Explicitly disable sparse checkout unless asked for #1598
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This should allow users to reuse existing folders when running `actions/checkout` where a previous run asked for a sparse checkout but the current run does not ask for a sparse checkout. This fixes actions#1475 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
29f6b52 to
79dd834
Compare
Closed
|
It looks as if the |
There are use cases in particular with non-ephemeral runners where an existing worktree (that has been initialized as a sparse checkout) is reused in subsequent CI runs (where `actions/checkout` is run _without_ any `sparse-checkout` parameter). In these scenarios, we need to make sure that th 8000 e sparse checkout is disabled before checking out the files. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
79dd834 to
6f108b2
Compare
jww3
reviewed
Feb 1, 2024
| if (!settings.sparseCheckout) { | ||
| yield git.disableSparseCheckout(); | ||
| } | ||
| else { | ||
| core.startGroup('Setting up sparse checkout'); |
There was a problem hiding this comment.
do you want to pop the .startGroup / .endGroup calls outside of the if block?
Consider core.startGroup('Applying sparse checkout options');
There was a problem hiding this comment.
No, because we're not actually setting up a sparse checkout. We're disabling it. But saying that would only make sense if there was a worktree already, otherwise there'd be no sparse checkout to disable.
Added a clarifying comment about test branches.
Try pointing `test-proxy` at a custom container image `fdev321123/ubuntu-with-git` (courtesy of @fhammerl)
joshmgross
reviewed
Feb 16, 2024
.github/workflows/test.yml
Outdated
| @@ -175,7 +190,7 @@ jobs: | |||
| test-proxy: | |||
| runs-on: ubuntu-latest | |||
| container: | |||
| image: alpine/git:latest | |||
| image: fdev321123/ubuntu-with-git:latest | |||
There was a problem hiding this comment.
We should be very careful about adding in external dependencies to our workflows - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
If this is something we internally built, could we publish it to ghcr.io within this repository or org?
There was a problem hiding this comment.
Agreed. This was something @fhammerl provided as a proof-of-concept, but I was just reading up about how to publish packages to ghcr.io and like the idea of hosting this container image at ghcr.io/actions (see neighboring packages here)
xballoy
referenced
this pull request
in kumojin/go-uuid
May 7, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.4` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/kumojin/go-uuid). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMjEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjMyMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Racer159
referenced
this pull request
in defenseunicorns/uds-software-factory
May 10, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.5` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [defenseunicorns/uds-cli](https://togithub.com/defenseunicorns/uds-cli) | | minor | `v0.9.0` -> `v0.10.4` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | minor | `v0.3.10` -> `v0.4.2` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | minor | `v0.3.10` -> `v0.4.2` | | ghcr.io/defenseunicorns/packages/init | | minor | `v0.32.3` -> `v0.33.1` | | ghcr.io/defenseunicorns/packages/uds-k3d | | minor | `0.3.1` -> `0.6.0` | | ghcr.io/defenseunicorns/packages/uds/dev-minio | | patch | `0.0.1` -> `0.0.2` | | ghcr.io/defenseunicorns/packages/uds/dev-redis | | patch | `0.0.1` -> `0.0.2` | | ghcr.io/defenseunicorns/packages/uds/gitlab | | minor | `16.10.1-uds.1-upstream` -> `16.11.1-uds.1-upstream` | | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | | minor | `16.10.0-uds.0-upstream` -> `16.11.0-uds.0-upstream` | | ghcr.io/defenseunicorns/packages/uds/mattermost | | minor | `9.6.1-uds.0-upstream` -> `9.7.2-uds.0-upstream` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.24.7` -> `v3.25.4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.10.4`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.10.4) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.3...v0.10.4) ##### What's Changed - feat: uds dev deploy by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/536](https://togithub.com/defenseunicorns/uds-cli/pull/536) - feat: add ability to uds create to local output path by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/547](https://togithub.com/defenseunicorns/uds-cli/pull/547) - chore: adds dup pkgs docs by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/545](https://togithub.com/defenseunicorns/uds-cli/pull/545) - feat: `uds dev deploy` beta note, packages flag, skip sbom by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/557](https://togithub.com/defenseunicorns/uds-cli/pull/557) - ci: pin k3s version in k3d action to sidestep containerd issue by [@​ZachGallagher](https://togithub.com/ZachGallagher) in [https://github.com/defenseunicorns/uds-cli/pull/565](https://togithub.com/defenseunicorns/uds-cli/pull/565) - chore(deps): update docker/setup-buildx-action action to v3.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/559](https://togithub.com/defenseunicorns/uds-cli/pull/559) - chore(deps): update github/codeql-action action to v3.24.10 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/556](https://togithub.com/defenseunicorns/uds-cli/pull/556) - fix(deps): update golang.org/x/exp digest to [`93d18d7`](https://togithub.com/defenseunicorns/uds-cli/commit/93d18d7) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/555](https://togithub.com/defenseunicorns/uds-cli/pull/555) - fix: typo in docs by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/561](https://togithub.com/defenseunicorns/uds-cli/pull/561) - chore(deps): update zarf to v0.33.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/562](https://togithub.com/defenseunicorns/uds-cli/pull/562) - fix(deps): update module helm.sh/helm/v3 to v3.14.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/566](https://togithub.com/defenseunicorns/uds-cli/pull/566) - chore(deps): update pre-commit/action digest to [`f7acafa`](https://togithub.com/defenseunicorns/uds-cli/commit/f7acafa) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/564](https://togithub.com/defenseunicorns/uds-cli/pull/564) - chore(deps): update podinfo to v6.6.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/563](https://togithub.com/defenseunicorns/uds-cli/pull/563) - chore(deps): update sigstore/cosign-installer action to v3.5.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/568](https://togithub.com/defenseunicorns/uds-cli/pull/568) - chore: refactor dev mode docs by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/567](https://togithub.com/defenseunicorns/uds-cli/pull/567) - chore: swap release workflow to GH app by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/569](https://togithub.com/defenseunicorns/uds-cli/pull/569) ##### New Contributors - [@​ZachGallagher](https://togithub.com/ZachGallagher) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/565](https://togithub.com/defenseunicorns/uds-cli/pull/565) **Full Changelog**: defenseunicorns/uds-cli@v0.10.3...v0.10.4 ### [`v0.10.3`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.10.3) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.2...v0.10.3) ##### What's Changed - fix: ensure we are pulling all components by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/543](https://togithub.com/defenseunicorns/uds-cli/pull/543) - feat: allow dup pkgs in a bundle by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/533](https://togithub.com/defenseunicorns/uds-cli/pull/533) **Full Changelog**: defenseunicorns/uds-cli@v0.10.2...v0.10.3 ### [`v0.10.2`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.10.2) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.1...v0.10.2) ##### What's Changed - chore: adds TUI tests by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/530](https://togithub.com/defenseunicorns/uds-cli/pull/530) - feat: adds retries flag by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/532](https://togithub.com/defenseunicorns/uds-cli/pull/532) - chore(deps): update podinfo to v6.6.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/528](https://togithub.com/defenseunicorns/uds-cli/pull/528) - fix: nil check pkg components in TUI by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/538](https://togithub.com/defenseunicorns/uds-cli/pull/538) - fix: bumps retries to 3 by default to match Zarf by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/535](https://togithub.com/defenseunicorns/uds-cli/pull/535) - chore: adds registry health check for tests by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/534](https://togithub.com/defenseunicorns/uds-cli/pull/534) - feat: enables setting namespaces in bundled Helm charts by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/539](https://togithub.com/defenseunicorns/uds-cli/pull/539) - fix: adds global GracefulPanic and checks to deploy TUI by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/542](https://togithub.com/defenseunicorns/uds-cli/pull/542) **Full Changelog**: defenseunicorns/uds-cli@v0.10.1...v0.10.2 ### [`v0.10.1`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.10.1) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.0...v0.10.1) ##### What's Changed - chore(deps): update anchore/sbom-action action to v0.15.10 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/526](https://togithub.com/defenseunicorns/uds-cli/pull/526) - fix(deps): update module github.com/charmbracelet/lipgloss to v0.10.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/525](https://togithub.com/defenseunicorns/uds-cli/pull/525) - fix(deps): update module github.com/charmbracelet/bubbles to v0.18.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/524](https://togithub.com/defenseunicorns/uds-cli/pull/524) - fix(deps): update golang.org/x/exp digest to [`a685a6e`](https://togithub.com/defenseunicorns/uds-cli/commit/a685a6e) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/522](https://togithub.com/defenseunicorns/uds-cli/pull/522) - fix(deps): update module oras.land/oras-go/v2 to v2.5.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/520](https://togithub.com/defenseunicorns/uds-cli/pull/520) - fix: err when deploying with BubbleTea with no cluster by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/527](https://togithub.com/defenseunicorns/uds-cli/pull/527) **Full Changelog**: defenseunicorns/uds-cli@v0.10.0...v0.10.1 ### [`v0.10.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.10.0) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.9.4...v0.10.0) ##### What's Changed - chore: update uds to zarf v0.32.5 by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/511](https://togithub.com/defenseunicorns/uds-cli/pull/511) - chore(deps): update github/codeql-action action to v3.24.8 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/512](https://togithub.com/defenseunicorns/uds-cli/pull/512) - fix(deps): update golang.org/x/exp digest to [`a85f2c6`](https://togithub.com/defenseunicorns/uds-cli/commit/a85f2c6) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/510](https://togithub.com/defenseunicorns/uds-cli/pull/510) - feat: adds --set to helm override vars by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/515](https://togithub.com/defenseunicorns/uds-cli/pull/515) - fix: vendored in zarf version tag by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/518](https://togithub.com/defenseunicorns/uds-cli/pull/518) - chore(deps): update github/codeql-action action to v3.24.9 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/519](https://togithub.com/defenseunicorns/uds-cli/pull/519) - feat: beautiful TUI round 3 by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/509](https://togithub.com/defenseunicorns/uds-cli/pull/509) **Full Changelog**: defenseunicorns/uds-cli@v0.9.4...v0.10.0 ### [`v0.9.4`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.9.4) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.9.3...v0.9.4) ##### What's Changed - fix: error when removing bundles with short names by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/490](https://togithub.com/defenseunicorns/uds-cli/pull/490) - fix(deps): update module github.com/stretchr/testify to v1.9.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/484](https://togithub.com/defenseunicorns/uds-cli/pull/484) - chore: enhance development workflow with unified linting and tool by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/472](https://togithub.com/defenseunicorns/uds-cli/pull/472) - fix: add a wait to the registry startup during tests by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/499](https://togithub.com/defenseunicorns/uds-cli/pull/499) - fix: ensure manifest config is included with pulls by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/503](https://togithub.com/defenseunicorns/uds-cli/pull/503) - fix: autocomplete and vendor refactor by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/502](https://togithub.com/defenseunicorns/uds-cli/pull/502) - chore(deps): update docker/setup-buildx-action action to v3.2.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/508](https://togithub.com/defenseunicorns/uds-cli/pull/508) - chore(deps): update docker/login-action action to v3.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/504](https://togithub.com/defenseunicorns/uds-cli/pull/504) - chore(deps): update github/codeql-action action to v3.24.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/501](https://togithub.com/defenseunicorns/uds-cli/pull/501) - fix(deps): update module helm.sh/helm/v3 to v3.14.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/507](https://togithub.com/defenseunicorns/uds-cli/pull/507) - fix: pass UDS_ARCHITECTURE to runner by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/506](https://togithub.com/defenseunicorns/uds-cli/pull/506) - chore(deps): update anchore/sbom-action action to v0.15.9 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/489](https://togithub.com/defenseunicorns/uds-cli/pull/489) **Full Changelog**: defenseunicorns/uds-cli@v0.9.3...v0.9.4 ### [`v0.9.3`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.9.3) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.9.2...v0.9.3) ##### What's Changed - fix: toctou for files by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/443](https://togithub.com/defenseunicorns/uds-cli/pull/443) - fix: path traversal bug by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/454](https://togithub.com/defenseunicorns/uds-cli/pull/454) - fix: updates Zarf version in README by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/460](https://togithub.com/defenseunicorns/uds-cli/pull/460) - chore: fixed the dangerous workflow by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/465](https://togithub.com/defenseunicorns/uds-cli/pull/465) - chore(deps): update docker/setup-buildx-action action to v3.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/470](https://togithub.com/defenseunicorns/uds-cli/pull/470) - chore(deps): update actions/download-artifact action to v4.1.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/467](https://togithub.com/defenseunicorns/uds-cli/pull/467) - chore(deps): update github/codeql-action action to v3.24.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/457](https://togithub.com/defenseunicorns/uds-cli/pull/457) - fix(deps): update golang.org/x/exp digest to [`814bf88`](https://togithub.com/defenseunicorns/uds-cli/commit/814bf88) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/456](https://togithub.com/defenseunicorns/uds-cli/pull/456) - fix: refactors tests and fixes bugs by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/464](https://togithub.com/defenseunicorns/uds-cli/pull/464) - chore(deps): update podinfo to v6.6.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/462](https://togithub.com/defenseunicorns/uds-cli/pull/462) - chore(deps): update zarf to v0.32.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/468](https://togithub.com/defenseunicorns/uds-cli/pull/468) - chore(deps): update github/codeql-action action to v3.24.