Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pin public key used for verification #169

Merged
merged 3 commits into from
Aug 7, 2024
Merged

Conversation

bobcallaway
Copy link
Member

Summary

Release Note

Documentation

Signed-off-by: Bob Callaway <bcallaway@google.com>
@bobcallaway bobcallaway requested a review from cpanato August 7, 2024 14:58
Signed-off-by: Bob Callaway <bcallaway@google.com>
…onse

Signed-off-by: Bob Callaway <bcallaway@google.com>
@bobcallaway bobcallaway merged commit 7e1d9c1 into sigstore:main Aug 7, 2024
27 checks passed
renovate bot referenced this pull request in rsturla/eternal-main Aug 7, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `v3.6.0` |

---

### Release Notes

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://togithub.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://togithub.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://togithub.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://togithub.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://togithub.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://togithub.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://togithub.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://togithub.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://togithub.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://togithub.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/rsturla/eternal-main).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMC4xIiwidXBkYXRlZEluVmVyIjoiMzguMjAuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this pull request in jippi/dottie Aug 8, 2024
…thub/workflows/release.yml (#70)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `v3.6.0` |

---

### Release Notes

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://togithub.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://togithub.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://togithub.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://togithub.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://togithub.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://togithub.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://togithub.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://togithub.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://togithub.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://togithub.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "* */8 * * *" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/jippi/dottie).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMC4xIiwidXBkYXRlZEluVmVyIjoiMzguMjAuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
charithe referenced this pull request in cerbos/cerbos Aug 12, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[bufbuild/buf-setup-action](https://togithub.com/bufbuild/buf-setup-action)
| action | minor | `v1.35.1` -> `v1.36.0` |
|
[google-github-actions/setup-gcloud](https://togithub.com/google-github-actions/setup-gcloud)
| action | patch | `v2.1.0` -> `v2.1.1` |
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `v3.6.0` |

---

### Release Notes

<details>
<summary>bufbuild/buf-setup-action (bufbuild/buf-setup-action)</summary>

###
[`v1.36.0`](https://togithub.com/bufbuild/buf-setup-action/releases/tag/v1.36.0)

[Compare
Source](https://togithub.com/bufbuild/buf-setup-action/compare/v1.35.1...v1.36.0)

Release v1.36.0

</details>

<details>
<summary>google-github-actions/setup-gcloud
(google-github-actions/setup-gcloud)</summary>

###
[`v2.1.1`](https://togithub.com/google-github-actions/setup-gcloud/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/google-github-actions/setup-gcloud/compare/v2.1.0...v2.1.1)

#### What's Changed

- security: bump undici from 5.28.2 to 5.28.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/google-github-actions/setup-gcloud/pull/681](https://togithub.com/google-github-actions/setup-gcloud/pull/681)
- Fix typo in sample workflow shown in README.md. by
[@&#8203;msng](https://togithub.com/msng) in
[https://github.com/google-github-actions/setup-gcloud/pull/682](https://togithub.com/google-github-actions/setup-gcloud/pull/682)
- Fix ADC documentation,
[issue#685](https://togithub.com/issue/setup-gcloud/issues/685) by
[@&#8203;eeaton](https://togithub.com/eeaton) in
[https://github.com/google-github-actions/setup-gcloud/pull/686](https://togithub.com/google-github-actions/setup-gcloud/pull/686)
- security: bump undici from 5.28.3 to 5.28.4 in the npm_and_yarn group
by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/google-github-actions/setup-gcloud/pull/687](https://togithub.com/google-github-actions/setup-gcloud/pull/687)
- Disable prompts by [@&#8203;sethvargo](https://togithub.com/sethvargo)
in
[https://github.com/google-github-actions/setup-gcloud/pull/688](https://togithub.com/google-github-actions/setup-gcloud/pull/688)
- Update deps and switch to autodoc by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/setup-gcloud/pull/690](https://togithub.com/google-github-actions/setup-gcloud/pull/690)
- Update deps by [@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/setup-gcloud/pull/691](https://togithub.com/google-github-actions/setup-gcloud/pull/691)
- Release: v2.1.1 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/setup-gcloud/pull/692](https://togithub.com/google-github-actions/setup-gcloud/pull/692)

#### New Contributors

- [@&#8203;msng](https://togithub.com/msng) made their first
contribution in
[https://github.com/google-github-actions/setup-gcloud/pull/682](https://togithub.com/google-github-actions/setup-gcloud/pull/682)
- [@&#8203;eeaton](https://togithub.com/eeaton) made their first
contribution in
[https://github.com/google-github-actions/setup-gcloud/pull/686](https://togithub.com/google-github-actions/setup-gcloud/pull/686)

**Full Changelog**:
google-github-actions/setup-gcloud@v2.1.0...v2.1.1

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://togithub.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://togithub.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://togithub.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://togithub.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://togithub.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://togithub.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://togithub.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://togithub.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://togithub.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://togithub.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://togithub.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/cerbos/cerbos).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMC4xIiwidXBkYXRlZEluVmVyIjoiMzguMjAuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXJlYS9kZXBlbmRlbmNpZXMiLCJib3RzIiwia2luZC9jaG9yZSJdfQ==-->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159 referenced this pull request in defenseunicorns/maru-runner Sep 20, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token)
| action | minor | `v1.10.3` -> `v1.11.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | patch | `v4.0.3` -> `v4.0.4` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.3.4` -> `v4.4.0` |
| [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action)
| action | minor | `v0.16.1` -> `v0.17.2` |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action)
| action | minor | `v3.4.0` -> `n/a` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v3.25.12` -> `v3.26.8` |
| morphy/revive-action | docker | digest | `087d4e6` -> `540bffd` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | minor | `v2.3.3` -> `v2.4.0` |
|
[sigstore/cosign-installer](https://redirect.github.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `n/a` |
| [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor |
`v0.39.0` -> `v0.40.1` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.11.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.0)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0)

##### What's Changed

##### Features

- Allow repositories input to be comma or newline-separated by
[@&#8203;peter-evans](https://redirect.github.com/peter-evans) in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

##### New Contributors

- [@&#8203;peter-evans](https://redirect.github.com/peter-evans) made
their first contribution in
[https://github.com/actions/create-github-app-token/pull/169](https://redirect.github.com/actions/create-github-app-token/pull/169)

**Full Changelog**:
actions/create-github-app-token@v1.10.4...v1.11.0

###
[`v1.10.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.10.4)

[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4)

##### Bug Fixes

- **deps:** bump the production-dependencies group across 1 directory
with 3 updates
([#&#8203;166](https://redirect.github.com/actions/create-github-app-token/issues/166))
([e177c20](https://redirect.github.com/actions/create-github-app-token/commit/e177c20e0f736e68f4a37ffee6aa32c73da13988)),
closes
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;641](https://redirect.github.com/actions/create-github-app-token/issues/641)
[#&#8203;639](https://redirect.github.com/actions/create-github-app-token/issues/639)
[#&#8203;638](https://redirect.github.com/actions/create-github-app-token/issues/638)
[#&#8203;637](https://redirect.github.com/actions/create-github-app-token/issues/637)
[#&#8203;636](https://redirect.github.com/actions/create-github-app-token/issues/636)
[#&#8203;633](https://redirect.github.com/actions/create-github-app-token/issues/633)
[#&#8203;632](https://redirect.github.com/actions/create-github-app-token/issues/632)
[#&#8203;631](https://redirect.github.com/actions/create-github-app-token/issues/631)
[#&#8203;630](https://redirect.github.com/actions/create-github-app-token/issues/630)
[#&#8203;629](https://redirect.github.com/actions/create-github-app-token/issues/629)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;714](https://redirect.github.com/actions/create-github-app-token/issues/714)
[#&#8203;716](https://redirect.github.com/actions/create-github-app-token/issues/716)
[#&#8203;711](https://redirect.github.com/actions/create-github-app-token/issues/711)
[#&#8203;712](https://redirect.github.com/actions/create-github-app-token/issues/712)
[#&#8203;710](https://redirect.github.com/actions/create-github-app-token/issues/710)
[#&#8203;709](https://redirect.github.com/actions/create-github-app-token/issues/709)
[#&#8203;708](https://redirect.github.com/actions/create-github-app-token/issues/708)
[#&#8203;702](https://redirect.github.com/actions/create-github-app-token/issues/702)
[#&#8203;706](https://redirect.github.com/actions/create-github-app-token/issues/706)
[#&#8203;3458](https://redirect.github.com/actions/create-github-app-token/issues/3458)
[#&#8203;3461](https://redirect.github.com/actions/create-github-app-token/issues/3461)
[#&#8203;3460](https://redirect.github.com/actions/create-github-app-token/issues/3460)
[#&#8203;3454](https://redirect.github.com/actions/create-github-app-token/issues/3454)
[#&#8203;3450](https://redirect.github.com/actions/create-github-app-token/issues/3450)
[#&#8203;3445](https://redirect.github.com/actions/create-github-app-token/issues/3445)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.4`](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)

###
[`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6)

###
[`v4.3.5`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.17.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.2)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2)

#### Changes in v0.17.2

- Update Syft to v1.11.1
([#&#8203;485](https://redirect.github.com/anchore/sbom-action/issues/485))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.1)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1)

#### Changes in v0.17.1

- chore(deps): update Syft to v1.11.0
([#&#8203;483](https://redirect.github.com/anchore/sbom-action/issues/483))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

###
[`v0.17.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.0)

[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.1...v0.17.0)

#### Changes in v0.17.0

- chore(deps): update Syft to v1.9.0
([#&#8203;479](https://redirect.github.com/anchore/sbom-action/issues/479))
\[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)]

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3.6.1`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.1)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1)

- Check for malformed docker context by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/347](https://redirect.github.com/docker/setup-buildx-action/pull/347)

**Full Changelog**:
docker/setup-buildx-action@v3.6.0...v3.6.1

###
[`v3.6.0`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0)

- Create temp docker context if default one has TLS data loaded before
creating a container builder by
[@&#8203;crazy-max](https://redirect.github.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/341](https://redirect.github.com/docker/setup-buildx-action/pull/341)

**Full Changelog**:
docker/setup-buildx-action@v3.5.0...v3.6.0

###
[`v3.5.0`](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8)

###
[`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)

###
[`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)

###
[`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)

###
[`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4)

###
[`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3)

###
[`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2)

###
[`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1)

###
[`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0)

###
[`v3.25.15`](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.13...v3.25.14)

###
[`v3.25.13`](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0).
Of special note to Scorecard Action is the Maintainer Annotation
feature, which can be used to suppress some Code Scanning false
positives. Alerts will not be generated for any Scorecard Check with an
annotation.

- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1410](https://redirect.github.com/ossf/scorecard-action/pull/1410)
- 🐛 lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://redirect.github.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://redirect.github.com/jkowalleck) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://redirect.github.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
ossf/scorecard-action@v2.3.3...v2.4.0

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://redirect.github.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://redirect.github.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://redirect.github.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://redirect.github.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://redirect.github.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://redirect.github.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://redirect.github.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://redirect.github.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://redirect.github.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://redirect.github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://redirect.github.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

<details>
<summary>zarf-dev/zarf (zarf-dev/zarf)</summary>

###
[`v0.40.1`](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.40.0...v0.40.1)

###
[`v0.40.0`](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.39.0...v0.40.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzEuNCIsInVwZGF0ZWRJblZlciI6IjM4LjgwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants