v1.58.2`](https://togithub.com/golangci/golangci-lint/compare/v1.58.1...v1.58.2) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.58.1...v1.58.2) ### [`v1.58.1`](https://togithub.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1) ### [`v1.58.0`](https://togithub.com/golangci/golangci-lint/compare/v1.57.2...v1.58.0) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.57.2...v1.58.0) </details> <details> <summary>google-github-actions/release-please-action (google-github-actions/release-please-action)</summary> ### [`v4.1.1`](https://togithub.com/google-github-actions/release-please-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/google-github-actions/release-please-action/compare/v4.1.0...v4.1.1) ##### Bug Fixes - add deprecation warning to workflow run ([#​1](https://togithub.com/google-github-actions/release-please-action/issues/1)) ([edb78cf](https://togithub.com/google-github-actions/release-please-action/commit/edb78cf884d22d5d991d94144d031fce49cadbea)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.28.4`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0284) [Compare Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.3...0.28.4) - Update vendored schemas: buildkite, github-workflows, gitlab-ci, renovate, taskfile, woodpecker-ci (2024-05-19) ### [`v0.28.3`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0283) [Compare Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.2...0.28.3) - Update vendored schemas: dependabot, github-workflows, gitlab-ci, renovate, woodpecker-ci (2024-05-05) - Update Cloud Build pre-commit hook to support JSON Cloud Build config. Thanks :user:`jrdnbradford`! (:pr:`427`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v37.377.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.377.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.376.0...37.377.0) See https://github.com/renovatebot/renovate/releases/tag/37.377.0 for more changes ### [`v37.376.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.376.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.375.2...37.376.0) See https://github.com/renovatebot/renovate/releases/tag/37.376.0 for more changes ### [`v37.375.2`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.375.1...37.375.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.375.1...37.375.2) ### [`v37.375.1`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.375.0...37.375.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.375.0...37.375.1) ### [`v37.375.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.375.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.374.3...37.375.0) See https://github.com/renovatebot/renovate/releases/tag/37.375.0 for more changes ### [`v37.374.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.374.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.374.0...37.374.3) See https://github.com/renovatebot/renovate/releases/tag/37.374.3 for more changes ### [`v37.374.0`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.373.0...37.374.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.373.0...37.374.0) ### [`v37.373.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.373.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.371.1...37.373.0) See https://github.com/renovatebot/renovate/releases/tag/37.373.0 for more changes ### [`v37.371.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.371.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.371.0...37.371.1) See https://github.com/renovatebot/renovate/releases/tag/37.371.1 for more changes ### [`v37.371.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.371.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.10...37.371.0) See https://github.com/renovatebot/renovate/releases/tag/37.371.0 for more changes ### [`v37.368.10`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.10) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.9...37.368.10) See https://github.com/renovatebot/renovate/releases/tag/37.368.10 for more changes ### [`v37.368.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.8...37.368.9) See https://github.com/renovatebot/renovate/releases/tag/37.368.9 for more changes ### [`v37.368.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.8) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.7...37.368.8) See https://github.com/renovatebot/renovate/releases/tag/37.368.8 for more changes ### [`v37.368.7`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.7) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.6...37.368.7) See https://github.com/renovatebot/renovate/releases/tag/37.368.7 for more changes ### [`v37.368.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.5...37.368.6) See https://github.com/renovatebot/renovate/releases/tag/37.368.6 for more changes ### [`v37.368.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.4...37.368.5) See https://github.com/renovatebot/renovate/releases/tag/37.368.5 for more changes ### [`v37.368.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.3...37.368.4) See https://github.com/renovatebot/renovate/releases/tag/37.368.4 for more changes ### [`v37.368.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.2...37.368.3) See https://github.com/renovatebot/renovate/releases/tag/37.368.3 for more changes ### [`v37.368.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.368.0...37.368.2) See https://github.com/renovatebot/renovate/releases/tag/37.368.2 for more changes ### [`v37.368.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.368.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.366.1...37.368.0) See https://github.com/renovatebot/renovate/releases/tag/37.368.0 for more changes ### [`v37.366.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.366.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.9...37.366.1) See https://github.com/renovatebot/renovate/releases/tag/37.366.1 for more changes ### [`v37.363.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.6...37.363.9) See https://github.com/renovatebot/renovate/releases/tag/37.363.9 for more changes ### [`v37.363.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.4...37.363.6) See https://github.com/renovatebot/renovate/releases/tag/37.363.6 for more changes ### [`v37.363.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.3...37.363.4) See https://github.com/renovatebot/renovate/releases/tag/37.363.4 for more changes ### [`v37.363.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.363.1...37.363.3) See https://github.com/renovatebot/renovate/releases/tag/37.363.3 for more changes ### [`v37.363.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.363.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.359.0...37.363.1) See https://github.com/renovatebot/renovate/releases/tag/37.363.1 for more changes ### [`v37.359.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.359.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.2...37.359.0) See https://github.com/renovatebot/renovate/releases/tag/37.359.0 for more changes ### [`v37.358.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.1...37.358.2) See https://github.com/renovatebot/renovate/releases/tag/37.358.2 for more changes ### [`v37.358.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.358.0...37.358.1) See https://github.com/renovatebot/renovate/releases/tag/37.358.1 for more changes ### [`v37.358.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.358.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.356.1...37.358.0) See https://github.com/renovatebot/renovate/releases/tag/37.358.0 for more changes ### [`v37.356.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.356.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.356.0...37.356.1) See https://github.com/renovatebot/renovate/releases/tag/37.356.1 for more changes ### [`v37.356.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.356.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.355.1...37.356.0) See https://github.com/renovatebot/renovate/releases/tag/37.356.0 for more changes ### [`v37.355.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.355.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.6...37.355.1) See https://github.com/renovatebot/renovate/releases/tag/37.355.1 for more changes ### [`v37.354.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.5...37.354.6) See https://github.com/renovatebot/renovate/releases/tag/37.354.6 for more changes ### [`v37.354.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.4...37.354.5) See https://github.com/renovatebot/renovate/releases/tag/37.354.5 for more changes ### [`v37.354.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.3...37.354.4) See https://github.com/renovatebot/renovate/releases/tag/37.354.4 for more changes ### [`v37.354.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.2...37.354.3) See https://github.com/renovatebot/renovate/releases/tag/37.354.3 for more changes ### [`v37.354.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.354.1...37.354.2) See https://github.com/renovatebot/renovate/releases/tag/37.354.2 for more changes ### [`v37.354.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.354.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.1...37.354.1) See https://github.com/renovatebot/renovate/releases/tag/37.354.1 for more changes ### [`v37.353.1`](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.0...37.353.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.353.0...37.353.1) ### [`v37.353.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.353.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.352.0...37.353.0) See https://github.com/renovatebot/renovate/releases/tag/37.353.0 for more changes ### [`v37.352.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.352.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.4...37.352.0) See https://github.com/renovatebot/renovate/releases/tag/37.352.0 for more changes ### [`v37.351.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.2...37.351.4) See https://github.com/renovatebot/renovate/releases/tag/37.351.4 for more changes ### [`v37.351.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.1...37.351.2) See https://github.com/renovatebot/renovate/releases/tag/37.351.2 for more changes ### [`v37.351.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.351.0...37.351.1) See https://github.com/renovatebot/renovate/releases/tag/37.351.1 for more changes ### [`v37.351.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.351.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.3...37.351.0) See https://github.com/renovatebot/renovate/releases/tag/37.351.0 for more changes ### [`v37.349.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.2...37.349.3) See https://github.com/renovatebot/renovate/releases/tag/37.349.3 for more changes ### [`v37.349.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.349.0...37.349.2) See https://github.com/renovatebot/renovate/releases/tag/37.349.2 for more changes ### [`v37.349.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.349.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.347.2...37.349.0) See https://github.com/renovatebot/renovate/releases/tag/37.349.0 for more changes ### [`v37.347.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.347.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.347.0...37.347.2) See https://github.com/renovatebot/renovate/releases/tag/37.347.2 for more changes ### [`v37.347.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.347.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.345.0...37.347.0) See https://github.com/renovatebot/renovate/releases/tag/37.347.0 for more changes ### [`v37.345.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.345.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.344.0...37.345.0) See https://github.com/renovatebot/renovate/releases/tag/37.345.0 for more changes ### [`v37.344.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.344.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.342.1...37.344.0) See https://github.com/renovatebot/renovate/releases/tag/37.344.0 for more changes ### [`v37.342.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.342.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.341.0...37.342.1) See https://github.com/renovatebot/renovate/releases/tag/37.342.1 for more changes ### [`v37.341.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.341.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.10...37.341.0) See https://github.com/renovatebot/renovate/releases/tag/37.341.0 for more changes ### [`v37.340.10`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.10) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.9...37.340.10) See https://github.com/renovatebot/renovate/releases/tag/37.340.10 for more changes ### [`v37.340.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.8...37.340.9) See https://github.com/renovatebot/renovate/releases/tag/37.340.9 for more changes ### [`v37.340.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.8) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.5...37.340.8) See https://github.com/renovatebot/renovate/releases/tag/37.340.8 for more changes ### [`v37.340.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.4...37.340.5) See https://github.com/renovatebot/renovate/releases/tag/37.340.5 for more changes ### [`v37.340.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.4) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.340.0...37.340.4) See https://github.com/renovatebot/renovate/releases/tag/37.340.4 for more changes ### [`v37.340.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.340.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.339.0...37.340.0) See https://github.com/renovatebot/renovate/releases/tag/37.340.0 for more changes ### [`v37.339.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.339.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.338.0...37.339.0) See https://github.com/renovatebot/renovate/releases/tag/37.339.0 for more changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-software-factory
May 30, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.5` -> `v4.1.6` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.4.2` -> `v0.4.4` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | patch | `v0.4.2` -> `v0.4.4` | | [defenseunicorns/uds-core](https://togithub.com/defenseunicorns/uds-core) | | minor | `0.21.1` -> `0.22.0` | | [docker/login-action](https://togithub.com/docker/login-action) | action | digest | `e92390c` -> `0d4c9c5` | | ghcr.io/defenseunicorns/packages/init | | minor | `v0.33.1` -> `v0.34.0` | | ghcr.io/defenseunicorns/packages/uds-k3d | | minor | `0.6.0` -> `0.7.0` | | ghcr.io/defenseunicorns/packages/uds/core | | minor | `0.21.1-upstream` -> `0.22.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/gitlab | | major | `16.11.1-uds.1-upstream` -> `17.0.1-uds.1-upstream` | | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | | major | `16.11.0-uds.0-upstream` -> `17.0.0-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/sonarqube | | patch | `9.9.2-uds.0-upstream` -> `9.9.5-uds.0-upstream` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.4` -> `v3.25.6` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | patch | `v4.1.0` -> `v4.1.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) </details> <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.11.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.0) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.4...v0.11.0) ##### What's Changed - chore(deps): update actions/upload-artifact action to v4.3.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/574](https://togithub.com/defenseunicorns/uds-cli/pull/574) - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/defenseunicorns/uds-cli/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/571](https://togithub.com/defenseunicorns/uds-cli/pull/571) - chore(deps): update github/codeql-action action to v3.25.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/570](https://togithub.com/defenseunicorns/uds-cli/pull/570) - fix(deps): update module github.com/defenseunicorns/pkg/oci to v0.0.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/576](https://togithub.com/defenseunicorns/uds-cli/pull/576) - fix: permit absolute paths for bundle create by [@​ZachGallagher](https://togithub.com/ZachGallagher) in [https://github.com/defenseunicorns/uds-cli/pull/554](https://togithub.com/defenseunicorns/uds-cli/pull/554) - fix: ensure we handle paths correctly in dev deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/582](https://togithub.com/defenseunicorns/uds-cli/pull/582) - chore(deps): update actions/download-artifact action to v4.1.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/573](https://togithub.com/defenseunicorns/uds-cli/pull/573) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/575](https://togithub.com/defenseunicorns/uds-cli/pull/575) - chore(deps): update actions/checkout action to v4.1.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/578](https://togithub.com/defenseunicorns/uds-cli/pull/578) - chore(deps): update actions/upload-artifact action to v4.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/579](https://togithub.com/defenseunicorns/uds-cli/pull/579) - chore(deps): update github/codeql-action action to v3.25.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/580](https://togithub.com/defenseunicorns/uds-cli/pull/580) - chore(deps): update anchore/sbom-action action to v0.15.11 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/587](https://togithub.com/defenseunicorns/uds-cli/pull/587) - chore: ensure vendored tools versions print out by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/586](https://togithub.com/defenseunicorns/uds-cli/pull/586) - chore(deps): update actions/checkout action to v4.1.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/597](https://togithub.com/defenseunicorns/uds-cli/pull/597) - chore(deps): update github/codeql-action action to v3.25.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/595](https://togithub.com/defenseunicorns/uds-cli/pull/595) - fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/593](https://togithub.com/defenseunicorns/uds-cli/pull/593) - chore(deps): update actions/setup-go action to v5.0.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/590](https://togithub.com/defenseunicorns/uds-cli/pull/590) - chore: update contributing doc by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/598](https://togithub.com/defenseunicorns/uds-cli/pull/598) - chore: swap Makefile for Maru by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/602](https://togithub.com/defenseunicorns/uds-cli/pull/602) - chore(deps): update github/codeql-action action to v3.25.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/606](https://togithub.com/defenseunicorns/uds-cli/pull/606) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/605](https://togithub.com/defenseunicorns/uds-cli/pull/605) - chore(deps): update ossf/scorecard-action action to v2.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/601](https://togithub.com/defenseunicorns/uds-cli/pull/601) - chore(deps): update goreleaser/goreleaser-action action to v5.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/604](https://togithub.com/defenseunicorns/uds-cli/pull/604) - chore: bump Go version to 1.21.10 by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/609](https://togithub.com/defenseunicorns/uds-cli/pull/609) - feat: remove q for canceling deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/603](https://togithub.com/defenseunicorns/uds-cli/pull/603) - chore: remove dead end code by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/611](https://togithub.com/defenseunicorns/uds-cli/pull/611) - chore: test getArch by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/621](https://togithub.com/defenseunicorns/uds-cli/pull/621) - chore(deps): update actions/checkout action to v4.1.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/619](https://togithub.com/defenseunicorns/uds-cli/pull/619) - chore(deps): update homebrew/actions digest to [`677db44`](https://togithub.com/defenseunicorns/uds-cli/commit/677db44) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/620](https://togithub.com/defenseunicorns/uds-cli/pull/620) - chore(deps): update github/codeql-action action to v3.25.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/625](https://togithub.com/defenseunicorns/uds-cli/pull/625) - chore(deps): update anchore/sbom-action action to v0.16.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/623](https://togithub.com/defenseunicorns/uds-cli/pull/623) - feat: allow helm overrides from valuesfile by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/594](https://togithub.com/defenseunicorns/uds-cli/pull/594) - chore: removes bubbletea tui by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/626](https://togithub.com/defenseunicorns/uds-cli/pull/626) - chore: update linting configuration by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/627](https://togithub.com/defenseunicorns/uds-cli/pull/627) - docs: dev deploy ADR by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/560](https://togithub.com/defenseunicorns/uds-cli/pull/560) - fix(deps): update module helm.sh/helm/v3 to v3.15.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/612](https://togithub.com/defenseunicorns/uds-cli/pull/612) - feat: strict bundle yaml validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/596](https://togithub.com/defenseunicorns/uds-cli/pull/596) - feat: dev deploy remote bundles by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/629](https://togithub.com/defenseunicorns/uds-cli/pull/629) - chore: update to de-zarfed Maru by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/uds-cli/pull/636](https://togithub.com/defenseunicorns/uds-cli/pull/636) - fix(deps): update module helm.sh/helm/v3 to v3.15.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/634](https://togithub.com/defenseunicorns/uds-cli/pull/634) - chore(deps): update docker/login-action action to v3.2.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/640](https://togithub.com/defenseunicorns/uds-cli/pull/640) - chore(deps): update homebrew/actions digest to [`a618804`](https://togithub.com/defenseunicorns/uds-cli/commit/a618804) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/632](https://togithub.com/defenseunicorns/uds-cli/pull/632) - fix(deps): update golang.org/x/exp digest to [`4c93da0`](https://togithub.com/defenseunicorns/uds-cli/commit/4c93da0) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/639](https://togithub.com/defenseunicorns/uds-cli/pull/639) - chore(deps): update podinfo to v6.6.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/633](https://togithub.com/defenseunicorns/uds-cli/pull/633) - chore(deps): update zarf to v0.33.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/585](https://togithub.com/defenseunicorns/uds-cli/pull/585) - feat: remove unnecessary bundle layers and refactor verification by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/622](https://togithub.com/defenseunicorns/uds-cli/pull/622) - feat: uds config validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/618](https://togithub.com/defenseunicorns/uds-cli/pull/618) - fix: ensures partial pkgs are correct and adds smoke test to workflows by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/643](https://togithub.com/defenseunicorns/uds-cli/pull/643) - fix: typo in Zarf pkg name and refactor smoke test workflow by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/644](https://togithub.com/defenseunicorns/uds-cli/pull/644) **Full Changelog**: defenseunicorns/uds-cli@v0.10.4...v0.11.0 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.4.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.3...v0.4.4) ##### Miscellaneous - pull debug / log actions from uds-core ([#​135](https://togithub.com/defenseunicorns/uds-common/issues/135)) ([b3c9928](https://togithub.com/defenseunicorns/uds-common/commit/b3c99286e4200c98a61d86484030f2be5ebb5c70)) ### [`v0.4.3`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.3) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.2...v0.4.3) ##### Bug Fixes - update renovate config to use docker versioning for zarf images ([#​128](https://togithub.com/defenseunicorns/uds-common/issues/128)) ([c18e125](https://togithub.com/defenseunicorns/uds-common/commit/c18e12507384328bb53b81c096bc9827f96ba114)) ##### Miscellaneous - add an airgap note to UDS Package Practices (clarity is kindness) ([#​126](https://togithub.com/defenseunicorns/uds-common/issues/126)) ([b70e1fe](https://togithub.com/defenseunicorns/uds-common/commit/b70e1fe165a521a33789298a7e69aa6a59d54968)) - adjust UDS package practice formatting ([#​123](https://togithub.com/defenseunicorns/uds-common/issues/123)) ([f351d04](https://togithub.com/defenseunicorns/uds-common/commit/f351d04732a6e6e6fc2c62eff13f625a613effcc)) - **deps:** update uds common package dependencies to v6.6.3 ([#​132](https://togithub.com/defenseunicorns/uds-common/issues/132)) ([0ebdd1f](https://togithub.com/defenseunicorns/uds-common/commit/0ebdd1f5f2aa32720c88347027215305573bc716)) - **deps:** update uds common support dependencies ([#​125](https://togithub.com/defenseunicorns/uds-common/issues/125)) ([e014724](https://togithub.com/defenseunicorns/uds-common/commit/e01472454d2b3ef9665546fbb24c9980f090d238)) - **deps:** update uds common support dependencies to v0.22.0 ([#​133](https://togithub.com/defenseunicorns/uds-common/issues/133)) ([2cf903d](https://togithub.com/defenseunicorns/uds-common/commit/2cf903d41d0dbfda1baaa9629d1fa3c5d1a88110)) - initial package practices ([#​117](https://togithub.com/defenseunicorns/uds-common/issues/117)) ([d292b21](https://togithub.com/defenseunicorns/uds-common/commit/d292b216da73493743cd0a67b9763549c87c1819)) - update package practices with a bit more feedback ([#​129](https://togithub.com/defenseunicorns/uds-common/issues/129)) ([af34fc9](https://togithub.com/defenseunicorns/uds-common/commit/af34fc90104c57d11a08678186b8b2aeaaac135d)) </details> <details> <summary>defenseunicorns/uds-core (defenseunicorns/uds-core)</summary> ### [`v0.22.0`](https://togithub.com/defenseunicorns/uds-core/blob/HEAD/CHANGELOG.md#0220-2024-05-22) [Compare Source](https://togithub.com/defenseunicorns/uds-core/compare/v0.21.1...v0.22.0) ##### Features - add `expose` service entry for internal cluster traffic ([#​356](https://togithub.com/defenseunicorns/uds-core/issues/356)) ([1bde4cc](https://togithub.com/defenseunicorns/uds-core/commit/1bde4ccf302864b0c38d093742ca683b96cebe89)) - add reconciliation retries for CRs ([#​423](https://togithub.com/defenseunicorns/uds-core/issues/423)) ([424b57b](https://togithub.com/defenseunicorns/uds-core/commit/424b57ba91906e1c60e6e92927e37b34d657ad01)) - uds common renovate config ([#​391](https://togithub.com/defenseunicorns/uds-core/issues/391)) ([035786c](https://togithub.com/defenseunicorns/uds-core/commit/035786cadcd9c1fbaf7e0a798f9c13104a1a9a14)) - uds core docs ([#​414](https://togithub.com/defenseunicorns/uds-core/issues/414)) ([a35ca7b](https://togithub.com/defenseunicorns/uds-core/commit/a35ca7b484ab59572d8205a625db5447a8771e44)) ##### Bug Fixes - mismatched exemption/policy for DropAllCapabilities ([#​384](https://togithub.com/defenseunicorns/uds-core/issues/384)) ([d8ec278](https://togithub.com/defenseunicorns/uds-core/commit/d8ec27827e2e2e7d85b4eba6b738f4b126264dd9)) - pepr mutation annotation overwrite ([#​385](https://togithub.com/defenseunicorns/uds-core/issues/385)) ([6e56b2a](https://togithub.com/defenseunicorns/uds-core/commit/6e56b2afec8f54f8c0a4aa4b89fef1d1c754b627)) - renovate config grouping, test-infra ([#​411](https://togithub.com/defenseunicorns/uds-core/issues/411)) ([05fd407](https://togithub.com/defenseunicorns/uds-core/commit/05fd407e9c3bf6a0bac33de64e892ce2a63275ac)) - renovate pepr comment ([#​410](https://togithub.com/defenseunicorns/uds-core/issues/410)) ([a825388](https://togithub.com/defenseunicorns/uds-core/commit/a82538817765ad21adb5f6bba283951bf4c23272)) ##### Miscellaneous - **deps:** update keycloak ([#​390](https://togithub.com/defenseunicorns/uds-core/issues/390)) ([3e82c4e](https://togithub.com/defenseunicorns/uds-core/commit/3e82c4ece470a5eea81d937b2b38c455934212e1)) - **deps:** update keycloak to v24.0.4 ([#​397](https://togithub.com/defenseunicorns/uds-core/issues/397)) ([c0420ea](https://togithub.com/defenseunicorns/uds-core/commit/c0420ea750b3a7dfc8ea6adab5225f76178ef953)) - **deps:** update keycloak to v24.0.4 ([#​402](https://togithub.com/defenseunicorns/uds-core/issues/402)) ([e454576](https://togithub.com/defenseunicorns/uds-core/commit/e454576a6de53e833d6b925308f09d6007166dde)) - **deps:** update neuvector to v9.4 ([#​381](https://togithub.com/defenseunicorns/uds-core/issues/381)) ([20d4170](https://togithub.com/defenseunicorns/uds-core/commit/20d4170386d2437826abafc68d87d91dc457022a)) - **deps:** update pepr to 0.31.0 ([#​360](https://togithub.com/defenseunicorns/uds-core/issues/360)) ([fbd61ea](https://togithub.com/defenseunicorns/uds-core/commit/fbd61ea9665133619aec81726b189449226d8459)) - **deps:** update prometheus-stack ([#​348](https://togithub.com/defenseunicorns/uds-core/issues/348)) ([49cb11a](https://togithub.com/defenseunicorns/uds-core/commit/49cb11a058a9209cee7019fa552b8c0b2ef73368)) - **deps:** update prometheus-stack ([#​392](https://togithub.com/defenseunicorns/uds-core/issues/392)) ([2e656f5](https://togithub.com/defenseunicorns/uds-core/commit/2e656f5dc3de2e6561ac313cb1bae478635b86b3)) - **deps:** update uds to v0.10.4 ([#​228](https://togithub.com/defenseunicorns/uds-core/issues/228)) ([1750b23](https://togithub.com/defenseunicorns/uds-core/commit/1750b2304e3c6f0ce6a60f1ef2873ce8a6ce1502)) - **deps:** update uds-k3d to v0.6.0 ([#​398](https://togithub.com/defenseunicorns/uds-core/issues/398)) ([288f009](https://togithub.com/defenseunicorns/uds-core/commit/288f00990a715087c9bf1fffd0a63ecf33125a5a)) - **deps:** update velero ([#​350](https://togithub.com/defenseunicorns/uds-core/issues/350)) ([e7cb33e](https://togithub.com/defenseunicorns/uds-core/commit/e7cb33ea9a13ab9550aab45d8ee437a1ba595d38)) - **deps:** update zarf to v0.33.2 ([#​394](https://togithub.com/defenseunicorns/uds-core/issues/394)) ([201a37b](https://togithub.com/defenseunicorns/uds-core/commit/201a37b12277880058c14fc05b3c0d4aecbf31e0)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) </details> <details> <summary>google-github-actions/release-please-action (google-github-actions/release-please-action)</summary> ### [`v4.1.1`](https://togithub.com/google-github-actions/release-please-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/google-github-actions/release-please-action/compare/v4.1.0...v4.1.1) ##### Bug Fixes - add deprecation warning to workflow run ([#​1](https://togithub.com/google-github-actions/release-please-action/issues/1)) ([edb78cf](https://togithub.com/google-github-actions/release-please-action/commit/edb78cf884d22d5d991d94144d031fce49cadbea)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-software-factory). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJidW5kbGUtZGVwcyJdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
github-merge-queue bot
referenced
this pull request
in AmadeusITGroup/otter
Jun 5, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@microsoft/tsdoc](https://tsdoc.org/) ([source](https://togithub.com/microsoft/tsdoc/tree/HEAD/tsdoc)) | [`~0.14.1` -> `~0.15.0`](https://renovatebot.com/diffs/npm/@microsoft%2ftsdoc/0.14.2/0.15.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@microsoft%2ftsdoc/0.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@microsoft%2ftsdoc/0.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@microsoft%2ftsdoc/0.14.2/0.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@microsoft%2ftsdoc/0.14.2/0.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [@types/chrome](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chrome) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chrome)) | [`^0.0.267` -> `^0.0.268`](https://renovatebot.com/diffs/npm/@types%2fchrome/0.0.267/0.0.268) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fchrome/0.0.268?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fchrome/0.0.268?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fchrome/0.0.267/0.0.268?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fchrome/0.0.267/0.0.268?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [Azure/functions-action](https://togithub.com/Azure/functions-action) | `v1.5.1` -> `v1.5.2` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/Azure%2ffunctions-action/v1.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/Azure%2ffunctions-action/v1.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/Azure%2ffunctions-action/v1.5.1/v1.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/Azure%2ffunctions-action/v1.5.1/v1.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [actions/checkout](https://togithub.com/actions/checkout) | `v4.1.4` -> `v4.1.6` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fcheckout/v4.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fcheckout/v4.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fcheckout/v4.1.4/v4.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fcheckout/v4.1.4/v4.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [audit-types](https://togithub.com/quinnturner/audit-types) | [`~0.5.6` -> `~0.6.0`](https://renovatebot.com/diffs/npm/audit-types/0.5.6/0.6.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/audit-types/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/audit-types/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/audit-types/0.5.6/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/audit-types/0.5.6/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [audit-types](https://togithub.com/quinnturner/audit-types) | [`~0.5.6` -> `~0.6.0`](https://renovatebot.com/diffs/npm/audit-types/0.5.6/0.6.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/audit-types/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/audit-types/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/audit-types/0.5.6/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/audit-types/0.5.6/0.6.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [dorny/test-reporter](https://togithub.com/dorny/test-reporter) | `v1.9.0` -> `v1.9.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/dorny%2ftest-reporter/v1.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/dorny%2ftest-reporter/v1.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/dorny%2ftest-reporter/v1.9.0/v1.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/dorny%2ftest-reporter/v1.9.0/v1.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [esbuild](https://togithub.com/evanw/esbuild) | [`~0.20.0` -> `~0.21.0`](https://renovatebot.com/diffs/npm/esbuild/0.20.2/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.20.2/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.20.2/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [esbuild](https://togithub.com/evanw/esbuild) | [`~0.20.0` -> `~0.21.0`](https://renovatebot.com/diffs/npm/esbuild/0.20.2/0.21.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/esbuild/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/esbuild/0.20.2/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.20.2/0.21.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v2.25.3` -> `v2.25.8` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.25.3/v2.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.25.3/v2.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v3.25.3` -> `v3.25.8` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.25.3/v3.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.25.3/v3.25.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | `v2.3.1` -> `v2.3.3` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.1/v2.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.1/v2.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [sass](https://togithub.com/sass/dart-sass) | [`~1.76.0` -> `~1.77.0`](https://renovatebot.com/diffs/npm/sass/1.76.0/1.77.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/sass/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/sass/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/sass/1.76.0/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sass/1.76.0/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | peerDependencies | minor | | [sass](https://togithub.com/sass/dart-sass) | [`~1.76.0` -> `~1.77.0`](https://renovatebot.com/diffs/npm/sass/1.76.0/1.77.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/sass/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/sass/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/sass/1.76.0/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sass/1.76.0/1.77.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | --- ### Release Notes <details> <summary>microsoft/tsdoc (@​microsoft/tsdoc)</summary> ### [`v0.15.0`](https://togithub.com/microsoft/tsdoc/blob/HEAD/tsdoc/CHANGELOG.md#0150) Tue, 28 May 2024 21:34:19 GMT ##### Minor changes - Minor package cleanup. - Eliminate remaining const enums. ##### Patches - Update an image URL in the README.md file - Upgrade dev toolchain (Heft, Webpack, TypeScript) </details> <details> <summary>Azure/functions-action (Azure/functions-action)</summary> ### [`v1.5.2`](https://togithub.com/Azure/functions-action/releases/tag/v1.5.2) [Compare Source](https://togithub.com/Azure/functions-action/compare/v1.5.1...v1.5.2) - Updated from Node 16 to Node 20 - Added support for Flex Consumption plan </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>quinnturner/audit-types (audit-types)</summary> ### [`v0.6.2`](https://togithub.com/quinnturner/audit-types/releases/tag/v0.6.2) [Compare Source](https://togithub.com/quinnturner/audit-types/compare/v0.6.1...v0.6.2) ##### What's Changed - fix: serialization of Yarn 4 by [@​quinnturner](https://togithub.com/quinnturner) in [https://github.com/quinnturner/audit-types/pull/9](https://togithub.com/quinnturner/audit-types/pull/9) **Full Changelog**: quinnturner/audit-types@v0.6.1...v0.6.2 ### [`v0.6.1`](https://togithub.com/quinnturner/audit-types/releases/tag/v0.6.1) [Compare Source](https://togithub.com/quinnturner/audit-types/compare/v0.6.0...v0.6.1) ##### What's Changed - Add support for Yarn NPM CLI types by [@​quinnturner](https://togithub.com/quinnturner) in [https://github.com/quinnturner/audit-types/pull/8](https://togithub.com/quinnturner/audit-types/pull/8) **Full Changelog**: quinnturner/audit-types@v0.6.0...v0.6.1 ### [`v0.6.0`](https://togithub.com/quinnturner/audit-types/releases/tag/v0.6.0) [Compare Source](https://togithub.com/quinnturner/audit-types/compare/v0.5.6...v0.6.0) ##### What's Changed - BREAKING: Change name of YarnBerry to Yarn2And3 by [@​quinnturner](https://togithub.com/quinnturner) in [https://github.com/quinnturner/audit-types/pull/7](https://togithub.com/quinnturner/audit-types/pull/7) **Full Changelog**: quinnturner/audit-types@v0.5.6...v0.6.0 </details> <details> <summary>dorny/test-reporter (dorny/test-reporter)</summary> ### [`v1.9.1`](https://togithub.com/dorny/test-reporter/releases/tag/v1.9.1) [Compare Source](https://togithub.com/dorny/test-reporter/compare/v1.9.0...v1.9.1) ##### What's Changed - fix: reporting wrong number of tests in Dart by [@​dominicmh](https://togithub.com/dominicmh) in [https://github.com/dorny/test-reporter/pull/426](https://togithub.com/dorny/test-reporter/pull/426) - Fix problematic retransmission of authentication token (alternative solution) by [@​JojOatXGME](https://togithub.com/JojOatXGME) in [https://github.com/dorny/test-reporter/pull/438](https://togithub.com/dorny/test-reporter/pull/438) - Update development dependencies by [@​jozefizso](https://togithub.com/jozefizso) in [https://github.com/dorny/test-reporter/pull/442](https://togithub.com/dorny/test-reporter/pull/442) ##### New Contributors - [@​dominicmh](https://togithub.com/dominicmh) made their first contribution in [https://github.com/dorny/test-reporter/pull/426](https://togithub.com/dorny/test-reporter/pull/426) - [@​JojOatXGME](https://togithub.com/JojOatXGME) made their first contribution in [https://github.com/dorny/test-reporter/pull/438](https://togithub.com/dorny/test-reporter/pull/438) **Full Changelog**: dorny/test-reporter@v1.9.0...v1.9.1 </details> <details> <summary>evanw/esbuild (esbuild)</summary> ### [`v0.21.4`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0214) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.3...v0.21.4) - Update support for import assertions and import attributes in node ([#​3778](https://togithub.com/evanw/esbuild/issues/3778)) Import assertions (the `assert` keyword) have been removed from node starting in v22.0.0. So esbuild will now strip them and generate a warning with `--target=node22` or above: ▲ [WARNING] The "assert" keyword is not supported in the configured target environment ("node22") [assert-to-with] example.mjs:1:40: 1 │ import json from "esbuild/package.json" assert { type: "json" } │ ~~~~~~ ╵ with Did you mean to use "with" instead of "assert"? Import attributes (the `with` keyword) have been backported to node 18 starting in v18.20.0. So esbuild will no longer strip them with `--target=node18.N` if `N` is 20 or greater. - Fix `for await` transform when a label is present This release fixes a bug where the `for await` transform, which wraps the loop in a `try` statement, previously failed to also move the loop's label into the `try` statement. This bug only affects code that uses both of these features in combination. Here's an example of some affected code: ```js // Original code async function test() { outer: for await (const x of [Promise.resolve([0, 1])]) { for (const y of x) if (y) break outer throw 'fail' } } // Old output (with --target=es6) function test() { return __async(this, null, function* () { outer: try { for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) { const x = temp.value; for (const y of x) if (y) break outer; throw "fail"; } } catch (temp) { error = [temp]; } finally { try { more && (temp = iter.return) && (yield temp.call(iter)); } finally { if (error) throw error[0]; } } }); } // New output (with --target=es6) function test() { return __async(this, null, function* () { try { outer: for (var iter = __forAwait([Promise.resolve([0, 1])]), more, temp, error; more = !(temp = yield iter.next()).done; more = false) { const x = temp.value; for (const y of x) if (y) break outer; throw "fail"; } } catch (temp) { error = [temp]; } finally { try { more && (temp = iter.return) && (yield temp.call(iter)); } finally { if (error) throw error[0]; } } }); } ``` - Do additional constant folding after cross-module enum inlining ([#​3416](https://togithub.com/evanw/esbuild/issues/3416), [#​3425](https://togithub.com/evanw/esbuild/issues/3425)) This release adds a few more cases where esbuild does constant folding after cross-module enum inlining. ```ts // Original code: enum.ts export enum Platform { WINDOWS = 'windows', MACOS = 'macos', LINUX = 'linux', } // Original code: main.ts import { Platform } from './enum'; declare const PLATFORM: string; export function logPlatform() { if (PLATFORM == Platform.WINDOWS) console.log('Windows'); else if (PLATFORM == Platform.MACOS) console.log('macOS'); else if (PLATFORM == Platform.LINUX) console.log('Linux'); else console.log('Other'); } // Old output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm) function n(){"windows"=="macos"?console.log("Windows"):"macos"=="macos"?console.log("macOS"):"linux"=="macos"?console.log("Linux"):console.log("Other")}export{n as logPlatform}; // New output (with --bundle '--define:PLATFORM="macos"' --minify --format=esm) function n(){console.log("macOS")}export{n as logPlatform}; ``` - Pass import attributes to on-resolve plugins ([#​3384](https://togithub.com/evanw/esbuild/issues/3384), [#​3639](https://togithub.com/evanw/esbuild/issues/3639), [#​3646](https://togithub.com/evanw/esbuild/issues/3646)) With this release, on-resolve plugins will now have access to the import attributes on the import via the `with` property of the arguments object. This mirrors the `with` property of the arguments object that's already passed to on-load plugins. In addition, you can now pass `with` to the `resolve()` API call which will then forward that value on to all relevant plugins. Here's an example of a plugin that can now be written: ```js const examplePlugin = { name: 'Example plugin', setup(build) { build.onResolve({ filter: /.*/ }, args => { if (args.with.type === 'external') return { external: true } }) } } require('esbuild').build({ stdin: { contents: ` import foo from "./foo" with { type: "external" } foo() `, }, bundle: true, format: 'esm', write: false, plugins: [examplePlugin], }).then(result => { console.log(result.outputFiles[0].text) }) ``` - Formatting support for the `@position-try` rule ([#​3773](https://togithub.com/evanw/esbuild/issues/3773)) Chrome shipped this new CSS at-rule in version 125 as part of the [CSS anchor positioning API](https://developer.chrome.com/blog/anchor-positioning-api). With this release, esbuild now knows to expect a declaration list inside of the `@position-try` body block and will format it appropriately. - Always allow internal string import and export aliases ([#​3343](https://togithub.com/evanw/esbuild/issues/3343)) Import and export names can be string literals in ES2022+. Previously esbuild forbid any usage of these aliases when the target was below ES2022. Starting with this release, esbuild will only forbid such usage when the alias would otherwise end up in output as a string literal. String literal aliases that are only used internally in the bundle and are "compiled away" are no longer errors. This makes it possible to use string literal aliases with esbuild's `inject` feature even when the target is earlier than ES2022. ### [`v0.21.3`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0213) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.2...v0.21.3) - Implement the decorator metadata proposal ([#​3760](https://togithub.com/evanw/esbuild/issues/3760)) This release implements the [decorator metadata proposal](https://togithub.com/tc39/proposal-decorator-metadata), which is a sub-proposal of the [decorators proposal](https://togithub.com/tc39/proposal-decorators). Microsoft shipped the decorators proposal in [TypeScript 5.0](https://devblogs.microsoft.com/typescript/announcing-typescript-5-0/#decorators) and the decorator metadata proposal in [TypeScript 5.2](https://devblogs.microsoft.com/typescript/announcing-typescript-5-2/#decorator-metadata), so it's important that esbuild also supports both of these features. Here's a quick example: ```js // Shim the "Symbol.metadata" symbol Symbol.metadata ??= Symbol('Symbol.metadata') const track = (_, context) => { (context.metadata.names ||= []).push(context.name) } class Foo { @​track foo = 1 @​track bar = 2 } // Prints ["foo", "bar"] console.log(Foo[Symbol.metadata].names) ``` **⚠️ WARNING⚠️ ** This proposal has been marked as "stage 3" which means "recommended for implementation". However, it's still a work in progress and isn't a part of JavaScript yet, so keep in mind that any code that uses JavaScript decorator metadata may need to be updated as the feature continues to evolve. If/when that happens, I will update esbuild's implementation to match the specification. I will not be supporting old versions of the specification. - Fix bundled decorators in derived classes ([#​3768](https://togithub.com/evanw/esbuild/issues/3768)) In certain cases, bundling code that uses decorators in a derived class with a class body that references its own class name could previously generate code that crashes at run-time due to an incorrect variable name. This problem has been fixed. Here is an example of code that was compiled incorrectly before this fix: ```js class Foo extends Object { @​(x => x) foo() { return Foo } } console.log(new Foo().foo()) ``` - Fix `tsconfig.json` files inside symlinked directories ([#​3767](https://togithub.com/evanw/esbuild/issues/3767)) This release fixes an issue with a scenario involving a `tsconfig.json` file that `extends` another file from within a symlinked directory that uses the `paths` feature. In that case, the implicit `baseURL` value should be based on the real path (i.e. after expanding all symbolic links) instead of the original path. This was already done for other files that esbuild resolves but was not yet done for `tsconfig.json` because it's special-cased (the regular path resolver can't be used because the information inside `tsconfig.json` is involved in path resolution). Note that this fix no longer applies if the `--preserve-symlinks` setting is enabled. ### [`v0.21.2`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0212) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.1...v0.21.2) - Correct `this` in field and accessor decorators ([#​3761](https://togithub.com/evanw/esbuild/issues/3761)) This release changes the value of `this` in initializers for class field and accessor decorators from the module-level `this` value to the appropriate `this` value for the decorated element (either the class or the instance). It was previously incorrect due to lack of test coverage. Here's an example of a decorator that doesn't work without this change: ```js const dec = () => function() { this.bar = true } class Foo { @​dec static foo } console.log(Foo.bar) // Should be "true" ``` - Allow `es2023` as a target environment ([#​3762](https://togithub.com/evanw/esbuild/issues/3762)) TypeScript recently [added `es2023`](https://togithub.com/microsoft/TypeScript/pull/58140) as a compilation target, so esbuild now supports this too. There is no difference between a target of `es2022` and `es2023` as far as esbuild is concerned since the 2023 edition of JavaScript doesn't introduce any new syntax features. ### [`v0.21.1`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0211) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.21.0...v0.21.1) - Fix a regression with `--keep-names` ([#​3756](https://togithub.com/evanw/esbuild/issues/3756)) The previous release introduced a regression with the `--keep-names` setting and object literals with `get`/`set` accessor methods, in which case the generated code contained syntax errors. This release fixes the regression: ```js // Original code x = { get y() {} } // Output from version 0.21.0 (with --keep-names) x = { get y: /* @​__PURE__ */ __name(function() { }, "y") }; // Output from this version (with --keep-names) x = { get y() { } }; ``` ### [`v0.21.0`](https://togithub.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0210) [Compare Source](https://togithub.com/evanw/esbuild/compare/v0.20.2...v0.21.0) This release doesn't contain any deliberately-breaking changes. However, it contains a very complex new feature and while all of esbuild's tests pass, I would not be surprised if an important edge case turns out to be broken. So I'm releasing this as a breaking change release to avoid causing any trouble. As usual, make sure to test your code when you upgrade. - Implement the JavaScript decorators proposal ([#​104](https://togithub.com/evanw/esbuild/issues/104)) With this release, esbuild now contains an implementation of the upcoming [JavaScript decorators proposal](https://togithub.com/tc39/proposal-decorators). This is the same feature that shipped in [TypeScript 5.0](https://devblogs.microsoft.com/typescript/announcing-typescript-5-0/#decorators) and has been highly-requested on esbuild's issue tracker. You can read more about them in that blog post and in this other (now slightly outdated) extensive blog post here: https://2ality.com/2022/10/javascript-decorators.html. Here's a quick example: ```js const log = (fn, context) => function() { console.log(`before ${context.name}`) const it = fn.apply(this, arguments) console.log(`after ${context.name}`) return it } class Foo { @​log static foo() { console.log('in foo') } } // Logs "before foo", "in foo", "after foo" Foo.foo() ``` Note that this feature is different than the existing "TypeScript experimental decorators" feature that esbuild already implements. It uses similar syntax but behaves very differently, and the two are not compatible (although it's sometimes possible to write decorators that work with both). TypeScript experimental decorators will still be supported by esbuild going forward as they have been around for a long time, are very widely used, and let you do certain things that are not possible with JavaScript decorators (such as decorating function parameters). By default esbuild will parse and transform JavaScript decorators, but you can tell esbuild to parse and transform TypeScript experimental decorators instead by setting `"experimentalDecorators": true` in your `tsconfig.json` file. Probably at least half of the work for this feature went into creating a test suite that exercises many of the proposal's edge cases: https://github.com/evanw/decorator-tests. It has given me a reasonable level of confidence that esbuild's initial implementation is acceptable. However, I don't have access to a significant sample of real code that uses JavaScript decorators. If you're currently using JavaScript decorators in a real code base, please try out esbuild's implementation and let me know if anything seems off. **⚠️ WARNING⚠️ ** This proposal has been in the works for a very long time (work began around 10 years ago in 2014) and it is finally getting close to becoming part of the JavaScript language. However, it's still a work in progress and isn't a part of JavaScript yet, so keep in mind that any code that uses JavaScript decorators may need to be updated as the feature continues to evolve. The decorators proposal is pretty close to its final form but it can and likely will undergo some small behavioral adjustments before it ends up becoming a part of the standard. If/when that happens, I will update esbuild's implementation to match the specification. I will not be supporting old versions of the specification. - Optimize the generated code for private methods Previously when lowering private methods for old browsers, esbuild would generate one `WeakSet` for each private method. This mirrors similar logic for generating one `WeakSet` for each private field. Using a separate `WeakMap` for private fields is necessary as their assignment can be observable: ```js let it class Bar { constructor() { it = this } } class Foo extends Bar { #x = 1 #y = null.foo static check() { console.log(#x in it, #y in it) } } try { new Foo } catch {} Foo.check() ``` This prints `true false` because this partially-initialized instance has `#x` but not `#y`. In other words, it's not true that all class instances will always have all of their private fields. However, the assignment of private methods to a class instance is not observable. In other words, it's true that all class instances will always have all of their private methods. This means esbuild can lower private methods into code where all methods share a single `WeakSet`, which is smaller, faster, and uses less memory. Other JavaScript processing tools such as the TypeScript compiler already make this optimization. Here's what this change looks like: ```js // Original code class Foo { #x() { return this.#x() } #y() { return this.#y() } #z() { return this.#z() } } // Old output (--supported:class-private-method=false) var _x, x_fn, _y, y_fn, _z, z_fn; class Foo { constructor() { __privateAdd(this, _x); __privateAdd(this, _y); __privateAdd(this, _z); } } _x = new WeakSet(); x_fn = function() { return __privateMethod(this, _x, x_fn).call(this); }; _y = new WeakSet(); y_fn = function() { return __privateMethod(this, _y, y_fn).call(this); }; _z = new WeakSet(); z_fn = function() { return __privateMethod(this, _z, z_fn).call(this); }; // New output (--supported:class-private-method=false) var _Foo_instances, x_fn, y_fn, z_fn; class Foo { constructor() { __privateAdd(this, _Foo_instances); } } _Foo_instances = new WeakSet(); x_fn = function() { return __privateMethod(this, _Foo_instances, x_fn).call(this); }; y_fn = function() { return __privateMethod(this, _Foo_instances, y_fn).call(this); }; z_fn = function() { return __privateMethod(this, _Foo_instances, z_fn).call(this); }; ``` - Fix an obscure bug with lowering class members with computed property keys When class members that use newer syntax features are transformed for older target environments, they sometimes need to be relocated. However, care must be taken to not reorder any side effects caused by computed property keys. For example, the following code must evaluate `a()` then `b()` then `c()`: ```js class Foo { [a()]() {} [b()]; static { c() } } ``` Previously esbuild did this by shifting the computed property key *forward* to the next spot in the evaluation order. Classes evaluate all computed keys first and then all static class elements, so if the last computed key needs to be shifted, esbuild previously inserted a static block at start of the class body, ensuring it came before all other static class elements: ```js var _a; class Foo { constructor() { __publicField(this, _a); } static { _a = b(); } [a()]() { } static { c(); } } ``` However, this could cause esbuild to accidentally generate a syntax error if the computed property key contains code that isn't allowed in a static block, such as an `await` expression. With this release, esbuild fixes this problem by shifting the computed property key *backward* to the previous spot in the evaluation order instead, which may push it into the `extends` clause or even before the class itself: ```js // Original code class Foo { [a()]() {} [await b()]; static { c() } } // Old output (with --supported:class-field=false) var _a; class Foo { constructor() { __publicField(this, _a); } static { _a = await b(); } [a()]() { } static { c(); } } // New output (with --supported:class-field=false) var _a, _b; class Foo { constructor() { __publicField(this, _a); } [(_b = a(), _a = await b(), _b)]() { } static { c(); } } ``` - Fix some `--keep-names` edge cases The [`NamedEvaluation` syntax-directed operation](https://tc39.es/ecma262/#sec-runtime-semantics-namedevaluation) in the JavaScript specification gives certain anonymous expressions a `name` property depending on where they are in the syntax tree. For example, the following initializers convey a `name` value: ```js var foo = function() {} var bar = class {} console.log(foo.name, bar.name) ``` When you enable esbuild's `--keep-names` setting, esbuild generates additional code to represent this `NamedEvaluation` operation so that the value of the `name` property persists even when the identifiers are renamed (e.g. due to minification). However, I recently learned that esbuild's implementation of `NamedEvaluation` is missing a few cases. Specifically esbuild was missing property definitions, class initializers, logical-assignment operators. These cases should now all be handled: ```js var obj = { foo: function() {} } class Foo0 { foo = function() {} } class Foo1 { static foo = function() {} } class Foo2 { accessor foo = function() {} } class Foo3 { static accessor foo = function() {} } foo ||= function() {} foo &&= function() {} foo ??= function() {} ``` </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.25.8`](https://togithub.com/github/codeql-action/compare/v2.25.7...v2.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.7...v2.25.8) ### [`v2.25.7`](https://togithub.com/github/codeql-action/compare/v2.25.6...v2.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.6...v2.25.7) ### [`v2.25.6`](https://togithub.com/github/codeql-action/compare/v2.25.5...v2.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.5...v2.25.6) ### [`v2.25.5`](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) ### [`v2.25.4`](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.77.4`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1774) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.77.3...1.77.4) ##### Embedded Sass - Support passing `Version` input for `fatalDeprecations` as string over embedded protocol. - Fix a bug in the JS Embedded Host where `Version` could be incorrectly accepted as input for `silenceDeprecations` and `futureDeprecations` in pure JS. ### [`v1.77.3`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1773) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.77.2...1.77.3) ##### Dart API - `Deprecation.duplicateVariableFlags` has been deprecated and replaced with `Deprecation.duplicateVarFlags` to make it consistent with the `duplicate-var-flags` name used on the command line and in the JS API. ### [`v1.77.2`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1772) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.77.1...1.77.2) - Don't emit deprecation warnings for functions and mixins beginning with `__`. - Allow user-defined functions whose names begin with `_` and otherwise look like vendor-prefixed functions with special CSS syntax. ##### Command-Line Interface - Properly handle the `--silence-deprecation` flag. - Handle the `--fatal-deprecation` and `--future-deprecation` flags for `--interactive` mode. ### [`v1.77.1`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1771) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.77.0...1.77.1) - Fix a crash that could come up with importers in certain contexts. ### [`v1.77.0`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1770) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.76.0...1.77.0) - *Don't* throw errors for at-rules in keyframe blocks. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/AmadeusITGroup/otter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
josieang
referenced
this pull request
in josieang/osv-scanner
Jun 6, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `v4.3.1` -> `v4.4.1` | | gaurav-nelson/github-action-markdown-link-check | action | digest | `25b2c43` -> `7d83e59` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) #### What's Changed - chore: Clarify isPullRequestFromFork by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/codecov/codecov-action/pull/1411](https://togithub.com/codecov/codecov-action/pull/1411) - build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1423](https://togithub.com/codecov/codecov-action/pull/1423) - build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1421](https://togithub.com/codecov/codecov-action/pull/1421) - build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1420](https://togithub.com/codecov/codecov-action/pull/1420) - feat: remove GPG and run on spawn by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1426](https://togithub.com/codecov/codecov-action/pull/1426) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.8.0 to 7.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/codecov/codecov-action/pull/1428](https://togithub.com/codecov/codecov-action/pull/1428) - chore(release): 4.4.0 by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1430](https://togithub.com/codecov/codecov-action/pull/1430) **Full Changelog**: codecov/codecov-action@v4.3.1...v4.4.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435) - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437) - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443) - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444) - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448) - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450) - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455) - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456) - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458) - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461) - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462) - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451) #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-postgres-operator
Jun 10, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [defenseunicorns/uds-cli](https://togithub.com/defenseunicorns/uds-cli) | | minor | `v0.10.4` -> `v0.11.0` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | patch | `v0.4.0` -> `v0.4.5` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.33.1` -> `v0.34.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.8` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | patch | `v4.1.0` -> `v4.1.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.11.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.0) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.4...v0.11.0) ##### What's Changed - chore(deps): update actions/upload-artifact action to v4.3.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/574](https://togithub.com/defenseunicorns/uds-cli/pull/574) - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/defenseunicorns/uds-cli/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/571](https://togithub.com/defenseunicorns/uds-cli/pull/571) - chore(deps): update github/codeql-action action to v3.25.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/570](https://togithub.com/defenseunicorns/uds-cli/pull/570) - fix(deps): update module github.com/defenseunicorns/pkg/oci to v0.0.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/576](https://togithub.com/defenseunicorns/uds-cli/pull/576) - fix: permit absolute paths for bundle create by [@​ZachGallagher](https://togithub.com/ZachGallagher) in [https://github.com/defenseunicorns/uds-cli/pull/554](https://togithub.com/defenseunicorns/uds-cli/pull/554) - fix: ensure we handle paths correctly in dev deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/582](https://togithub.com/defenseunicorns/uds-cli/pull/582) - chore(deps): update actions/download-artifact action to v4.1.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/573](https://togithub.com/defenseunicorns/uds-cli/pull/573) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/575](https://togithub.com/defenseunicorns/uds-cli/pull/575) - chore(deps): update actions/checkout action to v4.1.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/578](https://togithub.com/defenseunicorns/uds-cli/pull/578) - chore(deps): update actions/upload-artifact action to v4.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/579](https://togithub.com/defenseunicorns/uds-cli/pull/579) - chore(deps): update github/codeql-action action to v3.25.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/580](https://togithub.com/defenseunicorns/uds-cli/pull/580) - chore(deps): update anchore/sbom-action action to v0.15.11 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/587](https://togithub.com/defenseunicorns/uds-cli/pull/587) - chore: ensure vendored tools versions print out by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/586](https://togithub.com/defenseunicorns/uds-cli/pull/586) - chore(deps): update actions/checkout action to v4.1.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/597](https://togithub.com/defenseunicorns/uds-cli/pull/597) - chore(deps): update github/codeql-action action to v3.25.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/595](https://togithub.com/defenseunicorns/uds-cli/pull/595) - fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/593](https://togithub.com/defenseunicorns/uds-cli/pull/593) - chore(deps): update actions/setup-go action to v5.0.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/590](https://togithub.com/defenseunicorns/uds-cli/pull/590) - chore: update contributing doc by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/598](https://togithub.com/defenseunicorns/uds-cli/pull/598) - chore: swap Makefile for Maru by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/602](https://togithub.com/defenseunicorns/uds-cli/pull/602) - chore(deps): update github/codeql-action action to v3.25.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/606](https://togithub.com/defenseunicorns/uds-cli/pull/606) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/605](https://togithub.com/defenseunicorns/uds-cli/pull/605) - chore(deps): update ossf/scorecard-action action to v2.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/601](https://togithub.com/defenseunicorns/uds-cli/pull/601) - chore(deps): update goreleaser/goreleaser-action action to v5.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/604](https://togithub.com/defenseunicorns/uds-cli/pull/604) - chore: bump Go version to 1.21.10 by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/609](https://togithub.com/defenseunicorns/uds-cli/pull/609) - feat: remove q for canceling deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/603](https://togithub.com/defenseunicorns/uds-cli/pull/603) - chore: remove dead end code by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/611](https://togithub.com/defenseunicorns/uds-cli/pull/611) - chore: test getArch by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/621](https://togithub.com/defenseunicorns/uds-cli/pull/621) - chore(deps): update actions/checkout action to v4.1.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/619](https://togithub.com/defenseunicorns/uds-cli/pull/619) - chore(deps): update homebrew/actions digest to [`677db44`](https://togithub.com/defenseunicorns/uds-cli/commit/677db44) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/620](https://togithub.com/defenseunicorns/uds-cli/pull/620) - chore(deps): update github/codeql-action action to v3.25.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/625](https://togithub.com/defenseunicorns/uds-cli/pull/625) - chore(deps): update anchore/sbom-action action to v0.16.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/623](https://togithub.com/defenseunicorns/uds-cli/pull/623) - feat: allow helm overrides from valuesfile by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/594](https://togithub.com/defenseunicorns/uds-cli/pull/594) - chore: removes bubbletea tui by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/626](https://togithub.com/defenseunicorns/uds-cli/pull/626) - chore: update linting configuration by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/627](https://togithub.com/defenseunicorns/uds-cli/pull/627) - docs: dev deploy ADR by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/560](https://togithub.com/defenseunicorns/uds-cli/pull/560) - fix(deps): update module helm.sh/helm/v3 to v3.15.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/612](https://togithub.com/defenseunicorns/uds-cli/pull/612) - feat: strict bundle yaml validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/596](https://togithub.com/defenseunicorns/uds-cli/pull/596) - feat: dev deploy remote bundles by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/629](https://togithub.com/defenseunicorns/uds-cli/pull/629) - chore: update to de-zarfed Maru by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/uds-cli/pull/636](https://togithub.com/defenseunicorns/uds-cli/pull/636) - fix(deps): update module helm.sh/helm/v3 to v3.15.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/634](https://togithub.com/defenseunicorns/uds-cli/pull/634) - chore(deps): update docker/login-action action to v3.2.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/640](https://togithub.com/defenseunicorns/uds-cli/pull/640) - chore(deps): update homebrew/actions digest to [`a618804`](https://togithub.com/defenseunicorns/uds-cli/commit/a618804) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/632](https://togithub.com/defenseunicorns/uds-cli/pull/632) - fix(deps): update golang.org/x/exp digest to [`4c93da0`](https://togithub.com/defenseunicorns/uds-cli/commit/4c93da0) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/639](https://togithub.com/defenseunicorns/uds-cli/pull/639) - chore(deps): update podinfo to v6.6.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/633](https://togithub.com/defenseunicorns/uds-cli/pull/633) - chore(deps): update zarf to v0.33.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/585](https://togithub.com/defenseunicorns/uds-cli/pull/585) - feat: remove unnecessary bundle layers and refactor verification by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/622](https://togithub.com/defenseunicorns/uds-cli/pull/622) - feat: uds config validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/618](https://togithub.com/defenseunicorns/uds-cli/pull/618) - fix: ensures partial pkgs are correct and adds smoke test to workflows by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/643](https://togithub.com/defenseunicorns/uds-cli/pull/643) - fix: typo in Zarf pkg name and refactor smoke test workflow by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/644](https://togithub.com/defenseunicorns/uds-cli/pull/644) **Full Changelog**: defenseunicorns/uds-cli@v0.10.4...v0.11.0 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.4.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.4...v0.4.5) ##### Miscellaneous - **deps:** update support-deps to v0.11.0 ([#​137](https://togithub.com/defenseunicorns/uds-common/issues/137)) ([985dfd7](https://togithub.com/defenseunicorns/uds-common/commit/985dfd7f9d745d07daa528e7dfdc982c61b2da4b)) ### [`v0.4.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.3...v0.4.4) ##### Miscellaneous - pull debug / log actions from uds-core ([#​135](https://togithub.com/defenseunicorns/uds-common/issues/135)) ([b3c9928](https://togithub.com/defenseunicorns/uds-common/commit/b3c99286e4200c98a61d86484030f2be5ebb5c70)) ### [`v0.4.3`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.3) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.2...v0.4.3) ##### Bug Fixes - update renovate config to use docker versioning for zarf images ([#​128](https://togithub.com/defenseunicorns/uds-common/issues/128)) ([c18e125](https://togithub.com/defenseunicorns/uds-common/commit/c18e12507384328bb53b81c096bc9827f96ba114)) ##### Miscellaneous - add an airgap note to UDS Package Practices (clarity is kindness) ([#​126](https://togithub.com/defenseunicorns/uds-common/issues/126)) ([b70e1fe](https://togithub.com/defenseunicorns/uds-common/commit/b70e1fe165a521a33789298a7e69aa6a59d54968)) - adjust UDS package practice formatting ([#​123](https://togithub.com/defenseunicorns/uds-common/issues/123)) ([f351d04](https://togithub.com/defenseunicorns/uds-common/commit/f351d04732a6e6e6fc2c62eff13f625a613effcc)) - **deps:** update uds common package dependencies to v6.6.3 ([#​132](https://togithub.com/defenseunicorns/uds-common/issues/132)) ([0ebdd1f](https://togithub.com/defenseunicorns/uds-common/commit/0ebdd1f5f2aa32720c88347027215305573bc716)) - **deps:** update uds common support dependencies ([#​125](https://togithub.com/defenseunicorns/uds-common/issues/125)) ([e014724](https://togithub.com/defenseunicorns/uds-common/commit/e01472454d2b3ef9665546fbb24c9980f090d238)) - **deps:** update uds common support dependencies to v0.22.0 ([#​133](https://togithub.com/defenseunicorns/uds-common/issues/133)) ([2cf903d](https://togithub.com/defenseunicorns/uds-common/commit/2cf903d41d0dbfda1baaa9629d1fa3c5d1a88110)) - initial package practices ([#​117](https://togithub.com/defenseunicorns/uds-common/issues/117)) ([d292b21](https://togithub.com/defenseunicorns/uds-common/commit/d292b216da73493743cd0a67b9763549c87c1819)) - update package practices with a bit more feedback ([#​129](https://togithub.com/defenseunicorns/uds-common/issues/129)) ([af34fc9](https://togithub.com/defenseunicorns/uds-common/commit/af34fc90104c57d11a08678186b8b2aeaaac135d)) ### [`v0.4.2`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.2) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.1...v0.4.2) ##### Miscellaneous - give doug a mattermostid attribute and update uds version ([#​120](https://togithub.com/defenseunicorns/uds-common/issues/120)) ([4a85172](https://togithub.com/defenseunicorns/uds-common/commit/4a851720a8ac7e62826efda9e92200ba3a5b6709)) ### [`v0.4.1`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.1) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.0...v0.4.1) ##### Miscellaneous - **deps:** update uds common support dependencies ([#​116](https://togithub.com/defenseunicorns/uds-common/issues/116)) ([8aed1e0](https://togithub.com/defenseunicorns/uds-common/commit/8aed1e0ae8b4d65f7418664e8f2c73a16bf42801)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.34.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.34.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0) #### What's Changed - refactor: move validate to expose it as receivers by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2419](https://togithub.com/defenseunicorns/zarf/pull/2419) - docs: add additional detail to security policy by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2488](https://togithub.com/defenseunicorns/zarf/pull/2488) - chore: cleanup stale grype ignores and patch golang.org/x/net CVE by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2492](https://togithub.com/defenseunicorns/zarf/pull/2492) - docs: injector and init package reference material by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2468](https://togithub.com/defenseunicorns/zarf/pull/2468) - chore: patch CVE-2024-3817 by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2498](https://togithub.com/defenseunicorns/zarf/pull/2498) - refactor: cleaner image pulls by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2460](https://togithub.com/defenseunicorns/zarf/pull/2460) - chore: adding [@​dgershman](https://togithub.com/dgershman) by [@​dgershman](https://togithub.com/dgershman) in [https://github.com/defenseunicorns/zarf/pull/2506](https://togithub.com/defenseunicorns/zarf/pull/2506) - refactor: context usage in k8s code by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2405](https://togithub.com/defenseunicorns/zarf/pull/2405) - ci: run revive using golang-lint-ci by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2499](https://togithub.com/defenseunicorns/zarf/pull/2499) - feat: update injector away from rouille to axum by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2457](https://togithub.com/defenseunicorns/zarf/pull/2457) - refactor: enable testifylint linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2504](https://togithub.com/defenseunicorns/zarf/pull/2504) - chore: remove rouille CVE from grype ignore by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2515](https://togithub.com/defenseunicorns/zarf/pull/2515) - fix(agent): missing path for pod without labels by [@​brandtkeller](https://togithub.com/brandtkeller) in [https://github.com/defenseunicorns/zarf/pull/2518](https://togithub.com/defenseunicorns/zarf/pull/2518) - fix: adopt namespace metadata by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2494](https://togithub.com/defenseunicorns/zarf/pull/2494) - refactor: enable ineffassign linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2500](https://togithub.com/defenseunicorns/zarf/pull/2500) - test: cluster getDeployedPackages by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2523](https://togithub.com/defenseunicorns/zarf/pull/2523) - test: add unit tests for merge zarf state by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2522](https://togithub.com/defenseunicorns/zarf/pull/2522) - test: pod agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2526](https://togithub.com/defenseunicorns/zarf/pull/2526) - docs: add google analytics for docs pages by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2530](https://togithub.com/defenseunicorns/zarf/pull/2530) - test: add unit tests for detect distro by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2521](https://togithub.com/defenseunicorns/zarf/pull/2521) - test: add tests for injector by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2534](https://togithub.com/defenseunicorns/zarf/pull/2534) - chore: add codecov by [@​schristoff-du](https://togithub.com/schristoff-du) in [https://github.com/defenseunicorns/zarf/pull/2529](https://togithub.com/defenseunicorns/zarf/pull/2529) - chore: add unit tests for creator.LoadPackageDefinition by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2531](https://togithub.com/defenseunicorns/zarf/pull/2531) - test: refactor network test by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2533](https://togithub.com/defenseunicorns/zarf/pull/2533) - test: agent flux unit test by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2528](https://togithub.com/defenseunicorns/zarf/pull/2528) - chore: fix codecov by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2538](https://togithub.com/defenseunicorns/zarf/pull/2538) - test: creator.ComposeComponents by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2537](https://togithub.com/defenseunicorns/zarf/pull/2537) - refactor: remove use of k8s serivce account by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2544](https://togithub.com/defenseunicorns/zarf/pull/2544) - refactor: remove use of k8s service by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2543](https://togithub.com/defenseunicorns/zarf/pull/2543) - refactor: remove use of k8s configmap by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2541](https://togithub.com/defenseunicorns/zarf/pull/2541) - refactor: remove use of k8s hpa by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2542](https://togithub.com/defenseunicorns/zarf/pull/2542) - test: add secrets tests by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2540](https://togithub.com/defenseunicorns/zarf/pull/2540) - refactor: allow callers to directly set logfile location by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2545](https://togithub.com/defenseunicorns/zarf/pull/2545) - test: add test for packager source by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2525](https://togithub.com/defenseunicorns/zarf/pull/2525) - chore: add unit tests to variables pkg by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2519](https://togithub.com/defenseunicorns/zarf/pull/2519) - test: clean up tests for composer by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2532](https://togithub.com/defenseunicorns/zarf/pull/2532) - test: argo agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2536](https://togithub.com/defenseunicorns/zarf/pull/2536) - fix(release): do not delete testdata in release workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2547](https://togithub.com/defenseunicorns/zarf/pull/2547) **Full Changelog**: zarf-dev/zarf@v0.33.2...v0.34.0 ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: zarf-dev/zarf@v0.33.1...v0.33.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>google-github-actions/release-please-action (google-github-actions/release-please-action)</summary> ### [`v4.1.1`](https://togithub.com/google-github-actions/release-please-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/google-github-actions/release-please-action/compare/v4.1.0...v4.1.1) ##### Bug Fixes - add deprecation warning to workflow run ([#​1](https://togithub.com/google-github-actions/release-please-action/issues/1)) ([edb78cf](https://togithub.com/google-github-actions/release-please-action/commit/edb78cf884d22d5d991d94144d031fce49cadbea)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-postgres-operator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMzEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
andrewpollock
referenced
this pull request
in google/osv.dev
Jun 12, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gaurav-nelson/github-action-markdown-link-check | action | digest | `0f074c8` -> `7d83e59` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.24.7` -> `v2.25.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.25.8`](https://togithub.com/github/codeql-action/compare/v2.25.7...v2.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.7...v2.25.8) ### [`v2.25.7`](https://togithub.com/github/codeql-action/compare/v2.25.6...v2.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.6...v2.25.7) ### [`v2.25.6`](https://togithub.com/github/codeql-action/compare/v2.25.5...v2.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.5...v2.25.6) ### [`v2.25.5`](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) ### [`v2.25.4`](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) ### [`v2.25.3`](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3) ### [`v2.25.2`](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2) ### [`v2.25.1`](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1) ### [`v2.25.0`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.11...v2.25.0) ### [`v2.24.11`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11) ### [`v2.24.10`](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10) ### [`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODguMSIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Racer159
referenced
this pull request
in defenseunicorns/uds-package-valkey
Jun 12, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [defenseunicorns/uds-cli](https://togithub.com/defenseunicorns/uds-cli) | | minor | `v0.10.4` -> `v0.11.1` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | minor | `v0.4.6` -> `v0.5.0` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | minor | `v0.4.6` -> `v0.5.0` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.33.1` -> `v0.34.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.9` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | patch | `v4.1.0` -> `v4.1.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.11.1`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.1) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.11.0...v0.11.1) ##### What's Changed - chore: run CI tests in parallel, remove alpha status by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/645](https://togithub.com/defenseunicorns/uds-cli/pull/645) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/635](https://togithub.com/defenseunicorns/uds-cli/pull/635) - chore: update codeowners by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/647](https://togithub.com/defenseunicorns/uds-cli/pull/647) - docs: add note about UDS_ARCH by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/652](https://togithub.com/defenseunicorns/uds-cli/pull/652) - feat: add file type variables to bundles by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/631](https://togithub.com/defenseunicorns/uds-cli/pull/631) - fix: arch check in PreDeployValidation by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/657](https://togithub.com/defenseunicorns/uds-cli/pull/657) - fix(deps): update module github.com/spf13/viper to v1.19.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/651](https://togithub.com/defenseunicorns/uds-cli/pull/651) - chore(deps): update homebrew/actions digest to [`24e4659`](https://togithub.com/defenseunicorns/uds-cli/commit/24e4659) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/650](https://togithub.com/defenseunicorns/uds-cli/pull/650) - fix(deps): update module golang.org/x/mod to v0.18.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/659](https://togithub.com/defenseunicorns/uds-cli/pull/659) - feat: uds security hub integration by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/662](https://togithub.com/defenseunicorns/uds-cli/pull/662) - feat: adds --list-images arg to inspect by [@​eFAILution](https://togithub.com/eFAILution) in [https://github.com/defenseunicorns/uds-cli/pull/599](https://togithub.com/defenseunicorns/uds-cli/pull/599) - chore: small refactors and docs updates by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/671](https://togithub.com/defenseunicorns/uds-cli/pull/671) - feat: dev deploy --ref and --flavor flags by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/638](https://togithub.com/defenseunicorns/uds-cli/pull/638) - fix(deps): update module github.com/defenseunicorns/uds-security-hub to v0.0.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/673](https://togithub.com/defenseunicorns/uds-cli/pull/673) - chore: fix typos by [@​beholdenkey](https://togithub.com/beholdenkey) in [https://github.com/defenseunicorns/uds-cli/pull/676](https://togithub.com/defenseunicorns/uds-cli/pull/676) - chore: cleans up lang file and docs, use PRs for brew releases by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/675](https://togithub.com/defenseunicorns/uds-cli/pull/675) - chore(deps): update goreleaser/goreleaser-action action to v6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/661](https://togithub.com/defenseunicorns/uds-cli/pull/661) - feat: integrated docs between uds and uds-cli by [@​UnicornChance](https://togithub.com/UnicornChance) in [https://github.com/defenseunicorns/uds-cli/pull/646](https://togithub.com/defenseunicorns/uds-cli/pull/646) - chore: shorten readme before docs site roll out by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/679](https://togithub.com/defenseunicorns/uds-cli/pull/679) - fix: install trivy for security hub and parallelize release by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/680](https://togithub.com/defenseunicorns/uds-cli/pull/680) - fix: release workflow typos by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/681](https://togithub.com/defenseunicorns/uds-cli/pull/681) ##### New Contributors - [@​eFAILution](https://togithub.com/eFAILution) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/599](https://togithub.com/defenseunicorns/uds-cli/pull/599) - [@​beholdenkey](https://togithub.com/beholdenkey) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/676](https://togithub.com/defenseunicorns/uds-cli/pull/676) - [@​UnicornChance](https://togithub.com/UnicornChance) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/646](https://togithub.com/defenseunicorns/uds-cli/pull/646) **Full Changelog**: defenseunicorns/uds-cli@v0.11.0...v0.11.1 ### [`v0.11.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.0) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.4...v0.11.0) ##### What's Changed - chore(deps): update actions/upload-artifact action to v4.3.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/574](https://togithub.com/defenseunicorns/uds-cli/pull/574) - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/defenseunicorns/uds-cli/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/571](https://togithub.com/defenseunicorns/uds-cli/pull/571) - chore(deps): update github/codeql-action action to v3.25.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/570](https://togithub.com/defenseunicorns/uds-cli/pull/570) - fix(deps): update module github.com/defenseunicorns/pkg/oci to v0.0.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/576](https://togithub.com/defenseunicorns/uds-cli/pull/576) - fix: permit absolute paths for bundle create by [@​ZachGallagher](https://togithub.com/ZachGallagher) in [https://github.com/defenseunicorns/uds-cli/pull/554](https://togithub.com/defenseunicorns/uds-cli/pull/554) - fix: ensure we handle paths correctly in dev deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/582](https://togithub.com/defenseunicorns/uds-cli/pull/582) - chore(deps): update actions/download-artifact action to v4.1.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/573](https://togithub.com/defenseunicorns/uds-cli/pull/573) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/575](https://togithub.com/defenseunicorns/uds-cli/pull/575) - chore(deps): update actions/checkout action to v4.1.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/578](https://togithub.com/defenseunicorns/uds-cli/pull/578) - chore(deps): update actions/upload-artifact action to v4.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/579](https://togithub.com/defenseunicorns/uds-cli/pull/579) - chore(deps): update github/codeql-action action to v3.25.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/580](https://togithub.com/defenseunicorns/uds-cli/pull/580) - chore(deps): update anchore/sbom-action action to v0.15.11 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/587](https://togithub.com/defenseunicorns/uds-cli/pull/587) - chore: ensure vendored tools versions print out by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/586](https://togithub.com/defenseunicorns/uds-cli/pull/586) - chore(deps): update actions/checkout action to v4.1.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/597](https://togithub.com/defenseunicorns/uds-cli/pull/597) - chore(deps): update github/codeql-action action to v3.25.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/595](https://togithub.com/defenseunicorns/uds-cli/pull/595) - fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/593](https://togithub.com/defenseunicorns/uds-cli/pull/593) - chore(deps): update actions/setup-go action to v5.0.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/590](https://togithub.com/defenseunicorns/uds-cli/pull/590) - chore: update contributing doc by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/598](https://togithub.com/defenseunicorns/uds-cli/pull/598) - chore: swap Makefile for Maru by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/602](https://togithub.com/defenseunicorns/uds-cli/pull/602) - chore(deps): update github/codeql-action action to v3.25.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/606](https://togithub.com/defenseunicorns/uds-cli/pull/606) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/605](https://togithub.com/defenseunicorns/uds-cli/pull/605) - chore(deps): update ossf/scorecard-action action to v2.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/601](https://togithub.com/defenseunicorns/uds-cli/pull/601) - chore(deps): update goreleaser/goreleaser-action action to v5.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/604](https://togithub.com/defenseunicorns/uds-cli/pull/604) - chore: bump Go version to 1.21.10 by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/609](https://togithub.com/defenseunicorns/uds-cli/pull/609) - feat: remove q for canceling deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/603](https://togithub.com/defenseunicorns/uds-cli/pull/603) - chore: remove dead end code by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/611](https://togithub.com/defenseunicorns/uds-cli/pull/611) - chore: test getArch by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/621](https://togithub.com/defenseunicorns/uds-cli/pull/621) - chore(deps): update actions/checkout action to v4.1.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/619](https://togithub.com/defenseunicorns/uds-cli/pull/619) - chore(deps): update homebrew/actions digest to [`677db44`](https://togithub.com/defenseunicorns/uds-cli/commit/677db44) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/620](https://togithub.com/defenseunicorns/uds-cli/pull/620) - chore(deps): update github/codeql-action action to v3.25.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/625](https://togithub.com/defenseunicorns/uds-cli/pull/625) - chore(deps): update anchore/sbom-action action to v0.16.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/623](https://togithub.com/defenseunicorns/uds-cli/pull/623) - feat: allow helm overrides from valuesfile by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/594](https://togithub.com/defenseunicorns/uds-cli/pull/594) - chore: removes bubbletea tui by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/626](https://togithub.com/defenseunicorns/uds-cli/pull/626) - chore: update linting configuration by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/627](https://togithub.com/defenseunicorns/uds-cli/pull/627) - docs: dev deploy ADR by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/560](https://togithub.com/defenseunicorns/uds-cli/pull/560) - fix(deps): update module helm.sh/helm/v3 to v3.15.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/612](https://togithub.com/defenseunicorns/uds-cli/pull/612) - feat: strict bundle yaml validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/596](https://togithub.com/defenseunicorns/uds-cli/pull/596) - feat: dev deploy remote bundles by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/629](https://togithub.com/defenseunicorns/uds-cli/pull/629) - chore: update to de-zarfed Maru by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/uds-cli/pull/636](https://togithub.com/defenseunicorns/uds-cli/pull/636) - fix(deps): update module helm.sh/helm/v3 to v3.15.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/634](https://togithub.com/defenseunicorns/uds-cli/pull/634) - chore(deps): update docker/login-action action to v3.2.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/640](https://togithub.com/defenseunicorns/uds-cli/pull/640) - chore(deps): update homebrew/actions digest to [`a618804`](https://togithub.com/defenseunicorns/uds-cli/commit/a618804) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/632](https://togithub.com/defenseunicorns/uds-cli/pull/632) - fix(deps): update golang.org/x/exp digest to [`4c93da0`](https://togithub.com/defenseunicorns/uds-cli/commit/4c93da0) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/639](https://togithub.com/defenseunicorns/uds-cli/pull/639) - chore(deps): update podinfo to v6.6.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/633](https://togithub.com/defenseunicorns/uds-cli/pull/633) - chore(deps): update zarf to v0.33.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/585](https://togithub.com/defenseunicorns/uds-cli/pull/585) - feat: remove unnecessary bundle layers and refactor verification by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/622](https://togithub.com/defenseunicorns/uds-cli/pull/622) - feat: uds config validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/618](https://togithub.com/defenseunicorns/uds-cli/pull/618) - fix: ensures partial pkgs are correct and adds smoke test to workflows by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/643](https://togithub.com/defenseunicorns/uds-cli/pull/643) - fix: typo in Zarf pkg name and refactor smoke test workflow by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/644](https://togithub.com/defenseunicorns/uds-cli/pull/644) **Full Changelog**: defenseunicorns/uds-cli@v0.10.4...v0.11.0 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.5.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.5.0) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.6...v0.5.0) ##### ⚠ BREAKING CHANGES - update publish to take architecture as an input ([#​143](https://togithub.com/defenseunicorns/uds-common/issues/143)) ##### Miscellaneous - update publish to take architecture as an input ([#​143](https://togithub.com/defenseunicorns/uds-common/issues/143)) ([62620f5](https://togithub.com/defenseunicorns/uds-common/commit/62620f59c14c773e5f6f07aaafc70ae34cff36bd)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.34.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.34.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0) #### What's Changed - refactor: move validate to expose it as receivers by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2419](https://togithub.com/defenseunicorns/zarf/pull/2419) - docs: add additional detail to security policy by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2488](https://togithub.com/defenseunicorns/zarf/pull/2488) - chore: cleanup stale grype ignores and patch golang.org/x/net CVE by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2492](https://togithub.com/defenseunicorns/zarf/pull/2492) - docs: injector and init package reference material by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2468](https://togithub.com/defenseunicorns/zarf/pull/2468) - chore: patch CVE-2024-3817 by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2498](https://togithub.com/defenseunicorns/zarf/pull/2498) - refactor: cleaner image pulls by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2460](https://togithub.com/defenseunicorns/zarf/pull/2460) - chore: adding [@​dgershman](https://togithub.com/dgershman) by [@​dgershman](https://togithub.com/dgershman) in [https://github.com/defenseunicorns/zarf/pull/2506](https://togithub.com/defenseunicorns/zarf/pull/2506) - refactor: context usage in k8s code by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2405](https://togithub.com/defenseunicorns/zarf/pull/2405) - ci: run revive using golang-lint-ci by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2499](https://togithub.com/defenseunicorns/zarf/pull/2499) - feat: update injector away from rouille to axum by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2457](https://togithub.com/defenseunicorns/zarf/pull/2457) - refactor: enable testifylint linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2504](https://togithub.com/defenseunicorns/zarf/pull/2504) - chore: remove rouille CVE from grype ignore by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2515](https://togithub.com/defenseunicorns/zarf/pull/2515) - fix(agent): missing path for pod without labels by [@​brandtkeller](https://togithub.com/brandtkeller) in [https://github.com/defenseunicorns/zarf/pull/2518](https://togithub.com/defenseunicorns/zarf/pull/2518) - fix: adopt namespace metadata by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2494](https://togithub.com/defenseunicorns/zarf/pull/2494) - refactor: enable ineffassign linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2500](https://togithub.com/defenseunicorns/zarf/pull/2500) - test: cluster getDeployedPackages by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2523](https://togithub.com/defenseunicorns/zarf/pull/2523) - test: add unit tests for merge zarf state by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2522](https://togithub.com/defenseunicorns/zarf/pull/2522) - test: pod agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2526](https://togithub.com/defenseunicorns/zarf/pull/2526) - docs: add google analytics for docs pages by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2530](https://togithub.com/defenseunicorns/zarf/pull/2530) - test: add unit tests for detect distro by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2521](https://togithub.com/defenseunicorns/zarf/pull/2521) - test: add tests for injector by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2534](https://togithub.com/defenseunicorns/zarf/pull/2534) - chore: add codecov by [@​schristoff-du](https://togithub.com/schristoff-du) in [https://github.com/defenseunicorns/zarf/pull/2529](https://togithub.com/defenseunicorns/zarf/pull/2529) - chore: add unit tests for creator.LoadPackageDefinition by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2531](https://togithub.com/defenseunicorns/zarf/pull/2531) - test: refactor network test by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2533](https://togithub.com/defenseunicorns/zarf/pull/2533) - test: agent flux unit test by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2528](https://togithub.com/defenseunicorns/zarf/pull/2528) - chore: fix codecov by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2538](https://togithub.com/defenseunicorns/zarf/pull/2538) - test: creator.ComposeComponents by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2537](https://togithub.com/defenseunicorns/zarf/pull/2537) - refactor: remove use of k8s serivce account by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2544](https://togithub.com/defenseunicorns/zarf/pull/2544) - refactor: remove use of k8s service by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2543](https://togithub.com/defenseunicorns/zarf/pull/2543) - refactor: remove use of k8s configmap by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2541](https://togithub.com/defenseunicorns/zarf/pull/2541) - refactor: remove use of k8s hpa by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2542](https://togithub.com/defenseunicorns/zarf/pull/2542) - test: add secrets tests by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2540](https://togithub.com/defenseunicorns/zarf/pull/2540) - refactor: allow callers to directly set logfile location by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2545](https://togithub.com/defenseunicorns/zarf/pull/2545) - test: add test for packager source by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2525](https://togithub.com/defenseunicorns/zarf/pull/2525) - chore: add unit tests to variables pkg by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2519](https://togithub.com/defenseunicorns/zarf/pull/2519) - test: clean up tests for composer by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2532](https://togithub.com/defenseunicorns/zarf/pull/2532) - test: argo agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2536](https://togithub.com/defenseunicorns/zarf/pull/2536) - fix(release): do not delete testdata in release workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2547](https://togithub.com/defenseunicorns/zarf/pull/2547) **Full Changelog**: zarf-dev/zarf@v0.33.2...v0.34.0 ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: zarf-dev/zarf@v0.33.1...v0.33.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>google-github-actions/release-please-action (google-github-actions/release-please-action)</summary> ### [`v4.1.1`](https://togithub.com/google-github-actions/release-please-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/google-github-actions/release-please-action/compare/v4.1.0...v4.1.1) ##### Bug Fixes - add deprecation warning to workflow run ([#​1](https://togithub.com/google-github-actions/release-please-action/issues/1)) ([edb78cf](https://togithub.com/google-github-actions/release-please-action/commit/edb78cf884d22d5d991d94144d031fce49cadbea)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-valkey). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Release-As: v7.2.5-uds.0
ramonpetgrave64
referenced
this pull request
in slsa-framework/slsa-verifier
Jul 1, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | minor | `v4.2.5` -> `v4.3.3` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [actionsdesk/lfs-warning](https://togithub.com/actionsdesk/lfs-warning) | action | minor | `v3.2` -> `v3.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.24.9` -> `v3.25.11` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | pinDigest | -> `d6238b0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | pinDigest | -> `c747fe7` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | minor | `v2.4.1` -> `v2.5.1` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761) **Full Changelog**: actions/dependency-review-action@v4.3.1...v4.3.2 ### [`v4.3.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://togithub.com/actions/dependency-review-action/pull/753). **Full Changelog**: actions/dependency-review-action@V4.3.0...v4.3.1 ### [`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@​febuiles](https://togithub.com/febuiles) and [@​bteng22](https://togithub.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) #### New Contributors - [@​bteng22](https://togithub.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) - [@​lukehinds](https://togithub.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) **Full Changelog**: actions/dependency-review-action@v4.2.5...V4.3.0 </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>actionsdesk/lfs-warning (actionsdesk/lfs-warning)</summary> ### [`v3.3`](https://togithub.com/ppremk/lfs-warning/releases/tag/v3.3) [Compare Source](https://togithub.com/actionsdesk/lfs-warning/compare/v3.2...v3.3) #### What's Changed - update node js to 16 by [@​GlazerMann](https://togithub.com/GlazerMann) in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - Fixing README to match repo move by [@​samthebest](https://togithub.com/samthebest) in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - Update CODEOWNERS by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) - Bump http-cache-semantics from 4.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/151](https://togithub.com/ppremk/lfs-warning/pull/151) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/159](https://togithub.com/ppremk/lfs-warning/pull/159) - Bump tough-cookie from 4.0.0 to 4.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/160](https://togithub.com/ppremk/lfs-warning/pull/160) - Bump cacheable-request and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/152](https://togithub.com/ppremk/lfs-warning/pull/152) - Update emoji and convert file list to markdown list by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/161](https://togithub.com/ppremk/lfs-warning/pull/161) - Bump got and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/155](https://togithub.com/ppremk/lfs-warning/pull/155) - Exclude files without blob_url when getting PR blobs by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/162](https://togithub.com/ppremk/lfs-warning/pull/162) - Support pull_request_target by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/164](https://togithub.com/ppremk/lfs-warning/pull/164) - Update-node by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/163](https://togithub.com/ppremk/lfs-warning/pull/163) - Fix text setup for the issue comment by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/166](https://togithub.com/ppremk/lfs-warning/pull/166) - Validate PR changes to make sure there are no changes missing by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/165](https://togithub.com/ppremk/lfs-warning/pull/165) - Fix emoji by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/167](https://togithub.com/ppremk/lfs-warning/pull/167) - Bump undici from 5.28.2 to 5.28.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/171](https://togithub.com/ppremk/lfs-warning/pull/171) #### New Contributors - [@​GlazerMann](https://togithub.com/GlazerMann) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - [@​samthebest](https://togithub.com/samthebest) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) **Full Changelog**: ppremk/lfs-warning@v3.2...v3.3 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) ### [`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.5.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1) #### What's Changed - feat: Add cosign registry opts for provenance registry by [@​saisatishkarra](https://togithub.com/saisatishkarra) in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) and [https://github.com/slsa-framework/slsa-verifier/pull/736](https://togithub.com/slsa-framework/slsa-verifier/pull/736) - feat: Add support for DSSE Rekor type by [@​haydentherapper](https://togithub.com/haydentherapper) in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) #### New Contributors - [@​saisatishkarra](https://togithub.com/saisatishkarra) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) - [@​ramonpetgrave64](https://togithub.com/ramonpetgrave64) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/737](https://togithub.com/slsa-framework/slsa-verifier/pull/737) - [@​haydentherapper](https://togithub.com/haydentherapper) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) **Full Changelog**: v2.4.1...v2.5.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
renovate bot
referenced
this pull request
in redwoodjs/redwood
Sep 9, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.1` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 ### [`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Josh-Walker-GM
referenced
this pull request
in redwoodjs/redwood
Sep 10, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.1` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 ### [`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Now that repo rules work with the default GITHUB_TOKEN, there's little need to recommend them.