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/482](https://togithub.com/defenseunicorns/uds-cli/pull/482) - chore: refactor pull operation by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/473](https://togithub.com/defenseunicorns/uds-cli/pull/473) - chore: add UDS Core smoke test by [@​justin-o12](https://togithub.com/justin-o12) in [https://github.com/defenseunicorns/uds-cli/pull/474](https://togithub.com/defenseunicorns/uds-cli/pull/474) - fix: adds better err messaging when remote fails to resolve by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/486](https://togithub.com/defenseunicorns/uds-cli/pull/486) - chore(deps): update actions/download-artifact action to v4.1.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/485](https://togithub.com/defenseunicorns/uds-cli/pull/485) - fix(deps): update module golang.org/x/mod to v0.16.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/487](https://togithub.com/defenseunicorns/uds-cli/pull/487) - chore: vendor runner by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/481](https://togithub.com/defenseunicorns/uds-cli/pull/481) - fix: adds k3d to smoke test by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/488](https://togithub.com/defenseunicorns/uds-cli/pull/488) ##### New Contributors - [@​justin-o12](https://togithub.com/justin-o12) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/474](https://togithub.com/defenseunicorns/uds-cli/pull/474) **Full Changelog**: defenseunicorns/uds-cli@v0.9.2...v0.9.3 ### [`v0.9.2`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.9.2) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.9.1...v0.9.2) ##### What's Changed - fix(deps): update module helm.sh/helm/v3 to v3.14.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/450](https://togithub.com/defenseunicorns/uds-cli/pull/450) - fix: relative paths for bundle create by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/453](https://togithub.com/defenseunicorns/uds-cli/pull/453) **Full Changelog**: defenseunicorns/uds-cli@v0.9.1...v0.9.2 ### [`v0.9.1`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.9.1) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.9.0...v0.9.1) ##### What's Changed - fix(deps): update module github.com/opencontainers/image-spec to v1.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/432](https://togithub.com/defenseunicorns/uds-cli/pull/432) - fix(deps): update module helm.sh/helm/v3 to v3.14.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/429](https://togithub.com/defenseunicorns/uds-cli/pull/429) - chore(deps): update github/codeql-action action to v3.24.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/421](https://togithub.com/defenseunicorns/uds-cli/pull/421) - fix(deps): update golang.org/x/exp digest to [`ec58324`](https://togithub.com/defenseunicorns/uds-cli/commit/ec58324) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/420](https://togithub.com/defenseunicorns/uds-cli/pull/420) - fix: add support for zarf dev lint by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/uds-cli/pull/436](https://togithub.com/defenseunicorns/uds-cli/pull/436) - fix: case sensitivity in override vars by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/433](https://togithub.com/defenseunicorns/uds-cli/pull/433) - feat: alias vendored zarf to z by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/424](https://togithub.com/defenseunicorns/uds-cli/pull/424) - fix: use tmpdir if provided by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/431](https://togithub.com/defenseunicorns/uds-cli/pull/431) - feat: import all vars exported from package by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/428](https://togithub.com/defenseunicorns/uds-cli/pull/428) - fix: gosec lint issues for the pkg by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/uds-cli/pull/444](https://togithub.com/defenseunicorns/uds-cli/pull/444) - chore: ensure PR workflows can't write to GHCR by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/446](https://togithub.com/defenseunicorns/uds-cli/pull/446) - chore: addresses github linter findings by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/447](https://togithub.com/defenseunicorns/uds-cli/pull/447) - feat: imported vars as override values by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/423](https://togithub.com/defenseunicorns/uds-cli/pull/423) - chore(deps): update github/codeql-action action to v3.24.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/451](https://togithub.com/defenseunicorns/uds-cli/pull/451) ##### New Contributors - [@​naveensrinivasan](https://togithub.com/naveensrinivasan) made their first contribution in [https://github.com/defenseunicorns/uds-cli/pull/444](https://togithub.com/defenseunicorns/uds-cli/pull/444) **Full Changelog**: defenseunicorns/uds-cli@v0.9.0...v0.9.1 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.4.2`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.2) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.1...v0.4.2) ##### Miscellaneous - give doug a mattermostid attribute and update uds version ([#​120](https://togithub.com/defenseunicorns/uds-common/issues/120)) ([4a85172](https://togithub.com/defenseunicorns/uds-common/commit/4a851720a8ac7e62826efda9e92200ba3a5b6709)) ### [`v0.4.1`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.1) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.0...v0.4.1) ##### Miscellaneous - **deps:** update uds common support dependencies ([#​116](https://togithub.com/defenseunicorns/uds-common/issues/116)) ([8aed1e0](https://togithub.com/defenseunicorns/uds-common/commit/8aed1e0ae8b4d65f7418664e8f2c73a16bf42801)) ### [`v0.4.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.0) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.11...v0.4.0) ##### Features - adds renovate to sh files ([#​110](https://togithub.com/defenseunicorns/uds-common/issues/110)) ([b604d2e](https://togithub.com/defenseunicorns/uds-common/commit/b604d2e1b3fc69f29122f9a709c605f5ecf4da18)) ##### Miscellaneous - add a default to setup to create an admin keycloak user ([#​111](https://togithub.com/defenseunicorns/uds-common/issues/111)) ([7fe0dd4](https://togithub.com/defenseunicorns/uds-common/commit/7fe0dd49a9b7032f9c06a83c5a1c6adbb17e8d63)) - **deps:** update uds common support dependencies ([#​106](https://togithub.com/defenseunicorns/uds-common/issues/106)) ([ab06724](https://togithub.com/defenseunicorns/uds-common/commit/ab067245249e63065d2c266fe3b1a45b155e9de2)) - fix the extract version template for env vars ([#​115](https://togithub.com/defenseunicorns/uds-common/issues/115)) ([72d5d26](https://togithub.com/defenseunicorns/uds-common/commit/72d5d263ce850eac20728eb9330c7b3e26143a2b)) ### [`v0.3.11`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.11) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.10...v0.3.11) ##### Miscellaneous - add a default uds task to deploy podinfo ([#​108](https://togithub.com/defenseunicorns/uds-common/issues/108)) ([c60e1ba](https://togithub.com/defenseunicorns/uds-common/commit/c60e1ba4888635ace4839e158b4dc476c11a8e7c)) - add a UDS package CR to make the package better for testing ([#​102](https://togithub.com/defenseunicorns/uds-common/issues/102)) ([cf74934](https://togithub.com/defenseunicorns/uds-common/commit/cf749343a72db09f46cc054ff463454cdb8c4b74)) - **deps:** update uds common package dependencies to v6.6.2 ([#​107](https://togithub.com/defenseunicorns/uds-common/issues/107)) ([b6a18b0](https://togithub.com/defenseunicorns/uds-common/commit/b6a18b039711998bb6d3c90db25a4f42f49c5eb3)) - pull the current bundle and package names when deploying ([#​103](https://togithub.com/defenseunicorns/uds-common/issues/103)) ([4b27106](https://togithub.com/defenseunicorns/uds-common/commit/4b27106a55775b725be217818f4be8d711340e95)) - update codeowners ([#​105](https://togithub.com/defenseunicorns/uds-common/issues/105)) ([2e23ae3](https://togithub.com/defenseunicorns/uds-common/commit/2e23ae3a9a70189ca7d9671f3454158bb71a7ed6)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) ### [`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) ### [`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-software-factory). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
github-merge-queue bot
referenced
this pull request
in 4m-mazi/gh-test
May 11, 2024
This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.5` | [](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout) | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) ##### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJzZW12ZXI6bm9uZSJdfQ==--> Co-authored-by: mazi-renovate[bot] <161091290+mazi-renovate[bot]@users.noreply.github.com>
ianlewis
referenced
this pull request
in slsa-framework/slsa-github-generator
May 17, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `b4ffde6` -> `a5ac7e5` | | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.6` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [ianlewis/todo-issue-reopener](https://togithub.com/ianlewis/todo-issue-reopener) | action | patch | `v1.2.0` -> `v1.2.1` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.3` | | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | minor | `v3.4.0` -> `v3.5.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>ianlewis/todo-issue-reopener (ianlewis/todo-issue-reopener)</summary> ### [`v1.2.1`](https://togithub.com/ianlewis/todo-issue-reopener/releases/tag/v1.2.1) [Compare Source](https://togithub.com/ianlewis/todo-issue-reopener/compare/v1.2.0...v1.2.1) ##### Fixed in 1.2.1 - Fixed the "error updating to TUF remote mirror: invalid key" error ([#​688](https://togithub.com/ianlewis/todo-issue-reopener/issues/688)). #### All changes - fix: Update slsa-verifier version by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/689](https://togithub.com/ianlewis/todo-issue-reopener/pull/689) - chore(deps): Bump github/codeql-action from 3.23.2 to 3.25.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/711](https://togithub.com/ianlewis/todo-issue-reopener/pull/711) - chore(deps): Bump codecov/codecov-action from 4.0.1 to 4.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/705](https://togithub.com/ianlewis/todo-issue-reopener/pull/705) - chore(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/670](https://togithub.com/ianlewis/todo-issue-reopener/pull/670) - chore(deps-dev): Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.11 to 29.5.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/664](https://togithub.com/ianlewis/todo-issue-reopener/pull/664) - chore(deps): Bump actions/setup-node from 4.0.1 to 4.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/605](https://togithub.com/ianlewis/todo-issue-reopener/pull/605) - chore(deps): Bump yamllint from 1.33.0 to 1.35.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/598](https://togithub.com/ianlewis/todo-issue-reopener/pull/598) - chore(deps-dev): Bump eslint-plugin-github from 4.9.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/592](https://togithub.com/ianlewis/todo-issue-reopener/pull/592) - chore(deps): Bump thehanimo/pr-title-checker from 1.4.1 to 1.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/604](https://togithub.com/ianlewis/todo-issue-reopener/pull/604) - chore(deps): Bump yaml from 2.3.4 to 2.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/727](https://togithub.com/ianlewis/todo-issue-reopener/pull/727) - chore(deps-dev): Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to 0.38.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/635](https://togithub.com/ianlewis/todo-issue-reopener/pull/635) - chore(deps-dev): Bump eslint from 8.56.0 to 8.57.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/634](https://togithub.com/ianlewis/todo-issue-reopener/pull/634) - chore(release): v1.2.1 by [@​ianlewis](https://togithub.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/833](https://togithub.com/ianlewis/todo-issue-reopener/pull/833) **Full Changelog**: ianlewis/todo-issue-reopener@v1.2.0...v1.2.1 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togith CEB7 ub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.5.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.5.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0) #### What's Changed - Bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/157](https://togithub.com/sigstore/cosign-installer/pull/157) - use go 1.22 now by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/160](https://togithub.com/sigstore/cosign-installer/pull/160) - bump default version to v2.2.4, prep for v3.5.0 release by [@​bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/159](https://togithub.com/sigstore/cosign-installer/pull/159) **Full Changelog**: sigstore/cosign-installer@v3.4.0...v3.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
xunleii
referenced
this pull request
in chezmoidotsh/arcane
May 19, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.3` | [](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout) | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/chezmoi-sh/nex.rpi). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
xunleii
referenced
this pull request
in chezmoidotsh/arcane
May 19, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.3` | [](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout) | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/chezmoi-sh/nex.rpi). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
xunleii
referenced
this pull request
in chezmoidotsh/arcane
May 19, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.3` | [](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout) | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/chezmoi-sh/nex.rpi). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Yuan325
referenced
this pull request
in GoogleCloudPlatform/genai-databases-retrieval-app
May 20, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.6` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/GoogleCloudPlatform/genai-databases-retrieval-app). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
github-merge-queue bot
referenced
this pull request
in Tuhura-Tech/wiki
May 22, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.6` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Tuhura-Tech/wiki). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
mjnagel
referenced
this pull request
in defenseunicorns/uds-core
May 24, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@commitlint/cli](https://commitlint.js.org/) ([source](https://togithub.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli)) | `19.2.1` -> `19.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [@commitlint/config-conventional](https://commitlint.js.org/) ([source](https://togithub.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional)) | `19.1.0` -> `19.2.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [actions/checkout](https://togithub.com/actions/checkout) | `v4.1.1` -> `v4.1.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [actions/checkout](https://togithub.com/actions/checkout) | -> `a5ac7e5` | | | | | action | pinDigest | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | `v4.3.1` -> `v4.3.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [aws-actions/configure-aws-credentials](https://togithub.com/aws-actions/configure-aws-credentials) | -> `e3dd6a4` | | | | | action | pinDigest | | [hashicorp/setup-terraform](https://togithub.com/hashicorp/setup-terraform) | -> `651471c` | | | | | action | pinDigest | --- ### Release Notes <details> <summary>conventional-changelog/commitlint (@​commitlint/cli)</summary> ### [`v19.3.0`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/cli/CHANGELOG.md#1930-2024-04-23) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.2...v19.3.0) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) #### [19.2.2](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.1...v19.2.2) (2024-04-14) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) #### [19.2.1](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.0...v19.2.1) (2024-03-19) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) ### [`v19.2.2`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/cli/CHANGELOG.md#1922-2024-04-14) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.1...v19.2.2) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) </details> <details> <summary>conventional-changelog/commitlint (@​commitlint/config-conventional)</summary> ### [`v19.2.2`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/config-conventional/CHANGELOG.md#1922-2024-04-14) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.1.0...v19.2.2) **Note:** Version bump only for package [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
