Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 18, 2024

Bumps @docker/actions-toolkit from 0.31.0 to 0.34.0.

Release notes

Sourced from @​docker/actions-toolkit's releases.

v0.34.0

Full Changelog: docker/actions-toolkit@v0.33.0...v0.34.0

v0.33.0

Full Changelog: docker/actions-toolkit@v0.32.0...v0.33.0

v0.32.0

Full Changelog: docker/actions-toolkit@v0.31.0...v0.32.0

Commits
  • 163d33a Merge pull request #412 from crazy-max/docker-disable-dct
  • d283be9 Merge pull request #413 from docker/dependabot/npm_and_yarn/semver-7.6.3
  • ffc7d98 build(deps): bump semver from 7.6.2 to 7.6.3
  • d36bef4 disable DCT for docker commands
  • 300c014 Merge pull request #411 from crazy-max/buildx-localstate-regex-fix
  • b641895 buildx: fix regex in fixLocalState func
  • 4db21c4 Merge pull request #406 from docker/dependabot/npm_and_yarn/actions/artifact-...
  • 8d807b6 Merge pull request #410 from crazy-max/export-build-image-env
  • 99e6b01 github: use isGhes func from actions/artifact module
  • 2320807 buildx(history): env var to override export build image
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.34.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](docker/actions-toolkit@v0.31.0...v0.34.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max crazy-max force-pushed the dependabot/npm_and_yarn/docker/actions-toolkit-0.34.0 branch from 10dc0a5 to 948a838 Compare July 19, 2024 11:04
@crazy-max crazy-max merged commit fcfabe0 into master Jul 19, 2024
12 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/docker/actions-toolkit-0.34.0 branch July 19, 2024 11:06
renovate bot referenced this pull request in Hapag-Lloyd/Workflow-Templates Jul 22, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [docker/login-action](https://togithub.com/docker/login-action) |
action | minor | `v3.2.0` -> `v3.3.0` |
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |

---

### Release Notes

<details>
<summary>docker/login-action (docker/login-action)</summary>

###
[`v3.3.0`](https://togithub.com/docker/login-action/releases/tag/v3.3.0)

[Compare
Source](https://togithub.com/docker/login-action/compare/v3.2.0...v3.3.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.24.0 to 0.35.0 in
[https://github.com/docker/login-action/pull/754](https://togithub.com/docker/login-action/pull/754)
- Bump https-proxy-agent from 7.0.4 to 7.0.5 in
[https://github.com/docker/login-action/pull/741](https://togithub.com/docker/login-action/pull/741)
- Bump braces from 3.0.2 to 3.0.3 in
[https://github.com/docker/login-action/pull/730](https://togithub.com/docker/login-action/pull/730)

**Full Changelog**:
docker/login-action@v3.2.0...v3.3.0

</details>

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Hapag-Lloyd/Workflow-Templates).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmN5Il19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot referenced this pull request in chezmoi-sh/atlas Jul 22, 2024
…186)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/docker/setup-qemu-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/docker/setup-qemu-action)
|

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/chezmoi-sh/atlas).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
yurishkuro referenced this pull request in jaegertracing/jaeger Aug 1, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 7, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 8, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 13, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 14, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 28, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant