-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 #1282
Merged
spencerschrock
merged 1 commit into
ossf:main
from
spencerschrock:dep/scorecard-v4.13.1
Oct 23, 2023
Merged
🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 #1282
spencerschrock
merged 1 commit into
ossf:main
from
spencerschrock:dep/scorecard-v4.13.1
Oct 23, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Spencer Schrock <sschrock@google.com>
inferno-chromium
approved these changes
Oct 20, 2023
TylerJang27
referenced
this pull request
in trunk-io/plugins
Nov 6, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/caller](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/caller) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`1.0.0` -> `1.0.1`](https://renovatebot.com/diffs/npm/@types%2fcaller/1.0.0/1.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/debug](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/debug) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`4.1.9` -> `4.1.10`](https://renovatebot.com/diffs/npm/@types%2fdebug/4.1.9/4.1.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`29.5.5` -> `29.5.7`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.5/29.5.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/jest-specific-snapshot](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest-specific-snapshot) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`0.5.7` -> `0.5.8`](https://renovatebot.com/diffs/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`18.18.4` -> `18.18.8`](https://renovatebot.com/diffs/npm/@types%2fnode/18.18.4/18.18.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [actions/setup-node](https://togithub.com/actions/setup-node) | `v3.8.1` -> `v3.8.2` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [eslint](https://eslint.org) ([source](https://togithub.com/eslint/eslint)) | [`8.51.0` -> `8.53.0`](https://renovatebot.com/diffs/npm/eslint/8.51.0/8.53.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-import](https://togithub.com/import-js/eslint-plugin-import) | [`2.28.1` -> `2.29.0`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.28.1/2.29.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-jest](https://togithub.com/jest-community/eslint-plugin-jest) | [`27.4.2` -> `27.6.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jest/27.4.2/27.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-prefer-arrow-functions](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions) | [`3.1.4` -> `3.2.4`](https://renovatebot.com/diffs/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v2.22.0` -> `v2.22.5` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | `v2.3.0` -> `v2.3.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [yaml](https://eemeli.org/yaml/) ([source](https://togithub.com/eemeli/yaml)) | [`2.3.2` -> `2.3.4`](https://renovatebot.com/diffs/npm/yaml/2.3.2/2.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>eslint/eslint (eslint)</summary> ### [`v8.53.0`](https://togithub.com/eslint/eslint/releases/tag/v8.53.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.52.0...v8.53.0) #### Features - [`528e1c0`](https://togithub.com/eslint/eslint/commit/528e1c00dc2aa8636e5b706c4270dc655cfa17e3) feat: Deprecate formatting rules ([#​17696](https://togithub.com/eslint/eslint/issues/17696)) (Nicholas C. Zakas) - [`c0b11dd`](https://togithub.com/eslint/eslint/commit/c0b11ddb9f8aacc64c3933b9f278939aa7bea481) feat: Add suggestions for no-prototype-builtins ([#​17677](https://togithub.com/eslint/eslint/issues/17677)) (Yonathan Randolph) #### Bug Fixes - [`1ad6257`](https://togithub.com/eslint/eslint/commit/1ad6257744d63281235fcc33288394b1d69b34ce) fix: ensure that exit code for fatal errors is not overwritten ([#​17683](https://togithub.com/eslint/eslint/issues/17683)) (Milos Djermanovic) - [`b329ea7`](https://togithub.com/eslint/eslint/commit/b329ea748dff45f11c7e218208244dc24fcb5c8f) fix: add `;` after JSX nodes in `no-object-constructor` autofix ([#​17672](https://togithub.com/eslint/eslint/issues/17672)) (Francesco Trotta) #### Documentation - [`ab8c60d`](https://togithub.com/eslint/eslint/commit/ab8c60d4f859cec787b5a12f7271b40e666235f5) docs: change position of return to top button ([#​17688](https://togithub.com/eslint/eslint/issues/17688)) (Tanuj Kanti) - [`4fc44c0`](https://togithub.com/eslint/eslint/commit/4fc44c0b8c5dca466bffdfe01dfd80794d7762b7) docs: update twitter icon to new X icon ([#​17687](https://togithub.com/eslint/eslint/issues/17687)) (Tanuj Kanti) - [`4164b2c`](https://togithub.com/eslint/eslint/commit/4164b2ceec89726b18ea0b0e34fab05735d55a09) docs: Update README (GitHub Actions Bot) - [`8651895`](https://togithub.com/eslint/eslint/commit/8651895ca7ae15e13d74c8be67d9eebd63a7ce1f) docs: Fix tabs in rule examples ([#​17653](https://togithub.com/eslint/eslint/issues/17653)) (Francesco Trotta) - [`3aec1c5`](https://togithub.com/eslint/eslint/commit/3aec1c55ba2c6d2833e1c0afe0a58f0cc6bbc0a4) docs: explained rule fixers and suggestions ([#​17657](https://togithub.com/eslint/eslint/issues/17657)) (Josh Goldberg ✨) #### Chores - [`ba4d4d5`](https://togithub.com/eslint/eslint/commit/ba4d4d567a82554250dd8c7933322824e6a73944) chore: remove metascraper ([#​17707](https://togithub.com/eslint/eslint/issues/17707)) (Milos Djermanovic) - [`0d07338`](https://togithub.com/eslint/eslint/commit/0d0733882944b4849d71a40723c251213698cef9) chore: Update dependencies ([#​17706](https://togithub.com/eslint/eslint/issues/17706)) (Milos Djermanovic) - [`93256a3`](https://togithub.com/eslint/eslint/commit/93256a32e312f3f4e5c532762df71bdc06bded20) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`485ec7d`](https://togithub.com/eslint/eslint/commit/485ec7d08ed2040c292f52bf9b9152f6c8ef4809) test: fix ESLint tests for caching ([#​17699](https://togithub.com/eslint/eslint/issues/17699)) (Milos Djermanovic) - [`db06a7f`](https://togithub.com/eslint/eslint/commit/db06a7ff7992a74368f03d1f21beb00df0407021) ci: bump actions/setup-node from 3 to 4 ([#​17676](https://togithub.com/eslint/eslint/issues/17676)) (dependabot\[bot]) - [`994596b`](https://togithub.com/eslint/eslint/commit/994596b07f5ff20a615a4be1ea03e5fd59cdb84b) ci: run tests in Node.js 21 ([#​17673](https://togithub.com/eslint/eslint/issues/17673)) (Francesco Trotta) ### [`v8.52.0`](https://togithub.com/eslint/eslint/releases/tag/v8.52.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.51.0...v8.52.0) #### Features - [`70648ee`](https://togithub.com/eslint/eslint/commit/70648ee49c07f7b533d09f6bf8a5291e5a5a8601) feat: report-unused-disable-directive to report unused eslint-enable ([#​17611](https://togithub.com/eslint/eslint/issues/17611)) (Yosuke Ota) #### Bug Fixes - [`5de9637`](https://togithub.com/eslint/eslint/commit/5de9637fc925729a83d5a5e9e868a41792a184e3) fix: Ensure shared references in rule configs are separated ([#​17666](https://togithub.com/eslint/eslint/issues/17666)) (Nicholas C. Zakas) - [`dcfe573`](https://togithub.com/eslint/eslint/commit/dcfe5739c374c9d7ed21f14027870ec0fd453661) fix: add preceding semicolon in suggestions of `no-object-constructor` ([#​17649](https://togithub.com/eslint/eslint/issues/17649)) (Francesco Trotta) #### Documentation - [`476d58a`](https://togithub.com/eslint/eslint/commit/476d58a584d5d2db003c4c22ffee90e63566164d) docs: Add note about invalid CLI flags when using flat config. ([#​17664](https://togithub.com/eslint/eslint/issues/17664)) (Nicholas C. Zakas) - [`660ed3a`](https://togithub.com/eslint/eslint/commit/660ed3afd128ad529234a855345629982caf1bc7) docs: Plugin flat config migration guide ([#​17640](https://togithub.com/eslint/eslint/issues/17640)) (Nicholas C. Zakas) - [`a58aa20`](https://togithub.com/eslint/eslint/commit/a58aa200fccedae7e2e9b6129246f2cedab14f8d) docs: fix examples for several rules ([#​17645](https://togithub.com/eslint/eslint/issues/17645)) (Milos Djermanovic) - [`179929b`](https://togithub.com/eslint/eslint/commit/179929bd46892f18f2aef0c159d5cc361cb69987) docs: Remove trailing newline from the code of Playground links ([#​17641](https://togithub.com/eslint/eslint/issues/17641)) (Francesco Trotta) - [`f8e5c30`](https://togithub.com/eslint/eslint/commit/f8e5c30636450d4a8baf51f0e227685e6d77ac64) docs: Update README (GitHub Actions Bot) - [`b7ef2f3`](https://togithub.com/eslint/eslint/commit/b7ef2f34fe12b68a366e1b4bf5f64d7332c6e72e) docs: Enable pretty code formatter output ([#​17635](https://togithub.com/eslint/eslint/issues/17635)) (Nicholas C. Zakas) - [`0bcb9a8`](https://togithub.com/eslint/eslint/commit/0bcb9a8db608a3d0bd2645f99e0707b9a9bbaaf0) docs: Fix syntax errors in rule examples ([#​17633](https://togithub.com/eslint/eslint/issues/17633)) (Francesco Trotta) - [`61b9083`](https://togithub.com/eslint/eslint/commit/61b90839633ef300ac7707a651f65f532e65f42d) docs: Make no-continue example code work ([#​17643](https://togithub.com/eslint/eslint/issues/17643)) (Zhongyuan Zhou) - [`9fafe45`](https://togithub.com/eslint/eslint/commit/9fafe450c31ed9b6bdd9dcd6c115255943b8c1c2) docs: upgrade to 11ty 2.0 ([#​17632](https://togithub.com/eslint/eslint/issues/17632)) (Percy Ma) - [`ff8e4bf`](https://togithub.com/eslint/eslint/commit/ff8e4bf327b5c92b0623b0fc5f8f101954f785db) docs: Update README (GitHub Actions Bot) - [`fab249a`](https://togithub.com/eslint/eslint/commit/fab249ae6addac2ee18cd81cee80916010bb469e) docs: Update README (GitHub Actions Bot) - [`392305b`](https://togithub.com/eslint/eslint/commit/392305bf4797e3ebc696dfca48bd874741fca845) docs: Update `no-irregular-whitespace` and fix examples ([#​17626](https://togithub.com/eslint/eslint/issues/17626)) (Francesco Trotta) - [`6b8acfb`](https://togithub.com/eslint/eslint/commit/6b8acfb770589f3941df41c3910d3b8ffc3e1e45) docs: Add real whitespace to `no-trailing-spaces` examples ([#​17630](https://togithub.com/eslint/eslint/issues/17630)) (Francesco Trotta) - [`1000187`](https://togithub.com/eslint/eslint/commit/1000187e00949332babcee4d37d46c96a6a554a8) docs: Fix examples in `unicode-bom` ([#​17631](https://togithub.com/eslint/eslint/issues/17631)) (Francesco Trotta) - [`000290c`](https://togithub.com/eslint/eslint/commit/000290c4c923cc1473e21b4bdbdc0c42765ef7dd) docs: Update README (GitHub Actions Bot) #### Chores - [`6d1f0c2`](https://togithub.com/eslint/eslint/commit/6d1f0c2da0309c06c21149b8d71a8f439a70d7e8) chore: upgrade [@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).52.0 ([#​17671](https://togithub.com/eslint/eslint/issues/17671)) (Milos Djermanovic) - [`d63d4fe`](https://togithub.com/eslint/eslint/commit/d63d4fe0942e6747ab60e758aa36076f43041a30) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`f30cefe`](https://togithub.com/eslint/eslint/commit/f30cefee6bda2789ede18e1664b84c2638ea1bb5) test: fix FlatESLint tests for caching ([#​17658](https://togithub.com/eslint/eslint/issues/17658)) (Milos Djermanovic) - [`ef650cb`](https://togithub.com/eslint/eslint/commit/ef650cb612510bcfa1379c1f0af56dd563b3a705) test: update tests for no-promise-executor-return ([#​17661](https://togithub.com/eslint/eslint/issues/17661)) (Milos Djermanovic) </details> <details> <summary>import-js/eslint-plugin-import (eslint-plugin-import)</summary> ### [`v2.29.0`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#2290---2023-10-22) [Compare Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.28.1...v2.29.0) ##### Added - TypeScript config: add .cts and .mts extensions (\[[#​2851](https://togithub.com/import-js/eslint-plugin-import/issues/2851)], thanks \[[@​Zamiell](https://togithub.com/Zamiell)]) - \[`newline-after-import`]: new option `exactCount` and docs update (\[[#​1933](https://togithub.com/import-js/eslint-plugin-import/issues/1933)], thanks \[[@​anikethsaha](https://togithub.com/anikethsaha)] and \[[@​reosarevok](https://togithub.com/reosarevok)]) - \[`newline-after-import`]: fix `exactCount` with `considerComments` false positive, when there is a leading comment (\[[#​2884](https://togithub.com/import-js/eslint-plugin-import/issues/2884)], thanks \[[@​kinland](https://togithub.com/kinland)]) </details> <details> <summary>jest-community/eslint-plugin-jest (eslint-plugin-jest)</summary> ### [`v27.6.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2760-2023-10-26) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.5.0...v27.6.0) ##### Features - include plugin `meta` information for ESLint v9 ([#​1454](https://togithub.com/jest-community/eslint-plugin-jest/issues/1454)) ([4d57146](https://togithub.com/jest-community/eslint-plugin-jest/commit/4d571467631a407a038d5b4d61bc45f4622954f1)) ### [`v27.5.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2750-2023-10-26) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.3...v27.5.0) ##### Features - **valid-title:** allow ignoring tests with non-string titles ([#​1460](https://togithub.com/jest-community/eslint-plugin-jest/issues/1460)) ([ea89da9](https://togithub.com/jest-community/eslint-plugin-jest/commit/ea89da9b4e726980d80f97b69d31a4c4f81ff562)) #### [27.4.3](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3) (2023-10-20) ##### Bug Fixes - **expect-expert:** change reporting node ([#​1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452)) ([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4)) #### [27.4.2](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.1...v27.4.2) (2023-09-29) ##### Bug Fixes - make rule message punctuation consistent ([#​1444](https://togithub.com/jest-community/eslint-plugin-jest/issues/1444)) ([84121ee](https://togithub.com/jest-community/eslint-plugin-jest/commit/84121eee018cc8cc32e6c7a267fc27efd3a4a0a0)) #### [27.4.1](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.0...v27.4.1) (2023-09-29) ##### Bug Fixes - **no-focused-tests:** make reporting location consistent ([#​1443](https://togithub.com/jest-community/eslint-plugin-jest/issues/1443)) ([a871775](https://togithub.com/jest-community/eslint-plugin-jest/commit/a87177504430d1c469af70d6fc3b674a388291d8)) ### [`v27.4.3`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2743-2023-10-20) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3) ##### Bug Fixes - **expect-expert:** change reporting node ([#​1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452)) ([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4)) </details> <details> <summary>JamieMason/eslint-plugin-prefer-arrow-functions (eslint-plugin-prefer-arrow-functions)</summary> ### [`v3.2.4`](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/blob/HEAD/CHANGELOG.md#324-2023-10-23) [Compare Source](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/compare/3.1.4...3.2.4) ##### Features - **config:** add support for allowNamedFunctions ([50fb3b6](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/commit/50fb3b68d9b2eaf48617404bec8f9ed1b4e6a511)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>eemeli/yaml (yaml)</summary> ### [`v2.3.4`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.4) [Compare Source](https://togithub.com/eemeli/yaml/compare/v2.3.3...v2.3.4) - Do not throw for carriage return in tag shorthand ([#​501](https://togithub.com/eemeli/yaml/issues/501)) ### [`v2.3.3`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.3) [Compare Source](https://togithub.com/eemeli/yaml/compare/v2.3.2...v2.3.3) - Do not throw error on malformed URI escape in tag ([#​498](https://togithub.com/eemeli/yaml/issues/498)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/trunk-io/plugins). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
michaelkedar
referenced
this pull request
in google/osv.dev
Jan 9, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gaurav-nelson/github-action-markdown-link-check | action | digest | `a996638` -> `0f074c8` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.21.9` -> `v2.23.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.2.0` -> `v2.3.1` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.10` -> `v1.8.11` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) ### [`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169) - 🐛 Prevent url clipping for GHES instances by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225) ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229) - 📖 Add package comments. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221) - 📖 Add SECURITY.md file by [@​david-a-wheeler](https://togithub.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - 📖 Fix typo in token input docs by [@​aabouzaid](https://togithub.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.11`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.11) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11) #### 💅 Cosmetic output improvements [@​woodruffw](https://togithub.com/woodruffw) added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in [https://github.com/pypa/gh-action-pypi-publish/pull/190](https://togithub.com/pypa/gh-action-pypi-publish/pull/190). This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024. #### 📝 What's Documented [@​di](https://togithub.com/di) linked the configuration docs for Trusted Publishing in README via [https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179). #### 🛠️ Internal dependencies - Cryptography was bumped from 41.0.3 to 41.0.6 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/194](https://togithub.com/pypa/gh-action-pypi-publish/pull/194)ll/194 - Pip was bumped from 22.3.1 to 23.3 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/189](https://togithub.com/pypa/gh-action-pypi-publish/pull/189)ll/189 - pre-commit linters got autoupdated @&#[https://github.com/pypa/gh-action-pypi-publish/pull/184](https://togithub.com/pypa/gh-action-pypi-publish/pull/184)ll/184 - Urllib3 was bumped from 2.0.3 to 2.0.7 @&#[https://github.com/pypa/gh-action-pypi-publish/pull/183](https://togithub.com/pypa/gh-action-pypi-publish/pull/183)ll/18[https://github.com/pypa/gh-action-pypi-publish/pull/185](https://togithub.com/pypa/gh-action-pypi-publish/pull/185)ll/185 #### 💪 New Contributors - [@​di](https://togithub.com/di) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/179](https://togithub.com/pypa/gh-action-pypi-publish/pull/179) **:mirror: Full Diff**: pypa/gh-action-pypi-publish@v1.8.10...v1.8.11 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
anakinxc
referenced
this pull request
in secretflow/spu
Jan 12, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.1.2` -> `v2.3.1` | --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169) - 🐛 Prevent url clipping for GHES instances by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225) ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229) - 📖 Add package comments. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221) - 📖 Add SECURITY.md file by [@​david-a-wheeler](https://togithub.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - 📖 Fix typo in token input docs by [@​aabouzaid](https://togithub.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://togithub.com/cynthia-sg) and [@​tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://togithub.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://togithub.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140) - [@​pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 ### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: ossf/scorecard@v4.10.2...v4.10.5 **Full Changelog**: ossf/scorecard-action@v2.1.2...v2.1.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/secretflow/spu). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjcuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
pat-trunk-io
referenced
this pull request
in trunk-io/plugins
Jan 22, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/caller](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/caller) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`1.0.0` -> `1.0.1`](https://renovatebot.com/diffs/npm/@types%2fcaller/1.0.0/1.0.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/debug](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/debug) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`4.1.9` -> `4.1.10`](https://renovatebot.com/diffs/npm/@types%2fdebug/4.1.9/4.1.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`29.5.5` -> `29.5.7`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.5/29.5.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/jest-specific-snapshot](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest-specific-snapshot) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`0.5.7` -> `0.5.8`](https://renovatebot.com/diffs/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`18.18.4` -> `18.18.8`](https://renovatebot.com/diffs/npm/@types%2fnode/18.18.4/18.18.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [actions/setup-node](https://togithub.com/actions/setup-node) | `v3.8.1` -> `v3.8.2` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [eslint](https://eslint.org) ([source](https://togithub.com/eslint/eslint)) | [`8.51.0` -> `8.53.0`](https://renovatebot.com/diffs/npm/eslint/8.51.0/8.53.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-import](https://togithub.com/import-js/eslint-plugin-import) | [`2.28.1` -> `2.29.0`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.28.1/2.29.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-jest](https://togithub.com/jest-community/eslint-plugin-jest) | [`27.4.2` -> `27.6.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jest/27.4.2/27.6.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [eslint-plugin-prefer-arrow-functions](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions) | [`3.1.4` -> `3.2.4`](https://renovatebot.com/diffs/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v2.22.0` -> `v2.22.5` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | `v2.3.0` -> `v2.3.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [yaml](https://eemeli.org/yaml/) ([source](https://togithub.com/eemeli/yaml)) | [`2.3.2` -> `2.3.4`](https://renovatebot.com/diffs/npm/yaml/2.3.2/2.3.4) | [![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>eslint/eslint (eslint)</summary> ### [`v8.53.0`](https://togithub.com/eslint/eslint/releases/tag/v8.53.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.52.0...v8.53.0) #### Features - [`528e1c0`](https://togithub.com/eslint/eslint/commit/528e1c00dc2aa8636e5b706c4270dc655cfa17e3) feat: Deprecate formatting rules ([#​17696](https://togithub.com/eslint/eslint/issues/17696)) (Nicholas C. Zakas) - [`c0b11dd`](https://togithub.com/eslint/eslint/commit/c0b11ddb9f8aacc64c3933b9f278939aa7bea481) feat: Add suggestions for no-prototype-builtins ([#​17677](https://togithub.com/eslint/eslint/issues/17677)) (Yonathan Randolph) #### Bug Fixes - [`1ad6257`](https://togithub.com/eslint/eslint/commit/1ad6257744d63281235fcc33288394b1d69b34ce) fix: ensure that exit code for fatal errors is not overwritten ([#​17683](https://togithub.com/eslint/eslint/issues/17683)) (Milos Djermanovic) - [`b329ea7`](https://togithub.com/eslint/eslint/commit/b329ea748dff45f11c7e218208244dc24fcb5c8f) fix: add `;` after JSX nodes in `no-object-constructor` autofix ([#​17672](https://togithub.com/eslint/eslint/issues/17672)) (Francesco Trotta) #### Documentation - [`ab8c60d`](https://togithub.com/eslint/eslint/commit/ab8c60d4f859cec787b5a12f7271b40e666235f5) docs: change position of return to top button ([#​17688](https://togithub.com/eslint/eslint/issues/17688)) (Tanuj Kanti) - [`4fc44c0`](https://togithub.com/eslint/eslint/commit/4fc44c0b8c5dca466bffdfe01dfd80794d7762b7) docs: update twitter icon to new X icon ([#​17687](https://togithub.com/eslint/eslint/issues/17687)) (Tanuj Kanti) - [`4164b2c`](https://togithub.com/eslint/eslint/commit/4164b2ceec89726b18ea0b0e34fab05735d55a09) docs: Update README (GitHub Actions Bot) - [`8651895`](https://togithub.com/eslint/eslint/commit/8651895ca7ae15e13d74c8be67d9eebd63a7ce1f) docs: Fix tabs in rule examples ([#​17653](https://togithub.com/eslint/eslint/issues/17653)) (Francesco Trotta) - [`3aec1c5`](https://togithub.com/eslint/eslint/commit/3aec1c55ba2c6d2833e1c0afe0a58f0cc6bbc0a4) docs: explained rule fixers and suggestions ([#​17657](https://togithub.com/eslint/eslint/issues/17657)) (Josh Goldberg ✨) #### Chores - [`ba4d4d5`](https://togithub.com/eslint/eslint/commit/ba4d4d567a82554250dd8c7933322824e6a73944) chore: remove metascraper ([#​17707](https://togithub.com/eslint/eslint/issues/17707)) (Milos Djermanovic) - [`0d07338`](https://togithub.com/eslint/eslint/commit/0d0733882944b4849d71a40723c251213698cef9) chore: Update dependencies ([#​17706](https://togithub.com/eslint/eslint/issues/17706)) (Milos Djermanovic) - [`93256a3`](https://togithub.com/eslint/eslint/commit/93256a32e312f3f4e5c532762df71bdc06bded20) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`485ec7d`](https://togithub.com/eslint/eslint/commit/485ec7d08ed2040c292f52bf9b9152f6c8ef4809) test: fix ESLint tests for caching ([#​17699](https://togithub.com/eslint/eslint/issues/17699)) (Milos Djermanovic) - [`db06a7f`](https://togithub.com/eslint/eslint/commit/db06a7ff7992a74368f03d1f21beb00df0407021) ci: bump actions/setup-node from 3 to 4 ([#​17676](https://togithub.com/eslint/eslint/issues/17676)) (dependabot\[bot]) - [`994596b`](https://togithub.com/eslint/eslint/commit/994596b07f5ff20a615a4be1ea03e5fd59cdb84b) ci: run tests in Node.js 21 ([#​17673](https://togithub.com/eslint/eslint/issues/17673)) (Francesco Trotta) ### [`v8.52.0`](https://togithub.com/eslint/eslint/releases/tag/v8.52.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.51.0...v8.52.0) #### Features - [`70648ee`](https://togithub.com/eslint/eslint/commit/70648ee49c07f7b533d09f6bf8a5291e5a5a8601) feat: report-unused-disable-directive to report unused eslint-enable ([#​17611](https://togithub.com/eslint/eslint/issues/17611)) (Yosuke Ota) #### Bug Fixes - [`5de9637`](https://togithub.com/eslint/eslint/commit/5de9637fc925729a83d5a5e9e868a41792a184e3) fix: Ensure shared references in rule configs are separated ([#​17666](https://togithub.com/eslint/eslint/issues/17666)) (Nicholas C. Zakas) - [`dcfe573`](https://togithub.com/eslint/eslint/commit/dcfe5739c374c9d7ed21f14027870ec0fd453661) fix: add preceding semicolon in suggestions of `no-object-constructor` ([#​17649](https://togithub.com/eslint/eslint/issues/17649)) (Francesco Trotta) #### Documentation - [`476d58a`](https://togithub.com/eslint/eslint/commit/476d58a584d5d2db003c4c22ffee90e63566164d) docs: Add note about invalid CLI flags when using flat config. ([#​17664](https://togithub.com/eslint/eslint/issues/17664)) (Nicholas C. Zakas) - [`660ed3a`](https://togithub.com/eslint/eslint/commit/660ed3afd128ad529234a855345629982caf1bc7) docs: Plugin flat config migration guide ([#​17640](https://togithub.com/eslint/eslint/issues/17640)) (Nicholas C. Zakas) - [`a58aa20`](https://togithub.com/eslint/eslint/commit/a58aa200fccedae7e2e9b6129246f2cedab14f8d) docs: fix examples for several rules ([#​17645](https://togithub.com/eslint/eslint/issues/17645)) (Milos Djermanovic) - [`179929b`](https://togithub.com/eslint/eslint/commit/179929bd46892f18f2aef0c159d5cc361cb69987) docs: Remove trailing newline from the code of Playground links ([#​17641](https://togithub.com/eslint/eslint/issues/17641)) (Francesco Trotta) - [`f8e5c30`](https://togithub.com/eslint/eslint/commit/f8e5c30636450d4a8baf51f0e227685e6d77ac64) docs: Update README (GitHub Actions Bot) - [`b7ef2f3`](https://togithub.com/eslint/eslint/commit/b7ef2f34fe12b68a366e1b4bf5f64d7332c6e72e) docs: Enable pretty code formatter output ([#​17635](https://togithub.com/eslint/eslint/issues/17635)) (Nicholas C. Zakas) - [`0bcb9a8`](https://togithub.com/eslint/eslint/commit/0bcb9a8db608a3d0bd2645f99e0707b9a9bbaaf0) docs: Fix syntax errors in rule examples ([#​17633](https://togithub.com/eslint/eslint/issues/17633)) (Francesco Trotta) - [`61b9083`](https://togithub.com/eslint/eslint/commit/61b90839633ef300ac7707a651f65f532e65f42d) docs: Make no-continue example code work ([#​17643](https://togithub.com/eslint/eslint/issues/17643)) (Zhongyuan Zhou) - [`9fafe45`](https://togithub.com/eslint/eslint/commit/9fafe450c31ed9b6bdd9dcd6c115255943b8c1c2) docs: upgrade to 11ty 2.0 ([#​17632](https://togithub.com/eslint/eslint/issues/17632)) (Percy Ma) - [`ff8e4bf`](https://togithub.com/eslint/eslint/commit/ff8e4bf327b5c92b0623b0fc5f8f101954f785db) docs: Update README (GitHub Actions Bot) - [`fab249a`](https://togithub.com/eslint/eslint/commit/fab249ae6addac2ee18cd81cee80916010bb469e) docs: Update README (GitHub Actions Bot) - [`392305b`](https://togithub.com/eslint/eslint/commit/392305bf4797e3ebc696dfca48bd874741fca845) docs: Update `no-irregular-whitespace` and fix examples ([#​17626](https://togithub.com/eslint/eslint/issues/17626)) (Francesco Trotta) - [`6b8acfb`](https://togithub.com/eslint/eslint/commit/6b8acfb770589f3941df41c3910d3b8ffc3e1e45) docs: Add real whitespace to `no-trailing-spaces` examples ([#​17630](https://togithub.com/eslint/eslint/issues/17630)) (Francesco Trotta) - [`1000187`](https://togithub.com/eslint/eslint/commit/1000187e00949332babcee4d37d46c96a6a554a8) docs: Fix examples in `unicode-bom` ([#​17631](https://togithub.com/eslint/eslint/issues/17631)) (Francesco Trotta) - [`000290c`](https://togithub.com/eslint/eslint/commit/000290c4c923cc1473e21b4bdbdc0c42765ef7dd) docs: Update README (GitHub Actions Bot) #### Chores - [`6d1f0c2`](https://togithub.com/eslint/eslint/commit/6d1f0c2da0309c06c21149b8d71a8f439a70d7e8) chore: upgrade [@​eslint/js](https://togithub.com/eslint/js)[@​8](https://togithub.com/8).52.0 ([#​17671](https://togithub.com/eslint/eslint/issues/17671)) (Milos Djermanovic) - [`d63d4fe`](https://togithub.com/eslint/eslint/commit/d63d4fe0942e6747ab60e758aa36076f43041a30) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (ESLint Jenkins) - [`f30cefe`](https://togithub.com/eslint/eslint/commit/f30cefee6bda2789ede18e1664b84c2638ea1bb5) test: fix FlatESLint tests for caching ([#​17658](https://togithub.com/eslint/eslint/issues/17658)) (Milos Djermanovic) - [`ef650cb`](https://togithub.com/eslint/eslint/commit/ef650cb612510bcfa1379c1f0af56dd563b3a705) test: update tests for no-promise-executor-return ([#​17661](https://togithub.com/eslint/eslint/issues/17661)) (Milos Djermanovic) </details> <details> <summary>import-js/eslint-plugin-import (eslint-plugin-import)</summary> ### [`v2.29.0`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#2290---2023-10-22) [Compare Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.28.1...v2.29.0) ##### Added - TypeScript config: add .cts and .mts extensions (\[[#​2851](https://togithub.com/import-js/eslint-plugin-import/issues/2851)], thanks \[[@​Zamiell](https://togithub.com/Zamiell)]) - \[`newline-after-import`]: new option `exactCount` and docs update (\[[#​1933](https://togithub.com/import-js/eslint-plugin-import/issues/1933)], thanks \[[@​anikethsaha](https://togithub.com/anikethsaha)] and \[[@​reosarevok](https://togithub.com/reosarevok)]) - \[`newline-after-import`]: fix `exactCount` with `considerComments` false positive, when there is a leading comment (\[[#​2884](https://togithub.com/import-js/eslint-plugin-import/issues/2884)], thanks \[[@​kinland](https://togithub.com/kinland)]) </details> <details> <summary>jest-community/eslint-plugin-jest (eslint-plugin-jest)</summary> ### [`v27.6.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2760-2023-10-26) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.5.0...v27.6.0) ##### Features - include plugin `meta` information for ESLint v9 ([#​1454](https://togithub.com/jest-community/eslint-plugin-jest/issues/1454)) ([4d57146](https://togithub.com/jest-community/eslint-plugin-jest/commit/4d571467631a407a038d5b4d61bc45f4622954f1)) ### [`v27.5.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2750-2023-10-26) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.3...v27.5.0) ##### Features - **valid-title:** allow ignoring tests with non-string titles ([#​1460](https://togithub.com/jest-community/eslint-plugin-jest/issues/1460)) ([ea89da9](https://togithub.com/jest-community/eslint-plugin-jest/commit/ea89da9b4e726980d80f97b69d31a4c4f81ff562)) #### [27.4.3](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3) (2023-10-20) ##### Bug Fixes - **expect-expert:** change reporting node ([#​1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452)) ([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4)) #### [27.4.2](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.1...v27.4.2) (2023-09-29) ##### Bug Fixes - make rule message punctuation consistent ([#​1444](https://togithub.com/jest-community/eslint-plugin-jest/issues/1444)) ([84121ee](https://togithub.com/jest-community/eslint-plugin-jest/commit/84121eee018cc8cc32e6c7a267fc27efd3a4a0a0)) #### [27.4.1](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.0...v27.4.1) (2023-09-29) ##### Bug Fixes - **no-focused-tests:** make reporting location consistent ([#​1443](https://togithub.com/jest-community/eslint-plugin-jest/issues/1443)) ([a871775](https://togithub.com/jest-community/eslint-plugin-jest/commit/a87177504430d1c469af70d6fc3b674a388291d8)) ### [`v27.4.3`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2743-2023-10-20) [Compare Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3) ##### Bug Fixes - **expect-expert:** change reporting node ([#​1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452)) ([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4)) </details> <details> <summary>JamieMason/eslint-plugin-prefer-arrow-functions (eslint-plugin-prefer-arrow-functions)</summary> ### [`v3.2.4`](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/blob/HEAD/CHANGELOG.md#324-2023-10-23) [Compare Source](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/compare/3.1.4...3.2.4) ##### Features - **config:** add support for allowNamedFunctions ([50fb3b6](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/commit/50fb3b68d9b2eaf48617404bec8f9ed1b4e6a511)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>eemeli/yaml (yaml)</summary> ### [`v2.3.4`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.4) [Compare Source](https://togithub.com/eemeli/yaml/compare/v2.3.3...v2.3.4) - Do not throw for carriage return in tag shorthand ([#​501](https://togithub.com/eemeli/yaml/issues/501)) ### [`v2.3.3`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.3) [Compare Source](https://togithub.com/eemeli/yaml/compare/v2.3.2...v2.3.3) - Do not throw error on malformed URI escape in tag ([#​498](https://togithub.com/eemeli/yaml/issues/498)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/trunk-io/plugins). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
codeboten
referenced
this pull request
in open-telemetry/opentelemetry-collector
Jan 30, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.1.0` -> `v3.6.0` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v3.1.0` -> `v3.1.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.2.4` -> `v2.23.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.23.1` -> `v3.23.2` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.1.2` -> `v2.3.1` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0) - [Fix: Mark test scripts with Bash'isms to be run via Bash](https://togithub.com/actions/checkout/pull/1377) - [Add option to fetch tags even if fetch-depth > 0](https://togithub.com/actions/checkout/pull/579) ### [`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3) - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://togithub.com/actions/checkout/pull/1196) - [Fix typos found by codespell](https://togithub.com/actions/checkout/pull/1287) - [Add support for sparse checkouts](https://togithub.com/actions/checkout/pull/1369) ### [`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2) - [Fix api endpoint for GHES](https://togithub.com/actions/checkout/pull/1289) ### [`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1) - [Fix slow checkout on Windows](https://togithub.com/actions/checkout/pull/1246) ### [`v3.5.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) - [Add new public key for known_hosts](https://togithub.com/actions/checkout/pull/1237) ### [`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://togithub.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://togithub.com/actions/checkout/pull/1210) - [Upgrade @​actions/io](https://togithub.com/actions/checkout/pull/1225) ### [`v3.3.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330) [Compare Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0) - [Implement branch list using callbacks from exec function](https://togithub.com/actions/checkout/pull/1045) - [Add in explicit reference to private checkout options](https://togithub.com/actions/checkout/pull/1050) - [Fix comment typos (that got added in #​770)](https://togithub.com/actions/checkout/pull/1057) ### [`v3.2.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v320) [Compare Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0) - [Add GitHub Action to perform release](https://togithub.com/actions/checkout/pull/942) - [Fix status badge](https://togithub.com/actions/checkout/pull/967) - [Replace datadog/squid with ubuntu/squid Docker image](https://togithub.com/actions/checkout/pull/1002) - [Wrap pipeline commands for submoduleForeach in quotes](https://togithub.com/actions/checkout/pull/964) - [Update @​actions/io to 1.1.2](https://togithub.com/actions/checkout/pull/1029) - [Upgrading version to 3.2.0](https://togithub.com/actions/checkout/pull/1039) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3) #### What's Changed - chore(github): remove trailing whitespaces by [@​ljmf00](https://togithub.com/ljmf00) in [https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313) - Bump [@​actions/artifact](https://togithub.com/actions/artifact) version to v1.1.2 by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436) **Full Changelog**: actions/upload-artifact@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2) - Update all `@actions/*` NPM packages to their latest versions- [#​374](https://togithub.com/actions/upload-artifact/issues/374) - Update all dev dependencies to their most recent versions - [#​375](https://togithub.com/actions/upload-artifact/issues/375) ### [`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1) - Update actions/core package to latest version to remove `set-output` deprecation warning [#​351](https://togithub.com/actions/upload-artifact/issues/351) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) ### [`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) ### [`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9) ### [`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8) ### [`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7) ### [`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6) ### [`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5) ### [`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) ### [`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) ### [`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) ### [`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) ### [`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) ### [`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4) ### [`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3) ### [`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2) ### [`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1) ### [`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) ### [`v2.3.6`](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6) ### [`v2.3.5`](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5) ### [`v2.3.4`](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4) ### [`v2.3.3`](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) ### [`v2.3.0`](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) ### [`v2.2.12`](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) ### [`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) ### [`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) ### [`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) ### [`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) ### [`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) ### [`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) ### [`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169) - 🐛 Prevent url clipping for GHES instances by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225) ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229) - 📖 Add package comments. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221) - 📖 Add SECURITY.md file by [@​david-a-wheeler](https://togithub.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - 📖 Fix typo in token input docs by [@​aabouzaid](https://togithub.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://togithub.com/cynthia-sg) and [@​tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://togithub.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://togithub.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140) - [@​pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 ### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: ossf/scorecard@v4.10.2...v4.10.5 **Full Changelog**: ossf/scorecard-action@v2.1.2...v2.1.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Alex Boten <aboten@lightstep.com>
github-merge-queue bot
referenced
this pull request
in AmadeusITGroup/otter
Mar 13, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | peerDependencies | minor | | [@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v2.24.6` -> `v2.24.7` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [github/codeql-action](https://togithub.com/github/codeql-action) | `v3.24.6` -> `v3.24.7` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | `v2.0.6` -> `v2.3.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | minor | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>OpenAPITools/openapi-generator-cli (@​openapitools/openapi-generator-cli)</summary> ### [`v2.12.0`](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...ad97182dac3fc2fec59c70fa96e7213d0a475dd3) [Compare Source](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...v2.12.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169) - 🐛 Prevent url clipping for GHES instances by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225) ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229) - 📖 Add package comments. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221) - 📖 Add SECURITY.md file by [@​david-a-wheeler](https://togithub.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - 📖 Fix typo in token input docs by [@​aabouzaid](https://togithub.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258) **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://togithub.com/cynthia-sg) and [@​tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://togithub.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://togithub.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140) - [@​pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 ### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: ossf/scorecard@v4.10.2...v4.10.5 **Full Changelog**: ossf/scorecard-action@v2.1.2...v2.1.3 ### [`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2) #### What's Changed ##### Fixes - 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054) **Full Changelog**: ossf/scorecard-action@v2.1.1...v2.1.2 ### [`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1) #### Scorecard version This release use [Scorecard's v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1) **Full Changelog**: ossf/scorecard-action@v2.1.0...v2.1.1 ### [`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0) #### What's Changed ##### Scorecard version This release uses [scorecard v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0). ##### Improvements - Docker build workflow by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981) - Use root user in distroless to support GitHub Actions by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994) - Disable pull_request_target by [@​laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031) ##### Documentation - Add PAT section explaining risks by [@​olivekl](https://togithub.com/olivekl) in [https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024) - Make the badge text easier to copy by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) #### New Contributors - [@​joycebrum](https://togithub.com/joycebrum) made their first contribution in [https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) **Full Changelog**: ossf/scorecard-action@v2.0.6...v2.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/AmadeusITGroup/otter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
laurentsimon
referenced
this pull request
in slsa-framework/slsa-verifier
Mar 22, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
ramonpetgrave64
referenced
this pull request
in ramonpetgrave64/slsa-verifier
Apr 10, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: slsa-framework/slsa-verifier@v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
ianlewis
referenced
this pull request
in slsa-framework/slsa-github-generator
May 17, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `b4ffde6` -> `a5ac7e5` | | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.6` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [ianlewis/todo-issue-reopener](https://togithub.com/ianlewis/todo-issue-reopener) | action | patch | `v1.2.0` -> `v1.2.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.3` | | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | minor | `v3.4.0` -> `v3.5.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>ianlewis/todo-issue-reopener (ianlewis/todo-issue-reopener)</summary> ### [`v1.2.1`](https://togithub.com/ianlewis/todo-issue-reopener/releases/tag/v1.2.1) [Compare Source](https://togithub.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1) ##### Fixed in 1.2.1 - Fixed the "error updating to TUF remote mirror: invalid key" error ([#​688](https://togithub.com/ianlewis/todo-issue-reopener/issues/688)). #### All changes - fix: Update slsa-verifier version by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/689](https://togithub.com/ianlewis/todo-issue-reopener/pull/689) - chore(deps): Bump github/codeql-action from 3.23.2 to 3.25.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/711](https://togithub.com/ianlewis/todo-issue-reopener/pull/711) - chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/705](https://togithub.com/ianlewis/todo-issue-reopener/pull/705) - chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/670](https://togithub.com/ianlewis/todo-issue-reopener/pull/670) - chore(deps-dev): Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.11 to 29.5.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/664](https://togithub.com/ianlewis/todo-issue-reopener/pull/664) - chore(deps): Bump actions/setup-node from 4.0.1 to 4.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/605](https://togithub.com/ianlewis/todo-issue-reopener/pull/605) - chore(deps): Bump yamllint from 1.33.0 to 1.35.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/598](https://togithub.com/ianlewis/todo-issue-reopener/pull/598) - chore(deps-dev): Bump eslint-plugin-github from 4.9.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/592](https://togithub.com/ianlewis/todo-issue-reopener/pull/592) - chore(deps): Bump thehanimo/pr-title-checker from 1.4.1 to 1.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/604](https://togithub.com/ianlewis/todo-issue-reopener/pull/604) - chore(deps): Bump yaml from 2.3.4 to 2.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/727](https://togithub.com/ianlewis/todo-issue-reopener/pull/727) - chore(deps-dev): Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to 0.38.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/635](https://togithub.com/ianlewis/todo-issue-reopener/pull/635) - chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/634](https://togithub.com/ianlewis/todo-issue-reopener/pull/634) - chore(release): v1.2.1 by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/833](https://togithub.com/ianlewis/todo-issue-reopener/pull/833) **Full Changelog**: ianlewis/todo-issue-reopener@v1.2.0...v1.2.1 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.5.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.5.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0) #### What's Changed - Bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/157](https://togithub.com/sigstore/cosign-installer/pull/157) - use go 1.22 now by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/160](https://togithub.com/sigstore/cosign-installer/pull/160) - bump default version to v2.2.4, prep for v3.5.0 release by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/159](https://togithub.com/sigstore/cosign-installer/pull/159) **Full Changelog**: sigstore/cosign-installer@v3.4.0...v3.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This bumps scorecard to the newly release v4.13.1, in preparation for the next release of scorecard action v2.3.1.
The primary goal is the codeql fix from ossf/scorecard#3591