Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README #773

Merged
merged 12 commits into from
May 30, 2024

Conversation

am-stead
Copy link
Contributor

Linked to: "[Improvement]: Help streamline / simplify dependency review action README#14071"

Suggestions made:

  • Added TOC for easier navigation
  • Re-worked intro into an "Overview" section and a "Viewing your results" sub-section.
    • Added some info on where/how to find job logs / job summary. (Needs checking for accuracy)
  • Re-structured content into new heading and sub-headings.
    • Re-structured "Installation" and added mini TOC ("Installation (Standard)", "Installation (GitHub Enterprise Server)"
    • Re-configured "Configuration options" section into "Configuration" and added mini TOC to two sub-sections: "Configuration options" and "Configuration methods".
    • Merged existing table notes and considerations for configuration options into one "Notes" sections after the large table.
    • Split "configuration methods" into two sub-sub-sections ("Option 1: Using inline configuration..." and "Option 2: Using an external configuration file")
    • Re-worked same content for clarity - into set procedural steps.
  • Kept final sections as they are (Outputs, Blocking pull requests [re-named section heading to something more explanative], Getting help, Contributing, Licenses)
  • Updated GHES links to "enterprise-server@latest" (e.g.) https://docs.github.com/en/enterprise-server@latest/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise (The existing links link out to GHES 3.8 (soon to be deprecated), so this will keep the links up to date.)
  • Added a link to docs for general info on dependency review (suggestion)

To do:

  • For "Outputs" - what is outputs used for? I would like to add an intro line here, but I'm not sure what to put. Could you advise?

@am-stead am-stead requested a review from a team as a code owner May 24, 2024 07:44
@am-stead
Copy link
Contributor Author

am-stead commented May 24, 2024

👋 @jonjanego

This week for Docs Hack Week I took a look at the README for dependency-review-action. I have made some suggestions for your consideration (summarised above). ✨

README.md Outdated Show resolved Hide resolved
Copy link
Collaborator

@jonjanego jonjanego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is AMAZING thank you @am-stead

i have filled in the "TODO" content and added a formatting suggestion

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
am-stead and others added 2 commits May 27, 2024 09:13
Co-authored-by: Jon Janego <jonjanego@github.com>
Co-authored-by: Jon Janego <jonjanego@github.com>
README.md Outdated Show resolved Hide resolved
Copy link
Collaborator

@jonjanego jonjanego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one suggested removal, one comment.

thx!

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@jonjanego jonjanego merged commit 981e960 into actions:main May 30, 2024
3 checks passed
Racer159 referenced this pull request in defenseunicorns/maru-runner Jun 7, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | patch | `v1.10.0` -> `v1.10.1` |
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.33.2` -> `v0.34.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.6` -> `v3.25.8` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.10.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.1)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.0...v1.10.1)

##### Bug Fixes

- **deps:** bump the production-dependencies group with 2 updates
([#&#8203;138](https://togithub.com/actions/create-github-app-token/issues/138))
([8d81a59](https://togithub.com/actions/create-github-app-token/commit/8d81a59103d6d17f5ecc243eb5fd53757607a1d2)),
closes
[#&#8203;606](https://togithub.com/actions/create-github-app-token/issues/606)
[#&#8203;606](https://togithub.com/actions/create-github-app-token/issues/606)
[#&#8203;605](https://togithub.com/actions/create-github-app-token/issues/605)
[#&#8203;604](https://togithub.com/actions/create-github-app-token/issues/604)
[nodejs/undici#3295](https://togithub.com/nodejs/undici/issues/3295)
[nodejs/undici#3298](https://togithub.com/nodejs/undici/issues/3298)
[nodejs/undici#3294](https://togithub.com/nodejs/undici/issues/3294)
[nodejs/undici#3281](https://togithub.com/nodejs/undici/issues/3281)
[nodejs/undici#3286](https://togithub.com/nodejs/undici/issues/3286)
[nodejs/undici#3284](https://togithub.com/nodejs/undici/issues/3284)
[nodejs/undici#3291](https://togithub.com/nodejs/undici/issues/3291)
[nodejs/undici#3290](https://togithub.com/nodejs/undici/issues/3290)
[nodejs/undici#3283](https://togithub.com/nodejs/undici/issues/3283)
[nodejs/undici#3281](https://togithub.com/nodejs/undici/issues/3281)
[nodejs/undici#3263](https://togithub.com/nodejs/undici/issues/3263)
[nodejs/undici#3279](https://togithub.com/nodejs/undici/issues/3279)
[nodejs/undici#3227](https://togithub.com/nodejs/undici/issues/3227)
[nodejs/undici#3234](https://togithub.com/nodejs/undici/issues/3234)
[nodejs/undici#3240](https://togithub.com/nodejs/undici/issues/3240)
[nodejs/undici#3245](https://togithub.com/nodejs/undici/issues/3245)
[nodejs/undici#3241](https://togithub.com/nodejs/undici/issues/3241)
[nodejs/undici#3247](https://togithub.com/nodejs/undici/issues/3247)
[nodejs/undici#3248](https://togithub.com/nodejs/undici/issues/3248)
[nodejs/undici#3219](https://togithub.com/nodejs/undici/issues/3219)
[nodejs/undici#3251](https://togithub.com/nodejs/undici/issues/3251)
[nodejs/undici#3254](https://togithub.com/nodejs/undici/issues/3254)
[nodejs/undici#3258](https://togithub.com/nodejs/undici/issues/3258)
[nodejs/undici#3257](https://togithub.com/nodejs/undici/issues/3257)
[nodejs/undici#3259](https://togithub.com/nodejs/undici/issues/3259)
[nodejs/undici#3262](https://togithub.com/nodejs/undici/issues/3262)
[nodejs/undici#3264](https://togithub.com/nodejs/undici/issues/3264)
[nodejs/undici#3118](https://togithub.com/nodejs/undici/issues/3118)
[nodejs/undici#3269](https://togithub.com/nodejs/undici/issues/3269)
[#&#8203;3301](https://togithub.com/actions/create-github-app-token/issues/3301)
[#&#8203;3294](https://togithub.com/actions/create-github-app-token/issues/3294)
[#&#8203;3298](https://togithub.com/actions/create-github-app-token/issues/3298)
[#&#8203;3295](https://togithub.com/actions/create-github-app-token/issues/3295)
[#&#8203;3293](https://togithub.com/actions/create-github-app-token/issues/3293)
[#&#8203;3283](https://togithub.com/actions/create-github-app-token/issues/3283)
[#&#8203;3290](https://togithub.com/actions/create-github-app-token/issues/3290)
[#&#8203;3291](https://togithub.com/actions/create-github-app-token/issues/3291)
[#&#8203;3284](https://togithub.com/actions/create-github-app-token/issues/3284)
[#&#8203;3286](https://togithub.com/actions/create-github-app-token/issues/3286)

</details>

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.34.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.34.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0)

#### What's Changed

- refactor: move validate to expose it as receivers by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2419](https://togithub.com/defenseunicorns/zarf/pull/2419)
- docs: add additional detail to security policy by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2488](https://togithub.com/defenseunicorns/zarf/pull/2488)
- chore: cleanup stale grype ignores and patch golang.org/x/net CVE by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2492](https://togithub.com/defenseunicorns/zarf/pull/2492)
- docs: injector and init package reference material by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2468](https://togithub.com/defenseunicorns/zarf/pull/2468)
- chore: patch CVE-2024-3817 by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2498](https://togithub.com/defenseunicorns/zarf/pull/2498)
- refactor: cleaner image pulls by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2460](https://togithub.com/defenseunicorns/zarf/pull/2460)
- chore: adding [@&#8203;dgershman](https://togithub.com/dgershman) by
[@&#8203;dgershman](https://togithub.com/dgershman) in
[https://github.com/defenseunicorns/zarf/pull/2506](https://togithub.com/defenseunicorns/zarf/pull/2506)
- refactor: context usage in k8s code by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2405](https://togithub.com/defenseunicorns/zarf/pull/2405)
- ci: run revive using golang-lint-ci by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2499](https://togithub.com/defenseunicorns/zarf/pull/2499)
- feat: update injector away from rouille to axum by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/defenseunicorns/zarf/pull/2457](https://togithub.com/defenseunicorns/zarf/pull/2457)
- refactor: enable testifylint linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2504](https://togithub.com/defenseunicorns/zarf/pull/2504)
- chore: remove rouille CVE from grype ignore by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2515](https://togithub.com/defenseunicorns/zarf/pull/2515)
- fix(agent): missing path for pod without labels by
[@&#8203;brandtkeller](https://togithub.com/brandtkeller) in
[https://github.com/defenseunicorns/zarf/pull/2518](https://togithub.com/defenseunicorns/zarf/pull/2518)
- fix: adopt namespace metadata by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2494](https://togithub.com/defenseunicorns/zarf/pull/2494)
- refactor: enable ineffassign linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2500](https://togithub.com/defenseunicorns/zarf/pull/2500)
- test: cluster getDeployedPackages by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2523](https://togithub.com/defenseunicorns/zarf/pull/2523)
- test: add unit tests for merge zarf state by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2522](https://togithub.com/defenseunicorns/zarf/pull/2522)
- test: pod agent unit tests by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2526](https://togithub.com/defenseunicorns/zarf/pull/2526)
- docs: add google analytics for docs pages by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2530](https://togithub.com/defenseunicorns/zarf/pull/2530)
- test: add unit tests for detect distro by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2521](https://togithub.com/defenseunicorns/zarf/pull/2521)
- test: add tests for injector by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2534](https://togithub.com/defenseunicorns/zarf/pull/2534)
- chore: add codecov by
[@&#8203;schristoff-du](https://togithub.com/schristoff-du) in
[https://github.com/defenseunicorns/zarf/pull/2529](https://togithub.com/defenseunicorns/zarf/pull/2529)
- chore: add unit tests for creator.LoadPackageDefinition by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2531](https://togithub.com/defenseunicorns/zarf/pull/2531)
- test: refactor network test by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2533](https://togithub.com/defenseunicorns/zarf/pull/2533)
- test: agent flux unit test by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2528](https://togithub.com/defenseunicorns/zarf/pull/2528)
- chore: fix codecov by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/defenseunicorns/zarf/pull/2538](https://togithub.com/defenseunicorns/zarf/pull/2538)
- test: creator.ComposeComponents by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2537](https://togithub.com/defenseunicorns/zarf/pull/2537)
- refactor: remove use of k8s serivce account by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2544](https://togithub.com/defenseunicorns/zarf/pull/2544)
- refactor: remove use of k8s service by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2543](https://togithub.com/defenseunicorns/zarf/pull/2543)
- refactor: remove use of k8s configmap by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2541](https://togithub.com/defenseunicorns/zarf/pull/2541)
- refactor: remove use of k8s hpa by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2542](https://togithub.com/defenseunicorns/zarf/pull/2542)
- test: add secrets tests by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2540](https://togithub.com/defenseunicorns/zarf/pull/2540)
- refactor: allow callers to directly set logfile location by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2545](https://togithub.com/defenseunicorns/zarf/pull/2545)
- test: add test for packager source by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2525](https://togithub.com/defenseunicorns/zarf/pull/2525)
- chore: add unit tests to variables pkg by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2519](https://togithub.com/defenseunicorns/zarf/pull/2519)
- test: clean up tests for composer by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2532](https://togithub.com/defenseunicorns/zarf/pull/2532)
- test: argo agent unit tests by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2536](https://togithub.com/defenseunicorns/zarf/pull/2536)
- fix(release): do not delete testdata in release workflow by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2547](https://togithub.com/defenseunicorns/zarf/pull/2547)

