Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 lower license sarif alert threshold to 9 #1411

Merged
merged 2 commits into from
Jul 23, 2024

Conversation

spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Jul 19, 2024

When the threshold was introduced, the license check was a boolean check: 0 points for no license, and 10 points with a license. This later changed as covered in ossf/scorecard#1369

As the last point relies on SPDX detection, it's often flaky. Lowering the threshold allows us to still warn if a license file isn't present but not expect it to be identified by GitHub or GitLab.

Fixes #1384

When the threshold was introduced, the license check was a boolean
check: 0 points for no license, and 10 points with a license. This
later changed as covered in ossf/scorecard#1369

As the last point relies on SPDX detection, it's often flaky. Lowering
the threshold allows us to still warn if a license isn't detected but
not expect perfection.

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested review from laurentsimon, a team, naveensrinivasan and raghavkaul and removed request for a team July 19, 2024 21:30
@spencerschrock spencerschrock enabled auto-merge (squash) July 23, 2024 19:00
@spencerschrock spencerschrock merged commit c09630c into ossf:main Jul 23, 2024
9 checks passed
@spencerschrock spencerschrock deleted the relax-license-threshold branch July 23, 2024 19:04
github-merge-queue bot referenced this pull request in AmadeusITGroup/otter Jul 30, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.14` -> `v3.25.15` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.25.14/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.25.14/v3.25.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [memfs](https://togithub.com/streamich/memfs) | peerDependencies |
minor | [`~4.9.0` ->
`~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [memfs](https://togithub.com/streamich/memfs) | devDependencies |
minor | [`~4.9.0` ->
`~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/memfs/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/memfs/4.9.3/4.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.3/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.3/v2.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| org.jetbrains.intellij | plugin | patch | `1.17.3` -> `1.17.4` |
[![age](https://developer.mend.io/api/mc/badges/age/maven/org.jetbrains.intellij/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/org.jetbrains.intellij/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/org.jetbrains.intellij/1.17.3/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.jetbrains.intellij/1.17.3/1.17.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

</details>

<details>
<summary>streamich/memfs (memfs)</summary>

###
[`v4.11.0`](https://togithub.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4110-2024-07-27)

[Compare
Source](https://togithub.com/streamich/memfs/compare/v4.10.0...v4.11.0)

##### Features

- volume implementation of .opendir() method
([7072fb7](https://togithub.com/streamich/memfs/commit/7072fb7545b6269c3f04f191a4853ad0f39ed15f))

###
[`v4.10.0`](https://togithub.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4100-2024-07-27)

[Compare
Source](https://togithub.com/streamich/memfs/compare/v4.9.4...v4.10.0)

##### Features

- 🎸 add IReadableWebStreamOptions type
([99ebd64](https://togithub.com/streamich/memfs/commit/99ebd6491e4886dc9947d5b3c867241b7158357a))
- 🎸 implement FileHandle.readableWebStream()
([c3ddc6c](https://togithub.com/streamich/memfs/commit/c3ddc6c21ea112056ee84e3c131f09f5b2582779))

####
[4.9.4](https://togithub.com/streamich/memfs/compare/v4.9.3...v4.9.4)
(2024-07-23)

##### Bug Fixes

- ensure files in subdirectories are returned as buffers when calling
`toJSON` with `asBuffer`
([#&#8203;1041](https://togithub.com/streamich/memfs/issues/1041))
([c3d4cf3](https://togithub.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3))

####
[4.9.3](https://togithub.com/streamich/memfs/compare/v4.9.2...v4.9.3)
(2024-06-14)

##### Bug Fixes

- replace `sonic-forest` with `tree-dump`
([#&#8203;1038](https://togithub.com/streamich/memfs/issues/1038))
([f989dcd](https://togithub.com/streamich/memfs/commit/f989dcd2e6457698b85491997ea073ae07c04724))

####
[4.9.2](https://togithub.com/streamich/memfs/compare/v4.9.1...v4.9.2)
(2024-04-30)

##### Bug Fixes

- 🐛 bump [@&#8203;jsonjoy](https://togithub.com/jsonjoy).com/util
package
([eea3b42](https://togithub.com/streamich/memfs/commit/eea3b421f28698cff6800bfb8882faa340c0b344))
- 🐛 bump json-pack
([32cc4da](https://togithub.com/streamich/memfs/commit/32cc4da5db9c0288574e4e539174c3d0f8816902))

####
[4.9.1](https://togithub.com/streamich/memfs/compare/v4.9.0...v4.9.1)
(2024-04-27)

##### Bug Fixes

- 🐛 use latest json-pack implementation
([de54ab5](https://togithub.com/streamich/memfs/commit/de54ab53a5df3b857975094ce4c59d760240a6d6))

###
[`v4.9.4`](https://togithub.com/streamich/memfs/blob/HEAD/CHANGELOG.md#494-2024-07-23)

[Compare
Source](https://togithub.com/streamich/memfs/compare/v4.9.3...v4.9.4)

##### Bug Fixes

- ensure files in subdirectories are returned as buffers when calling
`toJSON` with `asBuffer`
([#&#8203;1041](https://togithub.com/streamich/memfs/issues/1041))
([c3d4cf3](https://togithub.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3))

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/AmadeusITGroup/otter).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
bogdandrutu referenced this pull request in open-telemetry/opentelemetry-collector Jul 30, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.13` -> `v3.25.15` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159 referenced this pull request in defenseunicorns/uds-package-sonarqube Jul 30, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.36.1` -> `v0.37.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.14` -> `v3.25.15` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.29.0` -> `0.29.1` |
|
[renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks)
| repository | minor | `38.5.0` -> `38.13.0` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://togithub.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

### [`v0.37.0`](https://togithub.com/zarf-dev/zarf/releases/tag/v0.37.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0)

#### What's Changed

- chore: update s3 injector by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2730](https://togithub.com/zarf-dev/zarf/pull/2730)
- docs: fix codeowners file by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2736](https://togithub.com/zarf-dev/zarf/pull/2736)
- refactor: rename image references by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2733](https://togithub.com/zarf-dev/zarf/pull/2733)
- chore: move public test repo by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2739](https://togithub.com/zarf-dev/zarf/pull/2739)
- fix: update README.md by
[@&#8203;schristoff-du](https://togithub.com/schristoff-du) in
[https://github.com/zarf-dev/zarf/pull/2729](https://togithub.com/zarf-dev/zarf/pull/2729)
- docs: update to openssf code of conduct by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2734](https://togithub.com/zarf-dev/zarf/pull/2734)
- chore: update project name references by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/zarf-dev/zarf/pull/2741](https://togithub.com/zarf-dev/zarf/pull/2741)
- chore: move context.TODO to context.Background() by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2742](https://togithub.com/zarf-dev/zarf/pull/2742)
- docs: charter update by
[@&#8203;KennyPaul](https://togithub.com/KennyPaul) in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)
- chore: update CODEOWNERS to protect TSC files by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2744](https://togithub.com/zarf-dev/zarf/pull/2744)
- fix: replace debug logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2719](https://togithub.com/zarf-dev/zarf/pull/2719)
- fix: data injection to return errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2720](https://togithub.com/zarf-dev/zarf/pull/2720)
- feat: revert "feat: remove .metadata.image from schema
([#&#8203;2606](https://togithub.com/defenseunicorns/zarf/issues/2606))"
by [@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2618](https://togithub.com/zarf-dev/zarf/pull/2618)
- chore: update permissions for eks & ecr nightly tests by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2745](https://togithub.com/zarf-dev/zarf/pull/2745)
- refactor: move setup CLI to only run once in root command by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2722](https://togithub.com/zarf-dev/zarf/pull/2722)
- chore: move context.TODO to context.Background() (3) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2747](https://togithub.com/zarf-dev/zarf/pull/2747)
- fix(deps): update github.com/anchore/clio digest to
[`ac88e09`](https://togithub.com/defenseunicorns/zarf/commit/ac88e09) by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2527](https://togithub.com/zarf-dev/zarf/pull/2527)
- refactor: add error handling to view SBOM files by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2752](https://togithub.com/zarf-dev/zarf/pull/2752)
- feat: annotate image mutation by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2755](https://togithub.com/zarf-dev/zarf/pull/2755)
- chore: move context.TODO to context.Background() (2) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2746](https://togithub.com/zarf-dev/zarf/pull/2746)
- docs: update repo name across docs by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2735](https://togithub.com/zarf-dev/zarf/pull/2735)
- fix: add whitespace linter and fix all warnings by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2764](https://togithub.com/zarf-dev/zarf/pull/2764)
- chore: move context.TODO to context.Background() (5) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2750](https://togithub.com/zarf-dev/zarf/pull/2750)
- feat: run schema validation on create by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2585](https://togithub.com/zarf-dev/zarf/pull/2585)
- refactor: remove overly verbose debug logs by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2751](https://togithub.com/zarf-dev/zarf/pull/2751)
- ci: improve nightly eks test by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2759](https://togithub.com/zarf-dev/zarf/pull/2759)
- chore: logging ADR by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2588](https://togithub.com/zarf-dev/zarf/pull/2588)
- test: decrease reliance on dockerhub by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2766](https://togithub.com/zarf-dev/zarf/pull/2766)
- refactor: replace warning logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2762](https://togithub.com/zarf-dev/zarf/pull/2762)
- fix: type assertion error checking and enforce linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2770](https://togithub.com/zarf-dev/zarf/pull/2770)
- chore: fix string formatting for several debug statements by
[@&#8203;YrrepNoj](https://togithub.com/YrrepNoj) in
[https://github.com/zarf-dev/zarf/pull/2769](https://togithub.com/zarf-dev/zarf/pull/2769)
- chore: stop releasing to s3 by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2774](https://togithub.com/zarf-dev/zarf/pull/2774)
- fix: error formatting and comparison and enable errorlint by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2771](https://togithub.com/zarf-dev/zarf/pull/2771)
- fix(deps): update module github.com/fluxcd/helm-controller/api to v1
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2487](https://togithub.com/zarf-dev/zarf/pull/2487)
- refactor: load state to return error if loading fails by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2763](https://togithub.com/zarf-dev/zarf/pull/2763)
- fix: zarf dev instead of zerf-dev by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2779](https://togithub.com/zarf-dev/zarf/pull/2779)
- fix: goreleaser by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2782](https://togithub.com/zarf-dev/zarf/pull/2782)

#### New Contributors

- [@&#8203;KennyPaul](https://togithub.com/KennyPaul) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)

**Full Changelog**:
zarf-dev/zarf@v0.36.1...v0.37.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>python-jsonschema/check-jsonschema
(python-jsonschema/check-jsonschema)</summary>

###
[`v0.29.1`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291)

[Compare
Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1)

-   Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate,
    woodpecker-ci (2024-07-21)
-   Fix a bug which could result in local file URI resolution failing on
non-Windows platforms in certain cases. Thanks :user:`bukzor`!
(:pr:`465`)
- Fix caching behaviors to ensure that caches are correctly preserved
across
instancefiles during `--schemafile` evaluation. This also fixes a bug in
the
    remote `$ref` cache.
    Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`)

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v38.13.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0)

See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for
more changes

###
[`v38.12.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0)

See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for
more changes

###
[`v38.11.1`](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1)

###
[`v38.11.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0)

See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for
more changes

###
[`v38.10.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0)

See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for
more changes

###
[`v38.9.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3)

See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more
changes

###
[`v38.9.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0)

See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more
changes

###
[`v38.8.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5)

See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more
changes

###
[`v38.8.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4)

See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more
changes

###
[`v38.8.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3)

See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more
changes

###
[`v38.8.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2)

See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more
changes

###
[`v38.8.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1)

See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more
changes

###
[`v38.8.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0)

See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more
changes

###
[`v38.7.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1)

See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more
changes

###
[`v38.7.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.7.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.5.0...38.7.0)

See https://github.com/renovatebot/renovate/releases/tag/38.7.0 for more
changes

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [x] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-sonarqube).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159 referenced this pull request in defenseunicorns/uds-package-valkey Jul 31, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.9.0` -> `v0.10.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.9.0` -> `v0.10.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.10.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.10.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0)

##### Features

- add task for determining target repo based on flavor
([#&#8203;188](https://togithub.com/defenseunicorns/uds-common/issues/188))
([6810324](https://togithub.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf))

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-valkey).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Release-As: v7.2.5-uds.3
Racer159 referenced this pull request in defenseunicorns/uds-package-postgres-operator Jul 31, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.9.0` -> `v0.10.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.9.0` -> `v0.10.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.10.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.10.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0)

##### Features

- add task for determining target repo based on flavor
([#&#8203;188](https://togithub.com/defenseunicorns/uds-common/issues/188))
([6810324](https://togithub.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf))

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-postgres-operator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Release-As: v1.12.2-uds.2
Racer159 referenced this pull request in defenseunicorns/uds-package-gitlab-runner Jul 31, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.9.0` -> `v0.10.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.9.0` -> `v0.10.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.10.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.10.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0)

##### Features

- add task for determining target repo based on flavor
([#&#8203;188](https://togithub.com/defenseunicorns/uds-common/issues/188))
([6810324](https://togithub.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf))

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7am and before 9am every
weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Release-As: v17.1.0-uds.1
Racer159 referenced this pull request in defenseunicorns/uds-software-factory Aug 1, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.9.0` -> `v0.10.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.9.0` -> `v0.10.0` |
|
[defenseunicorns/uds-package-gitlab](https://togithub.com/defenseunicorns/uds-package-gitlab)
| | minor | `v17.1.2-uds.1` -> `v17.2.1-uds.0` |
|
[defenseunicorns/uds-package-gitlab-runner](https://togithub.com/defenseunicorns/uds-package-gitlab-runner)
| | patch | `v17.1.0-uds.0` -> `v17.1.0-uds.1` |
|
[defenseunicorns/uds-package-sonarqube](https://togithub.com/defenseunicorns/uds-package-sonarqube)
| | major | `v9.9.5-uds.1` -> `v10.6.0-uds.0` |
| ghcr.io/defenseunicorns/packages/uds/gitlab | | minor |
`17.1.2-uds.1-upstream` -> `17.2.1-uds.0-upstream` |
| ghcr.io/defenseunicorns/packages/uds/gitlab-runner | | patch |
`17.1.0-uds.0-upstream` -> `17.1.0-uds.1-upstream` |
| ghcr.io/defenseunicorns/packages/uds/postgres-operator | | patch |
`1.12.2-uds.1-upstream` -> `1.12.2-uds.2-upstream` |
| ghcr.io/defenseunicorns/packages/uds/sonarqube | | major |
`9.9.5-uds.1-upstream` -> `10.6.0-uds.0-upstream` |
| ghcr.io/defenseunicorns/packages/uds/valkey | | patch |
`7.2.5-uds.2-upstream` -> `7.2.6-uds.0-upstream` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.10.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.10.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0)

##### Features

- add task for determining target repo based on flavor
([#&#8203;188](https://togithub.com/defenseunicorns/uds-common/issues/188))
([6810324](https://togithub.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf))

</details>

<details>
<summary>defenseunicorns/uds-package-gitlab
(defenseunicorns/uds-package-gitlab)</summary>

###
[`v17.2.1-uds.0`](https://togithub.com/defenseunicorns/uds-package-gitlab/releases/tag/v17.2.1-uds.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-package-gitlab/compare/v17.1.2-uds.1...v17.2.1-uds.0)

##### ⚠ BREAKING CHANGES

- remove egress anywhere for SSO
([#&#8203;177](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/177))

##### Miscellaneous

- add PeerAuthentication docs and Made for UDS Badge
([#&#8203;174](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/174))
([4909378](https://togithub.com/defenseunicorns/uds-package-gitlab/commit/49093782822332152dd3e74e7442e8509d1742e9))
- **deps:** update gitlab package dependencies
([#&#8203;171](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/171))
([f9c0081](https://togithub.com/defenseunicorns/uds-package-gitlab/commit/f9c00818b401d9d792f936a0c726abfd8fd96a77))
- **deps:** update gitlab support dependencies
([#&#8203;175](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/175))
([d7be43a](https://togithub.com/defenseunicorns/uds-package-gitlab/commit/d7be43a755c8ce44cc0d20c06a51ae090771df5f))
- remove egress anywhere for SSO
([#&#8203;177](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/177))
([996181d](https://togithub.com/defenseunicorns/uds-package-gitlab/commit/996181dca6784786372ff77e00606c2d66e7fe41))
- swap to `openid-connect` instead of `_`
([#&#8203;179](https://togithub.com/defenseunicorns/uds-package-gitlab/issues/179))
([59e3954](https://togithub.com/defenseunicorns/uds-package-gitlab/commit/59e3954f36959b32dce0fbc64c591a0b18d05626))

</details>

<details>
<summary>defenseunicorns/uds-package-gitlab-runner
(defenseunicorns/uds-package-gitlab-runner)</summary>

###
[`v17.1.0-uds.1`](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/releases/tag/v17.1.0-uds.1)

[Compare
Source](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/compare/v17.1.0-uds.0...v17.1.0-uds.1)

##### Features

- enable prometheus metrics to be Made for UDS
([#&#8203;111](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/issues/111))
([27001f1](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/commit/27001f1bea898bc4cbca7cbd45f90c7ac3dfad26))

##### Miscellaneous

- **deps:** update gitlab runner support dependencies
([#&#8203;110](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/issues/110))
([087aefc](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/commit/087aefcc31f0ac2804659c0d02e41b106246491e))
- **deps:** update support-deps to v3.25.15
([#&#8203;107](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/issues/107))
([dafe6b2](https://togithub.com/defenseunicorns/uds-package-gitlab-runner/commit/dafe6b2b13a7464782b5885d2099aa84b20ebf7f))

</details>

<details>
<summary>defenseunicorns/uds-package-sonarqube
(defenseunicorns/uds-package-sonarqube)</summary>

###
[`v10.6.0-uds.0`](https://togithub.com/defenseunicorns/uds-package-sonarqube/releases/tag/v10.6.0-uds.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-package-sonarqube/compare/v9.9.5-uds.1...v10.6.0-uds.0)

##### ⚠ BREAKING CHANGES

- update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR
flavor
([#&#8203;100](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/100))
- remove egress anywhere for SSO
([#&#8203;102](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/102))

##### Miscellaneous

- add architecture to save logs suffix on tag-and-release
([#&#8203;92](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/92))
([5fbe70c](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/5fbe70ce2cbbd83363e3a03b19bf2a3848eade3f))
- **deps:** update sonarqube support dependencies
([#&#8203;101](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/101))
([074db36](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/074db362f834d6672603d7e281b265a35c9885cf))
- **deps:** update sonarqube support dependencies
([#&#8203;103](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/103))
([ee1c448](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/ee1c4484f636b12872838f0ecdadb59a74458f03))
- **deps:** update sonarqube support dependencies
([#&#8203;93](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/93))
([47b6bdc](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/47b6bdc2fc34a903aa162cf4d08139c40368b9a4))
- **deps:** update sonarqube support dependencies
([#&#8203;98](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/98))
([3d342e5](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/3d342e5a39e6745f134d5fbf6822948efb03dbe3))
- fix sonarqube runner to big-boy-4-core
([#&#8203;106](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/106))
([01d883f](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/01d883f6eed9a690e2628a23be51b14a4c46a318))
- remove egress anywhere for SSO
([#&#8203;102](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/102))
([2c5dd72](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/2c5dd7264308e2e94734c6d8aea910bc979bea42))
- update license
([#&#8203;89](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/89))
([c078724](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/c078724aac7d441824678d467b7ae042e1a43066))
- update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR
flavor
([#&#8203;100](https://togithub.com/defenseunicorns/uds-package-sonarqube/issues/100))
([d3ee872](https://togithub.com/defenseunicorns/uds-package-sonarqube/commit/d3ee8728a41635702ca056859c0c7b0cc5359b84))

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7am and before 9am every
weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-software-factory).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJidW5kbGUtZGVwcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
yurishkuro referenced this pull request in jaegertracing/jaeger Aug 1, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
ramonpetgrave64 referenced this pull request in slsa-framework/slsa-github-generator Aug 2, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | digest | `692973e` -> `9a9194f` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.7` -> `v4.1.8` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.1` -> `v5.0.2` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v4.0.2` -> `v4.0.3` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| digest | `60edb5d` -> `1e60f62` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.3` -> `v4.3.5` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.11` -> `v3.25.15` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v3.4.2` -> `v3.5.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[softprops/action-gh-release](https://togithub.com/softprops/action-gh-release)
| action | patch | `v2.0.6` -> `v2.0.8` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.8`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.8)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.7...v4.1.8)

#### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/download-artifact/pull/341](https://togithub.com/actions/download-artifact/pull/341)

**Full Changelog**:
actions/download-artifact@v4...v4.1.8

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.2`](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.3`](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

###
[`v4.3.4`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.4)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.3...v4.3.4)

##### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/584](https://togithub.com/actions/upload-artifact/pull/584)

**Full Changelog**:
actions/upload-artifact@v4.3.3...v4.3.4

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)

###
[`v3.25.12`](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v3.5.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v3.5.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0)

> \[!IMPORTANT]
> As of `v3` this action has been superceded by
`gradle/actions/setup-gradle`.
> Any workflow that uses `gradle/gradle-build-action@v3` will
transparently delegate to `gradle/actions/setup-gradle@v3`.
>
> Users are encouraged to update their workflows, replacing:
>
>     uses: gradle/gradle-build-action@v3
>
> with
>
>     uses: gradle/actions/setup-gradle@v3
>
> See the [setup-gradle
documentation](https://togithub.com/gradle/actions/tree/main/setup-gradle)
for up-to-date documentation for `gradle/actions/setup-gradle`.

For release details, see
https://github.com/gradle/actions/releases/tag/v3.5.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>softprops/action-gh-release
(softprops/action-gh-release)</summary>

###
[`v2.0.8`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.8)

[Compare
Source](https://togithub.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Other Changes 🔄

- chore(deps): bump prettier from 2.8.0 to 3.3.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/480](https://togithub.com/softprops/action-gh-release/pull/480)
- chore(deps): bump
[@&#8203;types/node](https://togithub.com/types/node) from 20.14.9 to
20.14.11 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/483](https://togithub.com/softprops/action-gh-release/pull/483)
- chore(deps): bump
[@&#8203;octokit/plugin-throttling](https://togithub.com/octokit/plugin-throttling)
from 9.3.0 to 9.3.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/484](https://togithub.com/softprops/action-gh-release/pull/484)
- chore(deps): bump glob from 10.4.2 to 11.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/477](https://togithub.com/softprops/action-gh-release/pull/477)
- refactor: write jest config in ts by
[@&#8203;chenrui333](https://togithub.com/chenrui333) in
[https://github.com/softprops/action-gh-release/pull/485](https://togithub.com/softprops/action-gh-release/pull/485)
- chore(deps): bump
[@&#8203;actions/github](https://togithub.com/actions/github) from 5.1.1
to 6.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/470](https://togithub.com/softprops/action-gh-release/pull/470)

**Full Changelog**:
softprops/action-gh-release@v2...v2.0.8

###
[`v2.0.7`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.7)

[Compare
Source](https://togithub.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Bug fixes 🐛

- Fix missing update release body by
[@&#8203;FirelightFlagboy](https://togithub.com/FirelightFlagboy) in
[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)

##### Other Changes 🔄

- Bump
[@&#8203;octokit/plugin-retry](https://togithub.com/octokit/plugin-retry)
from 4.0.3 to 7.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/443](https://togithub.com/softprops/action-gh-release/pull/443)
- Bump typescript from 4.9.5 to 5.5.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/467](https://togithub.com/softprops/action-gh-release/pull/467)
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
20.14.6 to 20.14.8 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/469](https://togithub.com/softprops/action-gh-release/pull/469)
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
20.14.8 to 20.14.9 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/473](https://togithub.com/softprops/action-gh-release/pull/473)
- Bump typescript from 5.5.2 to 5.5.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/472](https://togithub.com/softprops/action-gh-release/pull/472)
- Bump ts-jest from 29.1.5 to 29.2.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/479](https://togithub.com/softprops/action-gh-release/pull/479)
- docs: document that existing releases are updated by
[@&#8203;jvanbruegge](https://togithub.com/jvanbruegge) in
[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)

#### New Contributors

- [@&#8203;jvanbruegge](https://togithub.com/jvanbruegge) made their
first contribution in
[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)
- [@&#8203;FirelightFlagboy](https://togithub.com/FirelightFlagboy) made
their first contribution in
[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)

**Full Changelog**:
softprops/action-gh-release@v2.0.6...v2.0.7

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 7, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
Racer159 referenced this pull request in defenseunicorns/uds-package-mattermost Aug 7, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.4` -> `v4.3.6` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.36.1` -> `v0.37.0` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | minor | `v3.5.0` -> `v3.6.1` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v3.25.14` -> `v3.26.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.29.0` -> `0.29.1` |
|
[renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks)
| repository | minor | `38.7.0` -> `38.21.1` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | patch | `v2.9.0` -> `v2.9.1` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://togithub.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.6`](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

### [`v0.37.0`](https://togithub.com/zarf-dev/zarf/releases/tag/v0.37.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0)

##### What's Changed

- chore: update s3 injector by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2730](https://togithub.com/zarf-dev/zarf/pull/2730)
- docs: fix codeowners file by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2736](https://togithub.com/zarf-dev/zarf/pull/2736)
- refactor: rename image references by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2733](https://togithub.com/zarf-dev/zarf/pull/2733)
- chore: move public test repo by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2739](https://togithub.com/zarf-dev/zarf/pull/2739)
- fix: update README.md by
[@&#8203;schristoff-du](https://togithub.com/schristoff-du) in
[https://github.com/zarf-dev/zarf/pull/2729](https://togithub.com/zarf-dev/zarf/pull/2729)
- docs: update to openssf code of conduct by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2734](https://togithub.com/zarf-dev/zarf/pull/2734)
- chore: update project name references by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/zarf-dev/zarf/pull/2741](https://togithub.com/zarf-dev/zarf/pull/2741)
- chore: move context.TODO to context.Background() by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2742](https://togithub.com/zarf-dev/zarf/pull/2742)
- docs: charter update by
[@&#8203;KennyPaul](https://togithub.com/KennyPaul) in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)
- chore: update CODEOWNERS to protect TSC files by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2744](https://togithub.com/zarf-dev/zarf/pull/2744)
- fix: replace debug logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2719](https://togithub.com/zarf-dev/zarf/pull/2719)
- fix: data injection to return errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2720](https://togithub.com/zarf-dev/zarf/pull/2720)
- feat: revert "feat: remove .metadata.image from schema
([#&#8203;2606](https://togithub.com/defenseunicorns/zarf/issues/2606))"
by [@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2618](https://togithub.com/zarf-dev/zarf/pull/2618)
- chore: update permissions for eks & ecr nightly tests by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2745](https://togithub.com/zarf-dev/zarf/pull/2745)
- refactor: move setup CLI to only run once in root command by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2722](https://togithub.com/zarf-dev/zarf/pull/2722)
- chore: move context.TODO to context.Background() (3) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2747](https://togithub.com/zarf-dev/zarf/pull/2747)
- fix(deps): update github.com/anchore/clio digest to
[`ac88e09`](https://togithub.com/defenseunicorns/zarf/commit/ac88e09) by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2527](https://togithub.com/zarf-dev/zarf/pull/2527)
- refactor: add error handling to view SBOM files by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2752](https://togithub.com/zarf-dev/zarf/pull/2752)
- feat: annotate image mutation by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2755](https://togithub.com/zarf-dev/zarf/pull/2755)
- chore: move context.TODO to context.Background() (2) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2746](https://togithub.com/zarf-dev/zarf/pull/2746)
- docs: update repo name across docs by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2735](https://togithub.com/zarf-dev/zarf/pull/2735)
- fix: add whitespace linter and fix all warnings by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2764](https://togithub.com/zarf-dev/zarf/pull/2764)
- chore: move context.TODO to context.Background() (5) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2750](https://togithub.com/zarf-dev/zarf/pull/2750)
- feat: run schema validation on create by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2585](https://togithub.com/zarf-dev/zarf/pull/2585)
- refactor: remove overly verbose debug logs by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2751](https://togithub.com/zarf-dev/zarf/pull/2751)
- ci: improve nightly eks test by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2759](https://togithub.com/zarf-dev/zarf/pull/2759)
- chore: logging ADR by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2588](https://togithub.com/zarf-dev/zarf/pull/2588)
- test: decrease reliance on dockerhub by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2766](https://togithub.com/zarf-dev/zarf/pull/2766)
- refactor: replace warning logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2762](https://togithub.com/zarf-dev/zarf/pull/2762)
- fix: type assertion error checking and enforce linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2770](https://togithub.com/zarf-dev/zarf/pull/2770)
- chore: fix string formatting for several debug statements by
[@&#8203;YrrepNoj](https://togithub.com/YrrepNoj) in
[https://github.com/zarf-dev/zarf/pull/2769](https://togithub.com/zarf-dev/zarf/pull/2769)
- chore: stop releasing to s3 by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2774](https://togithub.com/zarf-dev/zarf/pull/2774)
- fix: error formatting and comparison and enable errorlint by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2771](https://togithub.com/zarf-dev/zarf/pull/2771)
- fix(deps): update module github.com/fluxcd/helm-controller/api to v1
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2487](https://togithub.com/zarf-dev/zarf/pull/2487)
- refactor: load state to return error if loading fails by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2763](https://togithub.com/zarf-dev/zarf/pull/2763)
- fix: zarf dev instead of zerf-dev by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2779](https://togithub.com/zarf-dev/zarf/pull/2779)
- fix: goreleaser by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2782](https://togithub.com/zarf-dev/zarf/pull/2782)

##### New Contributors

- [@&#8203;KennyPaul](https://togithub.com/KennyPaul) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)

**Full Changelog**:
zarf-dev/zarf@v0.36.1...v0.37.0

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3.6.1`](https://togithub.com/docker/setup-buildx-action/releases/tag/v3.6.1)

[Compare
Source](https://togithub.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1)

- Check for malformed docker context by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/347](https://togithub.com/docker/setup-buildx-action/pull/347)

**Full Changelog**:
docker/setup-buildx-action@v3.6.0...v3.6.1

###
[`v3.6.0`](https://togithub.com/docker/setup-buildx-action/releases/tag/v3.6.0)

[Compare
Source](https://togithub.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0)

- Create temp docker context if default one has TLS data loaded before
creating a container builder by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/341](https://togithub.com/docker/setup-buildx-action/pull/341)

**Full Changelog**:
docker/setup-buildx-action@v3.5.0...v3.6.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.0`](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0)

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>python-jsonschema/check-jsonschema
(python-jsonschema/check-jsonschema)</summary>

###
[`v0.29.1`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291)

[Compare
Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1)

-   Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate,
    woodpecker-ci (2024-07-21)
-   Fix a bug which could result in local file URI resolution failing on
non-Windows platforms in certain cases. Thanks :user:`bukzor`!
(:pr:`465`)
- Fix caching behaviors to ensure that caches are correctly preserved
across
instancefiles during `--schemafile` evaluation. This also fixes a bug in
the
    remote `$ref` cache.
    Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`)

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v38.21.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1)

See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for
more changes

###
[`v38.21.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0)

See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for
more changes

###
[`v38.20.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1)

See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for
more changes

###
[`v38.19.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2)

See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for
more changes

###
[`v38.19.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1)

See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for
more changes

###
[`v38.19.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0)

See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for
more changes

###
[`v38.18.17`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17)

See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for
more changes

###
[`v38.18.16`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16)

See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for
more changes

###
[`v38.18.15`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15)

See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for
more changes

###
[`v38.18.14`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14)

See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for
more changes

###
[`v38.18.12`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12)

See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for
more changes

###
[`v38.18.11`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11)

See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for
more changes

###
[`v38.18.10`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10)

See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for
more changes

###
[`v38.18.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9)

See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for
more changes

###
[`v38.18.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8)

See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for
more changes

###
[`v38.18.7`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7)

See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for
more changes

###
[`v38.18.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5)

See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for
more changes

###
[`v38.18.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4)

See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for
more changes

###
[`v38.18.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1)

See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for
more changes

###
[`v38.18.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0)

See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for
more changes

###
[`v38.17.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1)

See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for
more changes

###
[`v38.16.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0)

See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for
more changes

###
[`v38.15.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0)

See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for
more changes

###
[`v38.14.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0)

See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for
more changes

###
[`v38.13.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4)

See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for
more changes

###
[`v38.13.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3)

See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for
more changes

###
[`v38.13.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0)

See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for
more changes

###
[`v38.12.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0)

See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for
more changes

###
[`v38.11.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1)

See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for
more changes

###
[`v38.11.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0)

See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for
more changes

###
[`v38.10.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0)

See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for
more changes

###
[`v38.9.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3)

See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more
changes

###
[`v38.9.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0)

See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more
changes

###
[`v38.8.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5)

See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more
changes

###
[`v38.8.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4)

See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more
changes

###
[`v38.8.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3)

See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more
changes

###
[`v38.8.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2)

See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more
changes

###
[`v38.8.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1)

See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more
changes

###
[`v38.8.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0)

See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more
changes

###
[`v38.7.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1)

See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more
changes

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.1)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.9.0...v2.9.1)

##### What's Changed

Release v2.9.1 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[#&#8203;440](https://togithub.com/step-security/harden-runner/issues/440)
This release includes two changes:

1. Updated markdown displayed in the job summary by the Harden-Runner
Action.
2. Fixed a bug affecting Enterprise Tier customers where the agent
attempted to upload telemetry for jobs with disable-telemetry set to
true. No telemetry was uploaded as the endpoint was not in the allowed
list.

**Full Changelog**:
step-security/harden-runner@v2...v2.9.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 8, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
zachariahmiller referenced this pull request in defenseunicorns/uds-package-gitlab Aug 9, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.4` -> `v4.3.6` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.9.0` -> `v0.11.2` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.9.0` -> `v0.11.2` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.36.1` -> `v0.38.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v3.25.15` -> `v3.26.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.29.0` -> `0.29.1` |
|
[renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks)
| repository | minor | `38.7.1` -> `38.23.2` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://togithub.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.6`](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.11.2`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.11.2)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.11.1...v0.11.2)

##### Miscellaneous

- refine package selection logic for publishing
([#&#8203;207](https://togithub.com/defenseunicorns/uds-common/issues/207))
([7e1c03a](https://togithub.com/defenseunicorns/uds-common/commit/7e1c03abede1d4a3f91bb122fe5fff6abbb73311))

###
[`v0.11.1`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.11.1)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.11.0...v0.11.1)

##### Bug Fixes

- renovate ghcr host docker type
([#&#8203;201](https://togithub.com/defenseunicorns/uds-common/issues/201))
([9c298e0](https://togithub.com/defenseunicorns/uds-common/commit/9c298e08417ce928dbbf4356c23182f8b1a62ffb))
- renovate typo token/password
([#&#8203;202](https://togithub.com/defenseunicorns/uds-common/issues/202))
([5d7ea03](https://togithub.com/defenseunicorns/uds-common/commit/5d7ea03815929a662c529b2078bdf895d8f3ac1b))
- update renovate creds
([#&#8203;200](https://togithub.com/defenseunicorns/uds-common/issues/200))
([1c6eb24](https://togithub.com/defenseunicorns/uds-common/commit/1c6eb24f37b4059589a70c9addeffb80895d450b))

##### Miscellaneous

- add renovate support for org ghcr packages
([#&#8203;199](https://togithub.com/defenseunicorns/uds-common/issues/199))
([2c5de9c](https://togithub.com/defenseunicorns/uds-common/commit/2c5de9cc41cad9d1e02faf39c0cad364933f335f))
- **deps:** update uds common support dependencies
([#&#8203;195](https://togithub.com/defenseunicorns/uds-common/issues/195))
([04b6409](https://togithub.com/defenseunicorns/uds-common/commit/04b64091ba0528463713f66d8167572a533e0c3d))
- fix codeowners
([#&#8203;196](https://togithub.com/defenseunicorns/uds-common/issues/196))
([856ef22](https://togithub.com/defenseunicorns/uds-common/commit/856ef221b39e65070e966942b42e79d408f59b76))

###
[`v0.11.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.11.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.10.0...v0.11.0)

##### Features

- add support for uds-core snapshots
([#&#8203;193](https://togithub.com/defenseunicorns/uds-common/issues/193))
([7a39915](https://togithub.com/defenseunicorns/uds-common/commit/7a39915ceff7a1a9e319846042ab74390fda6f2b))

##### Miscellaneous

- **deps:** update uds common support dependencies
([#&#8203;187](https://togithub.com/defenseunicorns/uds-common/issues/187))
([a0bbfb0](https://togithub.com/defenseunicorns/uds-common/commit/a0bbfb043e670a175fbdc44585e2bbb5b695acf7))

###
[`v0.10.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.10.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0)

##### Features

- add task for determining target repo based on flavor
([#&#8203;188](https://togithub.com/defenseunicorns/uds-common/issues/188))
([6810324](https://togithub.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf))

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.38.0`](https://togithub.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0)

### [`v0.37.0`](https://togithub.com/zarf-dev/zarf/releases/tag/v0.37.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0)

##### What's Changed

- chore: update s3 injector by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2730](https://togithub.com/zarf-dev/zarf/pull/2730)
- docs: fix codeowners file by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2736](https://togithub.com/zarf-dev/zarf/pull/2736)
- refactor: rename image references by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2733](https://togithub.com/zarf-dev/zarf/pull/2733)
- chore: move public test repo by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2739](https://togithub.com/zarf-dev/zarf/pull/2739)
- fix: update README.md by
[@&#8203;schristoff-du](https://togithub.com/schristoff-du) in
[https://github.com/zarf-dev/zarf/pull/2729](https://togithub.com/zarf-dev/zarf/pull/2729)
- docs: update to openssf code of conduct by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2734](https://togithub.com/zarf-dev/zarf/pull/2734)
- chore: update project name references by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/zarf-dev/zarf/pull/2741](https://togithub.com/zarf-dev/zarf/pull/2741)
- chore: move context.TODO to context.Background() by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2742](https://togithub.com/zarf-dev/zarf/pull/2742)
- docs: charter update by
[@&#8203;KennyPaul](https://togithub.com/KennyPaul) in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)
- chore: update CODEOWNERS to protect TSC files by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2744](https://togithub.com/zarf-dev/zarf/pull/2744)
- fix: replace debug logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2719](https://togithub.com/zarf-dev/zarf/pull/2719)
- fix: data injection to return errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2720](https://togithub.com/zarf-dev/zarf/pull/2720)
- feat: revert "feat: remove .metadata.image from schema
([#&#8203;2606](https://togithub.com/defenseunicorns/zarf/issues/2606))"
by [@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2618](https://togithub.com/zarf-dev/zarf/pull/2618)
- chore: update permissions for eks & ecr nightly tests by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2745](https://togithub.com/zarf-dev/zarf/pull/2745)
- refactor: move setup CLI to only run once in root command by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2722](https://togithub.com/zarf-dev/zarf/pull/2722)
- chore: move context.TODO to context.Background() (3) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2747](https://togithub.com/zarf-dev/zarf/pull/2747)
- fix(deps): update github.com/anchore/clio digest to
[`ac88e09`](https://togithub.com/defenseunicorns/zarf/commit/ac88e09) by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2527](https://togithub.com/zarf-dev/zarf/pull/2527)
- refactor: add error handling to view SBOM files by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2752](https://togithub.com/zarf-dev/zarf/pull/2752)
- feat: annotate image mutation by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2755](https://togithub.com/zarf-dev/zarf/pull/2755)
- chore: move context.TODO to context.Background() (2) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2746](https://togithub.com/zarf-dev/zarf/pull/2746)
- docs: update repo name across docs by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[https://github.com/zarf-dev/zarf/pull/2735](https://togithub.com/zarf-dev/zarf/pull/2735)
- fix: add whitespace linter and fix all warnings by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2764](https://togithub.com/zarf-dev/zarf/pull/2764)
- chore: move context.TODO to context.Background() (5) by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[https://github.com/zarf-dev/zarf/pull/2750](https://togithub.com/zarf-dev/zarf/pull/2750)
- feat: run schema validation on create by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2585](https://togithub.com/zarf-dev/zarf/pull/2585)
- refactor: remove overly verbose debug logs by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2751](https://togithub.com/zarf-dev/zarf/pull/2751)
- ci: improve nightly eks test by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2759](https://togithub.com/zarf-dev/zarf/pull/2759)
- chore: logging ADR by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2588](https://togithub.com/zarf-dev/zarf/pull/2588)
- test: decrease reliance on dockerhub by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2766](https://togithub.com/zarf-dev/zarf/pull/2766)
- refactor: replace warning logs with returning errors by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2762](https://togithub.com/zarf-dev/zarf/pull/2762)
- fix: type assertion error checking and enforce linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2770](https://togithub.com/zarf-dev/zarf/pull/2770)
- chore: fix string formatting for several debug statements by
[@&#8203;YrrepNoj](https://togithub.com/YrrepNoj) in
[https://github.com/zarf-dev/zarf/pull/2769](https://togithub.com/zarf-dev/zarf/pull/2769)
- chore: stop releasing to s3 by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2774](https://togithub.com/zarf-dev/zarf/pull/2774)
- fix: error formatting and comparison and enable errorlint by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2771](https://togithub.com/zarf-dev/zarf/pull/2771)
- fix(deps): update module github.com/fluxcd/helm-controller/api to v1
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/zarf-dev/zarf/pull/2487](https://togithub.com/zarf-dev/zarf/pull/2487)
- refactor: load state to return error if loading fails by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/2763](https://togithub.com/zarf-dev/zarf/pull/2763)
- fix: zarf dev instead of zerf-dev by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2779](https://togithub.com/zarf-dev/zarf/pull/2779)
- fix: goreleaser by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/2782](https://togithub.com/zarf-dev/zarf/pull/2782)

##### New Contributors

- [@&#8203;KennyPaul](https://togithub.com/KennyPaul) made their first
contribution in
[https://github.com/zarf-dev/zarf/pull/2731](https://togithub.com/zarf-dev/zarf/pull/2731)

**Full Changelog**:
zarf-dev/zarf@v0.36.1...v0.37.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.0`](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>python-jsonschema/check-jsonschema
(python-jsonschema/check-jsonschema)</summary>

###
[`v0.29.1`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291)

[Compare
Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1)

-   Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate,
    woodpecker-ci (2024-07-21)
-   Fix a bug which could result in local file URI resolution failing on
non-Windows platforms in certain cases. Thanks :user:`bukzor`!
(:pr:`465`)
- Fix caching behaviors to ensure that caches are correctly preserved
across
instancefiles during `--schemafile` evaluation. This also fixes a bug in
the
    remote `$ref` cache.
    Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`)

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v38.23.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.23.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.23.1...38.23.2)

See https://github.com/renovatebot/renovate/releases/tag/38.23.2 for
more changes

###
[`v38.23.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.23.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.23.0...38.23.1)

See https://github.com/renovatebot/renovate/releases/tag/38.23.1 for
more changes

###
[`v38.23.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.23.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.4...38.23.0)

See https://github.com/renovatebot/renovate/releases/tag/38.23.0 for
more changes

###
[`v38.21.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.3...38.21.4)

See https://github.com/renovatebot/renovate/releases/tag/38.21.4 for
more changes

###
[`v38.21.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.2...38.21.3)

See https://github.com/renovatebot/renovate/releases/tag/38.21.3 for
more changes

###
[`v38.21.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.1...38.21.2)

See https://github.com/renovatebot/renovate/releases/tag/38.21.2 for
more changes

###
[`v38.21.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1)

See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for
more changes

###
[`v38.21.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0)

See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for
more changes

###
[`v38.20.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1)

See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for
more changes

###
[`v38.19.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2)

See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for
more changes

###
[`v38.19.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1)

See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for
more changes

###
[`v38.19.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0)

See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for
more changes

###
[`v38.18.17`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17)

See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for
more changes

###
[`v38.18.16`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16)

See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for
more changes

###
[`v38.18.15`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15)

See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for
more changes

###
[`v38.18.14`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14)

See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for
more changes

###
[`v38.18.12`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12)

See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for
more changes

###
[`v38.18.11`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11)

See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for
more changes

###
[`v38.18.10`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10)

See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for
more changes

###
[`v38.18.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9)

See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for
more changes

###
[`v38.18.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8)

See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for
more changes

###
[`v38.18.7`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7)

See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for
more changes

###
[`v38.18.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5)

See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for
more changes

###
[`v38.18.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4)

See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for
more changes

###
[`v38.18.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1)

See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for
more changes

###
[`v38.18.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0)

See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for
more changes

###
[`v38.17.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1)

See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for
more changes

###
[`v38.16.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0)

See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for
more changes

###
[`v38.15.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0)

See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for
more changes

###
[`v38.14.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0)

See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for
more changes

###
[`v38.13.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4)

See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for
more changes

###
[`v38.13.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3)

See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for
more changes

###
[`v38.13.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0)

See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for
more changes

###
[`v38.12.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0)

See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for
more changes

###
[`v38.11.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1)

See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for
more changes

###
[`v38.11.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0)

See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for
more changes

###
[`v38.10.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0)

See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for
more changes

###
[`v38.9.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3)

See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more
changes

###
[`v38.9.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0)

See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more
changes

###
[`v38.8.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5)

See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more
changes

###
[`v38.8.4`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4)

See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more
changes

###
[`v38.8.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3)

See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more
changes

###
[`v38.8.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2)

See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more
changes

###
[`v38.8.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1)

See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more
changes

###
[`v38.8.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0)

See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more
changes

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7am and before 9am every
weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot referenced this pull request in Tuhura-Tech/wiki Aug 11, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/Tuhura-Tech/wiki).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 13, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 14, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
ramonpetgrave64 referenced this pull request in slsa-framework/slsa-github-generator Aug 16, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | digest | `692973e` -> `9a9194f` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.7` -> `v4.1.8` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.1` -> `v5.0.2` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v4.0.2` -> `v4.0.3` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| digest | `60edb5d` -> `1e60f62` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.3` -> `v4.3.5` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.11` -> `v3.25.15` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v3.4.2` -> `v3.5.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[softprops/action-gh-release](https://togithub.com/softprops/action-gh-release)
| action | patch | `v2.0.6` -> `v2.0.8` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.8`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.8)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.7...v4.1.8)

#### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/download-artifact/pull/341](https://togithub.com/actions/download-artifact/pull/341)

**Full Changelog**:
actions/download-artifact@v4...v4.1.8

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.2`](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.3`](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

###
[`v4.3.4`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.4)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.3...v4.3.4)

##### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/584](https://togithub.com/actions/upload-artifact/pull/584)

**Full Changelog**:
actions/upload-artifact@v4.3.3...v4.3.4

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)

###
[`v3.25.12`](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v3.5.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v3.5.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0)

> \[!IMPORTANT]
> As of `v3` this action has been superceded by
`gradle/actions/setup-gradle`.
> Any workflow that uses `gradle/gradle-build-action@v3` will
transparently delegate to `gradle/actions/setup-gradle@v3`.
>
> Users are encouraged to update their workflows, replacing:
>
>     uses: gradle/gradle-build-action@v3
>
> with
>
>     uses: gradle/actions/setup-gradle@v3
>
> See the [setup-gradle
documentation](https://togithub.com/gradle/actions/tree/main/setup-gradle)
for up-to-date documentation for `gradle/actions/setup-gradle`.

For release details, see
https://github.com/gradle/actions/releases/tag/v3.5.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>softprops/action-gh-release
(softprops/action-gh-release)</summary>

###
[`v2.0.8`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.8)

[Compare
Source](https://togithub.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Other Changes 🔄

- chore(deps): bump prettier from 2.8.0 to 3.3.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/480](https://togithub.com/softprops/action-gh-release/pull/480)
- chore(deps): bump
[@&#8203;types/node](https://togithub.com/types/node) from 20.14.9 to
20.14.11 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/483](https://togithub.com/softprops/action-gh-release/pull/483)
- chore(deps): bump
[@&#8203;octokit/plugin-throttling](https://togithub.com/octokit/plugin-throttling)
from 9.3.0 to 9.3.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/484](https://togithub.com/softprops/action-gh-release/pull/484)
- chore(deps): bump glob from 10.4.2 to 11.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/477](https://togithub.com/softprops/action-gh-release/pull/477)
- refactor: write jest config in ts by
[@&#8203;chenrui333](https://togithub.com/chenrui333) in
[https://github.com/softprops/action-gh-release/pull/485](https://togithub.com/softprops/action-gh-release/pull/485)
- chore(deps): bump
[@&#8203;actions/github](https://togithub.com/actions/github) from 5.1.1
to 6.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/470](https://togithub.com/softprops/action-gh-release/pull/470)

**Full Changelog**:
softprops/action-gh-release@v2...v2.0.8

###
[`v2.0.7`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.7)

[Compare
Source](https://togithub.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Bug fixes 🐛

- Fix missing update release body by
[@&#8203;FirelightFlagboy](https://togithub.com/FirelightFlagboy) in
[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)

##### Other Changes 🔄

- Bump
[@&#8203;octokit/plugin-retry](https://togithub.com/octokit/plugin-retry)
from 4.0.3 to 7.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/443](https://togithub.com/softprops/action-gh-release/pull/443)
- Bump typescript from 4.9.5 to 5.5.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/467](https://togithub.com/softprops/action-gh-release/pull/467)
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
20.14.6 to 20.14.8 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/469](https://togithub.com/softprops/action-gh-release/pull/469)
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
20.14.8 to 20.14.9 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/473](https://togithub.com/softprops/action-gh-release/pull/473)
- Bump typescript from 5.5.2 to 5.5.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/472](https://togithub.com/softprops/action-gh-release/pull/472)
- Bump ts-jest from 29.1.5 to 29.2.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/softprops/action-gh-release/pull/479](https://togithub.com/softprops/action-gh-release/pull/479)
- docs: document that existing releases are updated by
[@&#8203;jvanbruegge](https://togithub.com/jvanbruegge) in
[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)

#### New Contributors

- [@&#8203;jvanbruegge](https://togithub.com/jvanbruegge) made their
first contribution in
[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)
- [@&#8203;FirelightFlagboy](https://togithub.com/FirelightFlagboy) made
their first contribution in
[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)

**Full Changelog**:
softprops/action-gh-release@v2.0.6...v2.0.7

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
JaredTan95 referenced this pull request in JaredTan95/jaeger Aug 28, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0)

- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.31.0 to 0.35.0 in
[https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154)
[https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155)

**Full Changelog**:
docker/setup-qemu-action@v3.1.0...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Jared Tan <jian.tan@daocloud.io>
hogo6002 referenced this pull request in google/osv.dev Sep 5, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/setup-python](https://redirect.github.com/actions/setup-python)
| action | minor | `v5.1.1` -> `v5.2.0` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v3.1.3` -> `v3.2.1` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v2.25.12` -> `v2.26.6` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |
|
[pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish)
| action | minor | `v1.9.0` -> `v1.10.1` |

---

### Release Notes

<details>
<summary>actions/setup-python (actions/setup-python)</summary>

###
[`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)

[Compare
Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.2.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.1)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v3.2.0...v3.2.1)

#### What's Changed

This fixes the `include-hidden-files` input introduced in
https://github.com/actions/upload-artifact/releases/tag/v3.2.0

- Ensure hidden files input is used by
[@&#8203;joshmgross](https://redirect.github.com/joshmgross) in
[https://github.com/actions/upload-artifact/pull/609](https://redirect.github.com/actions/upload-artifact/pull/609)

**Full Changelog**:
actions/upload-artifact@v3.2.0...v3.2.1

###
[`v3.2.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v3.1.3...v3.2.0)

#### Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the
`upload-artifact` action of this version. This reduces the risk that
credentials are accidentally uploaded into artifacts. Customers who need
to continue to upload these files can use a new option,
`include-hidden-files`, to continue to do so.

See ["Notice of upcoming deprecations and breaking changes in GitHub
Actions
runners"](https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/)
changelog and [this
issue](https://redirect.github.com/actions/upload-artifact/issues/602)
for more details.

#### What's Changed

- V3 backport: Exclude hidden files by default by
[@&#8203;SrRyan](https://redirect.github.com/SrRyan) in
[https://github.com/actions/upload-artifact/pull/604](https://redirect.github.com/actions/upload-artifact/pull/604)

**Full Changelog**:
actions/upload-artifact@v3.1.3...v3.2.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.26.6`](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6)

###
[`v2.26.5`](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5)

###
[`v2.26.4`](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4)

###
[`v2.26.3`](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3)

###
[`v2.26.2`](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2)

###
[`v2.26.1`](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1)

###
[`v2.26.0`](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0)

###
[`v2.25.15`](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15)

###
[`v2.25.14`](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14)

###
[`v2.25.13`](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1)

[Compare
Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1)

#### 🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the
other day

The problem was that the distribution file validity check was failing on
any valid distribution being present and ready to be signed. What a
silly mistake! It's now been fixed via
pypa/gh-action-pypi-publish@0ab0b79, though.
So everything's good!

\--
[@&#8203;webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz)

> \[!IMPORTANT]
> ✨ Despite this minor hiccup, we invite you to still opt into trying
this feature out early. [It can be
enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations)
like this:
>
> ```yml
>   with:
>     attestations: true
> ```
>
> Leave feedback in [the v1.10.0 release
discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255)
or [the
PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236).

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.10.0...v1.10.1

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://redirect.github.com/sponsors/webknjaz)

**🙏 Special Thanks** to
[@&#8203;hugovk](https://redirect.github.com/hugovk)[💰](https://redirect.github.com/sponsors/hugovk)
for [promptly validating the bug
fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847),
mere minutes after I pushed it — I even haven't finished writing this
text by then!

###
[`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0)

[Compare
Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0)

#### 🔏 Anything fancy, eh?

This time,
[@&#8203;woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw)
implemented support for [PEP 740] attestations functionality in
[#&#8203;236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236)
and
[#&#8203;245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245).
This is a big deal, as it is a huge step forward to replacing what the
deprecated GPG signatures used to provide in a more meaningful way.

> \[!IMPORTANT]
> ✨ Please, do opt into trying this feature out early. [It can be
enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations)
as follows:
>
> ```yml
>   with:
>     attestations: true
> ```
>
> Leave any feedback on this in [this release
discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255)
or [the
PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236).

🙏 And please, thank William for working on this amazing improvement for
the ecosystem! The overall effort is tracked
@&#[https://github.com/pypi/warehouse/issues/15871](https://redirect.github.com/pypi/warehouse/issues/15871)/15871,
by the way.

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.9.0...v1.10.0

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://redirect.github.com/sponsors/webknjaz)

[PEP 740]: https://peps.python.org/pep-0740/

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
renovate bot referenced this pull request in redwoodjs/redwood Sep 9, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.1` -> `v2.4.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

###
[`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377)

For a full changelist of what these include, see the
[v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279)
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352)
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376)

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Josh-Walker-GM referenced this pull request in redwoodjs/redwood Sep 10, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.1` -> `v2.4.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

###
[`v2.3.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://redirect.github.com/ossf/scorecard-action/pull/1366)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://redirect.github.com/ossf/scorecard-action/pull/1374)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://redirect.github.com/ossf/scorecard-action/pull/1377)

For a full changelist of what these include, see the
[v5.0.0-rc1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://redirect.github.com/ossf/scorecard-action/pull/1279)
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1352](https://redirect.github.com/ossf/scorecard-action/pull/1352)
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://redirect.github.com/ossf/scorecard-action/pull/1376)

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cuixq referenced this pull request in google/osv.dev Sep 11, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/setup-python](https://redirect.github.com/actions/setup-python)
| action | minor | `v5.1.1` -> `v5.2.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v2.25.12` -> `v2.26.6` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |
|
[pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish)
| action | minor | `v1.9.0` -> `v1.10.1` |

---

### Release Notes

<details>
<summary>actions/setup-python (actions/setup-python)</summary>

###
[`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)

[Compare
Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.26.6`](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6)

###
[`v2.26.5`](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5)

###
[`v2.26.4`](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4)

###
[`v2.26.3`](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3)

###
[`v2.26.2`](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2)

###
[`v2.26.1`](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1)

###
[`v2.26.0`](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0)

###
[`v2.25.15`](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15)

###
[`v2.25.14`](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14)

###
[`v2.25.13`](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1)

[Compare
Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1)

#### 🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the
other day

The problem was that the distribution file validity check was failing on
any valid distribution being present and ready to be signed. What a
silly mistake! It's now been fixed via
pypa/gh-action-pypi-publish@0ab0b79, though.
So everything's good!

\--
[@&#8203;webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz)

> \[!IMPORTANT]
> ✨ Despite this minor hiccup, we invite you to still opt into trying
this feature out early. [It can be
enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations)
like this:
>
> ```yml
>   with:
>     attestations: true
> ```
>
> Leave feedback in [the v1.10.0 release
discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255)
or [the
PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236).

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.10.0...v1.10.1

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://redirect.github.com/sponsors/webknjaz)

**🙏 Special Thanks** to
[@&#8203;hugovk](https://redirect.github.com/hugovk)[💰](https://redirect.github.com/sponsors/hugovk)
for [promptly validating the bug
fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847),
mere minutes after I pushed it — I even haven't finished writing this
text by then!

###
[`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0)

[Compare
Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0)

#### 🔏 Anything fancy, eh?

This time,
[@&#8203;woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw)
implemented support for [PEP 740] attestations functionality in
[#&#8203;236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236)
and
[#&#8203;245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245).
This is a big deal, as it is a huge step forward to replacing what the
deprecated GPG signatures used to provide in a more meaningful way.

> \[!IMPORTANT]
> ✨ Please, do opt into trying this feature out early. [It can be
enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations)
as follows:
>
> ```yml
>   with:
>     attestations: true
> ```
>
> Leave any feedback on this in [this release
discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255)
or [the
PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236).

🙏 And please, thank William for working on this amazing improvement for
the ecosystem! The overall effort is tracked
@&#[https://github.com/pypi/warehouse/issues/15871](https://redirect.github.com/pypi/warehouse/issues/15871)/15871,
by the way.

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.9.0...v1.10.0

**🧔‍♂️ Release Manager:** [@&#8203;webknjaz
🇺🇦](https://redirect.github.com/sponsors/webknjaz)

[PEP 740]: https://peps.python.org/pep-0740/

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Racer159 referenced this pull request in defenseunicorns/maru-runner Sep 20, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token)
| action | minor | `v1.10.3` -> `v1.11.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | patch | `v4.0.3` -> `v4.0.4` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.3.4` -> `v4.4.0` |
| [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action)
| action | minor | `v0.16.1` -> `v0.17.2` |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action)
| action | minor | `v3.4.0` -> `n/a` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v3.25.12` -> `v3.26.8` |
| morphy/revive-action | docker | digest | `087d4e6` -> `540bffd` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |
|
[sigstore/cosign-installer](https://redirect.github.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `n/a` |
| [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor |
`v0.39.0` -> `v0.40.1` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.11.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.0)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0)

##### What's Changed

##### Features

- Allow repositories input to be comma or newline-separated by
[@&#8203;peter-evans](https://redirect.github.com/peter-evans) in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

##### New Contributors

- [@&#8203;peter-evans](https://redirect.github.com/peter-evans) made
their first contribution in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

**Full Changelog**:
actions/create-github-app-token@v1.10.4...v1.11.0

###
[`v1.10.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.10.4)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4)

##### Bug Fixes

- **deps:** bump the production-dependencies group across 1 directory
with 3 updates
([#&#8203;166](https://redirect.github.com/actions/create-github-app-token/issues/166))
([e177c20](https://redirect.github.com/actions/create-github-app-token/commit/e177c20e0f736e68f4a37ffee6aa32c73da13988)),
closes
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;639](https://redirect.github.com/actions/create-github-app-token/issues/639)
[#&#8203;638](https://redirect.github.com/actions/create-github-app-token/issues/638)
[#&#8203;637](https://redirect.github.com/actions/create-github-app-token/issues/637)
[#&#8203;636](https://redirect.github.com/actions/create-github-app-token/issues/636)
[#&#8203;633](https://redirect.github.com/actions/create-github-app-token/issues/633)
[#&#8203;632](https://redirect.github.com/actions/create-github-app-token/issues/632)
[#&#8203;631](https://redirect.github.com/actions/create-github-app-token/issues/631)
[#&#8203;630](https://redirect.github.com/actions/create-github-app-token/issues/630)
[#&#8203;629](https://redirect.github.com/actions/create-github-app-token/issues/629)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;716](https://redirect.github.com/actions/create-github-app-token/issues/716)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;712](https://redirect.github.com/actions/create-github-app-token/issues/712)
[#&#8203;710](https://redirect.github.com/actions/create-github-app-token/issues/710)
[#&#8203;709](https://redirect.github.com/actions/create-github-app-token/issues/709)
[#&#8203;708](https://redirect.github.com/actions/create-github-app-token/issues/708)
[#&#8203;702](https://redirect.github.com/actions/create-github-app-token/issues/702)
[#&#8203;706](https://redirect.github.com/actions/create-github-app-token/issues/706)
[#&#8203;3458](https://redirect.github.com/actions/create-github-app-token/issues/3458)
[#&#8203;3461](https://redirect.github.com/actions/create-github-app-token/issues/3461)
[#&#8203;3460](https://redirect.github.com/actions/create-github-app-token/issues/3460)
[#&#8203;3454](https://redirect.github.com/actions/create-github-app-token/issues/3454)
[#&#8203;3450](https://redirect.github.com/actions/create-github-app-token/issues/3450)
[#&#8203;3445](https://redirect.github.com/actions/create-github-app-token/issues/3445)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.4`](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

###
[`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.17.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.2)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2)

#### Changes in v0.17.2

- Update Syft to v1.11.1
([#&#8203;485](https://redirect.github.com/anchore/sbom-action/issues/485))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.1)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1)

#### Changes in v0.17.1

- chore(deps): update Syft to v1.11.0
([#&#8203;483](https://redirect.github.com/anchore/sbom-action/issues/483))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.0)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.1...v0.17.0)

#### Changes in v0.17.0

- chore(deps): update Syft to v1.9.0
([#&#8203;479](https://redirect.github.com/anchore/sbom-action/issues/479))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3.6.1`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.1)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1)

- Check for malformed docker context by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/347](https://redirect.github.com/docker/setup-buildx-action/pull/347)

**Full Changelog**:
docker/setup-buildx-action@v3.6.0...v3.6.1

###
[`v3.6.0`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0)

- Create temp docker context if default one has TLS data loaded before
creating a container builder by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/341](https://redirect.github.com/docker/setup-buildx-action/pull/341)

**Full Changelog**:
docker/setup-buildx-action@v3.5.0...v3.6.0

###
[`v3.5.0`](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

###
[`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

###
[`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

###
[`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

###
[`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

###
[`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

###
[`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

###
[`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

###
[`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

###
[`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://redirect.github.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://redirect.github.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://redirect.github.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://redirect.github.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://redirect.github.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://redirect.github.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://redirect.github.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://redirect.github.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://redirect.github.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://redirect.github.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

<details>
<summary>zarf-dev/zarf (zarf-dev/zarf)</summary>

###
[`v0.40.1`](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

###
[`v0.40.0`](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM4LjgwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
yurishkuro referenced this pull request in jaegertracing/jaeger-ui Sep 25, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.3.4` -> `v4.4.0` |
|
[docker/build-push-action](https://redirect.github.com/docker/build-push-action)
| action | minor | `v6.4.0` -> `v6.7.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v3.25.8` -> `v3.26.9` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

###
[`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>docker/build-push-action (docker/build-push-action)</summary>

###
[`v6.7.0`](https://redirect.github.com/docker/build-push-action/compare/v6.6.1...v6.7.0)

[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.6.1...v6.7.0)

###
[`v6.6.1`](https://redirect.github.com/docker/build-push-action/releases/tag/v6.6.1)

[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.6.0...v6.6.1)

- Bump
[@&#8203;docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit)
from 0.37.0 to 0.37.1 in
[https://github.com/docker/build-push-action/pull/1205](https://redirect.github.com/docker/build-push-action/pull/1205)

**Full Changelog**:
docker/build-push-action@v6.6.0...v6.6.1

###
[`v6.6.0`](https://redirect.github.com/docker/build-push-action/compare/v6.5.0...v6.6.0)

[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.5.0...v6.6.0)

###
[`v6.5.0`](https://redirect.github.com/docker/build-push-action/compare/v6.4.1...v6.5.0)

[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.4.1...v6.5.0)

###
[`v6.4.1`](https://redirect.github.com/docker/build-push-action/compare/v6.4.0...v6.4.1)

[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.4.0...v6.4.1)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.9`](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9)

###
[`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

###
[`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

###
[`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

###
[`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

###
[`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

###
[`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

###
[`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

###
[`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

###
[`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

###
[`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

###
[`v3.25.12`](https://redirect.github.com/github/codeql-action/compare/v3.25.11...v3.25.12)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.11...v3.25.12)

###
[`v3.25.11`](https://redirect.github.com/github/codeql-action/compare/v3.25.10...v3.25.11)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.10...v3.25.11)

###
[`v3.25.10`](https://redirect.github.com/github/codeql-action/compare/v3.25.9...v3.25.10)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.9...v3.25.10)

###
[`v3.25.9`](https://redirect.github.com/github/codeql-action/compare/v3.25.8...v3.25.9)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.8...v3.25.9)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jaegertracing/jaeger-ui).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhbmdlbG9nOmRlcGVuZGVuY2llcyJdfQ==-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

license check fail to find FSF/OSI license
2 participants