Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Fix to not upload the result in the security dashboard if it is a pull request #984

Merged
merged 1 commit into from
Oct 25, 2022
Merged

🐛 Fix to not upload the result in the security dashboard if it is a pull request #984

merged 1 commit into from
Oct 25, 2022

Conversation

joycebrum
Copy link
Contributor

Closes #977

Regarding the issue #977, I couldn't think of a better way of doing this instead of adding the if clause to the default yml file, let me know if I missed some better idea to fix.

Copy link
Member

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @joycebrum

@codecov
Copy link

codecov bot commented Oct 19, 2022

Codecov Report

Merging #984 (64532d5) into main (f8ef130) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #984   +/-   ##
=======================================
  Coverage   62.19%   62.19%           
=======================================
  Files           4        4           
  Lines         246      246           
=======================================
  Hits          153      153           
  Misses         77       77           
  Partials       16       16           

@naveensrinivasan naveensrinivasan enabled auto-merge (squash) October 25, 2022 00:10
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
@naveensrinivasan naveensrinivasan merged commit 65d39ac into ossf:main Oct 25, 2022
bors bot referenced this pull request in OpenPoolProject/stratum Dec 15, 2022
365: chore(deps): update ossf/scorecard-action action to v2.1.0 r=renovate[bot] a=renovate[bot]

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.0.6` -> `v2.1.0` |

---

### Release Notes

<details>
<summary>ossf/scorecard-action</summary>

### [`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0)

[Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0)

#### What's Changed

##### Scorecard version

This release uses [scorecard v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0).

##### Improvements

-   Docker build workflow by [`@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981)
-   Use root user in distroless to support GitHub Actions by [`@&#8203;spencerschrock](https://togithub.com/spencerschrock)` in [https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994)
-   Disable pull_request_target by [`@&#8203;laurentsimon](https://togithub.com/laurentsimon)` in [https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031)

##### Documentation

-   Add PAT section explaining risks by [`@&#8203;olivekl](https://togithub.com/olivekl)` in [https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024)
-   Make the badge text easier to copy by [`@&#8203;rajbos](https://togithub.com/rajbos)` in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

#### New Contributors

-   [`@&#8203;joycebrum](https://togithub.com/joycebrum)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984)
-   [`@&#8203;rajbos](https://togithub.com/rajbos)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

**Full Changelog**: ossf/scorecard-action@v2.0.6...v2.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/OpenPoolProject/stratum).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC41NC4yIiwidXBkYXRlZEluVmVyIjoiMzQuNTQuMiJ9-->


Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
andrewpollock referenced this pull request in google/osv.dev Jan 5, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.1.0` -> `v3.2.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.0.6` -> `v2.1.2` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.6.1` -> `v1.6.4` |

---

### Release Notes

<details>
<summary>actions/checkout</summary>

###
[`v3.2.0`](https://togithub.com/actions/checkout/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0)

#### What's Changed

- Add GitHub Action to perform release by
[@&#8203;rentziass](https://togithub.com/rentziass) in
[https://github.com/actions/checkout/pull/942](https://togithub.com/actions/checkout/pull/942)
- Fix status badge by
[@&#8203;ScottBrenner](https://togithub.com/ScottBrenner) in
[https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967)
- Replace datadog/squid with ubuntu/squid Docker image by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002)
- Wrap pipeline commands for submoduleForeach in quotes by
[@&#8203;jokreliable](https://togithub.com/jokreliable) in
[https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964)
- Update [@&#8203;actions/io](https://togithub.com/actions/io) to 1.1.2
by [@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1029](https://togithub.com/actions/checkout/pull/1029)
- Upgrading version to 3.2.0 by
[@&#8203;vmjoseph](https://togithub.com/vmjoseph) in
[https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039)

#### New Contributors

- [@&#8203;ScottBrenner](https://togithub.com/ScottBrenner) made their
first contribution in
[https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967)
- [@&#8203;cory-miller](https://togithub.com/cory-miller) made their
first contribution in
[https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002)
- [@&#8203;jokreliable](https://togithub.com/jokreliable) made their
first contribution in
[https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964)
- [@&#8203;vmjoseph](https://togithub.com/vmjoseph) made their first
contribution in
[https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039)

**Full Changelog**:
actions/checkout@v3...v3.2.0

</details>

<details>
<summary>ossf/scorecard-action</summary>

###
[`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2)

#### What's Changed

##### Fixes

- 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054)

**Full Changelog**:
ossf/scorecard-action@v2.1.1...v2.1.2

###
[`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1)

#### Scorecard version

This release use [Scorecard's
v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1)

**Full Changelog**:
ossf/scorecard-action@v2.1.0...v2.1.1

###
[`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0)

#### What's Changed

##### Scorecard version

This release uses [scorecard
v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0).

##### Improvements

- Docker build workflow by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981)
- Use root user in distroless to support GitHub Actions by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994)
- Disable pull_request_target by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031)

##### Documentation

- Add PAT section explaining risks by
[@&#8203;olivekl](https://togithub.com/olivekl) in
[https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024)
- Make the badge text easier to copy by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

#### New Contributors

- [@&#8203;joycebrum](https://togithub.com/joycebrum) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984)
- [@&#8203;rajbos](https://togithub.com/rajbos) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

**Full Changelog**:
ossf/scorecard-action@v2.0.6...v2.1.0

</details>

<details>
<summary>pypa/gh-action-pypi-publish</summary>

###
[`v1.6.4`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.4)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4)

#### oh, boi! again?

This is the last one tonight, promise! It fixes this embarrassing bug
that was actually caught by the CI but got overlooked due to the lack of
sleep.
TL;DR GH passed `$HOME` from the external env into the container and
that tricked the Python's `site` module to think that the home directory
is elsewhere, adding non-existent paths to the env vars. See
[#&#8203;115](https://togithub.com/pypa/gh-action-pypi-publish/issues/115).

**Full Diff**:
pypa/gh-action-pypi-publish@v1.6.3...v1.6.4

###
[`v1.6.3`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.3)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3)

### Another Release!? Why?

In
[https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340133013](https://togithub.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340133013),
it was discovered that passing a `$PATH` variable even breaks the
shebang. So this version adds more safeguards to make sure it keeps
working with a fully broken `$PATH`.

**Full Diff**:
pypa/gh-action-pypi-publish@v1.6.2...v1.6.3

###
[`v1.6.2`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.2)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2)

#### What's Fixed

- Made the `$PATH` and `$PYTHONPATH` environment variables resilient to
broken values passed from the host runner environment, which previously
allowed the users to accidentally break the container's internal runtime
as reported in
[https://github.com/pypa/gh-action-pypi-publish/issues/112](https://togithub.com/pypa/gh-action-pypi-publish/issues/112)

#### Internal Maintenance Improvements

- Added a devpi-based smoke-test GitHub Actions CI/CD workflow by
[@&#8203;sesdaile-varmour](https://togithub.com/sesdaile-varmour) in
[https://github.com/pypa/gh-action-pypi-publish/pull/111](https://togithub.com/pypa/gh-action-pypi-publish/pull/111)

#### New Contributors

- [@&#8203;sesdaile-varmour](https://togithub.com/sesdaile-varmour) made
their first contribution in
[https://github.com/pypa/gh-action-pypi-publish/pull/111](https://togithub.com/pypa/gh-action-pypi-publish/pull/111)

**Full Diff**:
pypa/gh-action-pypi-publish@v1.6.1...v1.6.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuNzMuMyJ9-->
EliSchleifer referenced this pull request in trunk-io/plugins Feb 4, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
| actionpack-page_caching | | patch | `'1.2.0'` -> `'1.2.4'` |
[![age](https://badges.renovateapi.com/packages/rubygems/actionpack-page_caching/1.2.4/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/rubygems/actionpack-page_caching/1.2.4/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/rubygems/actionpack-page_caching/1.2.4/compatibility-slim/'1.2.0')](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/rubygems/actionpack-page_caching/1.2.4/confidence-slim/'1.2.0')](https://docs.renovatebot.com/merge-confidence/)
|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.1.0` -> `v3.3.0` |
[![age](https://badges.renovateapi.com/packages/github-tags/actions%2fcheckout/v3.3.0/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/github-tags/actions%2fcheckout/v3.3.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/github-tags/actions%2fcheckout/v3.3.0/compatibility-slim/v3.1.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/github-tags/actions%2fcheckout/v3.3.0/confidence-slim/v3.1.0)](https://docs.renovatebot.com/merge-confidence/)
|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.2` |
[![age](https://badges.renovateapi.com/packages/github-tags/actions%2fupload-artifact/v3.1.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/github-tags/actions%2fupload-artifact/v3.1.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/github-tags/actions%2fupload-artifact/v3.1.2/compatibility-slim/v3.1.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/github-tags/actions%2fupload-artifact/v3.1.2/confidence-slim/v3.1.0)](https://docs.renovatebot.com/merge-confidence/)
|
| coffee-rails | | minor | `'~> 4.1.0'` -> `'~> 4.2.0'` |
[![age](https://badges.renovateapi.com/packages/rubygems/coffee-rails/4.2.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/rubygems/coffee-rails/4.2.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/rubygems/coffee-rails/4.2.2/compatibility-slim/4.1.1)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/rubygems/coffee-rails/4.2.2/confidence-slim/4.1.1)](https://docs.renovatebot.com/merge-confidence/)
|
|
[eslint-plugin-import](https://togithub.com/import-js/eslint-plugin-import)
| devDependencies | minor | [`2.26.0` ->
`2.27.5`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.26.0/2.27.5)
|
[![age](https://badges.renovateapi.com/packages/npm/eslint-plugin-import/2.27.5/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/eslint-plugin-import/2.27.5/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/eslint-plugin-import/2.27.5/compatibility-slim/2.26.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/eslint-plugin-import/2.27.5/confidence-slim/2.26.0)](https://docs.renovatebot.com/merge-confidence/)
|
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.1.27` -> `v2.2.1` |
[![age](https://badges.renovateapi.com/packages/github-tags/github%2fcodeql-action/v2.2.1/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/github-tags/github%2fcodeql-action/v2.2.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/github-tags/github%2fcodeql-action/v2.2.1/compatibility-slim/v2.1.27)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/github-tags/github%2fcodeql-action/v2.2.1/confidence-slim/v2.1.27)](https://docs.renovatebot.com/merge-confidence/)
|
| [gradle](https://gradle.org)
([source](https://togithub.com/gradle/gradle)) | | minor | `7.4.1` ->
`7.6` |
[![age](https://badges.renovateapi.com/packages/gradle-version/gradle/7.6/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/gradle-version/gradle/7.6/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/gradle-version/gradle/7.6/compatibility-slim/7.4.1)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/gradle-version/gradle/7.6/confidence-slim/7.4.1)](https://docs.renovatebot.com/merge-confidence/)
|
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.0.6` -> `v2.1.2` |
[![age](https://badges.renovateapi.com/packages/github-tags/ossf%2fscorecard-action/v2.1.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/github-tags/ossf%2fscorecard-action/v2.1.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/github-tags/ossf%2fscorecard-action/v2.1.2/compatibility-slim/v2.0.6)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/github-tags/ossf%2fscorecard-action/v2.1.2/confidence-slim/v2.0.6)](https://docs.renovatebot.com/merge-confidence/)
|
| rails | | minor | `'>= 5.0.0.beta1', '< 5.1'` -> `'>= 5.0.0.beta1', '<
5.2.9'` |
[![age](https://badges.renovateapi.com/packages/rubygems/rails/5.2.8.1/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/rubygems/rails/5.2.8.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/rubygems/rails/5.2.8.1/compatibility-slim/5.0.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/rubygems/rails/5.2.8.1/confidence-slim/5.0.0)](https://docs.renovatebot.com/merge-confidence/)
|
|
[terraform-linters/tflint-ruleset-aws](https://togithub.com/terraform-linters/tflint-ruleset-aws)
| plugin | minor | `0.13.2` -> `0.21.2` |
[![age](https://badges.renovateapi.com/packages/github-releases/terraform-linters%2ftflint-ruleset-aws/0.21.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/github-releases/terraform-linters%2ftflint-ruleset-aws/0.21.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/github-releases/terraform-linters%2ftflint-ruleset-aws/0.21.2/compatibility-slim/0.13.2)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/github-releases/terraform-linters%2ftflint-ruleset-aws/0.21.2/confidence-slim/0.13.2)](https://docs.renovatebot.com/merge-confidence/)
|
| [typescript](https://www.typescriptlang.org/)
([source](https://togithub.com/Microsoft/TypeScript)) | devDependencies
| patch | [`4.9.3` ->
`4.9.5`](https://renovatebot.com/diffs/npm/typescript/4.9.3/4.9.5) |
[![age](https://badges.renovateapi.com/packages/npm/typescript/4.9.5/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/typescript/4.9.5/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/typescript/4.9.5/compatibility-slim/4.9.3)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/typescript/4.9.5/confidence-slim/4.9.3)](https://docs.renovatebot.com/merge-confidence/)
|
| io.gitlab.arturbosch.detekt | plugin | minor | `1.20.0-RC1` ->
`1.22.0` |
[![age](https://badges.renovateapi.com/packages/maven/io.gitlab.arturbosch.detekt/1.22.0/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/maven/io.gitlab.arturbosch.detekt/1.22.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/maven/io.gitlab.arturbosch.detekt/1.22.0/compatibility-slim/1.20.0-RC1)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/maven/io.gitlab.arturbosch.detekt/1.22.0/confidence-slim/1.20.0-RC1)](https://docs.renovatebot.com/merge-confidence/)
|
| org.jetbrains.kotlin.jvm | plugin | minor | `1.5.31` -> `1.8.10` |
[![age](https://badges.renovateapi.com/packages/maven/org.jetbrains.kotlin.jvm/1.8.10/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/maven/org.jetbrains.kotlin.jvm/1.8.10/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/maven/org.jetbrains.kotlin.jvm/1.8.10/compatibility-slim/1.5.31)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/maven/org.jetbrains.kotlin.jvm/1.8.10/confidence-slim/1.5.31)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>actions/checkout</summary>

###
[`v3.3.0`](https://togithub.com/actions/checkout/releases/tag/v3.3.0)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0)

##### What's Changed

- Implement branch list using callbacks from exec function by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1045](https://togithub.com/actions/checkout/pull/1045)
- Add in explicit reference to private checkout options by
[@&#8203;vanZeben](https://togithub.com/vanZeben) in
[https://github.com/actions/checkout/pull/1050](https://togithub.com/actions/checkout/pull/1050)
- Fix comment typos (that got added in
[#&#8203;770](https://togithub.com/actions/checkout/issues/770)) by
[@&#8203;lurch](https://togithub.com/lurch) in
[https://github.com/actions/checkout/pull/1057](https://togithub.com/actions/checkout/pull/1057)

##### New Contributors

- [@&#8203;vanZeben](https://togithub.com/vanZeben) made their first
contribution in
[https://github.com/actions/checkout/pull/1050](https://togithub.com/actions/checkout/pull/1050)
- [@&#8203;lurch](https://togithub.com/lurch) made their first
contribution in
[https://github.com/actions/checkout/pull/1057](https://togithub.com/actions/checkout/pull/1057)

**Full Changelog**:
https://github.com/actions/checkout/compare/v3.2.0...v3.3.0

###
[`v3.2.0`](https://togithub.com/actions/checkout/releases/tag/v3.2.0)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0)

#### What's Changed

- Add GitHub Action to perform release by
[@&#8203;rentziass](https://togithub.com/rentziass) in
[https://github.com/actions/checkout/pull/942](https://togithub.com/actions/checkout/pull/942)
- Fix status badge by
[@&#8203;ScottBrenner](https://togithub.com/ScottBrenner) in
[https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967)
- Replace datadog/squid with ubuntu/squid Docker image by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002)
- Wrap pipeline commands for submoduleForeach in quotes by
[@&#8203;jokreliable](https://togithub.com/jokreliable) in
[https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964)
- Update [@&#8203;actions/io](https://togithub.com/actions/io) to 1.1.2
by [@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1029](https://togithub.com/actions/checkout/pull/1029)
- Upgrading version to 3.2.0 by
[@&#8203;vmjoseph](https://togithub.com/vmjoseph) in
[https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039)

#### New Contributors

- [@&#8203;ScottBrenner](https://togithub.com/ScottBrenner) made their
first contribution in
[https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967)
- [@&#8203;cory-miller](https://togithub.com/cory-miller) made their
first contribution in
[https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002)
- [@&#8203;jokreliable](https://togithub.com/jokreliable) made their
first contribution in
[https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964)
- [@&#8203;vmjoseph](https://togithub.com/vmjoseph) made their first
contribution in
[https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039)

**Full Changelog**:
https://github.com/actions/checkout/compare/v3.1.0...v3.2.0

</details>

<details>
<summary>actions/upload-artifact</summary>

###
[`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)

- Update all `@actions/*` NPM packages to their latest versions-
[#&#8203;374](https://togithub.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#&#8203;375](https://togithub.com/actions/upload-artifact/issues/375)

###
[`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)

- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#&#8203;351](https://togithub.com/actions/upload-artifact/issues/351)

</details>

<details>
<summary>import-js/eslint-plugin-import</summary>

###
[`v2.27.5`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2275---2023-01-16)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.27.4...v2.27.5)

##### Fixed

- \[`order]`: Fix group ranks order when alphabetizing
(\[[#&#8203;2674](https://togithub.com/import-js/eslint-plugin-import/issues/2674)],
thanks \[[@&#8203;Pearce-Ropion](https://togithub.com/Pearce-Ropion)])

###
[`v2.27.4`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2274---2023-01-11)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.27.3...v2.27.4)

##### Fixed

- `semver` should be a prod dep
(\[[#&#8203;2668](https://togithub.com/import-js/eslint-plugin-import/issues/2668)])

###
[`v2.27.3`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2273---2023-01-11)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.27.2...v2.27.3)

##### Fixed

- \[`no-empty-named-blocks`]: rewrite rule to only check import
declarations
(\[[#&#8203;2666](https://togithub.com/import-js/eslint-plugin-import/issues/2666)])

###
[`v2.27.2`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2272---2023-01-11)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.27.1...v2.27.2)

##### Fixed

- \[`no-duplicates`]: do not unconditionally require `typescript`
(\[[#&#8203;2665](https://togithub.com/import-js/eslint-plugin-import/issues/2665)])

###
[`v2.27.1`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2271---2023-01-11)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.27.0...v2.27.1)

##### Fixed

- `array.prototype.flatmap` should be a prod dep
(\[[#&#8203;2664](https://togithub.com/import-js/eslint-plugin-import/issues/2664)],
thanks \[[@&#8203;cristobal](https://togithub.com/cristobal)])

###
[`v2.27.0`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#&#8203;2270---2023-01-11)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.26.0...v2.27.0)

##### Added

- \[`newline-after-import`]: add `considerComments` option
(\[[#&#8203;2399](https://togithub.com/import-js/eslint-plugin-import/issues/2399)],
thanks \[[@&#8203;pri1311](https://togithub.com/pri1311)])
- \[`no-cycle`]: add `allowUnsafeDynamicCyclicDependency` option
(\[[#&#8203;2387](https://togithub.com/import-js/eslint-plugin-import/issues/2387)],
thanks \[[@&#8203;GerkinDev](https://togithub.com/GerkinDev)])
- \[`no-restricted-paths`]: support arrays for `from` and `target`
options
(\[[#&#8203;2466](https://togithub.com/import-js/eslint-plugin-import/issues/2466)],
thanks \[[@&#8203;AdriAt360](https://togithub.com/AdriAt360)])
- \[`no-anonymous-default-export`]: add `allowNew` option
(\[[#&#8203;2505](https://togithub.com/import-js/eslint-plugin-import/issues/2505)],
thanks \[[@&#8203;DamienCassou](https://togithub.com/DamienCassou)])
- \[`order`]: Add `distinctGroup` option
(\[[#&#8203;2395](https://togithub.com/import-js/eslint-plugin-import/issues/2395)],
thanks \[[@&#8203;hyperupcall](https://togithub.com/hyperupcall)])
- \[`no-extraneous-dependencies`]: Add `includeInternal` option
(\[[#&#8203;2541](https://togithub.com/import-js/eslint-plugin-import/issues/2541)],
thanks \[[@&#8203;bdwain](https://togithub.com/bdwain)])
- \[`no-extraneous-dependencies`]: Add `includeTypes` option
(\[[#&#8203;2543](https://togithub.com/import-js/eslint-plugin-import/issues/2543)],
thanks \[[@&#8203;bdwain](https://togithub.com/bdwain)])
- \[`order`]: new `alphabetize.orderImportKind` option to sort imports
with same path based on their kind (`type`, `typeof`)
(\[[#&#8203;2544](https://togithub.com/import-js/eslint-plugin-import/issues/2544)],
thanks \[[@&#8203;stropho](https://togithub.com/stropho)])
- \[`consistent-type-specifier-style`]: add rule
(\[[#&#8203;2473](https://togithub.com/import-js/eslint-plugin-import/issues/2473)],
thanks \[[@&#8203;bradzacher](https://togithub.com/bradzacher)])
- Add \[`no-empty-named-blocks`] rule
(\[[#&#8203;2568](https://togithub.com/import-js/eslint-plugin-import/issues/2568)],
thanks \[[@&#8203;guilhermelimak](https://togithub.com/guilhermelimak)])
- \[`prefer-default-export`]: add "target" option
(\[[#&#8203;2602](https://togithub.com/import-js/eslint-plugin-import/issues/2602)],
thanks \[[@&#8203;azyzz228](https://togithub.com/azyzz228)])
- \[`no-absolute-path`]: add fixer
(\[[#&#8203;2613](https://togithub.com/import-js/eslint-plugin-import/issues/2613)],
thanks \[[@&#8203;adipascu](https://togithub.com/adipascu)])
- \[`no-duplicates`]: support inline type import with `inlineTypeImport`
option
(\[[#&#8203;2475](https://togithub.com/import-js/eslint-plugin-import/issues/2475)],
thanks \[[@&#8203;snewcomer](https://togithub.com/snewcomer)])

##### Fixed

- \[`order`]: move nested imports closer to main import entry
(\[[#&#8203;2396](https://togithub.com/import-js/eslint-plugin-import/issues/2396)],
thanks \[[@&#8203;pri1311](https://togithub.com/pri1311)])
- \[`no-restricted-paths`]: fix an error message
(\[[#&#8203;2466](https://togithub.com/import-js/eslint-plugin-import/issues/2466)],
thanks \[[@&#8203;AdriAt360](https://togithub.com/AdriAt360)])
- \[`no-restricted-paths`]: use `Minimatch.match` instead of `minimatch`
to comply with Windows Native paths
(\[[#&#8203;2466](https://togithub.com/import-js/eslint-plugin-import/issues/2466)],
thanks \[[@&#8203;AdriAt360](https://togithub.com/AdriAt360)])
- \[`order`]: require with member expression could not be fixed if
alphabetize.order was used
(\[[#&#8203;2490](https://togithub.com/import-js/eslint-plugin-import/issues/2490)],
thanks \[[@&#8203;msvab](https://togithub.com/msvab)])
- \[`order`]: leave more space in rankings for consecutive path groups
(\[[#&#8203;2506](https://togithub.com/import-js/eslint-plugin-import/issues/2506)],
thanks \[[@&#8203;Pearce-Ropion](https://togithub.com/Pearce-Ropion)])
- \[`no-cycle`]: add ExportNamedDeclaration statements to dependencies
(\[[#&#8203;2511](https://togithub.com/import-js/eslint-plugin-import/issues/2511)],
thanks \[[@&#8203;BenoitZugmeyer](https://togithub.com/BenoitZugmeyer)])
- \[`dynamic-import-chunkname`]: prevent false report on a valid webpack
magic comment
(\[[#&#8203;2330](https://togithub.com/import-js/eslint-plugin-import/issues/2330)],
thanks \[[@&#8203;mhmadhamster](https://togithub.com/mhmadhamster)])
- \[`export`]: do not error on TS export overloads
(\[[#&#8203;1590](https://togithub.com/import-js/eslint-plugin-import/issues/1590)],
thanks \[[@&#8203;ljharb](https://togithub.com/ljharb)])
- \[`no-unresolved`], \[`extensions`]: ignore type only exports
(\[[#&#8203;2436](https://togithub.com/import-js/eslint-plugin-import/issues/2436)],
thanks \[[@&#8203;Lukas-Kullmann](https://togithub.com/Lukas-Kullmann)])
- `ExportMap`: add missing param to function
(\[[#&#8203;2589](https://togithub.com/import-js/eslint-plugin-import/issues/2589)],
thanks \[[@&#8203;Fdawgs](https://togithub.com/Fdawgs)])
- \[`no-unused-modules`]: `checkPkgFieldObject` filters boolean fields
from checks
(\[[#&#8203;2598](https://togithub.com/import-js/eslint-plugin-import/issues/2598)],
thanks \[[@&#8203;mpint](https://togithub.com/mpint)])
- \[`no-cycle`]: accept Flow `typeof` imports, just like `type`
(\[[#&#8203;2608](https://togithub.com/import-js/eslint-plugin-import/issues/2608)],
thanks \[[@&#8203;gnprice](https://togithub.com/gnprice)])
- \[`no-import-module-exports`]: avoid a false positive for import
variables
(\[[#&#8203;2315](https://togithub.com/import-js/eslint-plugin-import/issues/2315)],
thanks
\[[@&#8203;BarryThePenguin](https://togithub.com/BarryThePenguin)])

##### Changed

- \[Tests] \[`named`]: Run all TypeScript test
(\[[#&#8203;2427](https://togithub.com/import-js/eslint-plugin-import/issues/2427)],
thanks \[[@&#8203;ProdigySim](https://togithub.com/ProdigySim)])
- \[readme] note use of typescript in readme `import/extensions` section
(\[[#&#8203;2440](https://togithub.com/import-js/eslint-plugin-import/issues/2440)],
thanks
\[[@&#8203;OutdatedVersion](https://togithub.com/OutdatedVersion)])
- \[Docs] \[`order`]: use correct default value
(\[[#&#8203;2392](https://togithub.com/import-js/eslint-plugin-import/issues/2392)],
thanks \[[@&#8203;hyperupcall](https://togithub.com/hyperupcall)])
- \[meta] replace git.io link in comments with the original URL
(\[[#&#8203;2444](https://togithub.com/import-js/eslint-plugin-import/issues/2444)],
thanks \[[@&#8203;liby](https://togithub.com/liby)])
- \[Docs] remove global install in readme
(\[[#&#8203;2412](https://togithub.com/import-js/eslint-plugin-import/issues/2412)],
thanks \[[@&#8203;aladdin-add](https://togithub.com/aladdin-add)])
- \[readme] clarify `eslint-import-resolver-typescript` usage
(\[[#&#8203;2503](https://togithub.com/import-js/eslint-plugin-import/issues/2503)],
thanks \[[@&#8203;JounQin](https://togithub.com/JounQin)])
- \[Refactor] \[`no-cycle`]: Add per-run caching of traversed paths
(\[[#&#8203;2419](https://togithub.com/import-js/eslint-plugin-import/issues/2419)],
thanks \[[@&#8203;nokel81](https://togithub.com/nokel81)])
- \[Performance] `ExportMap`: add caching after parsing for an ambiguous
module
(\[[#&#8203;2531](https://togithub.com/import-js/eslint-plugin-import/issues/2531)],
thanks \[[@&#8203;stenin-nikita](https://togithub.com/stenin-nikita)])
- \[Docs] \[`no-useless-path-segments`]: fix paths
(\[[#&#8203;2424](https://togithub.com/import-js/eslint-plugin-import/issues/2424)],
thanks \[[@&#8203;s-h-a-d-o-w](https://togithub.com/s-h-a-d-o-w)])
- \[Tests] \[`no-cycle`]: add passing test cases
(\[[#&#8203;2438](https://togithub.com/import-js/eslint-plugin-import/issues/2438)],
thanks \[[@&#8203;georeith](https://togithub.com/georeith)])
- \[Refactor] \[`no-extraneous-dependencies`] improve performance using
cache
(\[[#&#8203;2374](https://togithub.com/import-js/eslint-plugin-import/issues/2374)],
thanks \[[@&#8203;meowtec](https://togithub.com/meowtec)])
- \[meta] `CONTRIBUTING.md`: mention inactive PRs
(\[[#&#8203;2546](https://togithub.com/import-js/eslint-plugin-import/issues/2546)],
thanks \[[@&#8203;stropho](https://togithub.com/stropho)])
- \[readme] make json for setting groups multiline
(\[[#&#8203;2570](https://togithub.com/import-js/eslint-plugin-import/issues/2570)],
thanks \[[@&#8203;bertyhell](https://togithub.com/bertyhell)])
- \[Tests] \[`no-restricted-paths`]: Tests for `import type` statements
(\[[#&#8203;2459](https://togithub.com/import-js/eslint-plugin-import/issues/2459)],
thanks \[[@&#8203;golergka](https://togithub.com/golergka)])
- \[Tests] \[`no-restricted-paths`]: fix one failing `import type` test
case, submitted by \[[@&#8203;golergka](https://togithub.com/golergka)],
thanks \[[@&#8203;azyzz228](https://togithub.com/azyzz228)]
- \[Docs] automate docs with eslint-doc-generator
(\[[#&#8203;2582](https://togithub.com/import-js/eslint-plugin-import/issues/2582)],
thanks \[[@&#8203;bmish](https://togithub.com/bmish)])
- \[readme] Increase clarity around typescript configuration
(\[[#&#8203;2588](https://togithub.com/import-js/eslint-plugin-import/issues/2588)],
thanks \[[@&#8203;Nfinished](https://togithub.com/Nfinished)])
- \[Docs] update `eslint-doc-generator` to v1.0.0
(\[[#&#8203;2605](https://togithub.com/import-js/eslint-plugin-import/issues/2605)],
thanks \[[@&#8203;bmish](https://togithub.com/bmish)])
- \[Perf] \[`no-cycle`], \[`no-internal-modules`],
\[`no-restricted-paths`]: use `anyOf` instead of `oneOf` (thanks
\[[@&#8203;ljharb](https://togithub.com/ljharb)],
\[[@&#8203;remcohaszing](https://togithub.com/remcohaszing)])

</details>

<details>
<summary>github/codeql-action</summary>

###
[`v2.2.1`](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1)

###
[`v2.2.0`](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0)

###
[`v2.1.39`](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39)

###
[`v2.1.38`](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38)

###
[`v2.1.37`](https://togithub.com/github/codeql-action/compare/v2.1.36...v2.1.37)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.36...v2.1.37)

###
[`v2.1.36`](https://togithub.com/github/codeql-action/compare/v2.1.35...v2.1.36)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.35...v2.1.36)

###
[`v2.1.35`](https://togithub.com/github/codeql-action/compare/v2.1.34...v2.1.35)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.34...v2.1.35)

###
[`v2.1.34`](https://togithub.com/github/codeql-action/compare/v2.1.33...v2.1.34)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.33...v2.1.34)

###
[`v2.1.33`](https://togithub.com/github/codeql-action/compare/v2.1.32...v2.1.33)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.32...v2.1.33)

###
[`v2.1.32`](https://togithub.com/github/codeql-action/compare/v2.1.31...v2.1.32)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.31...v2.1.32)

###
[`v2.1.31`](https://togithub.com/github/codeql-action/compare/v2.1.30...v2.1.31)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.30...v2.1.31)

###
[`v2.1.30`](https://togithub.com/github/codeql-action/compare/v2.1.29...v2.1.30)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.29...v2.1.30)

###
[`v2.1.29`](https://togithub.com/github/codeql-action/compare/v2.1.28...v2.1.29)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.28...v2.1.29)

###
[`v2.1.28`](https://togithub.com/github/codeql-action/compare/v2.1.27...v2.1.28)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.1.27...v2.1.28)

</details>

<details>
<summary>gradle/gradle</summary>

### [`v7.5.1`](https://togithub.com/gradle/gradle/releases/tag/v7.5.1):
7.5.1

This is a patch release for 7.5. We recommend using 7.5.1 instead of 7.5

[Read the Release
Notes](https://docs.gradle.org/7.5.1/release-notes.html)

We would like to thank the following community members for their
contributions to this release of Gradle:
[Michael Bailey](https://togithub.com/yogurtearl),
[Josh Kasten](https://togithub.com/jkasten2),
[Marcono1234](https://togithub.com/Marcono1234),
[mataha](https://togithub.com/mataha),
[Lieven Vaneeckhaute](https://togithub.com/denshade),
[kiwi-oss](https://togithub.com/kiwi-oss),
[Stefan Neuhaus](https://togithub.com/stefanneuhaus),
[George Thomas](https://togithub.com/smoothreggae),
[Anja Papatola](https://togithub.com/apalopta),
[Björn Kautler](https://togithub.com/Vampire),
[David Burström](https://togithub.com/davidburstrom),
[Vladimir Sitnikov](https://togithub.com/vlsi),
[Roland Weisleder](https://togithub.com/rweisleder),
[Konstantin Gribov](https://togithub.com/grossws),
[David Op de Beeck](https://togithub.com/DavidOpDeBeeck),
[aSemy](https://togithub.com/aSemy),
[Rene Groeschke](https://togithub.com/breskeby),
[Jonathan Leitschuh](https://togithub.com/JLLeitschuh),
[Aurimas Liutikas](https://togithub.com/liutikas),
[Jamie Tanna](https://togithub.com/jamietanna),
[Xin Wang](https://togithub.com/scaventz),
[Atsuto Yamashita](https://togithub.com/att55),
[Taeik Lim](https://togithub.com/acktsap),
[Peter Gafert](https://togithub.com/codecholeric),
[Alex Landau](https://togithub.com/AlexLandau),
[Jerry Wiltse](https://togithub.com/solvingj),
[Tyler Burke](https://togithub.com/T-A-B),
[Matthew Haughton](https://togithub.com/3flex),
[Filip Daca](https://togithub.com/filip-daca),
[Simão Gomes Viana](https://togithub.com/xdevs23),
[Vaidotas Valuckas](https://togithub.com/rieske),
[Edgars Jasmans](https://togithub.com/yasmans),
[Tomasz Godzik](https://togithub.com/tgodzik),
[Jeff](https://togithub.com/mathjeff),
[Lajos Veres](https://togithub.com/vlajos)

#### Upgrade instructions

Switch your build to use Gradle 7.5.1 by updating your wrapper:

`./gradlew wrapper --gradle-version=7.5.1`

See the [Gradle 7.x upgrade
guide](https://docs.gradle.org/7.5.1/userguide/upgrading_version\_7.html#changes\_7.5)
to learn about deprecations, breaking changes and other considerations
when upgrading.

#### Reporting Problems

If you find a problem with this release, please file a bug on [GitHub
Issues](https://togithub.com/gradle/gradle/issues) adhering to our issue
guidelines.
If you're not sure you're encountering a bug, please use the
[forum](https://discuss.gradle.org/c/help-discuss).

### [`v7.4.2`](https://togithub.com/gradle/gradle/releases/tag/v7.4.2):
7.4.2

This is a patch release for Gradle 7.4.

See the list of fixed issues:
https://docs.gradle.org/7.4.2/release-notes.html

We recommend users upgrade to 7.4.2 instead of 7.4 or another patch
release.

#### Upgrade Instructions

Switch your build to use Gradle 7.4.2 by updating your wrapper:

    ./gradlew wrapper --gradle-version=7.4.2

See the [Gradle 7.x upgrade
guide](https://docs.gradle.org/7.4.2/userguide/upgrading_version\_7.html#changes\_7.4)
to learn about deprecations, breaking changes and other considerations
when upgrading to Gradle 7.4.2.

#### Reporting Problems

If you find a problem with this release, please file a bug on [GitHub
Issues](https://togithub.com/gradle/gradle/issues) adhering to our issue
guidelines.
If you're not sure you're encountering a bug, please use the
[forum](https://discuss.gradle.org/c/help-discuss).

</details>

<details>
<summary>ossf/scorecard-action</summary>

###
[`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2)

#### What's Changed

##### Fixes

- 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054)

**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2

###
[`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1)

#### Scorecard version

This release use [Scorecard's
v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1)

**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1

###
[`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0)

#### What's Changed

##### Scorecard version

This release uses [scorecard
v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0).

##### Improvements

- Docker build workflow by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981)
- Use root user in distroless to support GitHub Actions by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994)
- Disable pull_request_target by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031)

##### Documentation

- Add PAT section explaining risks by
[@&#8203;olivekl](https://togithub.com/olivekl) in
[https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024)
- Make the badge text easier to copy by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

#### New Contributors

- [@&#8203;joycebrum](https://togithub.com/joycebrum) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984)
- [@&#8203;rajbos](https://togithub.com/rajbos) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0

</details>

<details>
<summary>terraform-linters/tflint-ruleset-aws</summary>

###
[`v0.21.2`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0212-2023-02-03)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.21.1...v0.21.2)

##### Enhancements

-
[#&#8203;431](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/431)
[#&#8203;442](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/442):
Update AWS provider/module and generated content

##### Chores

-
[#&#8203;433](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/433)
[#&#8203;441](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/441):
Bump golang.org/x/net from 0.2.0 to 0.5.0
-
[#&#8203;434](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/434):
Bump goreleaser/goreleaser-action from 3 to 4
-
[#&#8203;435](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/435):
Pass `GITHUB_TOKEN` to e2e test workflow
([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;437](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/437):
Bump github.com/terraform-linters/tflint-plugin-sdk from 0.14.0 to
0.15.0

###
[`v0.21.1`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0211-2022-12-12)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.21.0...v0.21.1)

##### BugFixes

-
[#&#8203;430](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/430):
`elasticache_cluster_previous_type`: fix panic on empty string
([@&#8203;bendrucker](https://togithub.com/bendrucker))

##### Chores

-
[#&#8203;407](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/407):
autogenerated maintenance

###
[`v0.21.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0210-2022-12-05)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.20.0...v0.21.0)

##### Enhancements

-
[#&#8203;403](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/403):
autogenerated maintenance
-
[#&#8203;405](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/405)
[#&#8203;406](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/406):
Add assume role configuration to plugin config
([@&#8203;kaito3desuyo](https://togithub.com/kaito3desuyo))

###
[`v0.20.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0200-2022-11-27)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.19.0...v0.20.0)

##### Enhancements

-
[#&#8203;400](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/400):
autogenerated maintenance

##### Chores

-
[#&#8203;399](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/399):
Bump up GoReleaser version in release.yml
([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;401](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/401):
Bump golang.org/x/net from 0.1.0 to 0.2.0

###
[`v0.19.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0190-2022-11-14)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.18.0...v0.19.0)

##### Enhancements

-
[#&#8203;390](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/390):
autogenerated maintenance

##### BugFixes

-
[#&#8203;397](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/397):
Prefer credentials in "plugin" blocks over "provider" blocks
([@&#8203;wata727](https://togithub.com/wata727))

##### Chores

-
[#&#8203;394](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/394):
Add signatures for keyless signing
([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;395](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/395):
Bump github.com/hashicorp/hcl/v2 from 2.14.1 to 2.15.0
-
[#&#8203;398](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/398):
Bump up GoReleaser version
([@&#8203;wata727](https://togithub.com/wata727))

###
[`v0.18.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0180-2022-10-24)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.17.1...v0.18.0)

##### Breaking Changes

-
[#&#8203;367](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/367):
remove hardcoded S3 region rule
([@&#8203;PatMyron](https://togithub.com/PatMyron))

##### Enhancements

-
[#&#8203;382](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/382):
autogenerated maintenance
-
[#&#8203;388](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/388):
Bump tflint-plugin-sdk to v0.14.0
([@&#8203;wata727](https://togithub.com/wata727))

##### Chores

-
[#&#8203;387](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/387):
Bump github.com/dave/dst from 0.27.0 to 0.27.2

###
[`v0.17.1`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0171-2022-09-29)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.17.0...v0.17.1)

##### Enhancements

-
[#&#8203;373](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/373):
autogenerated maintenance
-
[#&#8203;380](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/380):
Update db instance type list with m6i and r6i
([@&#8203;milestruecar](https://togithub.com/milestruecar))

##### Chores

-
[#&#8203;374](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/374):
Bump github.com/google/go-cmp from 0.5.8 to 0.5.9
-
[#&#8203;377](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/377):
Bump github.com/terraform-linters/tflint-plugin-sdk from 0.12.0 to
0.13.0
-
[#&#8203;378](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/378):
Bump github.com/hashicorp/hcl/v2 from 2.14.0 to 2.14.1

###
[`v0.17.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0170-2022-09-08)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.16.1...v0.17.0)

The minimum supported version of TFLint has changed in this version.
TFLint v0.40.0+ is required for this plugin to work.

##### Breaking Changes

-
[#&#8203;369](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/369):
Bump tflint-plugin-sdk to v0.12.0
([@&#8203;wata727](https://togithub.com/wata727))

##### Enhancements

-
[#&#8203;366](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/366):
autogenerated maintenance

##### Chores

-
[#&#8203;365](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/365):
Bump github.com/zclconf/go-cty from 1.10.0 to 1.11.0
-
[#&#8203;368](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/368):
Bump github.com/hashicorp/hcl/v2 from 2.13.0 to 2.14.0
-
[#&#8203;371](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/371):
build: Improve Go workflows
([@&#8203;wata727](https://togithub.com/wata727))

###
[`v0.16.1`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0161-2022-08-27)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.16.0...v0.16.1)

##### Enhancements

-
[363](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/363):
autogenerated maintenance

###
[`v0.16.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0160-2022-08-14)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.15.0...v0.16.0)

##### Enhancements

-
[#&#8203;358](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/358):
autogenerated maintenance
- Removed `aws_cloudwatch_metric_alarm_invalid_extended_statistic` rule
-
[#&#8203;362](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/362):
Lambda runtime deprecation updates
([@&#8203;PatMyron](https://togithub.com/PatMyron))

##### Chores

-
[#&#8203;359](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/359):
go 1.19 ([@&#8203;PatMyron](https://togithub.com/PatMyron))

###
[`v0.15.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0150-2022-07-15)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.14.0...v0.15.0)

##### Enhancements

-
[#&#8203;352](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/352):
autogenerated maintenance
-
[#&#8203;355](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/355):
Add `aws_security_group_rule_invalid_protocol` rule
([@&#8203;x-color](https://togithub.com/x-color))
-
[#&#8203;356](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/356):
Add `aws_security_group_invalid_protocol` rule
([@&#8203;x-color](https://togithub.com/x-color))

##### Chores

-
[#&#8203;354](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/354):
Bump github.com/hashicorp/hcl/v2 from 2.12.0 to 2.13.0

###
[`v0.14.0`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0140-2022-05-31)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.13.4...v0.14.0)

##### Enhancements

-
[#&#8203;342](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/342):
feat: support provider aliases in deep checking
([@&#8203;suzuki-shunsuke](https://togithub.com/suzuki-shunsuke))
-
[#&#8203;343](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/343):
autogenerated maintenance

##### Chores

-
[#&#8203;344](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/344):
Bump github.com/terraform-linters/tflint-plugin-sdk from 0.10.1 to
0.11.0
-
[#&#8203;347](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/347):
Bump goreleaser/goreleaser-action from 2 to 3
-
[#&#8203;351](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/351):
Bump github.com/dave/dst from 0.26.2 to 0.27.0

###
[`v0.13.4`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0134-2022-05-05)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.13.3...v0.13.4)

##### Enhancements

-
[#&#8203;336](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/336):
autogenerated maintenance

##### Chores

-
[#&#8203;338](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/338):
Bump github.com/hashicorp/hcl/v2 from 2.11.1 to 2.12.0
-
[#&#8203;339](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/339):
Bump github.com/google/go-cmp from 0.5.7 to 0.5.8
-
[#&#8203;340](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/340):
Replace logger from the standard logger
([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;341](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/341):
Add E2E tests ([@&#8203;wata727](https://togithub.com/wata727))

###
[`v0.13.3`](https://togithub.com/terraform-linters/tflint-ruleset-aws/blob/HEAD/CHANGELOG.md#&#8203;0133-2022-04-17)

[Compare
Source](https://togithub.com/terraform-linters/tflint-ruleset-aws/compare/v0.13.2...v0.13.3)

##### Enhancements

-
[#&#8203;324](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/324):
autogenerated maintenance
-
[#&#8203;335](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/335):
Lambda runtime deprecation updates (python3.6)
([@&#8203;PatMyron](https://togithub.com/PatMyron))

##### Chores

-
[#&#8203;328](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/328):
chores: Remove snaker ([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;329](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/329):
Fix rule template for rule generator
([@&#8203;wata727](https://togithub.com/wata727))
-
[#&#8203;330](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/330):
Bump github.com/terraform-linters/tflint-plugin-sdk from 0.10.0 to
0.10.1
-
[#&#8203;333](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/333):
style: format rules/api/rule.go.tmpl and run `go generate ./...`
([@&#8203;suzuki-shunsuke](https://togithub.com/suzuki-shunsuke))
-
[#&#8203;334](https://togithub.com/terraform-linters/tflint-ruleset-aws/pull/334):
Bump actions/setup-go from 2 to 3

</details>

<details>
<summary>Microsoft/TypeScript</summary>

###
[`v4.9.5`](https://togithub.com/microsoft/TypeScript/releases/tag/v4.9.5):
TypeScript 4.9.5

[Compare
Source](https://togithub.com/Microsoft/TypeScript/compare/v4.9.4...v4.9.5)

For release notes, check out the [release
announcement](https://devblogs.microsoft.com/typescript/announcing-typescript-4-9/).

Downloads are available on:

-   [npm](https://www.npmjs.com/package/typescript)
- [NuGet
package](https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild)

#### Changes:

-
[`69e88ef`](https://togithub.com/Microsoft/TypeScript/commit/69e88ef5513a81acf69ec78f4af1f927da0d0584)
Port ignore deprecations to 4.9
([#&#8203;52419](https://togithub.com/Microsoft/TypeScript/issues/52419))
-
[`daf4e81`](https://togithub.com/Microsoft/TypeScript/commit/daf4e817a18def96b70ac34703b158ff0e6d58df)
Port timestamp fix to 4.9
([#&#8203;52426](https://togithub.com/Microsoft/TypeScript/issues/52426))

###
[`v4.9.4`](https://togithub.com/microsoft/TypeScript/releases/tag/v4.9.4):
TypeScript 4.9.4

[Compare
Source](https://togithub.com/Microsoft/TypeScript/compare/v4.9.3...v4.9.4)

For release notes, check out the [release
announcement](https://devblogs.microsoft.com/typescript/announcing-typescript-4-9).

For the complete list of fixed issues, check out the

- [fixed issues query for Typescript
v4.9.4](https://togithub.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=is%3Aissue+milestone%3A%22TypeScript+4.9.4%22+is%3Aclosed+).

Downloads are available on:

-   [npm](https://www.npmjs.com/package/typescript)
- [NuGet
package](https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild)

##### Changes:

-
[`e286821`](https://togithub.com/Microsoft/TypeScript/commit/e2868216f637e875a74c675845625eb15dcfe9a2)
Bump version to 4.9.4 and LKG.
-
[`eb5419f`](https://togithub.com/Microsoft/TypeScript/commit/eb5419fc8d980859b98553586dfb5f40d811a745)
Cherry-pick
[#&#8203;51704](https://togithub.com/Microsoft/TypeScript/issues/51704)
to release 4.9
([#&#8203;51712](https://togithub.com/Microsoft/TypeScript/issues/51712))
-
[`b4d382b`](https://togithub.com/Microsoft/TypeScript/commit/b4d382b9b12460adf2da4cc0d1429cf19f8dc8be)
Cherry-pick changes for narrowing to tagged literal types.
-
[`e7a02f4`](https://togithub.com/Microsoft/TypeScript/commit/e7a02f43fce47e1a39259ada5460bcc33c8e98b5)
Port of
[#&#8203;51626](https://togithub.com/Microsoft/TypeScript/issues/51626)
and
[#&#8203;51689](https://togithub.com/Microsoft/TypeScript/issues/51689)
to release-4.9
([#&#8203;51627](https://togithub.com/Microsoft/TypeScript/issues/51627))
-
[`1727912`](https://togithub.com/Microsoft/TypeScript/commit/1727912f0437a7f367d90040fc4b0b4f3efd017a)
Cherry-pick fix around `visitEachChild` to release-4.9.
([#&#8203;51544](https://togithub.com/Microsoft/TypeScript/issues/51544))

This list of changes was [auto
generated](https://typescript.visualstudio.com/cf7ac146-d525-443c-b23c-0d58337efebc/\_release?releaseId=117&\_a=release-summary).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/trunk-io/plugins).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xMjIuMSIsInVwZGF0ZWRJblZlciI6IjM0LjEyMi4xIn0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Eli Schleifer <eli@trunk.io>
github-merge-queue bot referenced this pull request in AmadeusITGroup/otter Mar 13, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| peerDependencies | minor |
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| dependencies | minor |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v2.24.6` -> `v2.24.7` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v3.24.6` -> `v3.24.7` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
`v2.0.6` -> `v2.3.1` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | minor |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>OpenAPITools/openapi-generator-cli
(@&#8203;openapitools/openapi-generator-cli)</summary>

###
[`v2.12.0`](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...ad97182dac3fc2fec59c70fa96e7213d0a475dd3)

[Compare
Source](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...v2.12.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

###
[`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192)

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://togithub.com/cynthia-sg) and
[@&#8203;tegioz](https://togithub.com/tegioz) at
[CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406)
-
[https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422)

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156),
resolved
[https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150))
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191))

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://togithub.com/pnacht) in
[https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175)
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://togithub.com/joycebrum) in
[https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153)
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://togithub.com/bobcallaway) made their
first contribution in
[https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140)
- [@&#8203;pnacht](https://togithub.com/pnacht) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175)

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111)

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://togithub.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://togithub.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://togithub.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://togithub.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

###
[`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2)

#### What's Changed

##### Fixes

- 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054)

**Full Changelog**:
ossf/scorecard-action@v2.1.1...v2.1.2

###
[`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1)

#### Scorecard version

This release use [Scorecard's
v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1)

**Full Changelog**:
ossf/scorecard-action@v2.1.0...v2.1.1

###
[`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0)

#### What's Changed

##### Scorecard version

This release uses [scorecard
v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0).

##### Improvements

- Docker build workflow by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981)
- Use root user in distroless to support GitHub Actions by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994)
- Disable pull_request_target by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031)

##### Documentation

- Add PAT section explaining risks by
[@&#8203;olivekl](https://togithub.com/olivekl) in
[https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024)
- Make the badge text easier to copy by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

#### New Contributors

- [@&#8203;joycebrum](https://togithub.com/joycebrum) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984)
- [@&#8203;rajbos](https://togithub.com/rajbos) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026)

**Full Changelog**:
ossf/scorecard-action@v2.0.6...v2.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am
every weekday,every weekend" in timezone Europe/Paris, Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/AmadeusITGroup/otter).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bug: do not upload the result in the security dashboard if it is a pull request
2 participants