**Full Changelog**:
zarf-dev/zarf@v0.33.2...v0.34.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

###
[`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsic3VwcG9ydC1kZXBzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159 referenced this pull request in defenseunicorns/uds-package-gitlab-runner Jun 9, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |
|
[defenseunicorns/uds-cli](https://togithub.com/defenseunicorns/uds-cli)
| | minor | `v0.10.4` -> `v0.11.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | patch | `v0.4.4` -> `v0.4.5` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | patch | `v0.4.4` -> `v0.4.5` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.6` -> `v3.25.8` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

<details>
<summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary>

###
[`v0.11.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.4...v0.11.0)

##### What's Changed

- chore(deps): update actions/upload-artifact action to v4.3.2 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/574](https://togithub.com/defenseunicorns/uds-cli/pull/574)
- fix(deps): update golang.org/x/exp digest to
[`fe59bbe`](https://togithub.com/defenseunicorns/uds-cli/commit/fe59bbe)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/571](https://togithub.com/defenseunicorns/uds-cli/pull/571)
- chore(deps): update github/codeql-action action to v3.25.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/570](https://togithub.com/defenseunicorns/uds-cli/pull/570)
- fix(deps): update module github.com/defenseunicorns/pkg/oci to v0.0.2
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/576](https://togithub.com/defenseunicorns/uds-cli/pull/576)
- fix: permit absolute paths for bundle create by
[@&#8203;ZachGallagher](https://togithub.com/ZachGallagher) in
[https://github.com/defenseunicorns/uds-cli/pull/554](https://togithub.com/defenseunicorns/uds-cli/pull/554)
- fix: ensure we handle paths correctly in dev deploy by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/582](https://togithub.com/defenseunicorns/uds-cli/pull/582)
- chore(deps): update actions/download-artifact action to v4.1.7 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/573](https://togithub.com/defenseunicorns/uds-cli/pull/573)
- fix(deps): update module github.com/defenseunicorns/pkg/helpers to
v1.1.1 by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/575](https://togithub.com/defenseunicorns/uds-cli/pull/575)
- chore(deps): update actions/checkout action to v4.1.4 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/578](https://togithub.com/defenseunicorns/uds-cli/pull/578)
- chore(deps): update actions/upload-artifact action to v4.3.3 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/579](https://togithub.com/defenseunicorns/uds-cli/pull/579)
- chore(deps): update github/codeql-action action to v3.25.3 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/580](https://togithub.com/defenseunicorns/uds-cli/pull/580)
- chore(deps): update anchore/sbom-action action to v0.15.11 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/587](https://togithub.com/defenseunicorns/uds-cli/pull/587)
- chore: ensure vendored tools versions print out by
[@&#8203;TristanHoladay](https://togithub.com/TristanHoladay) in
[https://github.com/defenseunicorns/uds-cli/pull/586](https://togithub.com/defenseunicorns/uds-cli/pull/586)
- chore(deps): update actions/checkout action to v4.1.5 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/597](https://togithub.com/defenseunicorns/uds-cli/pull/597)
- chore(deps): update github/codeql-action action to v3.25.4 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/595](https://togithub.com/defenseunicorns/uds-cli/pull/595)
- fix(deps): update module golang.org/x/exp to
v0.0.0-20240506185415-9bf2ced13842 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/593](https://togithub.com/defenseunicorns/uds-cli/pull/593)
- chore(deps): update actions/setup-go action to v5.0.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/590](https://togithub.com/defenseunicorns/uds-cli/pull/590)
- chore: update contributing doc by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/598](https://togithub.com/defenseunicorns/uds-cli/pull/598)
- chore: swap Makefile for Maru by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/602](https://togithub.com/defenseunicorns/uds-cli/pull/602)
- chore(deps): update github/codeql-action action to v3.25.5 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/606](https://togithub.com/defenseunicorns/uds-cli/pull/606)
- fix(deps): update module github.com/defenseunicorns/pkg/helpers to
v1.1.2 by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/605](https://togithub.com/defenseunicorns/uds-cli/pull/605)
- chore(deps): update ossf/scorecard-action action to v2.3.3 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/601](https://togithub.com/defenseunicorns/uds-cli/pull/601)
- chore(deps): update goreleaser/goreleaser-action action to v5.1.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/604](https://togithub.com/defenseunicorns/uds-cli/pull/604)
- chore: bump Go version to 1.21.10 by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/609](https://togithub.com/defenseunicorns/uds-cli/pull/609)
- feat: remove q for canceling deploy by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/603](https://togithub.com/defenseunicorns/uds-cli/pull/603)
- chore: remove dead end code by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/611](https://togithub.com/defenseunicorns/uds-cli/pull/611)
- chore: test getArch by
[@&#8203;TristanHoladay](https://togithub.com/TristanHoladay) in
[https://github.com/defenseunicorns/uds-cli/pull/621](https://togithub.com/defenseunicorns/uds-cli/pull/621)
- chore(deps): update actions/checkout action to v4.1.6 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/619](https://togithub.com/defenseunicorns/uds-cli/pull/619)
- chore(deps): update homebrew/actions digest to
[`677db44`](https://togithub.com/defenseunicorns/uds-cli/commit/677db44)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/620](https://togithub.com/defenseunicorns/uds-cli/pull/620)
- chore(deps): update github/codeql-action action to v3.25.6 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/625](https://togithub.com/defenseunicorns/uds-cli/pull/625)
- chore(deps): update anchore/sbom-action action to v0.16.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/623](https://togithub.com/defenseunicorns/uds-cli/pull/623)
- feat: allow helm overrides from valuesfile by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/uds-cli/pull/594](https://togithub.com/defenseunicorns/uds-cli/pull/594)
- chore: removes bubbletea tui by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/626](https://togithub.com/defenseunicorns/uds-cli/pull/626)
- chore: update linting configuration by
[@&#8203;TristanHoladay](https://togithub.com/TristanHoladay) in
[https://github.com/defenseunicorns/uds-cli/pull/627](https://togithub.com/defenseunicorns/uds-cli/pull/627)
- docs: dev deploy ADR by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/uds-cli/pull/560](https://togithub.com/defenseunicorns/uds-cli/pull/560)
- fix(deps): update module helm.sh/helm/v3 to v3.15.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/612](https://togithub.com/defenseunicorns/uds-cli/pull/612)
- feat: strict bundle yaml validation by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/uds-cli/pull/596](https://togithub.com/defenseunicorns/uds-cli/pull/596)
- feat: dev deploy remote bundles by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/uds-cli/pull/629](https://togithub.com/defenseunicorns/uds-cli/pull/629)
- chore: update to de-zarfed Maru by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[https://github.com/defenseunicorns/uds-cli/pull/636](https://togithub.com/defenseunicorns/uds-cli/pull/636)
- fix(deps): update module helm.sh/helm/v3 to v3.15.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/634](https://togithub.com/defenseunicorns/uds-cli/pull/634)
- chore(deps): update docker/login-action action to v3.2.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/640](https://togithub.com/defenseunicorns/uds-cli/pull/640)
- chore(deps): update homebrew/actions digest to
[`a618804`](https://togithub.com/defenseunicorns/uds-cli/commit/a618804)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/632](https://togithub.com/defenseunicorns/uds-cli/pull/632)
- fix(deps): update golang.org/x/exp digest to
[`4c93da0`](https://togithub.com/defenseunicorns/uds-cli/commit/4c93da0)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/639](https://togithub.com/defenseunicorns/uds-cli/pull/639)
- chore(deps): update podinfo to v6.6.3 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/633](https://togithub.com/defenseunicorns/uds-cli/pull/633)
- chore(deps): update zarf to v0.33.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/uds-cli/pull/585](https://togithub.com/defenseunicorns/uds-cli/pull/585)
- feat: remove unnecessary bundle layers and refactor verification by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/622](https://togithub.com/defenseunicorns/uds-cli/pull/622)
- feat: uds config validation by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/uds-cli/pull/618](https://togithub.com/defenseunicorns/uds-cli/pull/618)
- fix: ensures partial pkgs are correct and adds smoke test to workflows
by [@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/643](https://togithub.com/defenseunicorns/uds-cli/pull/643)
- fix: typo in Zarf pkg name and refactor smoke test workflow by
[@&#8203;UncleGedd](https://togithub.com/UncleGedd) in
[https://github.com/defenseunicorns/uds-cli/pull/644](https://togithub.com/defenseunicorns/uds-cli/pull/644)

**Full Changelog**:
defenseunicorns/uds-cli@v0.10.4...v0.11.0

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.4.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.5)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.4...v0.4.5)

##### Miscellaneous

- **deps:** update support-deps to v0.11.0
([#&#8203;137](https://togithub.com/defenseunicorns/uds-common/issues/137))
([985dfd7](https://togithub.com/defenseunicorns/uds-common/commit/985dfd7f9d745d07daa528e7dfdc982c61b2da4b))

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

###
[`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7am and before 9am every
weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
ericwyles referenced this pull request in defenseunicorns/uds-package-mattermost Jun 11, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.4.5` -> `v0.5.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.4.5` -> `v0.5.0` |
| [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint)
| repository | patch | `v1.59.0` -> `v1.59.1` |
|
[python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.28.4` -> `0.28.5` |
|
[renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks)
| repository | minor | `37.391.0` -> `37.399.9` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | patch | `v2.8.0` -> `v2.8.1` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://togithub.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.5.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.5.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.6...v0.5.0)

##### ⚠ BREAKING CHANGES

- update publish to take architecture as an input
([#&#8203;143](https://togithub.com/defenseunicorns/uds-common/issues/143))

##### Miscellaneous

- update publish to take architecture as an input
([#&#8203;143](https://togithub.com/defenseunicorns/uds-common/issues/143))
([62620f5](https://togithub.com/defenseunicorns/uds-common/commit/62620f59c14c773e5f6f07aaafc70ae34cff36bd))

###
[`v0.4.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.6)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.5...v0.4.6)

##### Bug Fixes

- renovate incorrectly matching oci helm charts for helm datasources
([#&#8203;141](https://togithub.com/defenseunicorns/uds-common/issues/141))
([2761f2a](https://togithub.com/defenseunicorns/uds-common/commit/2761f2a5f69bae3967bb8a9ff6d392007f90a21b))

##### Miscellaneous

- allow debug logs to continue through failure
([#&#8203;146](https://togithub.com/defenseunicorns/uds-common/issues/146))
([bec4fc3](https://togithub.com/defenseunicorns/uds-common/commit/bec4fc330d720673f645bda7e56006218ec96aad))
- **deps:** update uds common support dependencies to v0.22.1
([#&#8203;144](https://togithub.com/defenseunicorns/uds-common/issues/144))
([d618bd2](https://togithub.com/defenseunicorns/uds-common/commit/d618bd2be3f75d62346594cb8d6d8c339b074f93))

</details>

<details>
<summary>golangci/golangci-lint (golangci/golangci-lint)</summary>

###
[`v1.59.1`](https://togithub.com/golangci/golangci-lint/releases/tag/v1.59.1)

[Compare
Source](https://togithub.com/golangci/golangci-lint/compare/v1.59.0...v1.59.1)

`golangci-lint` is a free and open-source project built by volunteers.

If you value it, consider supporting us, the
[maintainers](https://opencollective.com/golangci-lint) and [linter
authors](https://golangci-lint.run/product/thanks/).

We appreciate it! ❤️

For key updates, see the
[changelog](https://golangci-lint.run/product/changelog/#&#8203;1591).

#### Changelog

-
[`f738736`](https://togithub.com/golangci/golangci-lint/commit/f7387361)
build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1
([#&#8203;4759](https://togithub.com/golangci/golangci-lint/issues/4759))
-
[`44b3cdd`](https://togithub.com/golangci/golangci-lint/commit/44b3cdd1)
build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1
to 2.0.0
([#&#8203;4788](https://togithub.com/golangci/golangci-lint/issues/4788))
-
[`1a55854`](https://togithub.com/golangci/golangci-lint/commit/1a55854a)
build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0
([#&#8203;4804](https://togithub.com/golangci/golangci-lint/issues/4804))
-
[`9a7a1ad`](https://togithub.com/golangci/golangci-lint/commit/9a7a1ad4)
build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2
([#&#8203;4785](https://togithub.com/golangci/golangci-lint/issues/4785))
-
[`aaff918`](https://togithub.com/golangci/golangci-lint/commit/aaff9184)
build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to
1.26.0
([#&#8203;4801](https://togithub.com/golangci/golangci-lint/issues/4801))
-
[`a0d2c83`](https://togithub.com/golangci/golangci-lint/commit/a0d2c830)
build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5
([#&#8203;4782](https://togithub.com/golangci/golangci-lint/issues/4782))
-
[`2042b1f`](https://togithub.com/golangci/golangci-lint/commit/2042b1f1)
build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1
([#&#8203;4784](https://togithub.com/golangci/golangci-lint/issues/4784))
-
[`327a78a`](https://togithub.com/golangci/golangci-lint/commit/327a78a8)
build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0
([#&#8203;4802](https://togithub.com/golangci/golangci-lint/issues/4802))
-
[`e1a8055`](https://togithub.com/golangci/golangci-lint/commit/e1a80557)
fix: SARIF format require issue column >= 1
([#&#8203;4775](https://togithub.com/golangci/golangci-lint/issues/4775))
-
[`88f60c8`](https://togithub.com/golangci/golangci-lint/commit/88f60c8c)
fix: gomnd deprecated configuration compatibility
([#&#8203;4768](https://togithub.com/golangci/golangci-lint/issues/4768))
-
[`8173166`](https://togithub.com/golangci/golangci-lint/commit/81731668)
fix: init empty result slice for SARIF printer
([#&#8203;4758](https://togithub.com/golangci/golangci-lint/issues/4758))
-
[`02740ea`](https://togithub.com/golangci/golangci-lint/commit/02740ea1)
intrange: add style preset
([#&#8203;4797](https://togithub.com/golangci/golangci-lint/issues/4797))
-
[`615b873`](https://togithub.com/golangci/golangci-lint/commit/615b873d)
unparam: bump to HEAD
([#&#8203;4786](https://togithub.com/golangci/golangci-lint/issues/4786))

</details>

<details>
<summary>python-jsonschema/check-jsonschema
(python-jsonschema/check-jsonschema)</summary>

###
[`v0.28.5`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0285)

[Compare
Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.4...0.28.5)

- Update vendored schemas: bitbucket-pipelines, dependabot,
github-actions,
    github-workflows, gitlab-ci, readthedocs, renovate (2024-06-10)
-   Update bitbucket schema to use the option from the
intellij-bitbucket-references-plugin . For more details on this
decision, see
:issue:`440` . Thanks
[@&#8203;blade2005](https://togithub.com/blade2005) for the PR!
(:pr:`442`)

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v37.399.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.9)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.8...37.399.9)

See https://github.com/renovatebot/renovate/releases/tag/37.399.9 for
more changes

###
[`v37.399.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.8)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.6...37.399.8)

See https://github.com/renovatebot/renovate/releases/tag/37.399.8 for
more changes

###
[`v37.399.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.6)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.5...37.399.6)

See https://github.com/renovatebot/renovate/releases/tag/37.399.6 for
more changes

###
[`v37.399.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.3...37.399.5)

See https://github.com/renovatebot/renovate/releases/tag/37.399.5 for
more changes

###
[`v37.399.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.0...37.399.3)

See https://github.com/renovatebot/renovate/releases/tag/37.399.3 for
more changes

###
[`v37.399.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.2...37.399.0)

See https://github.com/renovatebot/renovate/releases/tag/37.399.0 for
more changes

###
[`v37.398.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.1...37.398.2)

See https://github.com/renovatebot/renovate/releases/tag/37.398.2 for
more changes

###
[`v37.398.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.0...37.398.1)

See https://github.com/renovatebot/renovate/releases/tag/37.398.1 for
more changes

###
[`v37.398.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.397.0...37.398.0)

See https://github.com/renovatebot/renovate/releases/tag/37.398.0 for
more changes

###
[`v37.397.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.397.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.396.0...37.397.0)

See https://github.com/renovatebot/renovate/releases/tag/37.397.0 for
more changes

###
[`v37.396.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.396.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.395.0...37.396.0)

See https://github.com/renovatebot/renovate/releases/tag/37.396.0 for
more changes

###
[`v37.395.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.395.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.393.0...37.395.0)

See https://github.com/renovatebot/renovate/releases/tag/37.395.0 for
more changes

###
[`v37.393.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.393.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.392.0...37.393.0)

See https://github.com/renovatebot/renovate/releases/tag/37.393.0 for
more changes

###
[`v37.392.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.392.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.3...37.392.0)

See https://github.com/renovatebot/renovate/releases/tag/37.392.0 for
more changes

###
[`v37.391.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.2...37.391.3)

See https://github.com/renovatebot/renovate/releases/tag/37.391.3 for
more changes

###
[`v37.391.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.0...37.391.2)

See https://github.com/renovatebot/renovate/releases/tag/37.391.2 for
more changes

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1)

##### What's Changed

- Bug fix: Update isGitHubHosted implementation by
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425)
The previous implementation incorrectly identified large GitHub-hosted
runners as self-hosted runners. As a result, harden-runner was not
executing on these large GitHub-hosted runners.

