Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 #634

Merged
merged 1 commit into from
May 15, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2024

Bumps eslint from 8.56.0 to 8.57.0.

Release notes

Sourced from eslint's releases.

v8.57.0

Features

  • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)

Bug Fixes

  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)

Documentation

  • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
  • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
  • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)

Chores

  • 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
  • 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
  • f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
  • 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)
Changelog

Sourced from eslint's changelog.

v8.57.0 - February 23, 2024

  • 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
  • 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
  • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
  • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
  • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
  • f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)
  • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)
  • 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)

v9.0.0-beta.0 - February 9, 2024

  • e40d1d7 chore: upgrade @​eslint/js@​9.0.0-beta.0 (#18108) (Milos Djermanovic)
  • 9870f93 chore: package.json update for @​eslint/js release (Jenkins)
  • 2c62e79 chore: upgrade @​eslint/eslintrc@​3.0.1 (#18107) (Milos Djermanovic)
  • 81f0294 chore: upgrade espree@10.0.1 (#18106) (Milos Djermanovic)
  • 5e2b292 chore: upgrade eslint-visitor-keys@4.0.0 (#18105) (Milos Djermanovic)
  • 9163646 feat!: Rule Tester checks for missing placeholder data in the message (#18073) (fnx)
  • 53f0f47 feat: Add loadESLint() API method for v9 (#18097) (Nicholas C. Zakas)
  • f1c7e6f docs: Switch to Ethical Ads (#18090) (Strek)
  • 15c143f docs: JS Foundation -> OpenJS Foundation in PR template (#18092) (Nicholas C. Zakas)
  • c4d26fd fix: use-isnan doesn't report on SequenceExpressions (#18059) (StyleShit)
  • 6ea339e docs: add stricter rule test validations to v9 migration guide (#18085) (Milos Djermanovic)
  • ce838ad chore: replace dependency npm-run-all with npm-run-all2 ^5.0.0 (#18045) (renovate[bot])
  • 3c816f1 docs: use relative link from CLI to core concepts (#18083) (Milos Djermanovic)
  • 54df731 chore: update dependency markdownlint-cli to ^0.39.0 (#18084) (renovate[bot])
  • 9458735 docs: fix malformed eslint config comments in rule examples (#18078) (Francesco Trotta)
  • 07a1ada docs: link from --fix CLI doc to the relevant core concept (#18080) (Bryan Mishkin)
  • 8f06a60 chore: update dependency shelljs to ^0.8.5 (#18079) (Francesco Trotta)
  • b844324 docs: Update team responsibilities (#18048) (Nicholas C. Zakas)
  • aadfb60 docs: document languageOptions and other v9 changes for context (#18074) (fnx)
  • 3c4d51d feat!: default for enforceForClassMembers in no-useless-computed-key (#18054) (Francesco Trotta)
  • 47e60f8 feat!: Stricter rule test validations (#17654) (fnx)
  • 1a94589 feat!: no-unused-vars default caughtErrors to 'all' (#18043) (Josh Goldberg ✨)
  • 857e242 docs: tweak explanation for meta.docs rule properties (#18057) (Bryan Mishkin)
  • 10485e8 docs: recommend messageId over message for reporting rule violations (#18050) (Bryan Mishkin)
  • 98b5ab4 docs: Update README (GitHub Actions Bot)
  • 93ffe30 chore: update dependency file-entry-cache to v8 (#17903) (renovate[bot])
  • 505fbf4 docs: update no-restricted-imports rule (#18015) (Tanuj Kanti)
  • 2d11d46 feat: add suggestions to use-isnan in binary expressions (#17996) (StyleShit)
  • c25b4af docs: Update README (GitHub Actions Bot)

v9.0.0-alpha.2 - January 26, 2024

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@codecov-commenter
Copy link

codecov-commenter commented Apr 1, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.36%. Comparing base (04c5c12) to head (75d86d3).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #634   +/-   ##
=======================================
  Coverage   98.36%   98.36%           
=======================================
  Files           4        4           
  Lines         183      183           
  Branches       19       19           
=======================================
  Hits          180      180           
  Partials        3        3           

@ianlewis
Copy link
Owner

@dependabot rebase

Bumps [eslint](https://github.com/eslint/eslint) from 8.56.0 to 8.57.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.56.0...v8.57.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/eslint-8.57.0 branch from e12fefe to 75d86d3 Compare May 15, 2024 01:22
@ianlewis ianlewis merged commit 13e6b98 into main May 15, 2024
23 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/eslint-8.57.0 branch May 15, 2024 01:26
ianlewis referenced this pull request in slsa-framework/slsa-github-generator May 17, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | digest | `b4ffde6` -> `a5ac7e5` |
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.1` -> `v4.1.6` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.4` -> `v4.1.7` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.1` -> `v4.3.3` |
|
[ianlewis/todo-issue-reopener](https://togithub.com/ianlewis/todo-issue-reopener)
| action | patch | `v1.2.0` -> `v1.2.1` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.0` -> `v2.3.3` |
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | minor | `v3.4.0` -> `v3.5.0` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6)

- Check platform to set archive extension appropriately by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732)

###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update NPM dependencies by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703)
- Bump github/codeql-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694)
- Bump actions/setup-node from 1 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696)
- Bump actions/upload-artifact from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695)
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707)

**Full Changelog**:
actions/checkout@v4.1.4...v4.1.5

###
[`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4)

- Disable `extensions.worktreeConfig` when disabling `sparse-checkout`
by [@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692)
- Add dependabot config by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688)
- Bump the minor-actions-dependencies group with 2 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693)
- Bump word-wrap from 1.2.3 to 1.2.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643)

###
[`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3)

#### What's Changed

- Update `actions/checkout` version in `update-main-version.yml` by
[@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650)
- Check git version before attempting to disable `sparse-checkout` by
[@&#8203;jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656)
- Add SSH user parameter by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685)

**Full Changelog**:
actions/checkout@v4.1.2...v4.1.3

###
[`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2)

- Fix: Disable sparse checkout whenever `sparse-checkout` option is not
present [@&#8203;dscho](https://togithub.com/dscho) in
[https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)

</details>

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7)

#### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
dependency by [@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325)

**Full Changelog**:
actions/download-artifact@v4.1.6...v4.1.7

###
[`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6)

#### What's Changed

- updating `@actions/artifact` dependency to v2.1.6 by
[@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324)

**Full Changelog**:
actions/download-artifact@v4.1.5...v4.1.6

###
[`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update readme with v3/v2/v1 deprecation notice by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322)
- Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact`
to v2.1.5

**Full Changelog**:
actions/download-artifact@v4.1.4...v4.1.5

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)

##### What's Changed

- updating `@actions/artifact` dependency to v2.1.6 by
[@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565)

**Full Changelog**:
actions/upload-artifact@v4.3.2...v4.3.3

###
[`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)

#### What's Changed

- Update release-new-action-version.yml by
[@&#8203;konradpabjan](https://togithub.com/konradpabjan) in
[https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516)
- Minor fix to the migration readme by
[@&#8203;andrewakim](https://togithub.com/andrewakim) in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)
- Update readme with v3/v2/v1 deprecation notice by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561)
- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`
to v1.0.1 by [@&#8203;eggyhead](https://togithub.com/eggyhead) in
[https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562)

#### New Contributors

- [@&#8203;andrewakim](https://togithub.com/andrewakim) made their first
contribution in
[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)

**Full Changelog**:
actions/upload-artifact@v4.3.1...v4.3.2

</details>

<details>
<summary>ianlewis/todo-issue-reopener
(ianlewis/todo-issue-reopener)</summary>

###
[`v1.2.1`](https://togithub.com/ianlewis/todo-issue-reopener/releases/tag/v1.2.1)

[Compare
Source](https://togithub.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1)

##### Fixed in 1.2.1

- Fixed the "error updating to TUF remote mirror: invalid key" error
([#&#8203;688](https://togithub.com/ianlewis/todo-issue-reopener/issues/688)).

#### All changes

- fix: Update slsa-verifier version by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/ianlewis/todo-issue-reopener/pull/689](https://togithub.com/ianlewis/todo-issue-reopener/pull/689)
- chore(deps): Bump github/codeql-action from 3.23.2 to 3.25.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/711](https://togithub.com/ianlewis/todo-issue-reopener/pull/711)
- chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/705](https://togithub.com/ianlewis/todo-issue-reopener/pull/705)
- chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/670](https://togithub.com/ianlewis/todo-issue-reopener/pull/670)
- chore(deps-dev): Bump
[@&#8203;types/jest](https://togithub.com/types/jest) from 29.5.11 to
29.5.12 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/664](https://togithub.com/ianlewis/todo-issue-reopener/pull/664)
- chore(deps): Bump actions/setup-node from 4.0.1 to 4.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/605](https://togithub.com/ianlewis/todo-issue-reopener/pull/605)
- chore(deps): Bump yamllint from 1.33.0 to 1.35.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/598](https://togithub.com/ianlewis/todo-issue-reopener/pull/598)
- chore(deps-dev): Bump eslint-plugin-github from 4.9.1 to 4.10.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/592](https://togithub.com/ianlewis/todo-issue-reopener/pull/592)
- chore(deps): Bump thehanimo/pr-title-checker from 1.4.1 to 1.4.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/604](https://togithub.com/ianlewis/todo-issue-reopener/pull/604)
- chore(deps): Bump yaml from 2.3.4 to 2.4.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/727](https://togithub.com/ianlewis/todo-issue-reopener/pull/727)
- chore(deps-dev): Bump
[@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to
0.38.1 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/635](https://togithub.com/ianlewis/todo-issue-reopener/pull/635)
- chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/ianlewis/todo-issue-reopener/pull/634](https://togithub.com/ianlewis/todo-issue-reopener/pull/634)
- chore(release): v1.2.1 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/ianlewis/todo-issue-reopener/pull/833](https://togithub.com/ianlewis/todo-issue-reopener/pull/833)

**Full Changelog**:
ianlewis/todo-issue-reopener@v1.2.0...v1.2.1

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377)

For a full changelist of what these include, see the
[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279)
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by [@&#8203;spencerschrock](https://togithub.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352)
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376)

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.5.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.5.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0)

#### What's Changed

- Bump actions/checkout from 4.1.1 to 4.1.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/157](https://togithub.com/sigstore/cosign-installer/pull/157)
- use go 1.22 now by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/160](https://togithub.com/sigstore/cosign-installer/pull/160)
- bump default version to v2.2.4, prep for v3.5.0 release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/159](https://togithub.com/sigstore/cosign-installer/pull/159)

**Full Changelog**:
sigstore/cosign-installer@v3.4.0...v3.5.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants