Update all dependencies and allowed-endpoints in CI, CD, Scorecards workflows

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@testing-library/jest-dom	^5.9.0 -> ^6.0.0					devDependencies	major
actions/checkout	v3.3.0 -> v4.1.1					action	major
actions/setup-node	v3.6.0 -> v4.0.2					action	major
actions/upload-artifact	v3.1.2 -> v4.3.1					action	major
coverallsapp/github-action	3284643 -> c203f01					action	digest
eslint (source)	8.31.0 -> 8.57.0					devDependencies	minor
github/codeql-action	v2.1.37 -> v3.24.5					action	major
ossf/scorecard-action	v2.1.2 -> v2.3.1					action	minor
step-security/harden-runner	v2.1.0 -> v2.7.0					action	minor

---

Release Notes

testing-library/jest-dom (@​testing-library/jest-dom)

v6.4.2

Compare Source

Bug Fixes

• Remove errant export of GetByRoleMatcher, fixing type checking in some TS configurations (#​575) (a93c0c4)

v6.4.1

Compare Source

Bug Fixes

• Export type TestingLibraryMatchers from "./matchers" (#​576) (dd1c4dd)

v6.4.0

Compare Source

Features

• Add toHaveRole matcher (#​572) (f7dc673)

v6.3.0

Compare Source

Features

• Support for regular expressions in toHaveClass (#​563) (9787ed5)

v6.2.1

Compare Source

Bug Fixes

• Standalone types for "./matchers" export and add Bun support (#​566) (5675b86)

v6.2.0

Compare Source

Features

• toHaveAccessibleDescription supports aria-description (#​565) (1fb156c)

v6.1.6

Compare Source

Bug Fixes

• Upgrade @​adobe/css-tools to v4.3.2 (#​553) (b64b953)

v6.1.5

Compare Source

Bug Fixes

• support uppercase custom props in toHaveStyle (#​552) (b7b7c6a)

v6.1.4

Compare Source

Bug Fixes

• upgrade @adobe/css-tools to 4.3.1 to address vulnerability (#​532) (44f1eab)

v6.1.3

Compare Source

Bug Fixes

• proper @​jest/globals import (#​530) (5b492ac)

v6.1.2

Compare Source

Bug Fixes

• bump @​adobe/css-tools for ESM support (#​525) (b959a68)

v6.1.1

Compare Source

Bug Fixes

• package.json: update main and module file paths (#​523) (853a3e5)

v6.1.0

Compare Source

Features

• Publish ESM and CJS (https://github.com/testing-library/jest-dom/pull/519)

v6.0.1

Compare Source

Bug Fixes

• matchers type is making the global expect unsafe (#​513) (bdb34f1)

v6.0.0

Compare Source

Features

• local types, supporting jest, @​jest/globals, vitest (#​511) (4b764b9)

BREAKING CHANGES

• Removes the extend-expect script. Users should use
  the default import path or one of the new test platform-specific
  paths to automatically extend the appropriate "expect" instance.

extend-expect was not documented in the Readme, so this change should
have minimal impact.

Users can now use the following import paths to automatically extend
"expect" for their chosen test platform:

• @​testing-library/jest-dom - jest (@​types/jest)
• @​testing-library/jest-dom/jest-globals - @​jest/globals
• @​testing-library/jest-dom/vitest - vitest

For example:

import '@​testing-library/jest-dom/jest-globals'

Importing from one of the above paths will augment the appropriate
matcher interface for the given test platform, assuming the import
is done in a .ts file that is included in the user's tsconfig.json.

It's also (still) possible to import the matchers directly without
side effects:

import * as matchers from '@​testing-library/jest-dom/matchers'

• Update kcd-scripts
• Drop node < 14

v5.17.0

Compare Source

Features

• New toHaveAccessibleErrorMessage better implementing the spec, deprecate toHaveErrorMessage (#​503) (d717c66)

v5.16.5

Compare Source

Bug Fixes

• migrate ccs v3 to @​adobe/css-tools v4 (#​470) (948d90f)

v5.16.4

Compare Source

Bug Fixes

• Support unenclosed inner text for details elements in to be visible (#​396) (af18453)

v5.16.3

Compare Source

Bug Fixes

• clarify toHaveFocus message when using .not (#​447) (6988a67)

v5.16.2

Compare Source

Bug Fixes

• add custom element support to toBeDisabled (#​368) (8162115)

v5.16.1

Compare Source

Bug Fixes

• Improve toHaveClass error message format (#​405) (a9beb47)

v5.16.0

Compare Source

Features

• Update aria-query to 5.0.0 (#​414) (de26c7a)

v5.15.1

Compare Source

Bug Fixes

• wrong deprecate error message (#​422) (dfcefa2)

v5.15.0

Compare Source

Features

• import parse directly from css (#​415) (4cb606c)

v5.14.1

Compare Source

Bug Fixes

• Updates deprecated matchers info (#​378) (fc9ce6d)

v5.14.0

Compare Source

Features

• toHaveAccessibleName and toHaveAccessibleDescription (#​377) (87ffd2a)

v5.13.0

Compare Source

Features

• Add toHaveErrorMessage matcher (#​370) (217fdcc)

v5.12.0

Compare Source

Features

• check for any Node in toHaveTextContent (#​358) (fa0d91d)

v5.11.10

Compare Source

Bug Fixes

• normalize expected value in toContainHTML (#​349) (21ad89b), closes #​347

v5.11.9

Compare Source

Bug Fixes

• Ignore comment nodes in toBeEmptyDOMElement (#​317) (6a6531d)

v5.11.8

Compare Source

Bug Fixes

• Adds expected text for toContainHTML checks that fail (#​299) (#​318) (0bd1ed9)

v5.11.7

Compare Source

Bug Fixes

• check equality in toHaveDisplayValue (fix #​290) (#​319) (4179117)

v5.11.6

Compare Source

Bug Fixes

• Improved error messaging for toHaveFocus assertion (#​304) (c79faa2)

v5.11.5

Compare Source

Bug Fixes

• treat shadow DOM elements as in the document (#​298) (7ee54ab)

v5.11.4

Compare Source

Bug Fixes

• do not explicitly depend on jest assertion utils (#​250) (2da8c71)

v5.11.3

Compare Source

Bug Fixes

• Changed toHaveStyle to use getPropertyValue instead of accessing the property directly (#​285) (92176e1)

v5.11.2

Compare Source

Bug Fixes

• Suggest using toBeEmptyDOMElement instead of toBeEmpty (#​284) (2cd17d3)

v5.11.1

Compare Source

Bug Fixes

• toHaveStyle: strictly match empty values (#​276) (5bea350), closes #​272

v5.11.0

Compare Source

Features

• extend toBeChecked to support any role that's compatible (#​267) (c135d0b)

v5.10.1

Compare Source

Bug Fixes

• element not allowed to be disabled being returned as disabled (#​261) (5e39222)

v5.10.0

Compare Source

Features

• [toBeValid/toBeInvalid] Check aria-invalid on any element (#​259) (14d1630)

actions/checkout (actions/checkout)

v4.1.1

Compare Source

What's Changed

• Update CODEOWNERS to Launch team by @​joshmgross in https://github.com/actions/checkout/pull/1510
• Correct link to GitHub Docs by @​peterbe in https://github.com/actions/checkout/pull/1511
• Link to release page from what's new section by @​cory-miller in https://github.com/actions/checkout/pull/1514

New Contributors

• @​joshmgross made their first contribution in https://github.com/actions/checkout/pull/1510
• @​peterbe made their first contribution in https://github.com/actions/checkout/pull/1511

Full Changelog: actions/checkout@v4.1.0...v4.1.1

v4.1.0

Compare Source

• Add support for partial checkout filters

v4.0.0

Compare Source

• Support fetching without the --progress option
• Update to node20

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

actions/setup-node (actions/setup-node)

v4.0.2

Compare Source

What's Changed

• Add support for volta.extends by @​ThisIsManta in https://github.com/actions/setup-node/pull/921
• Add support for arm64 Windows by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/927

New Contributors

• @​ThisIsManta made their first contribution in https://github.com/actions/setup-node/pull/921

Full Changelog: actions/setup-node@v4.0.1...v4.0.2

v4.0.1

Compare Source

What's Changed

• Ignore engines in Yarn 1 e2e-cache tests by @​trivikr in https://github.com/actions/setup-node/pull/882
• Update setup-node references in the README.md file to setup-node@v4 by @​jwetzell in https://github.com/actions/setup-node/pull/884
• Update reusable workflows to use Node.js v20 by @​MaksimZhukov in https://github.com/actions/setup-node/pull/889
• Add fix for cache to resolve slow post action step by @​aparnajyothi-y in https://github.com/actions/setup-node/pull/917
• Fix README.md by @​takayamaki in https://github.com/actions/setup-node/pull/898
• Add package.json to node-version-file list of examples. by @​TWiStErRob in https://github.com/actions/setup-node/pull/879
• Fix node-version-file interprets entire package.json as a version by @​NullVoxPopuli in https://github.com/actions/setup-node/pull/865

New Contributors

• @​trivikr made their first contribution in https://github.com/actions/setup-node/pull/882
• @​jwetzell made their first contribution in https://github.com/actions/setup-node/pull/884
• @​aparnajyothi-y made their first contribution in https://github.com/actions/setup-node/pull/917
• @​takayamaki made their first contribution in https://github.com/actions/setup-node/pull/898
• @​TWiStErRob made their first contribution in https://github.com/actions/setup-node/pull/879
• @​NullVoxPopuli made their first contribution in https://github.com/actions/setup-node/pull/865

Full Changelog: actions/setup-node@v4...v4.0.1

v4.0.0

Compare Source

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in https://github.com/actions/setup-node/pull/866

Besides, release contains such changes as:

• Upgrade actions/checkout to v4 by @​gmembre-zenika in https://github.com/actions/setup-node/pull/868
• Update actions/checkout for documentation and yaml by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/876

New Contributors

• @​gmembre-zenika made their first contribution in https://github.com/actions/setup-node/pull/868

Full Changelog: actions/setup-node@v3...v4.0.0

v3.8.2

Compare Source

What's Changed

• Update semver by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/861
• Update temp directory creation by @​nikolai-laevskii in https://github.com/actions/setup-node/pull/859
• Bump @​babel/traverse from 7.15.4 to 7.23.2 by @​dependabot in https://github.com/actions/setup-node/pull/870
• Add notice about binaries not being updated yet by @​nikolai-laevskii in https://github.com/actions/setup-node/pull/872
• Update toolkit cache and core by @​dmitry-shibanov and @​seongwon-privatenote in https://github.com/actions/setup-node/pull/875

Full Changelog: actions/setup-node@v3...v3.8.2

v3.8.1

Compare Source

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/831. It is filtered and checked in the toolkit/cache library.

Full Changelog: actions/setup-node@v3...v3.8.1

v3.8.0

Compare Source

What's Changed

Bug fixes:

• Add check for existing paths by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/803
• Resolve SymbolicLink by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/809
• Change passing logic for cache input by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/816
• Fix armv7 cache issue by @​louislam in https://github.com/actions/setup-node/pull/794
• Update check-dist workflow name by @​sinchang in https://github.com/actions/setup-node/pull/710

Feature implementations:

• feat: handling the case where "node" is used for tool-versions file. by @​xytis in https://github.com/actions/setup-node/pull/812

Documentation changes:

• Refer to semver package name in README.md by @​olleolleolle in https://github.com/actions/setup-node/pull/808

Update dependencies:

• Update toolkit cache to fix zstd by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/804
• Bump tough-cookie and @​azure/ms-rest-js by @​dependabot in https://github.com/actions/setup-node/pull/802
• Bump semver from 6.1.2 to 6.3.1 by @​dependabot in https://github.com/actions/setup-node/pull/807
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in https://github.com/actions/setup-node/pull/815

New Contributors

• @​olleolleolle made their first contribution in https://github.com/actions/setup-node/pull/808
• @​louislam made their first contribution in https://github.com/actions/setup-node/pull/794
• @​sinchang made their first contribution in https://github.com/actions/setup-node/pull/710
• @​xytis made their first contribution in https://github.com/actions/setup-node/pull/812

Full Changelog: actions/setup-node@v3...v3.8.0

v3.7.0

Compare Source

What's Changed

In scope of this release we added a logic to save an additional cache path for yarn 3 (related pull request and feature request). Moreover, we added functionality to use all the sub directories derived from cache-dependency-path input and add detect all dependencies directories to cache (related pull request and feature request).

Besides, we made such changes as:

• Replace workflow badge with new badge by @​jongwooo in https://github.com/actions/setup-node/pull/653
• Fix a minor typo by @​phanan in https://github.com/actions/setup-node/pull/662
• docs: fix typo in advanced-usage.md by @​remarkablemark in https://github.com/actions/setup-node/pull/697
• bugfix: Don't attempt to use Windows fallbacks on non-Windows OSes by @​domdomegg in https://github.com/actions/setup-node/pull/718
• Update to node 18.x by @​feelepxyz in https://github.com/actions/setup-node/pull/751
• Remove implicit dependencies by @​nikolai-laevskii in https://github.com/actions/setup-node/pull/758
• Fix description about ensuring workflow access to private package by @​x86chi in https://github.com/actions/setup-node/pull/704

New Contributors

• @​jongwooo made their first contribution in https://github.com/actions/setup-node/pull/653
• @​phanan made their first contribution in https://github.com/actions/setup-node/pull/662
• @​remarkablemark made their first contribution in https://github.com/actions/setup-node/pull/697
• @​domdomegg made their first contribution in https://github.com/actions/setup-node/pull/718
• @​feelepxyz made their first contribution in https://github.com/actions/setup-node/pull/751
• @​nikolai-laevskii made their first contribution in https://github.com/actions/setup-node/pull/758
• @​x86chi made their first contribution in https://github.com/actions/setup-node/pull/704

Full Changelog: actions/setup-node@v3...v3.7.0

actions/upload-artifact (actions/upload-artifact)

v4.3.1

Compare Source

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

Compare Source

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in https://github.com/actions/upload-artifact/pull/504
• Add sub-action to merge artifacts by @​robherley in https://github.com/actions/upload-artifact/pull/505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Ability to overwrite an Artifact by @​robherley in https://github.com/actions/upload-artifact/pull/501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Add migrations docs by @​robherley in https://github.com/actions/upload-artifact/pull/482
• Update README.md by @​samuelwine in https://github.com/actions/upload-artifact/pull/492
• Support artifact-url output by @​konradpabjan in https://github.com/actions/upload-artifact/pull/496
• Update readme to reflect new 500 artifact per job limit by @​robherley in https://github.com/actions/upload-artifact/pull/497

New Contributors

• @​samuelwine made their first contribution in https://github.com/actions/upload-artifact/pull/492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

Compare Source

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in https://github.com/actions/upload-artifact/pull/464

Full Changelog: actions/upload-artifact@v3...v4.0.0

v3.1.3

Compare Source

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in https://github.com/actions/upload-artifact/pull/313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in https://github.com/actions/upload-artifact/pull/436

Full Changelog: actions/upload-artifact@v3...v3.1.3

eslint/eslint (eslint)

v8.57.0

Compare Source

Features

• 1120b9b feat: Add loadESLint() API method for v8 (#​18098) (Nicholas C. Zakas)
• dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#​18066) (Nitin Kumar)

Bug Fixes

• 2196d97 fix: handle absolute file paths in FlatRuleTester (#​18064) (Nitin Kumar)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#​18067) (Nitin Kumar)
• 9852a31 fix: deep merge behavior in flat config (#​18065) (Nitin Kumar)
• 4c7e9b0 fix: allow circular references in config (#​18056) (Milos Djermanovic)

Documentation

• 84922d0 docs: Show prerelease version in dropdown (#​18139) (Nicholas C. Zakas)
• 5b8c363 docs: Switch to Ethical Ads (#​18117) (Milos Djermanovic)
• 77dbfd9 docs: show NEXT in version selectors (#​18052) (Milos Djermanovic)

Chores

• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#​18143) (Milos Djermanovic)
• 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
• f4a1fe2 test: add more tests for ignoring files and directories (#​18068) (Nitin Kumar)
• 42c0aef ci: Enable CI for v8.x branch (#​18047) (Milos Djermanovic)

v8.56.0

Compare Source

Features

• 0dd9704 feat: Support custom severity when reporting unused disable directives (#​17212) (Bryan Mishkin)
• 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#​17818) (Arka Pratim Chaudhuri)

Bug Fixes

• 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#​17846) (Francesco Trotta)
• 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#​17812) (Bryan Mishkin)

Documentation

• 9007719 docs: update link in ways-to-extend.md (#​17839) (Amel SELMANE)
• 3a22236 docs: Update README (GitHub Actions Bot)
• 54c3ca6 docs: fix migration-guide example (#​17829) (Tanuj Kanti)
• 4391b71 docs: check config comments in rule examples (#​17815) (Francesco Trotta)
• fd28363 docs: remove mention about ESLint stylistic rules in readme (#​17810) (Zwyx)
• 48ed5a6 docs: Update README (GitHub Actions Bot)

Chores

• ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#​17864) (Milos Djermanovic)
• 60a531a chore: package.json update for @​eslint/js release (Jenkins)
• ba87a06 chore: update dependency markdownlint to ^0.32.0 (#​17783) (renovate[bot])
• 9271d10 chore: add GitHub issue template for docs issues (#​17845) (Josh Goldberg ✨)
• 70a686b chore: Convert rule tests to FlatRuleTester (#​17819) (Nicholas C. Zakas)
• f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#​17837) (唯然)
• 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#​17838) (唯然)
• 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#​17836) (唯然)
• fd0c60c ci: unpin Node.js 21.2.0 (#​17821) (Francesco Trotta)

v8.55.0

Compare Source

Features

• 8c9e6c1 feat: importNamePattern option in no-restricted-imports (#​17721) (Tanuj Kanti)

Documentation

• 83ece2a docs: fix typo --rules -> --rule (#​17806) (OKURA Masafumi)
• fffca5c docs: remove "Open in Playground" buttons for removed rules (#​17791) (Francesco Trotta)
• a6d9442 docs: fix correct/incorrect examples of rules (#​17789) (Tanuj Kanti)
• 383e999 docs: update and fix examples for no-unused-vars (#​17788) (Tanuj Kanti)
• 5a8efd5 docs: add specific stylistic rule for each deprecated rule (#​17778) (Etienne)

Chores

• eb8950c chore: upgrade @​eslint/js@​8.55.0 (#​17811) (Milos Djermanovic)
• 93df384 chore: package.json update for @​eslint/js release (Jenkins)
• [fe4b954](https://github.com/eslint/eslint/commit/fe4b9545a83e9aca7ba4bb77bc9c868d57de777f

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.