**Full Changelog**:
step-security/harden-runner@v2...v2.8.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODguMSIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
yurishkuro referenced this pull request in jaegertracing/jaeger Jun 18, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| digest | `64ed1c7` -> `60edb5d` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.1` -> `v4.3.3` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)

##### What's Changed

- updating `@actions/artifact` dependency to v2.1.6 by
[@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565)

**Full Changelog**:
actions/upload-artifact@v4.3.2...v4.3.3

###
[`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)

#### What's Changed

- Update release-new-action-version.yml by
[@&#8203;konradpabjan](https://togithub.com/konradpabjan) in
[https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516)
- Minor fix to the migration readme by
[@&#8203;andrewakim](https://togithub.com/andrewakim) in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)
- Update readme with v3/v2/v1 deprecation notice by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561)
- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`
to v1.0.1 by [@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562)

#### New Contributors

- [@&#8203;andrewakim](https://togithub.com/andrewakim) made their first
contribution in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)

**Full Changelog**:
actions/upload-artifact@v4.3.1...v4.3.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQxMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
karfau referenced this pull request in xmldom/xmldom Jun 19, 2024
…#680)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/xmldom/xmldom).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ramonpetgrave64 referenced this pull request in slsa-framework/slsa-verifier Jul 1, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.1` -> `v4.1.7` |
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | minor | `v4.2.5` -> `v4.3.3` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.4` -> `v4.1.7` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.0` -> `v5.0.1` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.1` -> `v4.3.3` |
|
[actionsdesk/lfs-warning](https://togithub.com/actionsdesk/lfs-warning)
| action | minor | `v3.2` -> `v3.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v3.24.9` -> `v3.25.11` |
|
[golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action)
| action | pinDigest | -> `d6238b0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | pinDigest | -> `c747fe7` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | minor | `v2.4.1` -> `v2.5.1` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7)

- Bump the minor-npm-dependencies group across 1 directory with 4
updates by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697)
- Check out other refs/\* by commit by
[@&#8203;orhantoy](https://togithub.com/orhantoy) in
[https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774)
- Pin actions/checkout's own workflows to a known, good, stable version.
by [@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776)

###
[`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6)

- Check platform to set archive extension appropriately by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732)

###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update NPM dependencies by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703)
- Bump github/codeql-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694)
- Bump actions/setup-node from 1 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696)
- Bump actions/upload-artifact from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695)
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707)

**Full Changelog**:
actions/checkout@v4.1.4...v4.1.5

###
[`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4)

- Disable `extensions.worktreeConfig` when disabling `sparse-checkout`
by [@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692)
- Add dependabot config by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688)
- Bump the minor-actions-dependencies group with 2 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693)
- Bump word-wrap from 1.2.3 to 1.2.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643)

###
[`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3)

#### What's Changed

- Update `actions/checkout` version in `update-main-version.yml` by
[@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650)
- Check git version before attempting to disable `sparse-checkout` by
[@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656)
- Add SSH user parameter by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685)

**Full Changelog**:
actions/checkout@v4.1.2...v4.1.3

###
[`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2)

- Fix: Disable sparse checkout whenever `sparse-checkout` option is not
present [@&#8203;dscho](https://togithub.com/dscho) in
[https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)

</details>

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

###
[`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2)

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2)

#### What's Changed

- Fix package-url parsing for allow-dependencies-licenses by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761)

**Full Changelog**:
actions/dependency-review-action@v4.3.1...v4.3.2

###
[`v4.3.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.1)

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1)

#### What's Changed

This release fixes some bugs related to package-url parsing that were
introduced in 4.3.0. See
[https://github.com/actions/dependency-review-action/pull/753](https://togithub.com/actions/dependency-review-action/pull/753).

**Full Changelog**:
actions/dependency-review-action@V4.3.0...v4.3.1

###
[`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0)

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0)

#### New Features

- The `deny-packages` option can now be used without a version number to
exclude *all* versions of a package.

#### What's Changed

- Fix action variable name for scorecard by
[@&#8203;lukehinds](https://togithub.com/lukehinds) in
[https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735)
- Fix extra https:// in summary by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) in
[https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748)
- Bump typescript from 5.3.3 to 5.4.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744)
- Bump eslint-plugin-github from 4.10.1 to 4.10.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737)
- Show denied packages with red X by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750)
- deny-packages configuration option can deny specified version or all
packages by [@&#8203;febuiles](https://togithub.com/febuiles) and
[@&#8203;bteng22](https://togithub.com/bteng22) in
[https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733)

#### New Contributors

- [@&#8203;bteng22](https://togithub.com/bteng22) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733)
- [@&#8203;lukehinds](https://togithub.com/lukehinds) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735)

**Full Changelog**:
actions/dependency-review-action@v4.2.5...V4.3.0

</details>

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7)

#### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
dependency by [@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325)

**Full Changelog**:
actions/download-artifact@v4.1.6...v4.1.7

###
[`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6)

#### What's Changed

- updating `@actions/artifact` dependency to v2.1.6 by
[@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324)

**Full Changelog**:
actions/download-artifact@v4.1.5...v4.1.6

###
[`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update readme with v3/v2/v1 deprecation notice by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322)
- Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact`
to v2.1.5

**Full Changelog**:
actions/download-artifact@v4.1.4...v4.1.5

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1)

#### What's Changed

- Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by
[@&#8203;dependabot](https://togithub.com/dependabot) ,
[@&#8203;HarithaVattikuti](https://togithub.com/HarithaVattikuti) in
[https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465)
- Update documentation with latest V5 release notes by
[@&#8203;ab](https://togithub.com/ab) in
[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)
- Update version documentation by
[@&#8203;178inaba](https://togithub.com/178inaba) in
[https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458)
- Documentation update of `actions/setup-go` to v5 by
[@&#8203;chenrui333](https://togithub.com/chenrui333) in
[https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449)

#### New Contributors

- [@&#8203;ab](https://togithub.com/ab) made their first contribution in
[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)

**Full Changelog**:
actions/setup-go@v5.0.0...v5.0.1

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)

##### What's Changed

- updating `@actions/artifact` dependency to v2.1.6 by
[@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565)

**Full Changelog**:
actions/upload-artifact@v4.3.2...v4.3.3

###
[`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)

#### What's Changed

- Update release-new-action-version.yml by
[@&#8203;konradpabjan](https://togithub.com/konradpabjan) in
[https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516)
- Minor fix to the migration readme by
[@&#8203;andrewakim](https://togithub.com/andrewakim) in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)
- Update readme with v3/v2/v1 deprecation notice by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561)
- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`
to v1.0.1 by [@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562)

#### New Contributors

- [@&#8203;andrewakim](https://togithub.com/andrewakim) made their first
contribution in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)

**Full Changelog**:
actions/upload-artifact@v4.3.1...v4.3.2

</details>

<details>
<summary>actionsdesk/lfs-warning (actionsdesk/lfs-warning)</summary>

### [`v3.3`](https://togithub.com/ppremk/lfs-warning/releases/tag/v3.3)

[Compare
Source](https://togithub.com/actionsdesk/lfs-warning/compare/v3.2...v3.3)

#### What's Changed

- update node js to 16 by
[@&#8203;GlazerMann](https://togithub.com/GlazerMann) in
[https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148)
- Fixing README to match repo move by
[@&#8203;samthebest](https://togithub.com/samthebest) in
[https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153)
- Update CODEOWNERS by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158)
- Bump http-cache-semantics from 4.1.0 to 4.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/151](https://togithub.com/ppremk/lfs-warning/pull/151)
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/159](https://togithub.com/ppremk/lfs-warning/pull/159)
- Bump tough-cookie from 4.0.0 to 4.1.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/160](https://togithub.com/ppremk/lfs-warning/pull/160)
- Bump cacheable-request and gts by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/152](https://togithub.com/ppremk/lfs-warning/pull/152)
- Update emoji and convert file list to markdown list by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/161](https://togithub.com/ppremk/lfs-warning/pull/161)
- Bump got and gts by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/155](https://togithub.com/ppremk/lfs-warning/pull/155)
- Exclude files without blob_url when getting PR blobs by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/162](https://togithub.com/ppremk/lfs-warning/pull/162)
- Support pull_request_target by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/164](https://togithub.com/ppremk/lfs-warning/pull/164)
- Update-node by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/163](https://togithub.com/ppremk/lfs-warning/pull/163)
- Fix text setup for the issue comment by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/166](https://togithub.com/ppremk/lfs-warning/pull/166)
- Validate PR changes to make sure there are no changes missing by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/165](https://togithub.com/ppremk/lfs-warning/pull/165)
- Fix emoji by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ppremk/lfs-warning/pull/167](https://togithub.com/ppremk/lfs-warning/pull/167)
- Bump undici from 5.28.2 to 5.28.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ppremk/lfs-warning/pull/171](https://togithub.com/ppremk/lfs-warning/pull/171)

#### New Contributors

- [@&#8203;GlazerMann](https://togithub.com/GlazerMann) made their first
contribution in
[https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148)
- [@&#8203;samthebest](https://togithub.com/samthebest) made their first
contribution in
[https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153)
- [@&#8203;rajbos](https://togithub.com/rajbos) made their first
contribution in
[https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158)

**Full Changelog**:
ppremk/lfs-warning@v3.2...v3.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)

###
[`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)

###
[`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)

###
[`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)

###
[`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)

###
[`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

###
[`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

###
[`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

###
[`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

###
[`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0)

###
[`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)

###
[`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377)

For a full changelist of what these include, see the
[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279)
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by [@&#8203;spencerschrock](https://togithub.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352)
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376)

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>

###
[`v2.5.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1)

[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1)

#### What's Changed

- feat: Add cosign registry opts for provenance registry by
[@&#8203;saisatishkarra](https://togithub.com/saisatishkarra) in
[https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729)
and
[https://github.com/slsa-framework/slsa-verifier/pull/736](https://togithub.com/slsa-framework/slsa-verifier/pull/736)
- feat: Add support for DSSE Rekor type by
[@&#8203;haydentherapper](https://togithub.com/haydentherapper) in
[https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742)

#### New Contributors

- [@&#8203;saisatishkarra](https://togithub.com/saisatishkarra) made
their first contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729)
- [@&#8203;ramonpetgrave64](https://togithub.com/ramonpetgrave64) made
their first contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/737](https://togithub.com/slsa-framework/slsa-verifier/pull/737)
- [@&#8203;haydentherapper](https://togithub.com/haydentherapper) made
their first contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742)

**Full Changelog**:
v2.4.1...v2.5.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants