-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 #1410
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Spencer Schrock <sschrock@google.com>
spencerschrock
requested review from
a team,
naveensrinivasan and
justaugustus
and removed request for
a team
July 19, 2024 20:43
justaugustus
approved these changes
Jul 19, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉 🎉 🎉
Note: we should wait until Monday to start cutting a release here. |
Roger that! |
github-merge-queue bot
referenced
this pull request
in AmadeusITGroup/otter
Jul 30, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.14` -> `v3.25.15` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.25.14/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.25.14/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [memfs](https://github.com/streamich/memfs) | peerDependencies | minor | [`~4.9.0` -> `~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [memfs](https://github.com/streamich/memfs) | devDependencies | minor | [`~4.9.0` -> `~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.3/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.3/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | org.jetbrains.intellij | plugin | patch | `1.17.3` -> `1.17.4` | [![age](https://developer.mend.io/api/mc/badges/age/maven/org.jetbrains.intellij/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.jetbrains.intellij/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.jetbrains.intellij/1.17.3/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.jetbrains.intellij/1.17.3/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>streamich/memfs (memfs)</summary> ### [`v4.11.0`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4110-2024-07-27) [Compare Source](https://github.com/streamich/memfs/compare/v4.10.0...v4.11.0) ##### Features - volume implementation of .opendir() method ([7072fb7](https://github.com/streamich/memfs/commit/7072fb7545b6269c3f04f191a4853ad0f39ed15f)) ### [`v4.10.0`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4100-2024-07-27) [Compare Source](https://github.com/streamich/memfs/compare/v4.9.4...v4.10.0) ##### Features - 🎸 add IReadableWebStreamOptions type ([99ebd64](https://github.com/streamich/memfs/commit/99ebd6491e4886dc9947d5b3c867241b7158357a)) - 🎸 implement FileHandle.readableWebStream() ([c3ddc6c](https://github.com/streamich/memfs/commit/c3ddc6c21ea112056ee84e3c131f09f5b2582779)) #### [4.9.4](https://github.com/streamich/memfs/compare/v4.9.3...v4.9.4) (2024-07-23) ##### Bug Fixes - ensure files in subdirectories are returned as buffers when calling `toJSON` with `asBuffer` ([#​1041](https://github.com/streamich/memfs/issues/1041)) ([c3d4cf3](https://github.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3)) #### [4.9.3](https://github.com/streamich/memfs/compare/v4.9.2...v4.9.3) (2024-06-14) ##### Bug Fixes - replace `sonic-forest` with `tree-dump` ([#​1038](https://github.com/streamich/memfs/issues/1038)) ([f989dcd](https://github.com/streamich/memfs/commit/f989dcd2e6457698b85491997ea073ae07c04724)) #### [4.9.2](https://github.com/streamich/memfs/compare/v4.9.1...v4.9.2) (2024-04-30) ##### Bug Fixes - 🐛 bump [@​jsonjoy](https://github.com/jsonjoy).com/util package ([eea3b42](https://github.com/streamich/memfs/commit/eea3b421f28698cff6800bfb8882faa340c0b344)) - 🐛 bump json-pack ([32cc4da](https://github.com/streamich/memfs/commit/32cc4da5db9c0288574e4e539174c3d0f8816902)) #### [4.9.1](https://github.com/streamich/memfs/compare/v4.9.0...v4.9.1) (2024-04-27) ##### Bug Fixes - 🐛 use latest json-pack implementation ([de54ab5](https://github.com/streamich/memfs/commit/de54ab53a5df3b857975094ce4c59d760240a6d6)) ### [`v4.9.4`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#494-2024-07-23) [Compare Source](https://github.com/streamich/memfs/compare/v4.9.3...v4.9.4) ##### Bug Fixes - ensure files in subdirectories are returned as buffers when calling `toJSON` with `asBuffer` ([#​1041](https://github.com/streamich/memfs/issues/1041)) ([c3d4cf3](https://github.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/AmadeusITGroup/otter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
bogdandrutu
referenced
this pull request
in open-telemetry/opentelemetry-collector
Jul 30, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.13` -> `v3.25.15` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-sonarqube
Jul 30, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.37.0` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.14` -> `v3.25.15` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.5.0` -> `38.13.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) #### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2730](https://github.com/zarf-dev/zarf/pull/2730) - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2736](https://github.com/zarf-dev/zarf/pull/2736) - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2733](https://github.com/zarf-dev/zarf/pull/2733) - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2739](https://github.com/zarf-dev/zarf/pull/2739) - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [https://github.com/zarf-dev/zarf/pull/2729](https://github.com/zarf-dev/zarf/pull/2729) - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2734](https://github.com/zarf-dev/zarf/pull/2734) - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [https://github.com/zarf-dev/zarf/pull/2741](https://github.com/zarf-dev/zarf/pull/2741) - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2742](https://github.com/zarf-dev/zarf/pull/2742) - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2744](https://github.com/zarf-dev/zarf/pull/2744) - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2719](https://github.com/zarf-dev/zarf/pull/2719) - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2720](https://github.com/zarf-dev/zarf/pull/2720) - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2618](https://github.com/zarf-dev/zarf/pull/2618) - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2745](https://github.com/zarf-dev/zarf/pull/2745) - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2722](https://github.com/zarf-dev/zarf/pull/2722) - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2747](https://github.com/zarf-dev/zarf/pull/2747) - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2527](https://github.com/zarf-dev/zarf/pull/2527) - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2752](https://github.com/zarf-dev/zarf/pull/2752) - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2755](https://github.com/zarf-dev/zarf/pull/2755) - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2746](https://github.com/zarf-dev/zarf/pull/2746) - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2735](https://github.com/zarf-dev/zarf/pull/2735) - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2764](https://github.com/zarf-dev/zarf/pull/2764) - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2750](https://github.com/zarf-dev/zarf/pull/2750) - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2585](https://github.com/zarf-dev/zarf/pull/2585) - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2751](https://github.com/zarf-dev/zarf/pull/2751) - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2759](https://github.com/zarf-dev/zarf/pull/2759) - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2588](https://github.com/zarf-dev/zarf/pull/2588) - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2766](https://github.com/zarf-dev/zarf/pull/2766) - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2762](https://github.com/zarf-dev/zarf/pull/2762) - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2770](https://github.com/zarf-dev/zarf/pull/2770) - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [https://github.com/zarf-dev/zarf/pull/2769](https://github.com/zarf-dev/zarf/pull/2769) - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2774](https://github.com/zarf-dev/zarf/pull/2774) - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2771](https://github.com/zarf-dev/zarf/pull/2771) - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2487](https://github.com/zarf-dev/zarf/pull/2487) - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2763](https://github.com/zarf-dev/zarf/pull/2763) - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2779](https://github.com/zarf-dev/zarf/pull/2779) - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2782](https://github.com/zarf-dev/zarf/pull/2782) #### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes ### [`v38.7.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1) See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more changes ### [`v38.7.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.5.0...38.7.0) See https://github.com/renovatebot/renovate/releases/tag/38.7.0 for more changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-sonarqube). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-valkey
Jul 31, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-valkey). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Release-As: v7.2.5-uds.3
Racer159
referenced
this pull request
in defenseunicorns/uds-package-postgres-operator
Jul 31, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-postgres-operator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Release-As: v1.12.2-uds.2
Racer159
referenced
this pull request
in defenseunicorns/uds-package-gitlab-runner
Jul 31, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com> Release-As: v17.1.0-uds.1
Racer159
referenced
this pull request
in defenseunicorns/uds-software-factory
Aug 1, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-package-gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | | minor | `v17.1.2-uds.1` -> `v17.2.1-uds.0` | | [defenseunicorns/uds-package-gitlab-runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | | patch | `v17.1.0-uds.0` -> `v17.1.0-uds.1` | | [defenseunicorns/uds-package-sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | | major | `v9.9.5-uds.1` -> `v10.6.0-uds.0` | | ghcr.io/defenseunicorns/packages/uds/gitlab | | minor | `17.1.2-uds.1-upstream` -> `17.2.1-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | | patch | `17.1.0-uds.0-upstream` -> `17.1.0-uds.1-upstream` | | ghcr.io/defenseunicorns/packages/uds/postgres-operator | | patch | `1.12.2-uds.1-upstream` -> `1.12.2-uds.2-upstream` | | ghcr.io/defenseunicorns/packages/uds/sonarqube | | major | `9.9.5-uds.1-upstream` -> `10.6.0-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/valkey | | patch | `7.2.5-uds.2-upstream` -> `7.2.6-uds.0-upstream` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>defenseunicorns/uds-package-gitlab (defenseunicorns/uds-package-gitlab)</summary> ### [`v17.2.1-uds.0`](https://github.com/defenseunicorns/uds-package-gitlab/releases/tag/v17.2.1-uds.0) [Compare Source](https://github.com/defenseunicorns/uds-package-gitlab/compare/v17.1.2-uds.1...v17.2.1-uds.0) ##### ⚠ BREAKING CHANGES - remove egress anywhere for SSO ([#​177](https://github.com/defenseunicorns/uds-package-gitlab/issues/177)) ##### Miscellaneous - add PeerAuthentication docs and Made for UDS Badge ([#​174](https://github.com/defenseunicorns/uds-package-gitlab/issues/174)) ([4909378](https://github.com/defenseunicorns/uds-package-gitlab/commit/49093782822332152dd3e74e7442e8509d1742e9)) - **deps:** update gitlab package dependencies ([#​171](https://github.com/defenseunicorns/uds-package-gitlab/issues/171)) ([f9c0081](https://github.com/defenseunicorns/uds-package-gitlab/commit/f9c00818b401d9d792f936a0c726abfd8fd96a77)) - **deps:** update gitlab support dependencies ([#​175](https://github.com/defenseunicorns/uds-package-gitlab/issues/175)) ([d7be43a](https://github.com/defenseunicorns/uds-package-gitlab/commit/d7be43a755c8ce44cc0d20c06a51ae090771df5f)) - remove egress anywhere for SSO ([#​177](https://github.com/defenseunicorns/uds-package-gitlab/issues/177)) ([996181d](https://github.com/defenseunicorns/uds-package-gitlab/commit/996181dca6784786372ff77e00606c2d66e7fe41)) - swap to `openid-connect` instead of `_` ([#​179](https://github.com/defenseunicorns/uds-package-gitlab/issues/179)) ([59e3954](https://github.com/defenseunicorns/uds-package-gitlab/commit/59e3954f36959b32dce0fbc64c591a0b18d05626)) </details> <details> <summary>defenseunicorns/uds-package-gitlab-runner (defenseunicorns/uds-package-gitlab-runner)</summary> ### [`v17.1.0-uds.1`](https://github.com/defenseunicorns/uds-package-gitlab-runner/releases/tag/v17.1.0-uds.1) [Compare Source](https://github.com/defenseunicorns/uds-package-gitlab-runner/compare/v17.1.0-uds.0...v17.1.0-uds.1) ##### Features - enable prometheus metrics to be Made for UDS ([#​111](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/111)) ([27001f1](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/27001f1bea898bc4cbca7cbd45f90c7ac3dfad26)) ##### Miscellaneous - **deps:** update gitlab runner support dependencies ([#​110](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/110)) ([087aefc](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/087aefcc31f0ac2804659c0d02e41b106246491e)) - **deps:** update support-deps to v3.25.15 ([#​107](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/107)) ([dafe6b2](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/dafe6b2b13a7464782b5885d2099aa84b20ebf7f)) </details> <details> <summary>defenseunicorns/uds-package-sonarqube (defenseunicorns/uds-package-sonarqube)</summary> ### [`v10.6.0-uds.0`](https://github.com/defenseunicorns/uds-package-sonarqube/releases/tag/v10.6.0-uds.0) [Compare Source](https://github.com/defenseunicorns/uds-package-sonarqube/compare/v9.9.5-uds.1...v10.6.0-uds.0) ##### ⚠ BREAKING CHANGES - update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR flavor ([#​100](https://github.com/defenseunicorns/uds-package-sonarqube/issues/100)) - remove egress anywhere for SSO ([#​102](https://github.com/defenseunicorns/uds-package-sonarqube/issues/102)) ##### Miscellaneous - add architecture to save logs suffix on tag-and-release ([#​92](https://github.com/defenseunicorns/uds-package-sonarqube/issues/92)) ([5fbe70c](https://github.com/defenseunicorns/uds-package-sonarqube/commit/5fbe70ce2cbbd83363e3a03b19bf2a3848eade3f)) - **deps:** update sonarqube support dependencies ([#​101](https://github.com/defenseunicorns/uds-package-sonarqube/issues/101)) ([074db36](https://github.com/defenseunicorns/uds-package-sonarqube/commit/074db362f834d6672603d7e281b265a35c9885cf)) - **deps:** update sonarqube support dependencies ([#​103](https://github.com/defenseunicorns/uds-package-sonarqube/issues/103)) ([ee1c448](https://github.com/defenseunicorns/uds-package-sonarqube/commit/ee1c4484f636b12872838f0ecdadb59a74458f03)) - **deps:** update sonarqube support dependencies ([#​93](https://github.com/defenseunicorns/uds-package-sonarqube/issues/93)) ([47b6bdc](https://github.com/defenseunicorns/uds-package-sonarqube/commit/47b6bdc2fc34a903aa162cf4d08139c40368b9a4)) - **deps:** update sonarqube support dependencies ([#​98](https://github.com/defenseunicorns/uds-package-sonarqube/issues/98)) ([3d342e5](https://github.com/defenseunicorns/uds-package-sonarqube/commit/3d342e5a39e6745f134d5fbf6822948efb03dbe3)) - fix sonarqube runner to big-boy-4-core ([#​106](https://github.com/defenseunicorns/uds-package-sonarqube/issues/106)) ([01d883f](https://github.com/defenseunicorns/uds-package-sonarqube/commit/01d883f6eed9a690e2628a23be51b14a4c46a318)) - remove egress anywhere for SSO ([#​102](https://github.com/defenseunicorns/uds-package-sonarqube/issues/102)) ([2c5dd72](https://github.com/defenseunicorns/uds-package-sonarqube/commit/2c5dd7264308e2e94734c6d8aea910bc979bea42)) - update license ([#​89](https://github.com/defenseunicorns/uds-package-sonarqube/issues/89)) ([c078724](https://github.com/defenseunicorns/uds-package-sonarqube/commit/c078724aac7d441824678d467b7ae042e1a43066)) - update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR flavor ([#​100](https://github.com/defenseunicorns/uds-package-sonarqube/issues/100)) ([d3ee872](https://github.com/defenseunicorns/uds-package-sonarqube/commit/d3ee8728a41635702ca056859c0c7b0cc5359b84)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-software-factory). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJidW5kbGUtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
yurishkuro
referenced
this pull request
in jaegertracing/jaeger
Aug 1, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
ramonpetgrave64
referenced
this pull request
in slsa-framework/slsa-github-generator
Aug 2, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `692973e` -> `9a9194f` | | [actions/download-artifact](https://github.com/actions/download-artifact) | action | patch | `v4.1.7` -> `v4.1.8` | | [actions/setup-go](https://github.com/actions/setup-go) | action | patch | `v5.0.1` -> `v5.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | action | patch | `v4.0.2` -> `v4.0.3` | | [actions/setup-node](https://github.com/actions/setup-node) | action | digest | `60edb5d` -> `1e60f62` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.3` -> `v4.3.5` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.11` -> `v3.25.15` | | [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) | action | minor | `v3.4.2` -> `v3.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | action | patch | `v2.0.6` -> `v2.0.8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.8`](https://github.com/actions/download-artifact/releases/tag/v4.1.8) [Compare Source](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8) #### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [https://github.com/actions/download-artifact/pull/341](https://github.com/actions/download-artifact/pull/341) **Full Changelog**: actions/download-artifact@v4...v4.1.8 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.2`](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) [Compare Source](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.0.3`](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) ### [`v4.3.4`](https://github.com/actions/upload-artifact/releases/tag/v4.3.4) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) ##### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [https://github.com/actions/upload-artifact/pull/584](https://github.com/actions/upload-artifact/pull/584) **Full Changelog**: actions/upload-artifact@v4.3.3...v4.3.4 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) </details> <details> <summary>gradle/gradle-build-action (gradle/gradle-build-action)</summary> ### [`v3.5.0`](https://github.com/gradle/gradle-build-action/releases/tag/v3.5.0) [Compare Source](https://github.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0) > \[!IMPORTANT] > As of `v3` this action has been superceded by `gradle/actions/setup-gradle`. > Any workflow that uses `gradle/gradle-build-action@v3` will transparently delegate to `gradle/actions/setup-gradle@v3`. > > Users are encouraged to update their workflows, replacing: > > uses: gradle/gradle-build-action@v3 > > with > > uses: gradle/actions/setup-gradle@v3 > > See the [setup-gradle documentation](https://github.com/gradle/actions/tree/main/setup-gradle) for up-to-date documentation for `gradle/actions/setup-gradle`. For release details, see https://github.com/gradle/actions/releases/tag/v3.5.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.0.8`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.8) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - chore(deps): bump prettier from 2.8.0 to 3.3.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/480](https://github.com/softprops/action-gh-release/pull/480) - chore(deps): bump [@​types/node](https://github.com/types/node) from 20.14.9 to 20.14.11 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/483](https://github.com/softprops/action-gh-release/pull/483) - chore(deps): bump [@​octokit/plugin-throttling](https://github.com/octokit/plugin-throttling) from 9.3.0 to 9.3.1 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/484](https://github.com/softprops/action-gh-release/pull/484) - chore(deps): bump glob from 10.4.2 to 11.0.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/477](https://github.com/softprops/action-gh-release/pull/477) - refactor: write jest config in ts by [@​chenrui333](https://github.com/chenrui333) in [https://github.com/softprops/action-gh-release/pull/485](https://github.com/softprops/action-gh-release/pull/485) - chore(deps): bump [@​actions/github](https://github.com/actions/github) from 5.1.1 to 6.0.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/470](https://github.com/softprops/action-gh-release/pull/470) **Full Changelog**: softprops/action-gh-release@v2...v2.0.8 ### [`v2.0.7`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.7) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - Fix missing update release body by [@​FirelightFlagboy](https://github.com/FirelightFlagboy) in [https://github.com/softprops/action-gh-release/pull/365](https://github.com/softprops/action-gh-release/pull/365) ##### Other Changes 🔄 - Bump [@​octokit/plugin-retry](https://github.com/octokit/plugin-retry) from 4.0.3 to 7.1.1 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/443](https://github.com/softprops/action-gh-release/pull/443) - Bump typescript from 4.9.5 to 5.5.2 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/467](https://github.com/softprops/action-gh-release/pull/467) - Bump [@​types/node](https://github.com/types/node) from 20.14.6 to 20.14.8 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/469](https://github.com/softprops/action-gh-release/pull/469) - Bump [@​types/node](https://github.com/types/node) from 20.14.8 to 20.14.9 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/473](https://github.com/softprops/action-gh-release/pull/473) - Bump typescript from 5.5.2 to 5.5.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/472](https://github.com/softprops/action-gh-release/pull/472) - Bump ts-jest from 29.1.5 to 29.2.2 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/479](https://github.com/softprops/action-gh-release/pull/479) - docs: document that existing releases are updated by [@​jvanbruegge](https://github.com/jvanbruegge) in [https://github.com/softprops/action-gh-release/pull/474](https://github.com/softprops/action-gh-release/pull/474) #### New Contributors - [@​jvanbruegge](https://github.com/jvanbruegge) made their first contribution in [https://github.com/softprops/action-gh-release/pull/474](https://github.com/softprops/action-gh-release/pull/474) - [@​FirelightFlagboy](https://github.com/FirelightFlagboy) made their first contribution in [https://github.com/softprops/action-gh-release/pull/365](https://github.com/softprops/action-gh-release/pull/365) **Full Changelog**: softprops/action-gh-release@v2.0.6...v2.0.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
JaredTan95
referenced
this pull request
in JaredTan95/jaeger
Aug 7, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>
Racer159
referenced
this pull request
in defenseunicorns/uds-package-mattermost
Aug 7, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.4` -> `v4.3.6` | | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.37.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | action | minor | `v3.5.0` -> `v3.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | action | minor | `v3.25.14` -> `v3.26.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.7.0` -> `38.21.1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | patch | `v2.9.0` -> `v2.9.1` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.6`](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) ##### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2730](https://github.com/zarf-dev/zarf/pull/2730) - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2736](https://github.com/zarf-dev/zarf/pull/2736) - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2733](https://github.com/zarf-dev/zarf/pull/2733) - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2739](https://github.com/zarf-dev/zarf/pull/2739) - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [https://github.com/zarf-dev/zarf/pull/2729](https://github.com/zarf-dev/zarf/pull/2729) - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2734](https://github.com/zarf-dev/zarf/pull/2734) - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [https://github.com/zarf-dev/zarf/pull/2741](https://github.com/zarf-dev/zarf/pull/2741) - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2742](https://github.com/zarf-dev/zarf/pull/2742) - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2744](https://github.com/zarf-dev/zarf/pull/2744) - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2719](https://github.com/zarf-dev/zarf/pull/2719) - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2720](https://github.com/zarf-dev/zarf/pull/2720) - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2618](https://github.com/zarf-dev/zarf/pull/2618) - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2745](https://github.com/zarf-dev/zarf/pull/2745) - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2722](https://github.com/zarf-dev/zarf/pull/2722) - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2747](https://github.com/zarf-dev/zarf/pull/2747) - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2527](https://github.com/zarf-dev/zarf/pull/2527) - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2752](https://github.com/zarf-dev/zarf/pull/2752) - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2755](https://github.com/zarf-dev/zarf/pull/2755) - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2746](https://github.com/zarf-dev/zarf/pull/2746) - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2735](https://github.com/zarf-dev/zarf/pull/2735) - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2764](https://github.com/zarf-dev/zarf/pull/2764) - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2750](https://github.com/zarf-dev/zarf/pull/2750) - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2585](https://github.com/zarf-dev/zarf/pull/2585) - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2751](https://github.com/zarf-dev/zarf/pull/2751) - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2759](https://github.com/zarf-dev/zarf/pull/2759) - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2588](https://github.com/zarf-dev/zarf/pull/2588) - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2766](https://github.com/zarf-dev/zarf/pull/2766) - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2762](https://github.com/zarf-dev/zarf/pull/2762) - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2770](https://github.com/zarf-dev/zarf/pull/2770) - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [https://github.com/zarf-dev/zarf/pull/2769](https://github.com/zarf-dev/zarf/pull/2769) - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2774](https://github.com/zarf-dev/zarf/pull/2774) - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2771](https://github.com/zarf-dev/zarf/pull/2771) - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2487](https://github.com/zarf-dev/zarf/pull/2487) - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2763](https://github.com/zarf-dev/zarf/pull/2763) - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2779](https://github.com/zarf-dev/zarf/pull/2779) - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2782](https://github.com/zarf-dev/zarf/pull/2782) ##### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>docker/setup-buildx-action (docker/setup-buildx-action)</summary> ### [`v3.6.1`](https://github.com/docker/setup-buildx-action/releases/tag/v3.6.1) [Compare Source](https://github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1) - Check for malformed docker context by [@​crazy-max](https://github.com/crazy-max) in [https://github.com/docker/setup-buildx-action/pull/347](https://github.com/docker/setup-buildx-action/pull/347) **Full Changelog**: docker/setup-buildx-action@v3.6.0...v3.6.1 ### [`v3.6.0`](https://github.com/docker/setup-buildx-action/releases/tag/v3.6.0) [Compare Source](https://github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0) - Create temp docker context if default one has TLS data loaded before creating a container builder by [@​crazy-max](https://github.com/crazy-max) in [https://github.com/docker/setup-buildx-action/pull/341](https://github.com/docker/setup-buildx-action/pull/341) **Full Changelog**: docker/setup-buildx-action@v3.5.0...v3.6.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.0`](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.21.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1) See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for more changes ### [`v38.21.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0) See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for more changes ### [`v38.20.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1) See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for more changes ### [`v38.19.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2) See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for more changes ### [`v38.19.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1) See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for more changes ### [`v38.19.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0) See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for more changes ### [`v38.18.17`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17) See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for more changes ### [`v38.18.16`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16) See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for more changes ### [`v38.18.15`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15) See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for more changes ### [`v38.18.14`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14) See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for more changes ### [`v38.18.12`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12) See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for more changes ### [`v38.18.11`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11) See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for more changes ### [`v38.18.10`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10) See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for more changes ### [`v38.18.9`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9) See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for more changes ### [`v38.18.8`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8) See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for more changes ### [`v38.18.7`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7) See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for more changes ### [`v38.18.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5) See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for more changes ### [`v38.18.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4) See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for more changes ### [`v38.18.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1) See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for more changes ### [`v38.18.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0) See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for more changes ### [`v38.17.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1) See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for more changes ### [`v38.16.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0) See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for more changes ### [`v38.15.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0) See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for more changes ### [`v38.14.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0) See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for more changes ### [`v38.13.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4) See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for more changes ### [`v38.13.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3) See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for more changes ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for more changes ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes ### [`v38.7.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1) See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more changes </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.1`](https://github.com/step-security/harden-runner/releases/tag/v2.9.1) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.9.0...v2.9.1) ##### What's Changed Release v2.9.1 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [#​440](https://github.com/step-security/harden-runner/issues/440) This release includes two changes: 1. Updated markdown displayed in the job summary by the Harden-Runner Action. 2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list. **Full Changelog**: step-security/harden-runner@v2...v2.9.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95
referenced
this pull request
in JaredTan95/jaeger
Aug 8, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>
zachariahmiller
referenced
this pull request
in defenseunicorns/uds-package-gitlab
Aug 9, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.4` -> `v4.3.6` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.11.2` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.11.2` | | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.38.0` | | [github/codeql-action](https://github.com/github/codeql-action) | action | minor | `v3.25.15` -> `v3.26.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.7.1` -> `38.23.2` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.6`](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.11.2`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.2) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.11.1...v0.11.2) ##### Miscellaneous - refine package selection logic for publishing ([#​207](https://github.com/defenseunicorns/uds-common/issues/207)) ([7e1c03a](https://github.com/defenseunicorns/uds-common/commit/7e1c03abede1d4a3f91bb122fe5fff6abbb73311)) ### [`v0.11.1`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.1) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.11.0...v0.11.1) ##### Bug Fixes - renovate ghcr host docker type ([#​201](https://github.com/defenseunicorns/uds-common/issues/201)) ([9c298e0](https://github.com/defenseunicorns/uds-common/commit/9c298e08417ce928dbbf4356c23182f8b1a62ffb)) - renovate typo token/password ([#​202](https://github.com/defenseunicorns/uds-common/issues/202)) ([5d7ea03](https://github.com/defenseunicorns/uds-common/commit/5d7ea03815929a662c529b2078bdf895d8f3ac1b)) - update renovate creds ([#​200](https://github.com/defenseunicorns/uds-common/issues/200)) ([1c6eb24](https://github.com/defenseunicorns/uds-common/commit/1c6eb24f37b4059589a70c9addeffb80895d450b)) ##### Miscellaneous - add renovate support for org ghcr packages ([#​199](https://github.com/defenseunicorns/uds-common/issues/199)) ([2c5de9c](https://github.com/defenseunicorns/uds-common/commit/2c5de9cc41cad9d1e02faf39c0cad364933f335f)) - **deps:** update uds common support dependencies ([#​195](https://github.com/defenseunicorns/uds-common/issues/195)) ([04b6409](https://github.com/defenseunicorns/uds-common/commit/04b64091ba0528463713f66d8167572a533e0c3d)) - fix codeowners ([#​196](https://github.com/defenseunicorns/uds-common/issues/196)) ([856ef22](https://github.com/defenseunicorns/uds-common/commit/856ef221b39e65070e966942b42e79d408f59b76)) ### [`v0.11.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.10.0...v0.11.0) ##### Features - add support for uds-core snapshots ([#​193](https://github.com/defenseunicorns/uds-common/issues/193)) ([7a39915](https://github.com/defenseunicorns/uds-common/commit/7a39915ceff7a1a9e319846042ab74390fda6f2b)) ##### Miscellaneous - **deps:** update uds common support dependencies ([#​187](https://github.com/defenseunicorns/uds-common/issues/187)) ([a0bbfb0](https://github.com/defenseunicorns/uds-common/commit/a0bbfb043e670a175fbdc44585e2bbb5b695acf7)) ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.38.0`](https://github.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0) ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) ##### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2730](https://github.com/zarf-dev/zarf/pull/2730) - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2736](https://github.com/zarf-dev/zarf/pull/2736) - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2733](https://github.com/zarf-dev/zarf/pull/2733) - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2739](https://github.com/zarf-dev/zarf/pull/2739) - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [https://github.com/zarf-dev/zarf/pull/2729](https://github.com/zarf-dev/zarf/pull/2729) - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2734](https://github.com/zarf-dev/zarf/pull/2734) - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [https://github.com/zarf-dev/zarf/pull/2741](https://github.com/zarf-dev/zarf/pull/2741) - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2742](https://github.com/zarf-dev/zarf/pull/2742) - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2744](https://github.com/zarf-dev/zarf/pull/2744) - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2719](https://github.com/zarf-dev/zarf/pull/2719) - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2720](https://github.com/zarf-dev/zarf/pull/2720) - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2618](https://github.com/zarf-dev/zarf/pull/2618) - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2745](https://github.com/zarf-dev/zarf/pull/2745) - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2722](https://github.com/zarf-dev/zarf/pull/2722) - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2747](https://github.com/zarf-dev/zarf/pull/2747) - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2527](https://github.com/zarf-dev/zarf/pull/2527) - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2752](https://github.com/zarf-dev/zarf/pull/2752) - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2755](https://github.com/zarf-dev/zarf/pull/2755) - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2746](https://github.com/zarf-dev/zarf/pull/2746) - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [https://github.com/zarf-dev/zarf/pull/2735](https://github.com/zarf-dev/zarf/pull/2735) - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2764](https://github.com/zarf-dev/zarf/pull/2764) - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [https://github.com/zarf-dev/zarf/pull/2750](https://github.com/zarf-dev/zarf/pull/2750) - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2585](https://github.com/zarf-dev/zarf/pull/2585) - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2751](https://github.com/zarf-dev/zarf/pull/2751) - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2759](https://github.com/zarf-dev/zarf/pull/2759) - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2588](https://github.com/zarf-dev/zarf/pull/2588) - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2766](https://github.com/zarf-dev/zarf/pull/2766) - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2762](https://github.com/zarf-dev/zarf/pull/2762) - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2770](https://github.com/zarf-dev/zarf/pull/2770) - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [https://github.com/zarf-dev/zarf/pull/2769](https://github.com/zarf-dev/zarf/pull/2769) - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2774](https://github.com/zarf-dev/zarf/pull/2774) - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2771](https://github.com/zarf-dev/zarf/pull/2771) - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [https://github.com/zarf-dev/zarf/pull/2487](https://github.com/zarf-dev/zarf/pull/2487) - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/2763](https://github.com/zarf-dev/zarf/pull/2763) - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2779](https://github.com/zarf-dev/zarf/pull/2779) - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/2782](https://github.com/zarf-dev/zarf/pull/2782) ##### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [https://github.com/zarf-dev/zarf/pull/2731](https://github.com/zarf-dev/zarf/pull/2731) **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.0`](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.23.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.23.1...38.23.2) See https://github.com/renovatebot/renovate/releases/tag/38.23.2 for more changes ### [`v38.23.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.23.0...38.23.1) See https://github.com/renovatebot/renovate/releases/tag/38.23.1 for more changes ### [`v38.23.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.4...38.23.0) See https://github.com/renovatebot/renovate/releases/tag/38.23.0 for more changes ### [`v38.21.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.3...38.21.4) See https://github.com/renovatebot/renovate/releases/tag/38.21.4 for more changes ### [`v38.21.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.2...38.21.3) See https://github.com/renovatebot/renovate/releases/tag/38.21.3 for more changes ### [`v38.21.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.1...38.21.2) See https://github.com/renovatebot/renovate/releases/tag/38.21.2 for more changes ### [`v38.21.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1) See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for more changes ### [`v38.21.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0) See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for more changes ### [`v38.20.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1) See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for more changes ### [`v38.19.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2) See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for more changes ### [`v38.19.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1) See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for more changes ### [`v38.19.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0) See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for more changes ### [`v38.18.17`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17) See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for more changes ### [`v38.18.16`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16) See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for more changes ### [`v38.18.15`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15) See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for more changes ### [`v38.18.14`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14) See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for more changes ### [`v38.18.12`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12) See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for more changes ### [`v38.18.11`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11) See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for more changes ### [`v38.18.10`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10) See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for more changes ### [`v38.18.9`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9) See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for more changes ### [`v38.18.8`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8) See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for more changes ### [`v38.18.7`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7) See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for more changes ### [`v38.18.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5) See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for more changes ### [`v38.18.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4) See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for more changes ### [`v38.18.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1) See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for more changes ### [`v38.18.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0) See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for more changes ### [`v38.17.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1) See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for more changes ### [`v38.16.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0) See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for more changes ### [`v38.15.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0) See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for more changes ### [`v38.14.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0) See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for more changes ### [`v38.13.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4) See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for more changes ### [`v38.13.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3) See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for more changes ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for more changes ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot
referenced
this pull request
in Tuhura-Tech/wiki
Aug 11, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/Tuhura-Tech/wiki). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95
referenced
this pull request
in JaredTan95/jaeger
Aug 13, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95
referenced
this pull request
in JaredTan95/jaeger
Aug 14, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>
ramonpetgrave64
referenced
this pull request
in slsa-framework/slsa-github-generator
Aug 16, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `692973e` -> `9a9194f` | | [actions/download-artifact](https://github.com/actions/download-artifact) | action | patch | `v4.1.7` -> `v4.1.8` | | [actions/setup-go](https://github.com/actions/setup-go) | action | patch | `v5.0.1` -> `v5.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | action | patch | `v4.0.2` -> `v4.0.3` | | [actions/setup-node](https://github.com/actions/setup-node) | action | digest | `60edb5d` -> `1e60f62` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.3` -> `v4.3.5` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.11` -> `v3.25.15` | | [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) | action | minor | `v3.4.2` -> `v3.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | action | patch | `v2.0.6` -> `v2.0.8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.8`](https://github.com/actions/download-artifact/releases/tag/v4.1.8) [Compare Source](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8) #### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [https://github.com/actions/download-artifact/pull/341](https://github.com/actions/download-artifact/pull/341) **Full Changelog**: actions/download-artifact@v4...v4.1.8 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.2`](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) [Compare Source](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.0.3`](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) ### [`v4.3.4`](https://github.com/actions/upload-artifact/releases/tag/v4.3.4) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) ##### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [https://github.com/actions/upload-artifact/pull/584](https://github.com/actions/upload-artifact/pull/584) **Full Changelog**: actions/upload-artifact@v4.3.3...v4.3.4 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) </details> <details> <summary>gradle/gradle-build-action (gradle/gradle-build-action)</summary> ### [`v3.5.0`](https://github.com/gradle/gradle-build-action/releases/tag/v3.5.0) [Compare Source](https://github.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0) > \[!IMPORTANT] > As of `v3` this action has been superceded by `gradle/actions/setup-gradle`. > Any workflow that uses `gradle/gradle-build-action@v3` will transparently delegate to `gradle/actions/setup-gradle@v3`. > > Users are encouraged to update their workflows, replacing: > > uses: gradle/gradle-build-action@v3 > > with > > uses: gradle/actions/setup-gradle@v3 > > See the [setup-gradle documentation](https://github.com/gradle/actions/tree/main/setup-gradle) for up-to-date documentation for `gradle/actions/setup-gradle`. For release details, see https://github.com/gradle/actions/releases/tag/v3.5.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.0.8`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.8) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - chore(deps): bump prettier from 2.8.0 to 3.3.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/480](https://github.com/softprops/action-gh-release/pull/480) - chore(deps): bump [@​types/node](https://github.com/types/node) from 20.14.9 to 20.14.11 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/483](https://github.com/softprops/action-gh-release/pull/483) - chore(deps): bump [@​octokit/plugin-throttling](https://github.com/octokit/plugin-throttling) from 9.3.0 to 9.3.1 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/484](https://github.com/softprops/action-gh-release/pull/484) - chore(deps): bump glob from 10.4.2 to 11.0.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/477](https://github.com/softprops/action-gh-release/pull/477) - refactor: write jest config in ts by [@​chenrui333](https://github.com/chenrui333) in [https://github.com/softprops/action-gh-release/pull/485](https://github.com/softprops/action-gh-release/pull/485) - chore(deps): bump [@​actions/github](https://github.com/actions/github) from 5.1.1 to 6.0.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/470](https://github.com/softprops/action-gh-release/pull/470) **Full Changelog**: softprops/action-gh-release@v2...v2.0.8 ### [`v2.0.7`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.7) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - Fix missing update release body by [@​FirelightFlagboy](https://github.com/FirelightFlagboy) in [https://github.com/softprops/action-gh-release/pull/365](https://github.com/softprops/action-gh-release/pull/365) ##### Other Changes 🔄 - Bump [@​octokit/plugin-retry](https://github.com/octokit/plugin-retry) from 4.0.3 to 7.1.1 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/443](https://github.com/softprops/action-gh-release/pull/443) - Bump typescript from 4.9.5 to 5.5.2 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/467](https://github.com/softprops/action-gh-release/pull/467) - Bump [@​types/node](https://github.com/types/node) from 20.14.6 to 20.14.8 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/469](https://github.com/softprops/action-gh-release/pull/469) - Bump [@​types/node](https://github.com/types/node) from 20.14.8 to 20.14.9 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/473](https://github.com/softprops/action-gh-release/pull/473) - Bump typescript from 5.5.2 to 5.5.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/472](https://github.com/softprops/action-gh-release/pull/472) - Bump ts-jest from 29.1.5 to 29.2.2 by [@​dependabot](https://github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/479](https://github.com/softprops/action-gh-release/pull/479) - docs: document that existing releases are updated by [@​jvanbruegge](https://github.com/jvanbruegge) in [https://github.com/softprops/action-gh-release/pull/474](https://github.com/softprops/action-gh-release/pull/474) #### New Contributors - [@​jvanbruegge](https://github.com/jvanbruegge) made their first contribution in [https://github.com/softprops/action-gh-release/pull/474](https://github.com/softprops/action-gh-release/pull/474) - [@​FirelightFlagboy](https://github.com/FirelightFlagboy) made their first contribution in [https://github.com/softprops/action-gh-release/pull/365](https://github.com/softprops/action-gh-release/pull/365) **Full Changelog**: softprops/action-gh-release@v2.0.6...v2.0.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
JaredTan95
referenced
this pull request
in JaredTan95/jaeger
Aug 28, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://github.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://github.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>
hogo6002
referenced
this pull request
in google/osv.dev
Sep 5, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5.1.1` -> `v5.2.0` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v3.1.3` -> `v3.2.1` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v2.25.12` -> `v2.26.6` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | minor | `v1.9.0` -> `v1.10.1` | --- ### Release Notes <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v3.2.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v3.2.0...v3.2.1) #### What's Changed This fixes the `include-hidden-files` input introduced in https://github.com/actions/upload-artifact/releases/tag/v3.2.0 - Ensure hidden files input is used by [@​joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/609](https://redirect.github.com/actions/upload-artifact/pull/609) **Full Changelog**: actions/upload-artifact@v3.2.0...v3.2.1 ### [`v3.2.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v3.1.3...v3.2.0) #### Notice: Breaking Changes⚠️ We will no longer include hidden files and folders by default in the `upload-artifact` action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, `include-hidden-files`, to continue to do so. See ["Notice of upcoming deprecations and breaking changes in GitHub Actions runners"](https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/) changelog and [this issue](https://redirect.github.com/actions/upload-artifact/issues/602) for more details. #### What's Changed - V3 backport: Exclude hidden files by default by [@​SrRyan](https://redirect.github.com/SrRyan) in [https://github.com/actions/upload-artifact/pull/604](https://redirect.github.com/actions/upload-artifact/pull/604) **Full Changelog**: actions/upload-artifact@v3.1.3...v3.2.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.26.6`](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) ### [`v2.26.5`](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) ### [`v2.26.4`](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) ### [`v2.26.3`](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) ### [`v2.26.2`](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) ### [`v2.26.1`](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) ### [`v2.26.0`](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) ### [`v2.25.15`](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) ### [`v2.25.14`](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) ### [`v2.25.13`](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1) #### 🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via pypa/gh-action-pypi-publish@0ab0b79, though. So everything's good! \-- [@​webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz) > \[!IMPORTANT] > ✨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) like this: > > ```yml > with: > attestations: true > ``` > > Leave feedback in [the v1.10.0 release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.10.0...v1.10.1 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) **🙏 Special Thanks** to [@​hugovk](https://redirect.github.com/hugovk)[💰](https://redirect.github.com/sponsors/hugovk) for [promptly validating the bug fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847), mere minutes after I pushed it — I even haven't finished writing this text by then! ### [`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0) #### 🔏 Anything fancy, eh? This time, [@​woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) implemented support for [PEP 740] attestations functionality in [#​236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236) and [#​245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245). This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way. > \[!IMPORTANT] > ✨ Please, do opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) as follows: > > ```yml > with: > attestations: true > ``` > > Leave any feedback on this in [this release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). 🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @&#[https://github.com/pypi/warehouse/issues/15871](https://redirect.github.com/pypi/warehouse/issues/15871)/15871, by the way. **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.9.0...v1.10.0 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) [PEP 740]: https://peps.python.org/pep-0740/ </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
renovate bot
referenced
this pull request
in redwoodjs/redwood
Sep 9, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.1` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 ### [`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Josh-Walker-GM
referenced
this pull request
in redwoodjs/redwood
Sep 10, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.1` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 ### [`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cuixq
referenced
this pull request
in google/osv.dev
Sep 11, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5.1.1` -> `v5.2.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v2.25.12` -> `v2.26.6` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | minor | `v1.9.0` -> `v1.10.1` | --- ### Release Notes <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.26.6`](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) ### [`v2.26.5`](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) ### [`v2.26.4`](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) ### [`v2.26.3`](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) ### [`v2.26.2`](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) ### [`v2.26.1`](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) ### [`v2.26.0`](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) ### [`v2.25.15`](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) ### [`v2.25.14`](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) ### [`v2.25.13`](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1) #### 🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via pypa/gh-action-pypi-publish@0ab0b79, though. So everything's good! \-- [@​webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz) > \[!IMPORTANT] > ✨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) like this: > > ```yml > with: > attestations: true > ``` > > Leave feedback in [the v1.10.0 release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.10.0...v1.10.1 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) **🙏 Special Thanks** to [@​hugovk](https://redirect.github.com/hugovk)[💰](https://redirect.github.com/sponsors/hugovk) for [promptly validating the bug fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847), mere minutes after I pushed it — I even haven't finished writing this text by then! ### [`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0) #### 🔏 Anything fancy, eh? This time, [@​woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) implemented support for [PEP 740] attestations functionality in [#​236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236) and [#​245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245). This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way. > \[!IMPORTANT] > ✨ Please, do opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) as follows: > > ```yml > with: > attestations: true > ``` > > Leave any feedback on this in [this release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). 🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @&#[https://github.com/pypi/warehouse/issues/15871](https://redirect.github.com/pypi/warehouse/issues/15871)/15871, by the way. **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.9.0...v1.10.0 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) [PEP 740]: https://peps.python.org/pep-0740/ </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Racer159
referenced
this pull request
in defenseunicorns/maru-runner
Sep 20, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) | action | minor | `v1.10.3` -> `v1.11.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | patch | `v4.0.3` -> `v4.0.4` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.3.4` -> `v4.4.0` | | [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action) | action | minor | `v0.16.1` -> `v0.17.2` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | minor | `v3.4.0` -> `n/a` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.25.12` -> `v3.26.8` | | morphy/revive-action | docker | digest | `087d4e6` -> `540bffd` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [sigstore/cosign-installer](https://redirect.github.com/sigstore/cosign-installer) | action | minor | `v3.5.0` -> `n/a` | | [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor | `v0.39.0` -> `v0.40.1` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v1.11.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.0) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0) ##### What's Changed ##### Features - Allow repositories input to be comma or newline-separated by [@​peter-evans](https://redirect.github.com/peter-evans) in [https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169) ##### New Contributors - [@​peter-evans](https://redirect.github.com/peter-evans) made their first contribution in [https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169) **Full Changelog**: actions/create-github-app-token@v1.10.4...v1.11.0 ### [`v1.10.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.10.4) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4) ##### Bug Fixes - **deps:** bump the production-dependencies group across 1 directory with 3 updates ([#​166](https://redirect.github.com/actions/create-github-app-token/issues/166)) ([e177c20](https://redirect.github.com/actions/create-github-app-token/commit/e177c20e0f736e68f4a37ffee6aa32c73da13988)), closes [#​641](https://redirect.github.com/actions/create-github-app-token/issues/641) [#​641](https://redirect.github.com/actions/create-github-app-token/issues/641) [#​639](https://redirect.github.com/actions/create-github-app-token/issues/639) [#​638](https://redirect.github.com/actions/create-github-app-token/issues/638) [#​637](https://redirect.github.com/actions/create-github-app-token/issues/637) [#​636](https://redirect.github.com/actions/create-github-app-token/issues/636) [#​633](https://redirect.github.com/actions/create-github-app-token/issues/633) [#​632](https://redirect.github.com/actions/create-github-app-token/issues/632) [#​631](https://redirect.github.com/actions/create-github-app-token/issues/631) [#​630](https://redirect.github.com/actions/create-github-app-token/issues/630) [#​629](https://redirect.github.com/actions/create-github-app-token/issues/629) [#​714](https://redirect.github.com/actions/create-github-app-token/issues/714) [#​711](https://redirect.github.com/actions/create-github-app-token/issues/711) [#​714](https://redirect.github.com/actions/create-github-app-token/issues/714) [#​716](https://redirect.github.com/actions/create-github-app-token/issues/716) [#​711](https://redirect.github.com/actions/create-github-app-token/issues/711) [#​712](https://redirect.github.com/actions/create-github-app-token/issues/712) [#​710](https://redirect.github.com/actions/create-github-app-token/issues/710) [#​709](https://redirect.github.com/actions/create-github-app-token/issues/709) [#​708](https://redirect.github.com/actions/create-github-app-token/issues/708) [#​702](https://redirect.github.com/actions/create-github-app-token/issues/702) [#​706](https://redirect.github.com/actions/create-github-app-token/issues/706) [#​3458](https://redirect.github.com/actions/create-github-app-token/issues/3458) [#​3461](https://redirect.github.com/actions/create-github-app-token/issues/3461) [#​3460](https://redirect.github.com/actions/create-github-app-token/issues/3460) [#​3454](https://redirect.github.com/actions/create-github-app-token/issues/3454) [#​3450](https://redirect.github.com/actions/create-github-app-token/issues/3450) [#​3445](https://redirect.github.com/actions/create-github-app-token/issues/3445) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.0.4`](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) ### [`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>anchore/sbom-action (anchore/sbom-action)</summary> ### [`v0.17.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.2) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2) #### Changes in v0.17.2 - Update Syft to v1.11.1 ([#​485](https://redirect.github.com/anchore/sbom-action/issues/485)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.17.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.1) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1) #### Changes in v0.17.1 - chore(deps): update Syft to v1.11.0 ([#​483](https://redirect.github.com/anchore/sbom-action/issues/483)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.17.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.0) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.1...v0.17.0) #### Changes in v0.17.0 - chore(deps): update Syft to v1.9.0 ([#​479](https://redirect.github.com/anchore/sbom-action/issues/479)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] </details> <details> <summary>docker/setup-buildx-action (docker/setup-buildx-action)</summary> ### [`v3.6.1`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.1) [Compare Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1) - Check for malformed docker context by [@​crazy-max](https://redirect.github.com/crazy-max) in [https://github.com/docker/setup-buildx-action/pull/347](https://redirect.github.com/docker/setup-buildx-action/pull/347) **Full Changelog**: docker/setup-buildx-action@v3.6.0...v3.6.1 ### [`v3.6.0`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.0) [Compare Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0) - Create temp docker context if default one has TLS data loaded before creating a container builder by [@​crazy-max](https://redirect.github.com/crazy-max) in [https://github.com/docker/setup-buildx-action/pull/341](https://redirect.github.com/docker/setup-buildx-action/pull/341) **Full Changelog**: docker/setup-buildx-action@v3.5.0...v3.6.0 ### [`v3.5.0`](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0) [Compare Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) ### [`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) ### [`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) ### [`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) ### [`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) ### [`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) ### [`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) ### [`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) ### [`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) ### [`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.6.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.6.0) [Compare Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0) #### What's Changed - Bump actions/checkout from 4.1.2 to 4.1.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/161](https://redirect.github.com/sigstore/cosign-installer/pull/161) - Bump actions/checkout from 4.1.3 to 4.1.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/162](https://redirect.github.com/sigstore/cosign-installer/pull/162) - Bump actions/setup-go from 5.0.0 to 5.0.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/163](https://redirect.github.com/sigstore/cosign-installer/pull/163) - Bump actions/checkout from 4.1.4 to 4.1.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/164](https://redirect.github.com/sigstore/cosign-installer/pull/164) - Bump actions/checkout from 4.1.5 to 4.1.6 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/165](https://redirect.github.com/sigstore/cosign-installer/pull/165) - Bump actions/checkout from 4.1.6 to 4.1.7 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/166](https://redirect.github.com/sigstore/cosign-installer/pull/166) - Bump actions/setup-go from 5.0.1 to 5.0.2 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/167](https://redirect.github.com/sigstore/cosign-installer/pull/167) - pin public key used for verification by [@​bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/169](https://redirect.github.com/sigstore/cosign-installer/pull/169) - bump default version to v2.4.0 release by [@​bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/168](https://redirect.github.com/sigstore/cosign-installer/pull/168) - update readme for new release by [@​bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/170](https://redirect.github.com/sigstore/cosign-installer/pull/170) **Full Changelog**: sigstore/cosign-installer@v3...v3.6.0 </details> <details> <summary>zarf-dev/zarf (zarf-dev/zarf)</summary> ### [`v0.40.1`](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1) ### [`v0.40.0`](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/maru-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM4LjgwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
yurishkuro
referenced
this pull request
in jaegertracing/jaeger-ui
Sep 25, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.3.4` -> `v4.4.0` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | minor | `v6.4.0` -> `v6.7.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.25.8` -> `v3.26.9` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) ### [`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>docker/build-push-action (docker/build-push-action)</summary> ### [`v6.7.0`](https://redirect.github.com/docker/build-push-action/compare/v6.6.1...v6.7.0) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.6.1...v6.7.0) ### [`v6.6.1`](https://redirect.github.com/docker/build-push-action/releases/tag/v6.6.1) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.6.0...v6.6.1) - Bump [@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit) from 0.37.0 to 0.37.1 in [https://github.com/docker/build-push-action/pull/1205](https://redirect.github.com/docker/build-push-action/pull/1205) **Full Changelog**: docker/build-push-action@v6.6.0...v6.6.1 ### [`v6.6.0`](https://redirect.github.com/docker/build-push-action/compare/v6.5.0...v6.6.0) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.5.0...v6.6.0) ### [`v6.5.0`](https://redirect.github.com/docker/build-push-action/compare/v6.4.1...v6.5.0) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.4.1...v6.5.0) ### [`v6.4.1`](https://redirect.github.com/docker/build-push-action/compare/v6.4.0...v6.4.1) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.4.0...v6.4.1) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.9`](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9) ### [`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) ### [`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) ### [`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) ### [`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) ### [`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) ### [`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) ### [`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) ### [`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) ### [`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) ### [`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://redirect.github.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.11...v3.25.12) ### [`v3.25.11`](https://redirect.github.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.10...v3.25.11) ### [`v3.25.10`](https://redirect.github.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://redirect.github.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.8...v3.25.9) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger-ui). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhbmdlbG9nOmRlcGVuZGVuY2llcyJdfQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.