🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 #1410
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Spencer Schrock <[email protected]>
spencerschrock
requested review from
a team,
naveensrinivasan and
justaugustus
and removed request for
a team
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1410 +/- ##
=======================================
Coverage 63.17% 63.17%
=======================================
Files 4 4
Lines 296 296
=======================================
Hits 187 187
Misses 94 94
Partials 15 15 |
|
Note: we should wait until Monday to start cutting a release here. |
Roger that! |
github-merge-queue bot
pushed a commit
to AmadeusITGroup/otter
that referenced
this pull request
Jul 30, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.14` -> `v3.25.15` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [memfs](https://github.com/streamich/memfs) | peerDependencies | minor | [`~4.9.0` -> `~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [memfs](https://github.com/streamich/memfs) | devDependencies | minor | [`~4.9.0` -> `~4.11.0`](https://renovatebot.com/diffs/npm/memfs/4.9.3/4.11.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | org.jetbrains.intellij | plugin | patch | `1.17.3` -> `1.17.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>streamich/memfs (memfs)</summary> ### [`v4.11.0`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4110-2024-07-27) [Compare Source](https://github.com/streamich/memfs/compare/v4.10.0...v4.11.0) ##### Features - volume implementation of .opendir() method ([7072fb7](https://github.com/streamich/memfs/commit/7072fb7545b6269c3f04f191a4853ad0f39ed15f)) ### [`v4.10.0`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#4100-2024-07-27) [Compare Source](https://github.com/streamich/memfs/compare/v4.9.4...v4.10.0) ##### Features - 🎸 add IReadableWebStreamOptions type ([99ebd64](https://github.com/streamich/memfs/commit/99ebd6491e4886dc9947d5b3c867241b7158357a)) - 🎸 implement FileHandle.readableWebStream() ([c3ddc6c](https://github.com/streamich/memfs/commit/c3ddc6c21ea112056ee84e3c131f09f5b2582779)) #### [4.9.4](https://github.com/streamich/memfs/compare/v4.9.3...v4.9.4) (2024-07-23) ##### Bug Fixes - ensure files in subdirectories are returned as buffers when calling `toJSON` with `asBuffer` ([#​1041](https://github.com/streamich/memfs/issues/1041)) ([c3d4cf3](https://github.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3)) #### [4.9.3](https://github.com/streamich/memfs/compare/v4.9.2...v4.9.3) (2024-06-14) ##### Bug Fixes - replace `sonic-forest` with `tree-dump` ([#​1038](https://github.com/streamich/memfs/issues/1038)) ([f989dcd](https://github.com/streamich/memfs/commit/f989dcd2e6457698b85491997ea073ae07c04724)) #### [4.9.2](https://github.com/streamich/memfs/compare/v4.9.1...v4.9.2) (2024-04-30) ##### Bug Fixes - 🐛 bump [@​jsonjoy](https://github.com/jsonjoy).com/util package ([eea3b42](https://github.com/streamich/memfs/commit/eea3b421f28698cff6800bfb8882faa340c0b344)) - 🐛 bump json-pack ([32cc4da](https://github.com/streamich/memfs/commit/32cc4da5db9c0288574e4e539174c3d0f8816902)) #### [4.9.1](https://github.com/streamich/memfs/compare/v4.9.0...v4.9.1) (2024-04-27) ##### Bug Fixes - 🐛 use latest json-pack implementation ([de54ab5](https://github.com/streamich/memfs/commit/de54ab53a5df3b857975094ce4c59d760240a6d6)) ### [`v4.9.4`](https://github.com/streamich/memfs/blob/HEAD/CHANGELOG.md#494-2024-07-23) [Compare Source](https://github.com/streamich/memfs/compare/v4.9.3...v4.9.4) ##### Bug Fixes - ensure files in subdirectories are returned as buffers when calling `toJSON` with `asBuffer` ([#​1041](https://github.com/streamich/memfs/issues/1041)) ([c3d4cf3](https://github.com/streamich/memfs/commit/c3d4cf36e438f7fef2dab4639c08449ceada28a3)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/AmadeusITGroup/otter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
bogdandrutu
pushed a commit
to open-telemetry/opentelemetry-collector
that referenced
this pull request
Jul 30, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.13` -> `v3.25.15` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
pushed a commit
to defenseunicorns/uds-package-sonarqube
that referenced
this pull request
Jul 30, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.37.0` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.14` -> `v3.25.15` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.5.0` -> `38.13.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) #### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2730 - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2736 - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2733 - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2739 - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [zarf-dev/zarf#2729 - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2734 - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [zarf-dev/zarf#2741 - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2742 - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [zarf-dev/zarf#2731 - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2744 - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2719 - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2720 - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2618 - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2745 - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2722 - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2747 - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2527 - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2752 - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2755 - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2746 - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2735 - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2764 - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2750 - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2585 - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2751 - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2759 - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2588 - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2766 - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2762 - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2770 - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [zarf-dev/zarf#2769 - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2774 - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2771 - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2487 - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2763 - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2779 - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2782 #### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [zarf-dev/zarf#2731 **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes ### [`v38.7.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1) See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more changes ### [`v38.7.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.5.0...38.7.0) See https://github.com/renovatebot/renovate/releases/tag/38.7.0 for more changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-sonarqube). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
added a commit
to defenseunicorns/uds-package-valkey
that referenced
this pull request
Jul 31, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-valkey). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <[email protected]> Release-As: v7.2.5-uds.3
Racer159
added a commit
to defenseunicorns/uds-package-postgres-operator
that referenced
this pull request
Jul 31, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-postgres-operator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <[email protected]> Release-As: v1.12.2-uds.2
Racer159
added a commit
to defenseunicorns/uds-package-gitlab-runner
that referenced
this pull request
Jul 31, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <[email protected]> Release-As: v17.1.0-uds.1
Racer159
pushed a commit
to defenseunicorns/uds-software-factory
that referenced
this pull request
Aug 1, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.10.0` | | [defenseunicorns/uds-package-gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | | minor | `v17.1.2-uds.1` -> `v17.2.1-uds.0` | | [defenseunicorns/uds-package-gitlab-runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | | patch | `v17.1.0-uds.0` -> `v17.1.0-uds.1` | | [defenseunicorns/uds-package-sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | | major | `v9.9.5-uds.1` -> `v10.6.0-uds.0` | | ghcr.io/defenseunicorns/packages/uds/gitlab | | minor | `17.1.2-uds.1-upstream` -> `17.2.1-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | | patch | `17.1.0-uds.0-upstream` -> `17.1.0-uds.1-upstream` | | ghcr.io/defenseunicorns/packages/uds/postgres-operator | | patch | `1.12.2-uds.1-upstream` -> `1.12.2-uds.2-upstream` | | ghcr.io/defenseunicorns/packages/uds/sonarqube | | major | `9.9.5-uds.1-upstream` -> `10.6.0-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/valkey | | patch | `7.2.5-uds.2-upstream` -> `7.2.6-uds.0-upstream` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>defenseunicorns/uds-package-gitlab (defenseunicorns/uds-package-gitlab)</summary> ### [`v17.2.1-uds.0`](https://github.com/defenseunicorns/uds-package-gitlab/releases/tag/v17.2.1-uds.0) [Compare Source](https://github.com/defenseunicorns/uds-package-gitlab/compare/v17.1.2-uds.1...v17.2.1-uds.0) ##### ⚠ BREAKING CHANGES - remove egress anywhere for SSO ([#​177](https://github.com/defenseunicorns/uds-package-gitlab/issues/177)) ##### Miscellaneous - add PeerAuthentication docs and Made for UDS Badge ([#​174](https://github.com/defenseunicorns/uds-package-gitlab/issues/174)) ([4909378](https://github.com/defenseunicorns/uds-package-gitlab/commit/49093782822332152dd3e74e7442e8509d1742e9)) - **deps:** update gitlab package dependencies ([#​171](https://github.com/defenseunicorns/uds-package-gitlab/issues/171)) ([f9c0081](https://github.com/defenseunicorns/uds-package-gitlab/commit/f9c00818b401d9d792f936a0c726abfd8fd96a77)) - **deps:** update gitlab support dependencies ([#​175](https://github.com/defenseunicorns/uds-package-gitlab/issues/175)) ([d7be43a](https://github.com/defenseunicorns/uds-package-gitlab/commit/d7be43a755c8ce44cc0d20c06a51ae090771df5f)) - remove egress anywhere for SSO ([#​177](https://github.com/defenseunicorns/uds-package-gitlab/issues/177)) ([996181d](https://github.com/defenseunicorns/uds-package-gitlab/commit/996181dca6784786372ff77e00606c2d66e7fe41)) - swap to `openid-connect` instead of `_` ([#​179](https://github.com/defenseunicorns/uds-package-gitlab/issues/179)) ([59e3954](https://github.com/defenseunicorns/uds-package-gitlab/commit/59e3954f36959b32dce0fbc64c591a0b18d05626)) </details> <details> <summary>defenseunicorns/uds-package-gitlab-runner (defenseunicorns/uds-package-gitlab-runner)</summary> ### [`v17.1.0-uds.1`](https://github.com/defenseunicorns/uds-package-gitlab-runner/releases/tag/v17.1.0-uds.1) [Compare Source](https://github.com/defenseunicorns/uds-package-gitlab-runner/compare/v17.1.0-uds.0...v17.1.0-uds.1) ##### Features - enable prometheus metrics to be Made for UDS ([#​111](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/111)) ([27001f1](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/27001f1bea898bc4cbca7cbd45f90c7ac3dfad26)) ##### Miscellaneous - **deps:** update gitlab runner support dependencies ([#​110](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/110)) ([087aefc](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/087aefcc31f0ac2804659c0d02e41b106246491e)) - **deps:** update support-deps to v3.25.15 ([#​107](https://github.com/defenseunicorns/uds-package-gitlab-runner/issues/107)) ([dafe6b2](https://github.com/defenseunicorns/uds-package-gitlab-runner/commit/dafe6b2b13a7464782b5885d2099aa84b20ebf7f)) </details> <details> <summary>defenseunicorns/uds-package-sonarqube (defenseunicorns/uds-package-sonarqube)</summary> ### [`v10.6.0-uds.0`](https://github.com/defenseunicorns/uds-package-sonarqube/releases/tag/v10.6.0-uds.0) [Compare Source](https://github.com/defenseunicorns/uds-package-sonarqube/compare/v9.9.5-uds.1...v10.6.0-uds.0) ##### ⚠ BREAKING CHANGES - update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR flavor ([#​100](https://github.com/defenseunicorns/uds-package-sonarqube/issues/100)) - remove egress anywhere for SSO ([#​102](https://github.com/defenseunicorns/uds-package-sonarqube/issues/102)) ##### Miscellaneous - add architecture to save logs suffix on tag-and-release ([#​92](https://github.com/defenseunicorns/uds-package-sonarqube/issues/92)) ([5fbe70c](https://github.com/defenseunicorns/uds-package-sonarqube/commit/5fbe70ce2cbbd83363e3a03b19bf2a3848eade3f)) - **deps:** update sonarqube support dependencies ([#​101](https://github.com/defenseunicorns/uds-package-sonarqube/issues/101)) ([074db36](https://github.com/defenseunicorns/uds-package-sonarqube/commit/074db362f834d6672603d7e281b265a35c9885cf)) - **deps:** update sonarqube support dependencies ([#​103](https://github.com/defenseunicorns/uds-package-sonarqube/issues/103)) ([ee1c448](https://github.com/defenseunicorns/uds-package-sonarqube/commit/ee1c4484f636b12872838f0ecdadb59a74458f03)) - **deps:** update sonarqube support dependencies ([#​93](https://github.com/defenseunicorns/uds-package-sonarqube/issues/93)) ([47b6bdc](https://github.com/defenseunicorns/uds-package-sonarqube/commit/47b6bdc2fc34a903aa162cf4d08139c40368b9a4)) - **deps:** update sonarqube support dependencies ([#​98](https://github.com/defenseunicorns/uds-package-sonarqube/issues/98)) ([3d342e5](https://github.com/defenseunicorns/uds-package-sonarqube/commit/3d342e5a39e6745f134d5fbf6822948efb03dbe3)) - fix sonarqube runner to big-boy-4-core ([#​106](https://github.com/defenseunicorns/uds-package-sonarqube/issues/106)) ([01d883f](https://github.com/defenseunicorns/uds-package-sonarqube/commit/01d883f6eed9a690e2628a23be51b14a4c46a318)) - remove egress anywhere for SSO ([#​102](https://github.com/defenseunicorns/uds-package-sonarqube/issues/102)) ([2c5dd72](https://github.com/defenseunicorns/uds-package-sonarqube/commit/2c5dd7264308e2e94734c6d8aea910bc979bea42)) - update license ([#​89](https://github.com/defenseunicorns/uds-package-sonarqube/issues/89)) ([c078724](https://github.com/defenseunicorns/uds-package-sonarqube/commit/c078724aac7d441824678d467b7ae042e1a43066)) - update to SonarQube 10, migrate to upstream chart, add `unicorn` CGR flavor ([#​100](https://github.com/defenseunicorns/uds-package-sonarqube/issues/100)) ([d3ee872](https://github.com/defenseunicorns/uds-package-sonarqube/commit/d3ee8728a41635702ca056859c0c7b0cc5359b84)) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-software-factory). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJidW5kbGUtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
yurishkuro
pushed a commit
to jaegertracing/jaeger
that referenced
this pull request
Aug 1, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]>
ramonpetgrave64
pushed a commit
to slsa-framework/slsa-github-generator
that referenced
this pull request
Aug 2, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `692973e` -> `9a9194f` | | [actions/download-artifact](https://github.com/actions/download-artifact) | action | patch | `v4.1.7` -> `v4.1.8` | | [actions/setup-go](https://github.com/actions/setup-go) | action | patch | `v5.0.1` -> `v5.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | action | patch | `v4.0.2` -> `v4.0.3` | | [actions/setup-node](https://github.com/actions/setup-node) | action | digest | `60edb5d` -> `1e60f62` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.3` -> `v4.3.5` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.11` -> `v3.25.15` | | [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) | action | minor | `v3.4.2` -> `v3.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | action | patch | `v2.0.6` -> `v2.0.8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.8`](https://github.com/actions/download-artifact/releases/tag/v4.1.8) [Compare Source](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8) #### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [actions/download-artifact#341 **Full Changelog**: actions/download-artifact@v4...v4.1.8 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.2`](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) [Compare Source](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.0.3`](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) ### [`v4.3.4`](https://github.com/actions/upload-artifact/releases/tag/v4.3.4) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) ##### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [actions/upload-artifact#584 **Full Changelog**: actions/upload-artifact@v4.3.3...v4.3.4 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) </details> <details> <summary>gradle/gradle-build-action (gradle/gradle-build-action)</summary> ### [`v3.5.0`](https://github.com/gradle/gradle-build-action/releases/tag/v3.5.0) [Compare Source](https://github.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0) > \[!IMPORTANT] > As of `v3` this action has been superceded by `gradle/actions/setup-gradle`. > Any workflow that uses `gradle/gradle-build-action@v3` will transparently delegate to `gradle/actions/setup-gradle@v3`. > > Users are encouraged to update their workflows, replacing: > > uses: gradle/gradle-build-action@v3 > > with > > uses: gradle/actions/setup-gradle@v3 > > See the [setup-gradle documentation](https://github.com/gradle/actions/tree/main/setup-gradle) for up-to-date documentation for `gradle/actions/setup-gradle`. For release details, see https://github.com/gradle/actions/releases/tag/v3.5.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.0.8`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.8) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - chore(deps): bump prettier from 2.8.0 to 3.3.3 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#480 - chore(deps): bump [@​types/node](https://github.com/types/node) from 20.14.9 to 20.14.11 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#483 - chore(deps): bump [@​octokit/plugin-throttling](https://github.com/octokit/plugin-throttling) from 9.3.0 to 9.3.1 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#484 - chore(deps): bump glob from 10.4.2 to 11.0.0 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#477 - refactor: write jest config in ts by [@​chenrui333](https://github.com/chenrui333) in [softprops/action-gh-release#485 - chore(deps): bump [@​actions/github](https://github.com/actions/github) from 5.1.1 to 6.0.0 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#470 **Full Changelog**: softprops/action-gh-release@v2...v2.0.8 ### [`v2.0.7`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.7) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - Fix missing update release body by [@​FirelightFlagboy](https://github.com/FirelightFlagboy) in [softprops/action-gh-release#365 ##### Other Changes 🔄 - Bump [@​octokit/plugin-retry](https://github.com/octokit/plugin-retry) from 4.0.3 to 7.1.1 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#443 - Bump typescript from 4.9.5 to 5.5.2 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#467 - Bump [@​types/node](https://github.com/types/node) from 20.14.6 to 20.14.8 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#469 - Bump [@​types/node](https://github.com/types/node) from 20.14.8 to 20.14.9 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#473 - Bump typescript from 5.5.2 to 5.5.3 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#472 - Bump ts-jest from 29.1.5 to 29.2.2 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#479 - docs: document that existing releases are updated by [@​jvanbruegge](https://github.com/jvanbruegge) in [softprops/action-gh-release#474 #### New Contributors - [@​jvanbruegge](https://github.com/jvanbruegge) made their first contribution in [softprops/action-gh-release#474 - [@​FirelightFlagboy](https://github.com/FirelightFlagboy) made their first contribution in [softprops/action-gh-release#365 **Full Changelog**: softprops/action-gh-release@v2.0.6...v2.0.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <[email protected]>
JaredTan95
pushed a commit
to JaredTan95/jaeger
that referenced
this pull request
Aug 7, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>
Racer159
pushed a commit
to defenseunicorns/uds-package-mattermost
that referenced
this pull request
Aug 7, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.4` -> `v4.3.6` | | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.37.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | action | minor | `v3.5.0` -> `v3.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | action | minor | `v3.25.14` -> `v3.26.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.7.0` -> `38.21.1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | patch | `v2.9.0` -> `v2.9.1` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.6`](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) ##### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2730 - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2736 - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2733 - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2739 - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [zarf-dev/zarf#2729 - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2734 - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [zarf-dev/zarf#2741 - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2742 - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [zarf-dev/zarf#2731 - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2744 - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2719 - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2720 - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2618 - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2745 - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2722 - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2747 - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2527 - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2752 - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2755 - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2746 - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2735 - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2764 - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2750 - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2585 - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2751 - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2759 - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2588 - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2766 - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2762 - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2770 - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [zarf-dev/zarf#2769 - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2774 - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2771 - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2487 - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2763 - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2779 - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2782 ##### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [zarf-dev/zarf#2731 **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>docker/setup-buildx-action (docker/setup-buildx-action)</summary> ### [`v3.6.1`](https://github.com/docker/setup-buildx-action/releases/tag/v3.6.1) [Compare Source](https://github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1) - Check for malformed docker context by [@​crazy-max](https://github.com/crazy-max) in [docker/setup-buildx-action#347 **Full Changelog**: docker/setup-buildx-action@v3.6.0...v3.6.1 ### [`v3.6.0`](https://github.com/docker/setup-buildx-action/releases/tag/v3.6.0) [Compare Source](https://github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0) - Create temp docker context if default one has TLS data loaded before creating a container builder by [@​crazy-max](https://github.com/crazy-max) in [docker/setup-buildx-action#341 **Full Changelog**: docker/setup-buildx-action@v3.5.0...v3.6.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.0`](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.21.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1) See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for more changes ### [`v38.21.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0) See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for more changes ### [`v38.20.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1) See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for more changes ### [`v38.19.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2) See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for more changes ### [`v38.19.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1) See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for more changes ### [`v38.19.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0) See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for more changes ### [`v38.18.17`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17) See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for more changes ### [`v38.18.16`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16) See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for more changes ### [`v38.18.15`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15) See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for more changes ### [`v38.18.14`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14) See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for more changes ### [`v38.18.12`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12) See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for more changes ### [`v38.18.11`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11) See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for more changes ### [`v38.18.10`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10) See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for more changes ### [`v38.18.9`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9) See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for more changes ### [`v38.18.8`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8) See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for more changes ### [`v38.18.7`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7) See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for more changes ### [`v38.18.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5) See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for more changes ### [`v38.18.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4) See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for more changes ### [`v38.18.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1) See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for more changes ### [`v38.18.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0) See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for more changes ### [`v38.17.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1) See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for more changes ### [`v38.16.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0) See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for more changes ### [`v38.15.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0) See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for more changes ### [`v38.14.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0) See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for more changes ### [`v38.13.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4) See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for more changes ### [`v38.13.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3) See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for more changes ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for more changes ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes ### [`v38.7.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.7.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.0...38.7.1) See https://github.com/renovatebot/renovate/releases/tag/38.7.1 for more changes </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.1`](https://github.com/step-security/harden-runner/releases/tag/v2.9.1) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.9.0...v2.9.1) ##### What's Changed Release v2.9.1 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [#​440](https://github.com/step-security/harden-runner/issues/440) This release includes two changes: 1. Updated markdown displayed in the job summary by the Harden-Runner Action. 2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list. **Full Changelog**: step-security/harden-runner@v2...v2.9.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95
pushed a commit
to JaredTan95/jaeger
that referenced
this pull request
Aug 8, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>
zachariahmiller
pushed a commit
to defenseunicorns/uds-package-gitlab
that referenced
this pull request
Aug 9, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.4` -> `v4.3.6` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v0.9.0` -> `v0.11.2` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | action | minor | `v0.9.0` -> `v0.11.2` | | [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | | minor | `v0.36.1` -> `v0.38.0` | | [github/codeql-action](https://github.com/github/codeql-action) | action | minor | `v3.25.15` -> `v3.26.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [python-jsonschema/check-jsonschema](https://github.com/python-jsonschema/check-jsonschema) | repository | patch | `0.29.0` -> `0.29.1` | | [renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks) | repository | minor | `38.7.1` -> `38.23.2` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.6`](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.11.2`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.2) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.11.1...v0.11.2) ##### Miscellaneous - refine package selection logic for publishing ([#​207](https://github.com/defenseunicorns/uds-common/issues/207)) ([7e1c03a](https://github.com/defenseunicorns/uds-common/commit/7e1c03abede1d4a3f91bb122fe5fff6abbb73311)) ### [`v0.11.1`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.1) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.11.0...v0.11.1) ##### Bug Fixes - renovate ghcr host docker type ([#​201](https://github.com/defenseunicorns/uds-common/issues/201)) ([9c298e0](https://github.com/defenseunicorns/uds-common/commit/9c298e08417ce928dbbf4356c23182f8b1a62ffb)) - renovate typo token/password ([#​202](https://github.com/defenseunicorns/uds-common/issues/202)) ([5d7ea03](https://github.com/defenseunicorns/uds-common/commit/5d7ea03815929a662c529b2078bdf895d8f3ac1b)) - update renovate creds ([#​200](https://github.com/defenseunicorns/uds-common/issues/200)) ([1c6eb24](https://github.com/defenseunicorns/uds-common/commit/1c6eb24f37b4059589a70c9addeffb80895d450b)) ##### Miscellaneous - add renovate support for org ghcr packages ([#​199](https://github.com/defenseunicorns/uds-common/issues/199)) ([2c5de9c](https://github.com/defenseunicorns/uds-common/commit/2c5de9cc41cad9d1e02faf39c0cad364933f335f)) - **deps:** update uds common support dependencies ([#​195](https://github.com/defenseunicorns/uds-common/issues/195)) ([04b6409](https://github.com/defenseunicorns/uds-common/commit/04b64091ba0528463713f66d8167572a533e0c3d)) - fix codeowners ([#​196](https://github.com/defenseunicorns/uds-common/issues/196)) ([856ef22](https://github.com/defenseunicorns/uds-common/commit/856ef221b39e65070e966942b42e79d408f59b76)) ### [`v0.11.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.11.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.10.0...v0.11.0) ##### Features - add support for uds-core snapshots ([#​193](https://github.com/defenseunicorns/uds-common/issues/193)) ([7a39915](https://github.com/defenseunicorns/uds-common/commit/7a39915ceff7a1a9e319846042ab74390fda6f2b)) ##### Miscellaneous - **deps:** update uds common support dependencies ([#​187](https://github.com/defenseunicorns/uds-common/issues/187)) ([a0bbfb0](https://github.com/defenseunicorns/uds-common/commit/a0bbfb043e670a175fbdc44585e2bbb5b695acf7)) ### [`v0.10.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.10.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v0.9.0...v0.10.0) ##### Features - add task for determining target repo based on flavor ([#​188](https://github.com/defenseunicorns/uds-common/issues/188)) ([6810324](https://github.com/defenseunicorns/uds-common/commit/681032402a315c8db80975571242ed8db73e78bf)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.38.0`](https://github.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.37.0...v0.38.0) ### [`v0.37.0`](https://github.com/zarf-dev/zarf/releases/tag/v0.37.0) [Compare Source](https://github.com/defenseunicorns/zarf/compare/v0.36.1...v0.37.0) ##### What's Changed - chore: update s3 injector by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2730 - docs: fix codeowners file by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2736 - refactor: rename image references by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2733 - chore: move public test repo by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2739 - fix: update README.md by [@​schristoff-du](https://github.com/schristoff-du) in [zarf-dev/zarf#2729 - docs: update to openssf code of conduct by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2734 - chore: update project name references by [@​lucasrod16](https://github.com/lucasrod16) in [zarf-dev/zarf#2741 - chore: move context.TODO to context.Background() by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2742 - docs: charter update by [@​KennyPaul](https://github.com/KennyPaul) in [zarf-dev/zarf#2731 - chore: update CODEOWNERS to protect TSC files by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2744 - fix: replace debug logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2719 - fix: data injection to return errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2720 - feat: revert "feat: remove .metadata.image from schema ([#​2606](https://github.com/defenseunicorns/zarf/issues/2606))" by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2618 - chore: update permissions for eks & ecr nightly tests by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2745 - refactor: move setup CLI to only run once in root command by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2722 - chore: move context.TODO to context.Background() (3) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2747 - fix(deps): update github.com/anchore/clio digest to [`ac88e09`](https://github.com/defenseunicorns/zarf/commit/ac88e09) by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2527 - refactor: add error handling to view SBOM files by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2752 - feat: annotate image mutation by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2755 - chore: move context.TODO to context.Background() (2) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2746 - docs: update repo name across docs by [@​salaxander](https://github.com/salaxander) in [zarf-dev/zarf#2735 - fix: add whitespace linter and fix all warnings by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2764 - chore: move context.TODO to context.Background() (5) by [@​schristoff](https://github.com/schristoff) in [zarf-dev/zarf#2750 - feat: run schema validation on create by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2585 - refactor: remove overly verbose debug logs by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2751 - ci: improve nightly eks test by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2759 - chore: logging ADR by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2588 - test: decrease reliance on dockerhub by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2766 - refactor: replace warning logs with returning errors by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2762 - fix: type assertion error checking and enforce linter by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2770 - chore: fix string formatting for several debug statements by [@​YrrepNoj](https://github.com/YrrepNoj) in [zarf-dev/zarf#2769 - chore: stop releasing to s3 by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2774 - fix: error formatting and comparison and enable errorlint by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2771 - fix(deps): update module github.com/fluxcd/helm-controller/api to v1 by [@​renovate](https://github.com/renovate) in [zarf-dev/zarf#2487 - refactor: load state to return error if loading fails by [@​phillebaba](https://github.com/phillebaba) in [zarf-dev/zarf#2763 - fix: zarf dev instead of zerf-dev by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2779 - fix: goreleaser by [@​AustinAbro321](https://github.com/AustinAbro321) in [zarf-dev/zarf#2782 ##### New Contributors - [@​KennyPaul](https://github.com/KennyPaul) made their first contribution in [zarf-dev/zarf#2731 **Full Changelog**: zarf-dev/zarf@v0.36.1...v0.37.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.26.0`](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.15...v3.26.0) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.29.1`](https://github.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0291) [Compare Source](https://github.com/python-jsonschema/check-jsonschema/compare/0.29.0...0.29.1) - Update vendored schemas: circle-ci, dependabot, gitlab-ci, renovate, woodpecker-ci (2024-07-21) - Fix a bug which could result in local file URI resolution failing on non-Windows platforms in certain cases. Thanks :user:`bukzor`! (:pr:`465`) - Fix caching behaviors to ensure that caches are correctly preserved across instancefiles during `--schemafile` evaluation. This also fixes a bug in the remote `$ref` cache. Thanks :user:`alex1701c` for reporting! (:issue:`463`, :pr:`466`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v38.23.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.23.1...38.23.2) See https://github.com/renovatebot/renovate/releases/tag/38.23.2 for more changes ### [`v38.23.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.23.0...38.23.1) See https://github.com/renovatebot/renovate/releases/tag/38.23.1 for more changes ### [`v38.23.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.23.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.4...38.23.0) See https://github.com/renovatebot/renovate/releases/tag/38.23.0 for more changes ### [`v38.21.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.3...38.21.4) See https://github.com/renovatebot/renovate/releases/tag/38.21.4 for more changes ### [`v38.21.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.2...38.21.3) See https://github.com/renovatebot/renovate/releases/tag/38.21.3 for more changes ### [`v38.21.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.1...38.21.2) See https://github.com/renovatebot/renovate/releases/tag/38.21.2 for more changes ### [`v38.21.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.21.0...38.21.1) See https://github.com/renovatebot/renovate/releases/tag/38.21.1 for more changes ### [`v38.21.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.21.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.20.1...38.21.0) See https://github.com/renovatebot/renovate/releases/tag/38.21.0 for more changes ### [`v38.20.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.20.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.2...38.20.1) See https://github.com/renovatebot/renovate/releases/tag/38.20.1 for more changes ### [`v38.19.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.1...38.19.2) See https://github.com/renovatebot/renovate/releases/tag/38.19.2 for more changes ### [`v38.19.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.19.0...38.19.1) See https://github.com/renovatebot/renovate/releases/tag/38.19.1 for more changes ### [`v38.19.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.19.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.17...38.19.0) See https://github.com/renovatebot/renovate/releases/tag/38.19.0 for more changes ### [`v38.18.17`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.17) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.16...38.18.17) See https://github.com/renovatebot/renovate/releases/tag/38.18.17 for more changes ### [`v38.18.16`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.16) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.15...38.18.16) See https://github.com/renovatebot/renovate/releases/tag/38.18.16 for more changes ### [`v38.18.15`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.15) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.14...38.18.15) See https://github.com/renovatebot/renovate/releases/tag/38.18.15 for more changes ### [`v38.18.14`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.14) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.12...38.18.14) See https://github.com/renovatebot/renovate/releases/tag/38.18.14 for more changes ### [`v38.18.12`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.12) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.11...38.18.12) See https://github.com/renovatebot/renovate/releases/tag/38.18.12 for more changes ### [`v38.18.11`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.11) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.10...38.18.11) See https://github.com/renovatebot/renovate/releases/tag/38.18.11 for more changes ### [`v38.18.10`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.10) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.9...38.18.10) See https://github.com/renovatebot/renovate/releases/tag/38.18.10 for more changes ### [`v38.18.9`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.9) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.8...38.18.9) See https://github.com/renovatebot/renovate/releases/tag/38.18.9 for more changes ### [`v38.18.8`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.8) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.7...38.18.8) See https://github.com/renovatebot/renovate/releases/tag/38.18.8 for more changes ### [`v38.18.7`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.7) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.5...38.18.7) See https://github.com/renovatebot/renovate/releases/tag/38.18.7 for more changes ### [`v38.18.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.4...38.18.5) See https://github.com/renovatebot/renovate/releases/tag/38.18.5 for more changes ### [`v38.18.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.1...38.18.4) See https://github.com/renovatebot/renovate/releases/tag/38.18.4 for more changes ### [`v38.18.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.18.0...38.18.1) See https://github.com/renovatebot/renovate/releases/tag/38.18.1 for more changes ### [`v38.18.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.18.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.17.1...38.18.0) See https://github.com/renovatebot/renovate/releases/tag/38.18.0 for more changes ### [`v38.17.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.17.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.16.0...38.17.1) See https://github.com/renovatebot/renovate/releases/tag/38.17.1 for more changes ### [`v38.16.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.16.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.15.0...38.16.0) See https://github.com/renovatebot/renovate/releases/tag/38.16.0 for more changes ### [`v38.15.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.15.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.14.0...38.15.0) See https://github.com/renovatebot/renovate/releases/tag/38.15.0 for more changes ### [`v38.14.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.14.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.4...38.14.0) See https://github.com/renovatebot/renovate/releases/tag/38.14.0 for more changes ### [`v38.13.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.3...38.13.4) See https://github.com/renovatebot/renovate/releases/tag/38.13.4 for more changes ### [`v38.13.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.13.0...38.13.3) See https://github.com/renovatebot/renovate/releases/tag/38.13.3 for more changes ### [`v38.13.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.13.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.12.0...38.13.0) See https://github.com/renovatebot/renovate/releases/tag/38.13.0 for more changes ### [`v38.12.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.12.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.1...38.12.0) See https://github.com/renovatebot/renovate/releases/tag/38.12.0 for more changes ### [`v38.11.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.11.0...38.11.1) See https://github.com/renovatebot/renovate/releases/tag/38.11.1 for more changes ### [`v38.11.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.11.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.10.0...38.11.0) See https://github.com/renovatebot/renovate/releases/tag/38.11.0 for more changes ### [`v38.10.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.10.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.3...38.10.0) See https://github.com/renovatebot/renovate/releases/tag/38.10.0 for more changes ### [`v38.9.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.9.0...38.9.3) See https://github.com/renovatebot/renovate/releases/tag/38.9.3 for more changes ### [`v38.9.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.9.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.5...38.9.0) See https://github.com/renovatebot/renovate/releases/tag/38.9.0 for more changes ### [`v38.8.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.5) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.4...38.8.5) See https://github.com/renovatebot/renovate/releases/tag/38.8.5 for more changes ### [`v38.8.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.4) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.3...38.8.4) See https://github.com/renovatebot/renovate/releases/tag/38.8.4 for more changes ### [`v38.8.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.3) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.2...38.8.3) See https://github.com/renovatebot/renovate/releases/tag/38.8.3 for more changes ### [`v38.8.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.2) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.1...38.8.2) See https://github.com/renovatebot/renovate/releases/tag/38.8.2 for more changes ### [`v38.8.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.1) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.8.0...38.8.1) See https://github.com/renovatebot/renovate/releases/tag/38.8.1 for more changes ### [`v38.8.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/38.8.0) [Compare Source](https://github.com/renovatebot/pre-commit-hooks/compare/38.7.1...38.8.0) See https://github.com/renovatebot/renovate/releases/tag/38.8.0 for more changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
to Tuhura-Tech/wiki
that referenced
this pull request
Aug 11, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/Tuhura-Tech/wiki). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM4LjIwLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JaredTan95
pushed a commit
to JaredTan95/jaeger
that referenced
this pull request
Aug 13, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>
JaredTan95
pushed a commit
to JaredTan95/jaeger
that referenced
this pull request
Aug 14, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>
ramonpetgrave64
pushed a commit
to slsa-framework/slsa-github-generator
that referenced
this pull request
Aug 16, 2024
](https://renovatebot.com){kind=link}
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `692973e` -> `9a9194f` | | [actions/download-artifact](https://github.com/actions/download-artifact) | action | patch | `v4.1.7` -> `v4.1.8` | | [actions/setup-go](https://github.com/actions/setup-go) | action | patch | `v5.0.1` -> `v5.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | action | patch | `v4.0.2` -> `v4.0.3` | | [actions/setup-node](https://github.com/actions/setup-node) | action | digest | `60edb5d` -> `1e60f62` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | action | patch | `v4.3.3` -> `v4.3.5` | | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.25.11` -> `v3.25.15` | | [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) | action | minor | `v3.4.2` -> `v3.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | action | patch | `v2.0.6` -> `v2.0.8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.8`](https://github.com/actions/download-artifact/releases/tag/v4.1.8) [Compare Source](https://github.com/actions/download-artifact/compare/v4.1.7...v4.1.8) #### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [actions/download-artifact#341 **Full Changelog**: actions/download-artifact@v4...v4.1.8 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.2`](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) [Compare Source](https://github.com/actions/setup-go/compare/v5.0.1...v5.0.2) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.0.3`](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.5`](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) ### [`v4.3.4`](https://github.com/actions/upload-artifact/releases/tag/v4.3.4) [Compare Source](https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4) ##### What's Changed - Update [@​actions/artifact](https://github.com/actions/artifact) version, bump dependencies by [@​robherley](https://github.com/robherley) in [actions/upload-artifact#584 **Full Changelog**: actions/upload-artifact@v4.3.3...v4.3.4 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.15`](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12) </details> <details> <summary>gradle/gradle-build-action (gradle/gradle-build-action)</summary> ### [`v3.5.0`](https://github.com/gradle/gradle-build-action/releases/tag/v3.5.0) [Compare Source](https://github.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0) > \[!IMPORTANT] > As of `v3` this action has been superceded by `gradle/actions/setup-gradle`. > Any workflow that uses `gradle/gradle-build-action@v3` will transparently delegate to `gradle/actions/setup-gradle@v3`. > > Users are encouraged to update their workflows, replacing: > > uses: gradle/gradle-build-action@v3 > > with > > uses: gradle/actions/setup-gradle@v3 > > See the [setup-gradle documentation](https://github.com/gradle/actions/tree/main/setup-gradle) for up-to-date documentation for `gradle/actions/setup-gradle`. For release details, see https://github.com/gradle/actions/releases/tag/v3.5.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.0.8`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.8) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - chore(deps): bump prettier from 2.8.0 to 3.3.3 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#480 - chore(deps): bump [@​types/node](https://github.com/types/node) from 20.14.9 to 20.14.11 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#483 - chore(deps): bump [@​octokit/plugin-throttling](https://github.com/octokit/plugin-throttling) from 9.3.0 to 9.3.1 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#484 - chore(deps): bump glob from 10.4.2 to 11.0.0 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#477 - refactor: write jest config in ts by [@​chenrui333](https://github.com/chenrui333) in [softprops/action-gh-release#485 - chore(deps): bump [@​actions/github](https://github.com/actions/github) from 5.1.1 to 6.0.0 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#470 **Full Changelog**: softprops/action-gh-release@v2...v2.0.8 ### [`v2.0.7`](https://github.com/softprops/action-gh-release/releases/tag/v2.0.7) [Compare Source](https://github.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - Fix missing update release body by [@​FirelightFlagboy](https://github.com/FirelightFlagboy) in [softprops/action-gh-release#365 ##### Other Changes 🔄 - Bump [@​octokit/plugin-retry](https://github.com/octokit/plugin-retry) from 4.0.3 to 7.1.1 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#443 - Bump typescript from 4.9.5 to 5.5.2 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#467 - Bump [@​types/node](https://github.com/types/node) from 20.14.6 to 20.14.8 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#469 - Bump [@​types/node](https://github.com/types/node) from 20.14.8 to 20.14.9 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#473 - Bump typescript from 5.5.2 to 5.5.3 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#472 - Bump ts-jest from 29.1.5 to 29.2.2 by [@​dependabot](https://github.com/dependabot) in [softprops/action-gh-release#479 - docs: document that existing releases are updated by [@​jvanbruegge](https://github.com/jvanbruegge) in [softprops/action-gh-release#474 #### New Contributors - [@​jvanbruegge](https://github.com/jvanbruegge) made their first contribution in [softprops/action-gh-release#474 - [@​FirelightFlagboy](https://github.com/FirelightFlagboy) made their first contribution in [softprops/action-gh-release#365 **Full Changelog**: softprops/action-gh-release@v2.0.6...v2.0.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]>
JaredTan95
pushed a commit
to JaredTan95/jaeger
that referenced
this pull request
Aug 28, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@​docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://github.com/h0x0er) and [@​varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>
hogo6002
pushed a commit
to google/osv.dev
that referenced
this pull request
Sep 5, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5.1.1` -> `v5.2.0` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v3.1.3` -> `v3.2.1` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v2.25.12` -> `v2.26.6` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | minor | `v1.9.0` -> `v1.10.1` | --- ### Release Notes <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v3.2.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v3.2.0...v3.2.1) #### What's Changed This fixes the `include-hidden-files` input introduced in https://github.com/actions/upload-artifact/releases/tag/v3.2.0 - Ensure hidden files input is used by [@​joshmgross](https://redirect.github.com/joshmgross) in [actions/upload-artifact#609 **Full Changelog**: actions/upload-artifact@v3.2.0...v3.2.1 ### [`v3.2.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v3.2.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v3.1.3...v3.2.0) #### Notice: Breaking Changes⚠️ We will no longer include hidden files and folders by default in the `upload-artifact` action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, `include-hidden-files`, to continue to do so. See ["Notice of upcoming deprecations and breaking changes in GitHub Actions runners"](https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/) changelog and [this issue](https://redirect.github.com/actions/upload-artifact/issues/602) for more details. #### What's Changed - V3 backport: Exclude hidden files by default by [@​SrRyan](https://redirect.github.com/SrRyan) in [actions/upload-artifact#604 **Full Changelog**: actions/upload-artifact@v3.1.3...v3.2.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.26.6`](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.5...v2.26.6) ### [`v2.26.5`](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.4...v2.26.5) ### [`v2.26.4`](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.3...v2.26.4) ### [`v2.26.3`](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.2...v2.26.3) ### [`v2.26.2`](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.1...v2.26.2) ### [`v2.26.1`](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.0...v2.26.1) ### [`v2.26.0`](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.15...v2.26.0) ### [`v2.25.15`](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.14...v2.25.15) ### [`v2.25.14`](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.13...v2.25.14) ### [`v2.25.13`](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.25.12...v2.25.13) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@​spencerschrock](https://redirect.github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://redirect.github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@​jkowalleck](https://redirect.github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1) #### 🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via pypa/gh-action-pypi-publish@0ab0b79, though. So everything's good! \-- [@​webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz) > \[!IMPORTANT] > ✨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) like this: > > ```yml > with: > attestations: true > ``` > > Leave feedback in [the v1.10.0 release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.10.0...v1.10.1 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) **🙏 Special Thanks** to [@​hugovk](https://redirect.github.com/hugovk)[💰](https://redirect.github.com/sponsors/hugovk) for [promptly validating the bug fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847), mere minutes after I pushed it — I even haven't finished writing this text by then! ### [`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0) #### 🔏 Anything fancy, eh? This time, [@​woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) implemented support for [PEP 740] attestations functionality in [#​236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236) and [#​245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245). This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way. > \[!IMPORTANT] > ✨ Please, do opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) as follows: > > ```yml > with: > attestations: true > ``` > > Leave any feedback on this in [this release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). 🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @&#[pypi/warehouse#15871, by the way. **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.9.0...v1.10.0 **🧔♂️ Release Manager:** [@​webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) [PEP 740]: https://peps.python.org/pep-0740/ </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.