andrzej-stencel
referenced
this pull request
in andrzej-stencel/opentelemetry-collector
May 27, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.3` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.0` -> `v3.25.2` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@&open-telemetry#8203;jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@&open-telemetry#8203;jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@&open-telemetry#8203;cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@&open-telemetry#8203;dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@&open-telemetry#8203;eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@&open-telemetry#8203;konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@&open-telemetry#8203;andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@&open-telemetry#8203;robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@&open-telemetry#8203;eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@&open-telemetry#8203;andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
josieang
referenced
this pull request
in josieang/osv-scanner
Jun 6, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.4` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | patch | `v4.3.0` -> `v4.3.1` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.24.10` -> `v3.25.3` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | patch | `v4.0.0` -> `v4.0.1` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.3.1`](https://togithub.com/codecov/codecov-action/compare/v4.3.0...v4.3.1) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.0...v4.3.1) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) </details> <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v4.0.1`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v4.0.1) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v4.0.0...v4.0.1) <!-- Release notes generated using configuration in .github/release.yml at v4.0.1 --> #### What's Changed ##### Documentation - docs: update the version of the action used in the README example by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/golangci/golangci-lint-action/pull/977](https://togithub.com/golangci/golangci-lint-action/pull/977) ##### Dependencies - build(deps): bump [@​types/semver](https://togithub.com/types/semver) from 7.5.6 to 7.5.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/969](https://togithub.com/golangci/golangci-lint-action/pull/969) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.20.0 to 6.21.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/970](https://togithub.com/golangci/golangci-lint-action/pull/970) - build(deps-dev): bump eslint-plugin-simple-import-sort from 10.0.0 to 12.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/971](https://togithub.com/golangci/golangci-lint-action/pull/971) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.20.0 to 6.21.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/973](https://togithub.com/golangci/golangci-lint-action/pull/973) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.16 to 20.11.17 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/972](https://togithub.com/golangci/golangci-lint-action/pull/972) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.17 to 20.11.19 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/979](https://togithub.com/golangci/golangci-lint-action/pull/979) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.2 10000 1.0 to 7.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/980](https://togithub.com/golangci/golangci-lint-action/pull/980) - build(deps): bump undici from 5.26.3 to 5.28.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/976](https://togithub.com/golangci/golangci-lint-action/pull/976) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.19 to 20.11.20 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/985](https://togithub.com/golangci/golangci-lint-action/pull/985) - build(deps): bump [@​types/semver](https://togithub.com/types/semver) from 7.5.7 to 7.5.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/986](https://togithub.com/golangci/golangci-lint-action/pull/986) - build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/987](https://togithub.com/golangci/golangci-lint-action/pull/987) - build(deps): bump tmp from 0.2.1 to 0.2.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/989](https://togithub.com/golangci/golangci-lint-action/pull/989) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.21.0 to 7.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/988](https://togithub.com/golangci/golangci-lint-action/pull/988) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.20 to 20.11.24 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/990](https://togithub.com/golangci/golangci-lint-action/pull/990) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.1.0 to 7.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/991](https://togithub.com/golangci/golangci-lint-action/pull/991) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.24 to 20.11.25 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/992](https://togithub.com/golangci/golangci-lint-action/pull/992) - build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/993](https://togithub.com/golangci/golangci-lint-action/pull/993) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.1.0 to 7.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/994](https://togithub.com/golangci/golangci-lint-action/pull/994) - build(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/995](https://togithub.com/golangci/golangci-lint-action/pull/995) - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /sample-go-mod by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/997](https://togithub.com/golangci/golangci-lint-action/pull/997) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.1.1 to 7.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/998](https://togithub.com/golangci/golangci-lint-action/pull/998) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.25 to 20.11.28 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1000](https://togithub.com/golangci/golangci-lint-action/pull/1000) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.1.1 to 7.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/999](https://togithub.com/golangci/golangci-lint-action/pull/999) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.2.0 to 7.3.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1003](https://togithub.com/golangci/golangci-lint-action/pull/1003) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.28 to 20.11.30 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1004](https://togithub.com/golangci/golangci-lint-action/pull/1004) - build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1005](https://togithub.com/golangci/golangci-lint-action/pull/1005) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.2.0 to 7.3.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1006](https://togithub.com/golangci/golangci-lint-action/pull/1006) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.11.30 to 20.12.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1007](https://togithub.com/golangci/golangci-lint-action/pull/1007) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.3.1 to 7.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1008](https://togithub.com/golangci/golangci-lint-action/pull/1008) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.3.1 to 7.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1009](https://togithub.com/golangci/golangci-lint-action/pull/1009) - build(deps): bump undici from 5.28.3 to 5.28.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1010](https://togithub.com/golangci/golangci-lint-action/pull/1010) - build(deps-dev): bump typescript from 5.4.3 to 5.4.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1011](https://togithub.com/golangci/golangci-lint-action/pull/1011) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.12.2 to 20.12.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1012](https://togithub.com/golangci/golangci-lint-action/pull/1012) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.4.0 to 7.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1013](https://togithub.com/golangci/golangci-lint-action/pull/1013) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.4.0 to 7.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1014](https://togithub.com/golangci/golangci-lint-action/pull/1014) - build(deps): bump [@​types/node](https://togithub.com/types/node) from 20.12.5 to 20.12.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1016](https://togithub.com/golangci/golangci-lint-action/pull/1016) - build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1017](https://togithub.com/golangci/golangci-lint-action/pull/1017) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.5.0 to 7.6.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1019](https://togithub.com/golangci/golangci-lint-action/pull/1019) - build(deps-dev): bump eslint-plugin-simple-import-sort from 12.0.0 to 12.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1018](https://togithub.com/golangci/golangci-lint-action/pull/1018) - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.5.0 to 7.7.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1022](https://togithub.com/golangci/golangci-lint-action/pull/1022) - build(deps-dev): bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 7.6.0 to 7.7.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1023](https://togithub.com/golangci/golangci-lint-action/pull/1023) #### New Contributors - [@​178inaba](https://togithub.com/178inaba) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/977](https://togithub.com/golangci/golangci-lint-action/pull/977) **Full Changelog**: golangci/golangci-lint-action@v4.0.0...v4.0.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->
ramonpetgrave64
referenced
this pull request
in slsa-framework/slsa-verifier
Jul 1, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | minor | `v4.2.5` -> `v4.3.3` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [actionsdesk/lfs-warning](https://togithub.com/actionsdesk/lfs-warning) | action | minor | `v3.2` -> `v3.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.24.9` -> `v3.25.11` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | pinDigest | -> `d6238b0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | pinDigest | -> `c747fe7` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | minor | `v2.4.1` -> `v2.5.1` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761) **Full Changelog**: actions/dependency-review-action@v4.3.1...v4.3.2 ### [`v4.3.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://togithub.com/actions/dependency-review-action/pull/753). **Full Changelog**: actions/dependency-review-action@V4.3.0...v4.3.1 ### [`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@​febuiles](https://togithub.com/febuiles) and [@​bteng22](https://togithub.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) #### New Contributors - [@​bteng22](https://togithub.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) - [@​lukehinds](https://togithub.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) **Full Changelog**: actions/dependency-review-action@v4.2.5...V4.3.0 </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>actionsdesk/lfs-warning (actionsdesk/lfs-warning)</summary> ### [`v3.3`](https://togithub.com/ppremk/lfs-warning/releases/tag/v3.3) [Compare Source](https://togithub.com/actionsdesk/lfs-warning/compare/v3.2...v3.3) #### What's Changed - update node js to 16 by [@​GlazerMann](https://togithub.com/GlazerMann) in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - Fixing README to match repo move by [@​samthebest](https://togithub.com/samthebest) in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - Update CODEOWNERS by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) - Bump http-cache-semantics from 4.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/151](https://togithub.com/ppremk/lfs-warning/pull/151) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/159](https://togithub.com/ppremk/lfs-warning/pull/159) - Bump tough-cookie from 4.0.0 to 4.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/160](https://togithub.com/ppremk/lfs-warning/pull/160) - Bump cacheable-request and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/152](https://togithub.com/ppremk/lfs-warning/pull/152) - Update emoji and convert file list to markdown list by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/161](https://togithub.com/ppremk/lfs-warning/pull/161) - Bump got and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/155](https://togithub.com/ppremk/lfs-warning/pull/155) - Exclude files without blob_url when getting PR blobs by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/162](https://togithub.com/ppremk/lfs-warning/pull/162) - Support pull_request_target by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/164](https://togithub.com/ppremk/lfs-warning/pull/164) - Update-node by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/163](https://togithub.com/ppremk/lfs-warning/pull/163) - Fix text setup for the issue comment by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/166](https://togithub.com/ppremk/lfs-warning/pull/166) - Validate PR changes to make sure there are no changes missing by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/165](https://togithub.com/ppremk/lfs-warning/pull/165) - Fix emoji by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/167](https://togithub.com/ppremk/lfs-warning/pull/167) - Bump undici from 5.28.2 to 5.28.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/171](https://togithub.com/ppremk/lfs-warning/pull/171) #### New Contributors - [@​GlazerMann](https://togithub.com/GlazerMann) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - [@​samthebest](https://togithub.com/samthebest) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) **Full Changelog**: ppremk/lfs-warning@v3.2...v3.3 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) ### [`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.5.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1) #### What's Changed - feat: Add cosign registry opts for provenance registry by [@​saisatishkarra](https://togithub.com/saisatishkarra) in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) and [https://github.com/slsa-framework/slsa-verifier/pull/736](https://togithub.com/slsa-framework/slsa-verifier/pull/736) - feat: Add support for DSSE Rekor type by [@​haydentherapper](https://togithub.com/haydentherapper) in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) #### New Contributors - [@​saisatishkarra](https://togithub.com/saisatishkarra) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) - [@​ramonpetgrave64](https://togithub.com/ramonpetgrave64) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/737](https://togithub.com/slsa-framework/slsa-verifier/pull/737) - [@​haydentherapper](https://togithub.com/haydentherapper) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) **Full Changelog**: v2.4.1...v2.5.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
cuixq
referenced
this pull request
in google/osv-scanner
Jul 2, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.10` -> `v3.25.11` | | [r-lib/actions](https://togithub.com/r-lib/actions) | action | minor | `v2.8.7` -> `v2.9.0` | | [ruby/setup-ruby](https://togithub.com/ruby/setup-ruby) | action | minor | `v1.175.1` -> `v1.183.0` | | [shivammathur/setup-php](https://togithub.com/shivammathur/setup-php) | action | minor | `v2.30.4` -> `2.31.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contributi 10000 on in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) </details> <details> <summary>r-lib/actions (r-lib/actions)</summary> ### [`v2.9.0`](https://togithub.com/r-lib/actions/compare/v2.8.7...v2.9.0) [Compare Source](https://togithub.com/r-lib/actions/compare/v2.8.7...v2.9.0) </details> <details> <summary>ruby/setup-ruby (ruby/setup-ruby)</summary> ### [`v1.183.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.183.0) [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.182.0...v1.183.0) **Full Changelog**: ruby/setup-ruby@v1.182.0...v1.183.0 ### [`v1.182.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.182.0) [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.181.0...v1.182.0) **Full Changelog**: ruby/setup-ruby@v1.181.0...v1.182.0 ### [`v1.181.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.181.0) [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.180.1...v1.181.0) ##### What's Changed - Add jruby-9.3.15.0 by [@​ruby-builder-bot](https://togithub.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/614](https://togithub.com/ruby/setup-ruby/pull/614) **Full Changelog**: ruby/setup-ruby@v1.180.1...v1.181.0 ### [`v1.180.1`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.180.1): Add ruby-3.3.3 on Windows [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.180.0...v1.180.1) ### [`v1.180.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.180.0): Add ruby-3.3.3 [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.179.1...v1.180.0) ### [`v1.179.1`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.179.1): Improve error message for CRuby < 2.6 on macos-arm64 [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.179.0...v1.179.1) ### [`v1.179.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.179.0): Add ruby-3.1.6,ruby-3.3.2 on Windows [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.178.0...v1.179.0) #### What's Changed - Update CRuby releases on Windows by [@​ruby-builder-bot](https://togithub.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/605](https://togithub.com/ruby/setup-ruby/pull/605) **Full Changelog**: ruby/setup-ruby@v1.178.0...v1.179.0 ### [`v1.178.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.178.0): Add ruby-3.1.6,ruby-3.3.2 and improve error messages [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.177.1...v1.178.0) #### What's Changed - Add ruby-3.1.6,ruby-3.3.2 by [@​ruby-builder-bot](https://togithub.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/603](https://togithub.com/ruby/setup-ruby/pull/603) **Full Changelog**: ruby/setup-ruby@v1.177.1...v1.178.0 ### [`v1.177.1`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.177.1): Use downloadAndExtract() for truffleruby+graalvm too [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.177.0...v1.177.1) ### [`v1.177.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.177.0): Add support for ubuntu-24.04 [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.176.2...v1.177.0) ### [`v1.176.2`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.176.2): Add ruby-3.4.0-preview1 [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.176.0...v1.176.2) ### [`v1.176.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.176.0): Add jruby-9.4.7.0 [Compare Source](https://togithub.com/ruby/setup-ruby/compare/v1.175.1...v1.176.0) </details> <details> <summary>shivammathur/setup-php (shivammathur/setup-php)</summary> ### [`v2.31.0`](https://togithub.com/shivammathur/setup-php/releases/tag/2.31.0) [Compare Source](https://togithub.com/shivammathur/setup-php/compare/2.30.5...2.31.0) ##### Changelog - Added support for a fallback mirror for `ondrej/php` PPA when launchpad is down ([#​834](https://togithub.com/shivammathur/setup-php/issues/834)). - Fixed installing packages on self-hosted environments with existing conf files ([#​852](https://togithub.com/shivammathur/setup-php/issues/852)). - Fixed support for `oci8` and `pdo_oci` extensions on `ubuntu-24.04`. - Fixed support for `couchbase` extension on `ubuntu-24.04`. - Fixed support for `ubuntu-24.04` after `apt-fast` was dropped from the GA images. - Fixed support for `firebird` extension on `macos-14` - Fixed support for `blackfire` extension on `macos-14`. - Fixed support for `relay` extension. - Fixed support for `phalcon` extension for PHP 7.4 on Ubuntu. - Updated Node.js dependencies. For the complete list of changes, please refer to the [Full Changelog](https://togithub.com/shivammathur/setup-php/compare/2.30.5...2.31.0) <p> <h4>Follow for updates</h4> <a href="https://reddit.com/r/setup_php" title="setup-php reddit"><img alt="setup-php reddit" src="https://img.shields.io/badge/reddit-join-FF5700?logo=reddit&logoColor=FF5700&labelColor=555555"></a> <a href="https://twitter.com/setup_php" title="setup-php twitter"><img alt="setup-php twitter" src="https://img.shields.io/badge/twitter-follow-1DA1F2?logo=twitter&logoColor=1DA1F2&labelColor=555555"></a> <a href="https://status.setup-php.com" title="setup-php status"><img alt="setup-php status" src="https://img.shields.io/badge/status-subscribe-28A745?logo=statuspage&logoColor=28A745&labelColor=555555"></a> </p> ### [`v2.30.5`](https://togithub.com/shivammathur/setup-php/releases/tag/2.30.5) [Compare Source](https://togithub.com/shivammathur/setup-php/compare/2.30.4...2.30.5) ##### Changelog - Added support for Ubuntu 24.04. - Added support for `easy-coding-standard` in tools ([https://github.com/shivammathur/setup-php/pull/838](https://togithub.com/shivammathur/setup-php/pull/838)) - Added support for zephir_parser for PHP 8.3. - Fixed installing zts PHP versions on macOS ([https://github.com/shivammathur/setup-php/issues/847](https://togithub.com/shivammathur/setup-php/issues/847)). - Fixed installing `ev` extension ([https://github.com/shivammathur/setup-php/issues/844](https://togithub.com/shivammathur/setup-php/issues/844)). - Fixed support for `ioncube` extension ([https://github.com/shivammathur/setup-php/issues/840](https://togithub.com/shivammathur/setup-php/issues/840)). - Updated Node.js dependencies. For the complete list of changes, please refer to the [Full Changelog](https://togithub.com/shivammathur/setup-php/compare/2.30.4...2.30.5) <p> <h4>Follow for updates</h4> <a href="https://reddit.com/r/setup_php" title="setup-php reddit"><img alt="setup-php reddit" src="https://img.shields.io/badge/reddit-join-FF5700?logo=reddit&logoColor=FF5700&labelColor=555555"></a> <a href="https://twitter.com/setup_php" title="setup-php twitter"><img alt="setup-php twitter" src="https://img.shields.io/badge/twitter-follow-1DA1F2?logo=twitter&logoColor=1DA1F2&labelColor=555555"></a> <a href="https://status.setup-php.com" title="setup-php status"><img alt="setup-php status" src="https://img.shields.io/badge/status-subscribe-28A745?logo=statuspage&logoColor=28A745&labelColor=555555"></a> </p> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
rjferguson21
referenced
this pull request
in defenseunicorns/uds-core
Jul 11, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@commitlint/cli](https://commitlint.js.org/) ([source](https://togithub.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli)) | `19.2.1` -> `19.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [@commitlint/config-conventional](https://commitlint.js.org/) ([source](https://togithub.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional)) | `19.1.0` -> `19.2.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [actions/checkout](https://togithub.com/actions/checkout) | `v4.1.1` -> `v4.1.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [actions/checkout](https://togithub.com/actions/checkout) | -> `a5ac7e5` | | | | | action | pinDigest | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | `v4.3.1` -> `v4.3.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [aws-actions/configure-aws-credentials](https://togithub.com/aws-actions/configure-aws-credentials) | -> `e3dd6a4` | | | | | action | pinDigest | | [hashicorp/setup-terraform](https://togithub.com/hashicorp/setup-terraform) | -> `651471c` | | | | | action | pinDigest | --- ### Release Notes <details> <summary>conventional-changelog/commitlint (@​commitlint/cli)</summary> ### [`v19.3.0`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/cli/CHANGELOG.md#1930-2024-04-23) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.2...v19.3.0) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) #### [19.2.2](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.1...v19.2.2) (2024-04-14) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) #### [19.2.1](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.0...v19.2.1) (2024-03-19) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) ### [`v19.2.2`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/cli/CHANGELOG.md#1922-2024-04-14) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.2.1...v19.2.2) **Note:** Version bump only for package [@​commitlint/cli](https://togithub.com/commitlint/cli) </details> <details> <summary>conventional-changelog/commitlint (@​commitlint/config-conventional)</summary> ### [`v19.2.2`](https://togithub.com/conventional-changelog/commitlint/blob/HEAD/@​commitlint/config-conventional/CHANGELOG.md#1922-2024-04-14) [Compare Source](https://togithub.com/conventional-changelog/commitlint/compare/v19.1.0...v19.2.2) **Note:** Version bump only for package [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
DonRobo
referenced
this pull request
in DonRobo/ha-ha-integration
Jul 26, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.0` -> `v4.1.7` | | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.6` -> `v4.1.7` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@​joshmgross](https://togithub.com/joshmgross) in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - Correct link to GitHub Docs by [@​peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ##### New Contributors - [@​joshmgross](https://togithub.com/joshmgross) made their first contribution in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - [@​peterbe](https://togithub.com/peterbe) made their first contribution in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) **Full Changelog**: actions/checkout@v4.1.0...v4.1.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/DonRobo/ha-ha-integration). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
oxide-renovate bot
referenced
this pull request
in oxidecomputer/omicron
Jul 31, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | [`v4.1.1` -> `v4.1.7`](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.7) | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v415) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 8pm,before 6am" in timezone America/Los_Angeles, Automerge - "after 8pm,before 6am" in timezone America/Los_Angeles. 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMy40IiwidXBkYXRlZEluVmVyIjoiMzguMTMuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: oxide-renovate[bot] <146848827+oxide-renovate[bot]@users.noreply.github.com>
jbudz
referenced
this pull request
in elastic/kibana
Aug 13, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v4` -> `v4.1.7` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v415) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) ### [`v4.1.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v411) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) - Correct link to GitHub Docs by [@​peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
itsacoyote
referenced
this pull request
in zkSync-Community-Hub/community-code
Sep 4, 2024
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@nuxt/fonts](https://redirect.github.com/nuxt/fonts) | [`^0.5.1` -> `^0.7.2`](https://renovatebot.com/diffs/npm/@nuxt%2ffonts/0.5.1/0.7.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [actions/checkout](https://redirect.github.com/actions/checkout) | `v4.1.1` -> `v4.1.7` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [amannn/action-semantic-pull-request](https://redirect.github.com/amannn/action-semantic-pull-request) | `v5.5.2` -> `v5.5.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [trufflesecurity/trufflehog](https://redirect.github.com/trufflesecurity/trufflehog) | `v3.69.0` -> `v3.81.10` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | minor | --- ### Release Notes <details> <summary>nuxt/fonts (@​nuxt/fonts)</summary> ### [`v0.7.2`](https://redirect.github.com/nuxt/fonts/blob/HEAD/CHANGELOG.md#v072) [Compare Source](https://redirect.github.com/nuxt/fonts/compare/v0.7.1...v0.7.2) [compare changes](https://redirect.github.com/nuxt/fonts/compare/v0.7.1...v0.7.2) ##### 🔥 Performance - **local:** Use `tinyglobby` to scan font files ([#​205](https://redirect.github.com/nuxt/fonts/pull/205)) ##### 🩹 Fixes - Apply `-` replacement to filename ([d83aa0d](https://redirect.github.com/nuxt/fonts/commit/d83aa0d)) - **adobe:** Use provided `css_names` from API ([#​192](https://redirect.github.com/nuxt/fonts/pull/192)) - **fontsource:** Use `/variable` endpoint for retrieving variable axes ([#​196](https://redirect.github.com/nuxt/fonts/pull/196)) ##### 📖 Documentation - Fix link to how it works ([#​197](https://redirect.github.com/nuxt/fonts/pull/197)) - Update carbon abs ([7b61b15](https://redirect.github.com/nuxt/fonts/commit/7b61b15)) - Improvements ([9dab0a3](https://redirect.github.com/nuxt/fonts/commit/9dab0a3)) - Update social og image ([2991df2](https://redirect.github.com/nuxt/fonts/commit/2991df2)) - Fix open an issue link on installation page ([#​206](https://redirect.github.com/nuxt/fonts/pull/206)) ##### 🏡 Chore - Lint ([dabc1ce](https://redirect.github.com/nuxt/fonts/commit/dabc1ce)) ##### ✅ Tests - Update snapshots ([5bc9ae6](https://redirect.github.com/nuxt/fonts/commit/5bc9ae6)) ##### ❤️ Contributors - Ben McCann ([@​benmccann](http://github.com/benmccann)) - Kethan Vegunta ([@​kethan1](http://github.com/kethan1)) - Daniel Roe ([@​danielroe](http://github.com/danielroe)) - Sébastien Chopin ([@​atinux](http://github.com/atinux)) - Tom Tang ([@​qwerzl](http://github.com/qwerzl)) - Michel EDIGHOFFER <edimitchel@gmail.com> ### [`v0.7.1`](https://redirect.github.com/nuxt/fonts/blob/HEAD/CHANGELOG.md#v071) [Compare Source](https://redirect.github.com/nuxt/fonts/compare/v0.7.0...v0.7.1) [compare changes](https://redirect.github.com/nuxt/fonts/compare/v0.7.0...v0.7.1) ##### 🩹 Fixes - **local:** Scan for fonts in all public assets dirs ([6e7ae2b](https://redirect.github.com/nuxt/fonts/commit/6e7ae2b)) - Ensure we don't have font filenames prefixed with `-` ([dfa252a](https://redirect.github.com/nuxt/fonts/commit/dfa252a)) ##### 📖 Documentation - Add docs page ([#​146](https://redirect.github.com/nuxt/fonts/pull/146)) - Update home page links ([8c91318](https://redirect.github.com/nuxt/fonts/commit/8c91318)) - Two more links ([5af0e5e](https://redirect.github.com/nuxt/fonts/commit/5af0e5e)) ##### 🏡 Chore - Add CODEOWNERS file ([#​156](https://redirect.github.com/nuxt/fonts/pull/156)) - Lint ([1632eee](https://redirect.github.com/nuxt/fonts/commit/1632eee)) ##### ❤️ Contributors - Daniel Roe ([@​danielroe](http://github.com/danielroe)) - Tom Tang ([@​qwerzl](http://github.com/qwerzl)) ### [`v0.7.0`](https://redirect.github.com/nuxt/fonts/blob/HEAD/CHANGELOG.md#v070) [Compare Source](https://redirect.github.com/nuxt/fonts/compare/v0.6.1...v0.7.0) [compare changes](https://redirect.github.com/nuxt/fonts/compare/v0.6.1...v0.7.0) ##### 🚀 Enhancements - Allow configuring `font-stretch` property in override ([d7ff458](https://redirect.github.com/nuxt/fonts/commit/d7ff458)) - Add `preload` override + preload non subsetted fonts ([#​136](https://redirect.github.com/nuxt/fonts/pull/136)) ##### 🩹 Fixes - Do not apply ignore patterns to `_fonts` public dir ([4952673](https://redirect.github.com/nuxt/fonts/commit/4952673)) ##### 📖 Documentation - Clarify that `addPreloadLinks` only affects production ([d3cbcdb](https://redirect.github.com/nuxt/fonts/commit/d3cbcdb)) - **readme:** Replace provider count ([#​125](https://redirect.github.com/nuxt/fonts/pull/125)) ##### 🏡 Chore - Migrate to eslint v9 ([#​121](https://redirect.github.com/nuxt/fonts/pull/121)) - Lint ([7fa0ef5](https://redirect.github.com/nuxt/fonts/commit/7fa0ef5)) - Update to latest `@nuxt/module-builder` ([#​139](https://redirect.github.com/nuxt/fonts/pull/139)) ##### 🤖 CI - Add codecov token ([#​140](https://redirect.github.com/nuxt/fonts/pull/140)) ##### ❤️ Contributors - Daniel Roe ([@​danielroe](http://github.com/danielroe)) - Jonas Thelemann <e-mail+github@jonas-thelemann.de> ### [`v0.6.1`](https://redirect.github.com/nuxt/fonts/blob/HEAD/CHANGELOG.md#v061) [Compare Source](https://redirect.github.com/nuxt/fonts/compare/v0.6.0...v0.6.1) [compare changes](https://redirect.github.com/nuxt/fonts/compare/v0.6.0...v0.6.1) ##### 🩹 Fixes - Add style in variable font local fallback name ([#​110](https://redirect.github.com/nuxt/fonts/pull/110)) ##### 📖 Documentation - Add link to adobe's terms and warning to read ([7872b28](https://redirect.github.com/nuxt/fonts/commit/7872b28)) - Mention non-latin subset support for adobe provider ([#​109](https://redirect.github.com/nuxt/fonts/pull/109)) ##### 🏡 Chore - **release:** V0.6.0 ([0913b4b](https://redirect.github.com/nuxt/fonts/commit/0913b4b)) ##### ❤️ Contributors - Tom Tang ([@​qwerzl](http://github.com/qwerzl)) - Daniel Roe ([@​danielroe](http://github.com/danielroe)) ### [`v0.6.0`](https://redirect.github.com/nuxt/fonts/blob/HEAD/CHANGELOG.md#v060) [Compare Source](https://redirect.github.com/nuxt/fonts/compare/v0.5.1...v0.6.0) [compare changes](https://redirect.github.com/nuxt/fonts/compare/v0.5.1...v0.6.0) ##### 🚀 Enhancements - **fontsource:** Support variable fonts ([#​102](https://redirect.github.com/nuxt/fonts/pull/102)) ##### 🩹 Fixes - Render variable font weight correctly ([#​99](https://redirect.github.com/nuxt/fonts/pull/99)) - Preserve `@font-face` order when rendering ([836a605](https://redirect.github.com/nuxt/fonts/commit/836a605)) - Only prepend once 🤣 and update snapshots ([8a000ae](https://redirect.github.com/nuxt/fonts/commit/8a000ae)) - Adopt forward-compatible approach to `builder:watch` ([#​101](https://redirect.github.com/nuxt/fonts/pull/101)) - Handle custom `app.baseURL` in development ([d9f4fae](https://redirect.github.com/nuxt/fonts/commit/d9f4fae)) ##### 📖 Documentation - Add image ([608653b](https://redirect.github.com/nuxt/fonts/commit/608653b)) - Mention disabling unocss web fonts preset ([627125b](https://redirect.github.com/nuxt/fonts/commit/627125b)) ##### 🏡 Chore - Link to latest version in badges ([42e7030](https://redirect.github.com/nuxt/fonts/commit/42e7030)) ##### ✅ Tests - Update poppins snapshot ([274ae5f](https://redirect.github.com/nuxt/fonts/commit/274ae5f)) ##### ❤️ Contributors - Daniel Roe ([@​danielroe](http://github.com/danielroe)) - Tom Tang ([@​qwerzl](http://github.com/qwerzl)) - Sébastien Chopin ([@​Atinux](http://github.com/Atinux)) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://redirect.github.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://redirect.github.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://redirect.github.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://redirect.github.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://redirect.github.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://redirect.github.com/actions/checkout/pull/1707) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://redirect.github.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://redirect.github.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://redirect.github.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://redirect.github.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://redirect.github.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://redirect.github.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://redirect.github.com/actions/checkout/pull/1685) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://redirect.github.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://redirect.github.com/actions/checkout/pull/1598) </details> <details> <summary>amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)</summary> ### [`v5.5.3`](https://redirect.github.com/amannn/action-semantic-pull-request/releases/tag/v5.5.3) [Compare Source](https://redirect.github.com/amannn/action-semantic-pull-request/compare/v5.5.2...v5.5.3) ##### Bug Fixes - Bump `braces` dependency ([#​269](https://redirect.github.com/amannn/action-semantic-pull-request/issues/269). by [@​EelcoLos](https://redirect.github.com/EelcoLos)) ([2d952a1](https://redirect.github.com/amannn/action-semantic-pull-request/commit/2d952a1bf90a6a7ab8f0293dc86f5fdf9acb1915)) </details> <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.81.10`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.10) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.9...v3.81.10) #### What's Changed - fix(deps): update module github.com/sendgrid/sendgrid-go to v3.15.0+incompatible by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3214](https://redirect.github.com/trufflesecurity/trufflehog/pull/3214) - fix(deps): update module github.com/charmbracelet/bubbletea to v0.27.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3229](https://redirect.github.com/trufflesecurity/trufflehog/pull/3229) - chore(deps): update golang docker tag to v1.23 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3228](https://redirect.github.com/trufflesecurity/trufflehog/pull/3228) - fix(deps): update module github.com/prometheus/client_golang to v1.20.1 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3236](https://redirect.github.com/trufflesecurity/trufflehog/pull/3236) - fix(deps): update module google.golang.org/api to v0.192.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3237](https://redirect.github.com/trufflesecurity/trufflehog/pull/3237) - fix(deps): update module google.golang.org/api to v0.193.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3238](https://redirect.github.com/trufflesecurity/trufflehog/pull/3238) - fix(deps): update testcontainers-go monorepo to v0.33.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3239](https://redirect.github.com/trufflesecurity/trufflehog/pull/3239) - fix(deps): update module cloud.google.com/go/secretmanager to v1.14.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3240](https://redirect.github.com/trufflesecurity/trufflehog/pull/3240) - Customize results cleaning (using smuggled interface) by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3235](https://redirect.github.com/trufflesecurity/trufflehog/pull/3235) - Skip filtration for targeted scans by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3243](https://redirect.github.com/trufflesecurity/trufflehog/pull/3243) - Strip leading +/- from GitHub target diffs by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3244](https://redirect.github.com/trufflesecurity/trufflehog/pull/3244) - Th 899 postman panic issue by [@​LaraCroftDev](https://redirect.github.com/LaraCroftDev) in [https://github.com/trufflesecurity/trufflehog/pull/3245](https://redirect.github.com/trufflesecurity/trufflehog/pull/3245) - Update rotation guide link for teams by [@​hxnyk](https://redirect.github.com/hxnyk) in [https://github.com/trufflesecurity/trufflehog/pull/3248](https://redirect.github.com/trufflesecurity/trufflehog/pull/3248) - Download files when reverifying by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3252](https://redirect.github.com/trufflesecurity/trufflehog/pull/3252) - \[chore] - Update buffer by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3255](https://redirect.github.com/trufflesecurity/trufflehog/pull/3255) #### New Contributors - [@​LaraCroftDev](https://redirect.github.com/LaraCroftDev) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/3245](https://redirect.github.com/trufflesecurity/trufflehog/pull/3245) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.9.. 97AE .v3.81.10 ### [`v3.81.9`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.9) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.8...v3.81.9) #### What's Changed - Capture decoding time metric by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3209](https://redirect.github.com/trufflesecurity/trufflehog/pull/3209) - fix(deps): update module cloud.google.com/go/secretmanager to v1.13.6 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3208](https://redirect.github.com/trufflesecurity/trufflehog/pull/3208) - remove two letter keyword by [@​0x1](https://redirect.github.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/3210](https://redirect.github.com/trufflesecurity/trufflehog/pull/3210) - Add metrics for command invocation by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3185](https://redirect.github.com/trufflesecurity/trufflehog/pull/3185) - chore(deps): update sigstore/cosign-installer action to v3.6.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3211](https://redirect.github.com/trufflesecurity/trufflehog/pull/3211) - \[analyze] Capture the hierarchy of GitHub permissions by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3127](https://redirect.github.com/trufflesecurity/trufflehog/pull/3127) - \[analyze] Fix GitHub token expiration parsing by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3205](https://redirect.github.com/trufflesecurity/trufflehog/pull/3205) - \[chore] Fix lint errors by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3218](https://redirect.github.com/trufflesecurity/trufflehog/pull/3218) - \[chore] Ignore analyzer implementation tests in test-community by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3219](https://redirect.github.com/trufflesecurity/trufflehog/pull/3219) - Support for kebab case and dot notation in permission generation tool by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3222](https://redirect.github.com/trufflesecurity/trufflehog/pull/3222) - Improve domain / url handling in detectors by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3221](https://redirect.github.com/trufflesecurity/trufflehog/pull/3221) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.8...v3.81.9 ### [`v3.81.8`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.8) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.7...v3.81.8) #### What's Changed - \[analyze] Deduplicate finegrained GitHub permissions by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3196](https://redirect.github.com/trufflesecurity/trufflehog/pull/3196) - fix(deps): update module golang.org/x/net to v0.28.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3187](https://redirect.github.com/trufflesecurity/trufflehog/pull/3187) - \[analyze] Fix double-print in postgres analyzer by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3199](https://redirect.github.com/trufflesecurity/trufflehog/pull/3199) - fix(deps): update module go.mongodb.org/mongo-driver to v1.16.1 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3197](https://redirect.github.com/trufflesecurity/trufflehog/pull/3197) - Log when a detector ignores the timeout by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3201](https://redirect.github.com/trufflesecurity/trufflehog/pull/3201) - \[bug] - Correctly Handle Large Files in BufferedReadSeeker by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3203](https://redirect.github.com/trufflesecurity/trufflehog/pull/3203) - fix(deps): update module github.com/google/go-containerregistry to v0.20.2 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3184](https://redirect.github.com/trufflesecurity/trufflehog/pull/3184) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.7...v3.81.8 ### [`v3.81.7`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.7) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.6...v3.81.7) #### What's Changed - fix(deps): update module golang.org/x/crypto to v0.26.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3182](https://redirect.github.com/trufflesecurity/trufflehog/pull/3182) - fix(deps): update module golang.org/x/text to v0.17.0 - autoclosed by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3183](https://redirect.github.com/trufflesecurity/trufflehog/pull/3183) - \[analyze] Add analyze option to main TUI and unhide subcommand by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3186](https://redirect.github.com/trufflesecurity/trufflehog/pull/3186) - Analyzer capitalization by [@​hxnyk](https://redirect.github.com/hxnyk) in [https://github.com/trufflesecurity/trufflehog/pull/3188](https://redirect.github.com/trufflesecurity/trufflehog/pull/3188) - \[analyze] Bandaid solution for occasional slow startups by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3191](https://redirect.github.com/trufflesecurity/trufflehog/pull/3191) - \[analyze] Add basic section to README by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3190](https://redirect.github.com/trufflesecurity/trufflehog/pull/3190) - Fixes for a few finegrained token issues by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3194](https://redirect.github.com/trufflesecurity/trufflehog/pull/3194) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.6...v3.81.7 ### [`v3.81.6`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.6) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.5...v3.81.6) #### What's Changed - Auth GitHub in Init by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3131](https://redirect.github.com/trufflesecurity/trufflehog/pull/3131) - fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.1.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3176](https://redirect.github.com/trufflesecurity/trufflehog/pull/3176) - Analyze TUI by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3172](https://redirect.github.com/trufflesecurity/trufflehog/pull/3172) - \[analyze] Separate SID from token in twilio analyzer by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3177](https://redirect.github.com/trufflesecurity/trufflehog/pull/3177) - \[chore] Use custom HTTP client in sendgrid analyzer by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3178](https://redirect.github.com/trufflesecurity/trufflehog/pull/3178) - Improve finegrained token support by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3179](https://redirect.github.com/trufflesecurity/trufflehog/pull/3179) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.5...v3.81.6 ### [`v3.81.5`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.5) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.4...v3.81.5) #### What's Changed - Update README.md for github experimental by [@​joeleonjr](https://redirect.github.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/3160](https://redirect.github.com/trufflesecurity/trufflehog/pull/3160) - fix(deps): update module github.com/schollz/progressbar/v3 to v3.14.6 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3158](https://redirect.github.com/trufflesecurity/trufflehog/pull/3158) - \[analyze] Fix off-by-one error in generated data structures by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3162](https://redirect.github.com/trufflesecurity/trufflehog/pull/3162) - \[bug] - Create a new context with timeout per request by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3163](https://redirect.github.com/trufflesecurity/trufflehog/pull/3163) - \[analyze] Use permission enum values in openai analyzer by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3165](https://redirect.github.com/trufflesecurity/trufflehog/pull/3165) - update pattern by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3167](https://redirect.github.com/trufflesecurity/trufflehog/pull/3167) - Update Zulip detector by [@​rgmz](https://redirect.github.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2897](https://redirect.github.com/trufflesecurity/trufflehog/pull/2897) - fix(deps): update module golang.org/x/oauth2 to v0.22.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3168](https://redirect.github.com/trufflesecurity/trufflehog/pull/3168) - fix(deps): update module golang.org/x/sync to v0.8.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3169](https://redirect.github.com/trufflesecurity/trufflehog/pull/3169) - fix(deps): update github.com/tailscale/depaware digest to [`585336c`](https://redirect.github.com/trufflesecurity/trufflehog/commit/585336c) by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3166](https://redirect.github.com/trufflesecurity/trufflehog/pull/3166) - Change log verbosity for detection errors by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3171](https://redirect.github.com/trufflesecurity/trufflehog/pull/3171) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.4...v3.81.5 ### [`v3.81.4`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.4) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.3...v3.81.4) #### What's Changed - \[bug] - add context timeout to ssh verification by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3161](https://redirect.github.com/trufflesecurity/trufflehog/pull/3161) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.3...v3.81.4 ### [`v3.81.3`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.3) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.2...v3.81.3) #### What's Changed - \[chore] - log detector type on error by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3159](https://redirect.github.com/trufflesecurity/trufflehog/pull/3159) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.2...v3.81.3 ### [`v3.81.2`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.2) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.1...v3.81.2) #### What's Changed - \[chore] - set custom transport for the Docker client by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3156](https://redirect.github.com/trufflesecurity/trufflehog/pull/3156) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.1...v3.81.2 ### [`v3.81.1`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.1) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.81.0...v3.81.1) #### What's Changed - \[chore] - enable block and mutex profiles by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3154](https://redirect.github.com/trufflesecurity/trufflehog/pull/3154) - Add Analyzers interface for Square by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3141](https://redirect.github.com/trufflesecurity/trufflehog/pull/3141) - Update module google.golang.org/api to v0.190.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3146](https://redirect.github.com/trufflesecurity/trufflehog/pull/3146) - quick patch for cfor enumeration by [@​joeleonjr](https://redirect.github.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/3155](https://redirect.github.com/trufflesecurity/trufflehog/pull/3155) - Add Analyzers interface for HuggingFace by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3140](https://redirect.github.com/trufflesecurity/trufflehog/pull/3140) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.81.0...v3.81.1 ### [`v3.81.0`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.81.0) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.6...v3.81.0) #### What's Changed - Add progress bar to CFOR by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3151](https://redirect.github.com/trufflesecurity/trufflehog/pull/3151) - \[fix] Always configure the engine with the default detectors by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3152](https://redirect.github.com/trufflesecurity/trufflehog/pull/3152) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.6...v3.81.0 ### [`v3.80.6`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.6) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.5...v3.80.6) #### What's Changed - Add Analyze interface to Stripe by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3132](https://redirect.github.com/trufflesecurity/trufflehog/pull/3132) - \[analyze] Combine access level into permission value by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3144](https://redirect.github.com/trufflesecurity/trufflehog/pull/3144) - \[chore] - move automaxprocs to init by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3143](https://redirect.github.com/trufflesecurity/trufflehog/pull/3143) - add twilio analyze relationships by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3148](https://redirect.github.com/trufflesecurity/trufflehog/pull/3148) - \[chore] Only set default detectors if none are provided by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3147](https://redirect.github.com/trufflesecurity/trufflehog/pull/3147) - CFOR Commit Scanner by [@​joeleonjr](https://redirect.github.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/3145](https://redirect.github.com/trufflesecurity/trufflehog/pull/3145) - \[perf] - Leverage pgzip for Parallel decompression by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3149](https://redirect.github.com/trufflesecurity/trufflehog/pull/3149) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.5...v3.80.6 ### [`v3.80.5`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.5) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/3.80.4...v3.80.5) #### What's Changed - Add permissions lookup tables by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3125](https://redirect.github.com/trufflesecurity/trufflehog/pull/3125) - Export maps from permission generation by [@​hxnyk](https://redirect.github.com/hxnyk) in [https://github.com/trufflesecurity/trufflehog/pull/3137](https://redirect.github.com/trufflesecurity/trufflehog/pull/3137) - \[chore] - Set GOMAXPROCS by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3136](https://redirect.github.com/trufflesecurity/trufflehog/pull/3136) - \[chore] - address linter by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3133](https://redirect.github.com/trufflesecurity/trufflehog/pull/3133) - \[refactor] - Improve Performance by Shifting Concurrency from Image to Layer Level by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3135](https://redirect.github.com/trufflesecurity/trufflehog/pull/3135) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/3.80.4...v3.80.5 ### [`v3.80.4`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/3.80.4) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.3...3.80.4) #### What's Changed - Analyzer partial implementations by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3114](https://redirect.github.com/trufflesecurity/trufflehog/pull/3114) - fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3116](https://redirect.github.com/trufflesecurity/trufflehog/pull/3116) - Separate out printing statements with anlayzer logic for Shopify by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3123](https://redirect.github.com/trufflesecurity/trufflehog/pull/3123) - Separate out printing statements with anlayzer logic for Square by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3122](https://redirect.github.com/trufflesecurity/trufflehog/pull/3122) - Separate out printing statements with anlayzer logic for twilio by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3118](https://redirect.github.com/trufflesecurity/trufflehog/pull/3118) - Add new canary ID by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3117](https://redirect.github.com/trufflesecurity/trufflehog/pull/3117) - Update GitHub integration tests by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3124](https://redirect.github.com/trufflesecurity/trufflehog/pull/3124) - Separate out printing statements with anlayzer logic for Slack by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3121](https://redirect.github.com/trufflesecurity/trufflehog/pull/3121) - Separate out printing statements with anlayzer logic for Stripe by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3120](https://redirect.github.com/trufflesecurity/trufflehog/pull/3120) - nitro detector was removed and needs to be deprecated by [@​0x1](https://redirect.github.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/3102](https://redirect.github.com/trufflesecurity/trufflehog/pull/3102) - Separate out printing statements with anlayzer logic for SourceGraph by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3119](https://redirect.github.com/trufflesecurity/trufflehog/pull/3119) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.3...3.80.4 ### [`v3.80.3`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.3) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.2...v3.80.3) #### What's Changed - fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.5 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3108](https://redirect.github.com/trufflesecurity/trufflehog/pull/3108) - \[chore] Move openai log message to proper function by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3105](https://redirect.github.com/trufflesecurity/trufflehog/pull/3105) - fix(deps): update module github.com/aws/aws-sdk-go to v1.55.3 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3107](https://redirect.github.com/trufflesecurity/trufflehog/pull/3107) - \[analyze] Implement Analyzer interface for github by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3110](https://redirect.github.com/trufflesecurity/trufflehog/pull/3110) - Support openai project and fine grained tokens by [@​dustin-decker](https://redirect.github.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/3112](https://redirect.github.com/trufflesecurity/trufflehog/pull/3112) - \[analyze] Add description and user to openai metadata by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3111](https://redirect.github.com/trufflesecurity/trufflehog/pull/3111) - \[chore] - Manually update Depedencies by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3106](https://redirect.github.com/trufflesecurity/trufflehog/pull/3106) - Use non-canary credentials for AWS tests by [@​rosecodym](https://redirect.github.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/3109](https://redirect.github.com/trufflesecurity/trufflehog/pull/3109) - Include default detectors when using a config that contains detectors by [@​harmonherring-pro](https://redirect.github.com/harmonherring-pro) in [https://github.com/trufflesecurity/trufflehog/pull/3115](https://redirect.github.com/trufflesecurity/trufflehog/pull/3115) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.2...v3.80.3 ### [`v3.80.2`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.2) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.1...v3.80.2) #### What's Changed - Added Twitter v2 Detector by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3016](https://redirect.github.com/trufflesecurity/trufflehog/pull/3016) - fix(deps): update module github.com/aws/aws-sdk-go to v1.54.20 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3077](https://redirect.github.com/trufflesecurity/trufflehog/pull/3077) - \[bug] - add verify check by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3079](https://redirect.github.com/trufflesecurity/trufflehog/pull/3079) - \[chore] - Reduce `VerificationOverlapWorker`s by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3082](https://redirect.github.com/trufflesecurity/trufflehog/pull/3082) - fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.1 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3078](https://redirect.github.com/trufflesecurity/trufflehog/pull/3078) - fix(deps): update golang.org/x/exp digest to [`8a7402a`](https://redirect.github.com/trufflesecurity/trufflehog/commit/8a7402a) by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3083](https://redirect.github.com/trufflesecurity/trufflehog/pull/3083) - fix(deps): update module github.com/googleapis/gax-go/v2 to v2.13.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3085](https://redirect.github.com/trufflesecurity/trufflehog/pull/3085) - fix(deps): update module google.golang.org/api to v0.189.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3086](https://redirect.github.com/trufflesecurity/trufflehog/pull/3086) - implemented a netsuite detector by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3068](https://redirect.github.com/trufflesecurity/trufflehog/pull/3068) - Remove onwater detector by [@​trufflesteeeve](https://redirect.github.com/trufflesteeeve) in [https://github.com/trufflesecurity/trufflehog/pull/3088](https://redirect.github.com/trufflesecurity/trufflehog/pull/3088) - Fixed Crash issue in atlassian V2 if data in response is empty array by [@​abmussani](https://redirect.github.com/abmussani) in [https://github.com/trufflesecurity/trufflehog/pull/3091](https://redirect.github.com/trufflesecurity/trufflehog/pull/3091) - fix(deps): update module github.com/aws/aws-sdk-go to v1.55.1 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3087](https://redirect.github.com/trufflesecurity/trufflehog/pull/3087) - fix(deps): update module github.com/aws/aws-sdk-go to v1.55.2 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3094](https://redirect.github.com/trufflesecurity/trufflehog/pull/3094) - \[chore] - remove deps from docker image by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3097](https://redirect.github.com/trufflesecurity/trufflehog/pull/3097) - \[bug]- Invalid Seek for Non-Seekable Readers by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3095](https://redirect.github.com/trufflesecurity/trufflehog/pull/3095) - chore: fix some comments by [@​shangchenglumetro](https://redirect.github.com/shangchenglumetro) in [https://github.com/trufflesecurity/trufflehog/pull/3098](https://redirect.github.com/trufflesecurity/trufflehog/pull/3098) - Analyze by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3099](https://redirect.github.com/trufflesecurity/trufflehog/pull/3099) - fix(deps): update module cloud.google.com/go/secretmanager to v1.13.5 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3096](https://redirect.github.com/trufflesecurity/trufflehog/pull/3096) - \[chore] Fix Versioner interface for twitter by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3104](https://redirect.github.com/trufflesecurity/trufflehog/pull/3104) - Implement Analyzer interface for openai by [@​mcastorina](https://redirect.github.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/3101](https://redirect.github.com/trufflesecurity/trufflehog/pull/3101) #### New Contributors - [@​shangchenglumetro](https://redirect.github.com/shangchenglumetro) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/3098](https://redirect.github.com/trufflesecurity/trufflehog/pull/3098) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.1...v3.80.2 ### [`v3.80.1`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.1) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.80.0...v3.80.1) #### What's Changed - fix(deps): update golang.org/x/exp digest to [`e3f2596`](https://redirect.github.com/trufflesecurity/trufflehog/commit/e3f2596) by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3071](https://redirect.github.com/trufflesecurity/trufflehog/pull/3071) - chore: fix goreleaser config and command line options for goreleaser v2 by [@​suzuki-shunsuke](https://redirect.github.com/suzuki-shunsuke) in [https://github.com/trufflesecurity/trufflehog/pull/3073](https://redirect.github.com/trufflesecurity/trufflehog/pull/3073) #### New Contributors - [@​suzuki-shunsuke](https://redirect.github.com/suzuki-shunsuke) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/3073](https://redirect.github.com/trufflesecurity/trufflehog/pull/3073) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.80.0...v3.80.1 ### [`v3.80.0`](https://redirect.github.com/trufflesecurity/trufflehog/releases/tag/v3.80.0) [Compare Source](https://redirect.github.com/trufflesecurity/trufflehog/compare/v3.79.0...v3.80.0) #### What's Changed - Add endorlabs detector by [@​shreyas-sriram](https://redirect.github.com/shreyas-sriram) in [https://github.com/trufflesecurity/trufflehog/pull/3015](https://redirect.github.com/trufflesecurity/trufflehog/pull/3015) - New Source: HuggingFace by [@​joeleonjr](https://redirect.github.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/3000](https://redirect.github.com/trufflesecurity/trufflehog/pull/3000) - Update README.md by [@​joeleonjr](https://redirect.github.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/3019](https://redirect.github.com/trufflesecurity/trufflehog/pull/3019) - fixing docs by [@​dylanTruffle](https://redirect.github.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/3022](https://redirect.github.com/trufflesecurity/trufflehog/pull/3022) - fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2998](https://redirect.github.com/trufflesecurity/trufflehog/pull/2998) - fix(deps): update module github.com/aws/aws-sdk-go to v1.54.11 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3025](https://redirect.github.com/trufflesecurity/trufflehog/pull/3025) - fix(deps): update module cloud.google.com/go/secretmanager to v1.13.2 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3024](https://redirect.github.com/trufflesecurity/trufflehog/pull/3024) - fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.4 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3026](https://redirect.github.com/trufflesecurity/trufflehog/pull/3026) - fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3030](https://redirect.github.com/trufflesecurity/trufflehog/pull/3030) - update LaunchDarkly detector to use the caller-identity API by [@​pkaeding](https://redirect.github.com/pkaeding) in [https://github.com/trufflesecurity/trufflehog/pull/3018](https://redirect.github.com/trufflesecurity/trufflehog/pull/3018) - fix(deps): update module github.com/wasilibs/go-re2 to v1.6.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3033](https://redirect.github.com/trufflesecurity/trufflehog/pull/3033) - fix(deps): update module github.com/xanzy/go-gitlab to v0.106.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3035](https://redirect.github.com/trufflesecurity/trufflehog/pull/3035) - \[chore] - remove launchdarkly dep by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3034](https://redirect.github.com/trufflesecurity/trufflehog/pull/3034) - Fix race in `caflou` and `ldap` detectors by [@​rgmz](https://redirect.github.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/3028](https://redirect.github.com/trufflesecurity/trufflehog/pull/3028) - Elevenlabs detector by [@​dylanTruffle](https://redirect.github.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/3023](https://redirect.github.com/trufflesecurity/trufflehog/pull/3023) - fix(deps): update module go.mongodb.org/mongo-driver to v1.16.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3036](https://redirect.github.com/trufflesecurity/trufflehog/pull/3036) - fix(deps): update module cloud.google.com/go/secretmanager to v1.13.3 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3037](https://redirect.github.com/trufflesecurity/trufflehog/pull/3037) - fix(deps): update module github.com/aws/aws-sdk-go to v1.54.14 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3042](https://redirect.github.com/trufflesecurity/trufflehog/pull/3042) - fix(deps): update module cloud.google.com/go/storage to v1.43.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3043](https://redirect.github.com/trufflesecurity/trufflehog/pull/3043) - fix(deps): update module golang.org/x/net to v0.27.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3046](https://redirect.github.com/trufflesecurity/trufflehog/pull/3046) - fix(deps): update module golang.org/x/crypto to v0.25.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3045](https://redirect.github.com/trufflesecurity/trufflehog/pull/3045) - fix(deps): update module github.com/aws/aws-sdk-go to v1.54.15 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3049](https://redirect.github.com/trufflesecurity/trufflehog/pull/3049) - fix(deps): update testcontainers-go monorepo to v0.32.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3050](https://redirect.github.com/trufflesecurity/trufflehog/pull/3050) - \[chore] - remove dead Chunker code by [@​ahrav](https://redirect.github.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/3044](https://redirect.github.com/trufflesecurity/trufflehog/pull/3044) - chore(deps): update goreleaser/goreleaser-action action to v6 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3051](https://redirect.github.com/trufflesecurity/trufflehog/pull/3051) - fix(deps): update golang.org/x/exp digest to [`46b0784`](https://redirect.github.com/trufflesecurity/trufflehog/commit/46b0784) by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3053](https://redirect.github.com/trufflesecurity/trufflehog/pull/3053) - fix(deps): update module github.com/aws/aws-sdk-go to v1.54.16 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3054](https://redirect.github.com/trufflesecurity/trufflehog/pull/3054) - fix(deps): update module github.com/google/go-containerregistry to v0.20.0 by [@​renovate](https://redirect.github.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/3055](https://redirect.github.com/trufflesecurity/trufflehog/pull/3055) - </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge 741A this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/zkSync-Community-Hub/community-code). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot
referenced
this pull request
in redwoodjs/graphql
Sep 5, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://redirect.github.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://redirect.github.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://redirect.github.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://redirect.github.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://redirect.github.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://redirect.github.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1692](http F438 s://redirect.github.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://redirect.github.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://redirect.github.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://redirect.github.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://redirect.github.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://redirect.github.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://redirect.github.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://redirect.github.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://redirect.github.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Josh-Walker-GM
referenced
this pull request
in redwoodjs/graphql
Sep 5, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://redirect.github.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://redirect.github.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://redirect.github.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://redirect.github.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://redirect.github.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://redirect.github.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://redirect.github.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://redirect.github.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://redirect.github.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://redirect.github.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://redirect.github.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://redirect.github.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://redirect.github.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://redirect.github.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://redirect.github.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://redirect.github.com/actions/checkout/pull/1598) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This was referenced Dec 31, 2024
otc-zuul bot
pushed a commit
to opentelekomcloud-infra/system-config
that referenced
this pull request
May 19, 2025
Bump the all-actions group with 4 updates Bumps the all-actions group with 4 updates: actions/checkout, azure/setup-helm, actions/setup-python and peter-evans/create-pull-request. Updates actions/checkout from 3 to 4 Release notes Sourced from actions/checkout's releases. v4.0.0 What's Changed Update default runtime to node20 by @takost in actions/checkout#1436 Support fetching without the --progress option by @simonbaird in actions/checkout#1067 Release 4.0.0 by @takost in actions/checkout#1447 New Contributors @takost made their first contribution in actions/checkout#1436 @simonbaird made their first contribution in actions/checkout#1067 Full Changelog: actions/checkout@v3...v4.0.0 v3.6.0 What's Changed Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377 Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579 Release 3.6.0 by @luketomlinson in actions/checkout#1437 New Contributors @RobertWieczoreck made their first contribution in actions/checkout#579 @luketomlinson made their first contribution in actions/checkout#1437 Full Changelog: actions/checkout@v3.5.3...v3.6.0 v3.5.3 What's Changed Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196 Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287 Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369 Release v3.5.3 by @TingluoHuang in actions/checkout#1376 New Contributors @megamanics made their first contribution in actions/checkout#1196 @DimitriPapadopoulos made their first contribution in actions/checkout#1287 @dfdez made their first contribution in actions/checkout#1369 Full Changelog: actions/checkout@v3...v3.5.3 v3.5.2 What's Changed Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr Full Changelog: actions/checkout@v3.5.1...v3.5.2 v3.5.1 What's Changed Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246 New Contributors @BrettDong made their first contribution in actions/checkout#1246 ... (truncated) Changelog Sourced from actions/checkout's changelog. Changelog v4.2.2 url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941 Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946 v4.2.1 Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924 v4.2.0 Add Ref and Commit outputs by @lucacome in actions/checkout#1180 Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872 v4.1.7 Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739 Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697 Check out other refs/* by commit by @orhantoy in actions/checkout#1774 Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776 v4.1.6 Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732 v4.1.5 Update NPM dependencies by @cory-miller in actions/checkout#1703 Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694 Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696 Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695 README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707 v4.1.4 Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692 Add dependabot config by @cory-miller in actions/checkout#1688 Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693 Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643 v4.1.3 Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656 Add SSH user parameter by @cory-miller in actions/checkout#1685 Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650 v4.1.2 Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598 v4.1.1 Correct link to GitHub Docs by @peterbe in actions/checkout#1511 Link to release page from what's new section by @cory-miller in actions/checkout#1514 v4.1.0 Add support for partial checkout filters ... (truncated) Commits 11bd719 Prepare 4.2.2 Release (#1953) e3d2460 Expand unit test coverage (#1946) 163217d url-helper.ts now leverages well-known environment variables. (#1941) eef6144 Prepare 4.2.1 release (#1925) 6b42224 Add workflow file for publishing releases to immutable action package (#1919) de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924) d632683 Prepare 4.2.0 release (#1878) 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777) db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872) b684943 Add Ref and Commit outputs (#1180) Additional commits viewable in compare view Updates azure/setup-helm from 3 to 4 Release notes Sourced from azure/setup-helm's releases. v4.0.0 #121 update to node20 as node16 is deprecated v3.5 release Bump @actions/core version to remove output warning. v3.4 release Improves the querying method to find the latest Helm release. Takes advantage of new GitHub api changes. v3.3 release Add token input. Needed for fetching latest v3.1 release Swap to GraphQL GitHub API Changelog Sourced from azure/setup-helm's changelog. Change Log [4.3.0] - 2025-02-15 #152 feat: log when restoring from cache #157 Dependencies Update #137 Add dependabot [4.2.0] - 2024-04-15 #124 Fix OS detection and download OS-native archive extension [4.1.0] - 2024-03-01 #130 switches to use Helm published file to read latest version instead of using GitHub releases [4.0.0] - 2024-02-12 #121 update to node20 as node16 is deprecated Commits b9e5190 build 0e8654b Release setup-helm version 4.3.0 (#162) b48e1df feat: log when restoring from cache (#152) 855ae7a Bump the actions group across 1 directory with 3 updates (#159) 124c6d8 Dependencies Update (#157) 048f4e7 Bump the actions group across 1 directory with 2 updates (#151) 8618769 Bump the actions group across 1 directory with 4 updates (#149) 4eb898e Bump the actions group across 1 directory with 2 updates (#145) 7a2001c Bump the actions group across 1 directory with 2 updates (#143) e90c86c Bump the actions group across 1 directory with 9 updates (#141) Additional commits viewable in compare view Updates actions/setup-python from 4 to 5 Release notes Sourced from actions/setup-python's releases. v5.0.0 What's Changed In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions. Full Changelog: actions/setup-python@v4.8.0...v5.0.0 v4.9.1 What's Changed Add workflow file for publishing releases to immutable action package by @aparnajyothi-y in actions/setup-python#1084 Full Changelog: actions/setup-python@v4...v4.9.1 v4.9.0 What's Changed Upgrade actions/cache to 4.0.3 by @priya-kinthali in actions/setup-python#1073 In scope of this release we updated actions/cache package to ensure continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache. Full Changelog: actions/setup-python@v4.8.0...v4.9.0 v4.8.0 What's Changed In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy: steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 'graalpy-22.3' - run: python my_script.py Besides, the release contains such changes as: Trim python version when reading from file by @FerranPares in actions/setup-python#628 Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724 Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723 Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743 advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729 Examples now use checkout@v4 by @simonw in actions/setup-python#738 Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761 New Contributors @FerranPares made their first contribution in actions/setup-python#628 @timfel made their first contribution in actions/setup-python#694 @jeffwidman made their first contribution in actions/setup-python#724 Full Changelog: actions/setup-python@v4...v4.8.0 ... (truncated) Commits a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081) 30eafe9 Bump prettier from 2.8.8 to 3.5.3 (#1046) 5d95bc1 Bump semver and @types/semver (#1091) 6ed2c67 Fix for Candidate Not Iterable Error (#1082) e348410 Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (#1065) 8d9ed9a Add e2e Testing for free threaded and Bump @action/cache from 4.0.0 to 4.0.3 ... 19e4675 Add support for .tool-versions file in setup-python (#1043) 6fd11e1 Bump @actions/glob from 0.4.0 to 0.5.0 (#1015) 9e62be8 Support free threaded Python versions like '3.13t' (#973) 6ca8e85 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1016) Additional commits viewable in compare view Updates peter-evans/create-pull-request from 5 to 7 Release notes Sourced from peter-evans/create-pull-request's releases. Create Pull Request v7.0.0 ✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖 Behaviour changes Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch. The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried. The pull-request-operation output now returns none when no operation was executed. Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead. What's new The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details. Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation. A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action. A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified. What's Changed build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot in peter-evans/create-pull-request#3000 build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in peter-evans/create-pull-request#3008 build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot in peter-evans/create-pull-request#3018 build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in peter-evans/create-pull-request#3019 build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot in peter-evans/create-pull-request#3035 build(deps-dev): bump @types/node from 18.19.39 to 18.19.41 by @dependabot in peter-evans/create-pull-request#3037 build(deps): bump undici from 6.19.2 to 6.19.4 by @dependabot in peter-evans/create-pull-request#3036 build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @dependabot in peter-evans/create-pull-request#3038 build(deps-dev): bump @types/node from 18.19.41 to 18.19.42 by @dependabot in peter-evans/create-pull-request#3070 build(deps): bump undici from 6.19.4 to 6.19.5 by @dependabot in peter-evans/create-pull-request#3086 build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot in peter-evans/create-pull-request#3087 build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @dependabot in peter-evans/create-pull-request#3088 build(deps): bump undici from 6.19.5 to 6.19.7 by @dependabot in peter-evans/create-pull-request#3145 build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot in peter-evans/create-pull-request#3144 Update distribution by @actions-bot in peter-evans/create-pull-request#3154 build(deps): bump undici from 6.19.7 to 6.19.8 by @dependabot in peter-evans/create-pull-request#3213 build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot in peter-evans/create-pull-request#3214 Update distribution by @actions-bot in peter-evans/create-pull-request#3221 build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by @dependabot in peter-evans/create-pull-request#3255 build(deps-dev): bump @types/node from 18.19.45 to 18.19.46 by @dependabot in peter-evans/create-pull-request#3254 build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @dependabot in peter-evans/create-pull-request#3256 v7 - signed commits by @peter-evans in peter-evans/create-pull-request#3057 New Contributors @rustycl0ck made their first contribution in peter-evans/create-pull-request#3057 Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0 Create Pull Request v6.1.0 ✨ Adds pull-request-branch as an action output. What's Changed ... (truncated) Commits 271a8d0 fix: suppress output for some git operations (#3776) 6f7efd1 test: update cpr-example-command 13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754) 63e5829 build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753) a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752) b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751) dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744) 367180c ci: remove testv5 cmd 25575a1 build: update distribution (#3736) a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions Reviewed-by: Vladimir Vshivkov
vladimirvshivkov
pushed a commit
to opentelekomcloud-infra/system-config
that referenced
this pull request
May 21, 2025
Bump the all-actions group with 4 updates Bumps the all-actions group with 4 updates: actions/checkout, azure/setup-helm, actions/setup-python and peter-evans/create-pull-request. Updates actions/checkout from 3 to 4 Release notes Sourced from actions/checkout's releases. v4.0.0 What's Changed Update default runtime to node20 by @takost in actions/checkout#1436 Support fetching without the --progress option by @simonbaird in actions/checkout#1067 Release 4.0.0 by @takost in actions/checkout#1447 New Contributors @takost made their first contribution in actions/checkout#1436 @simonbaird made their first contribution in actions/checkout#1067 Full Changelog: actions/checkout@v3...v4.0.0 v3.6.0 What's Changed Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377 Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579 Release 3.6.0 by @luketomlinson in actions/checkout#1437 New Contributors @RobertWieczoreck made their first contribution in actions/checkout#579 @luketomlinson made their first contribution in actions/checkout#1437 Full Changelog: actions/checkout@v3.5.3...v3.6.0 v3.5.3 What's Changed Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196 Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287 Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369 Release v3.5.3 by @TingluoHuang in actions/checkout#1376 New Contributors @megamanics made their first contribution in actions/checkout#1196 @DimitriPapadopoulos made their first contribution in actions/checkout#1287 @dfdez made their first contribution in actions/checkout#1369 Full Changelog: actions/checkout@v3...v3.5.3 v3.5.2 What's Changed Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr Full Changelog: actions/checkout@v3.5.1...v3.5.2 v3.5.1 What's Changed Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246 New Contributors @BrettDong made their first contribution in actions/checkout#1246 ... (truncated) Changelog Sourced from actions/checkout's changelog. Changelog v4.2.2 url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941 Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946 v4.2.1 Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924 v4.2.0 Add Ref and Commit outputs by @lucacome in actions/checkout#1180 Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872 v4.1.7 Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739 Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697 Check out other refs/* by commit by @orhantoy in actions/checkout#1774 Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776 v4.1.6 Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732 v4.1.5 Update NPM dependencies by @cory-miller in actions/checkout#1703 Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694 Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696 Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695 README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707 v4.1.4 Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692 Add dependabot config by @cory-miller in actions/checkout#1688 Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693 Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643 v4.1.3 Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656 Add SSH user parameter by @cory-miller in actions/checkout#1685 Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650 v4.1.2 Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598 v4.1.1 Correct link to GitHub Docs by @peterbe in actions/checkout#1511 Link to release page from what's new section by @cory-miller in actions/checkout#1514 v4.1.0 Add support for partial checkout filters ... (truncated) Commits 11bd719 Prepare 4.2.2 Release (#1953) e3d2460 Expand unit test coverage (#1946) 163217d url-helper.ts now leverages well-known environment variables. (#1941) eef6144 Prepare 4.2.1 release (#1925) 6b42224 Add workflow file for publishing releases to immutable action package (#1919) de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924) d632683 Prepare 4.2.0 release (#1878) 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777) db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872) b684943 Add Ref and Commit outputs (#1180) Additional commits viewable in compare view Updates azure/setup-helm from 3 to 4 Release notes Sourced from azure/setup-helm's releases. v4.0.0 #121 update to node20 as node16 is deprecated v3.5 release Bump @actions/core version to remove output warning. v3.4 release Improves the querying method to find the latest Helm release. Takes advantage of new GitHub api changes. v3.3 release Add token input. Needed for fetching latest v3.1 release Swap to GraphQL GitHub API Changelog Sourced from azure/setup-helm's changelog. Change Log [4.3.0] - 2025-02-15 #152 feat: log when restoring from cache #157 Dependencies Update #137 Add dependabot [4.2.0] - 2024-04-15 #124 Fix OS detection and download OS-native archive extension [4.1.0] - 2024-03-01 #130 switches to use Helm published file to read latest version instead of using GitHub releases [4.0.0] - 2024-02-12 #121 update to node20 as node16 is deprecated Commits b9e5190 build 0e8654b Release setup-helm version 4.3.0 (#162) b48e1df feat: log when restoring from cache (#152) 855ae7a Bump the actions group across 1 directory with 3 updates (#159) 124c6d8 Dependencies Update (#157) 048f4e7 Bump the actions group across 1 directory with 2 updates (#151) 8618769 Bump the actions group across 1 directory with 4 updates (#149) 4eb898e Bump the actions group across 1 directory with 2 updates (#145) 7a2001c Bump the actions group across 1 directory with 2 updates (#143) e90c86c Bump the actions group across 1 directory with 9 updates (#141) Additional commits viewable in compare view Updates actions/setup-python from 4 to 5 Release notes Sourced from actions/setup-python's releases. v5.0.0 What's Changed In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions. Full Changelog: actions/setup-python@v4.8.0...v5.0.0 v4.9.1 What's Changed Add workflow file for publishing releases to immutable action package by @aparnajyothi-y in actions/setup-python#1084 Full Changelog: actions/setup-python@v4...v4.9.1 v4.9.0 What's Changed Upgrade actions/cache to 4.0.3 by @priya-kinthali in actions/setup-python#1073 In scope of this release we updated actions/cache package to ensure continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache. Full Changelog: actions/setup-python@v4.8.0...v4.9.0 v4.8.0 What's Changed In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy: steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 'graalpy-22.3' - run: python my_script.py Besides, the release contains such changes as: Trim python version when reading from file by @FerranPares in actions/setup-python#628 Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724 Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723 Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743 advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729 Examples now use checkout@v4 by @simonw in actions/setup-python#738 Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761 New Contributors @FerranPares made their first contribution in actions/setup-python#628 @timfel made their first contribution in actions/setup-python#694 @jeffwidman made their first contribution in actions/setup-python#724 Full Changelog: actions/setup-python@v4...v4.8.0 ... (truncated) Commits a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081) 30eafe9 Bump prettier from 2.8.8 to 3.5.3 (#1046) 5d95bc1 Bump semver and @types/semver (#1091) 6ed2c67 Fix for Candidate Not Iterable Error (#1082) e348410 Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (#1065) 8d9ed9a Add e2e Testing for free threaded and Bump @action/cache from 4.0.0 to 4.0.3 ... 19e4675 Add support for .tool-versions file in setup-python (#1043) 6fd11e1 Bump @actions/glob from 0.4.0 to 0.5.0 (#1015) 9e62be8 Support free threaded Python versions like '3.13t' (#973) 6ca8e85 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1016) Additional commits viewable in compare view Updates peter-evans/create-pull-request from 5 to 7 Release notes Sourced from peter-evans/create-pull-request's releases. Create Pull Request v7.0.0 ✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖 Behaviour changes Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch. The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried. The pull-request-operation output now returns none when no operation was executed. Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead. What's new The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details. Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation. A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action. A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified. What's Changed build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot in peter-evans/create-pull-request#3000 build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in peter-evans/create-pull-request#3008 build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot in peter-evans/create-pull-request#3018 build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in peter-evans/create-pull-request#3019 build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot in peter-evans/create-pull-request#3035 build(deps-dev): bump @types/node from 18.19.39 to 18.19.41 by @dependabot in peter-evans/create-pull-request#3037 build(deps): bump undici from 6.19.2 to 6.19.4 by @dependabot in peter-evans/create-pull-request#3036 build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @dependabot in peter-evans/create-pull-request#3038 build(deps-dev): bump @types/node from 18.19.41 to 18.19.42 by @dependabot in peter-evans/create-pull-request#3070 build(deps): bump undici from 6.19.4 to 6.19.5 by @dependabot in peter-evans/create-pull-request#3086 build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot in peter-evans/create-pull-request#3087 build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @dependabot in peter-evans/create-pull-request#3088 build(deps): bump undici from 6.19.5 to 6.19.7 by @dependabot in peter-evans/create-pull-request#3145 build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot in peter-evans/create-pull-request#3144 Update distribution by @actions-bot in peter-evans/create-pull-request#3154 build(deps): bump undici from 6.19.7 to 6.19.8 by @dependabot in peter-evans/create-pull-request#3213 build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot in peter-evans/create-pull-request#3214 Update distribution by @actions-bot in peter-evans/create-pull-request#3221 build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by @dependabot in peter-evans/create-pull-request#3255 build(deps-dev): bump @types/node from 18.19.45 to 18.19.46 by @dependabot in peter-evans/create-pull-request#3254 build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @dependabot in peter-evans/create-pull-request#3256 v7 - signed commits by @peter-evans in peter-evans/create-pull-request#3057 New Contributors @rustycl0ck made their first contribution in peter-evans/create-pull-request#3057 Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0 Create Pull Request v6.1.0 ✨ Adds pull-request-branch as an action output. What's Changed ... (truncated) Commits 271a8d0 fix: suppress output for some git operations (#3776) 6f7efd1 test: update cpr-example-command 13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754) 63e5829 build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753) a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752) b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751) dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744) 367180c ci: remove testv5 cmd 25575a1 build: update distribution (#3736) a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions Reviewed-by: Vladimir Vshivkov
vladimirvshivkov
added a commit
to opentelekomcloud-infra/system-config
that referenced
this pull request
May 21, 2025
….yaml adding users to base (#1248) adding users to base Reviewed-by: Vladimir Vshivkov Addition of docker check of dependabot for system-config repository on daily bases (#1255) 1254 - Addition of docker check of dependabot for system-config repository Addapted dependabot.yaml for docker check on daily bases closes #1254 Reviewed-by: Vladimir Vshivkov chore: update helm chart dependencies (#1257) Update helm chart dependencies Helm Chart Dependencies Updates victoria-metrics-cluster (victoria-metrics-cluster) victoria-metrics-cluster: 0.21.0 → 0.22.1 kube-prometheus-stack (kube-prometheus-stack) kube-prometheus-stack: 72.3.0 → 72.5.0 victoria-metrics-auth (victoria-metrics-auth) victoria-metrics-auth: 0.13.0 → 0.14.1 Automatically created PR for helm chart dependencies updates. Please check before merge! Reviewed-by: Vladimir Vshivkov Enhance dependabot configuration to include GitHub Actions and update scheduling for Helm and Docker. Added daily checks at 09:00 for all specified ecosystems. (#1258) Enhance dependabot configuration to include GitHub Actions and update scheduling for Helm and Docker. Added daily checks at 09:00 for all specified ecosystems. Reviewed-by: Vladimir Hasko <vladimirhasko@gmail.com> Bump the all-actions group with 4 updates (#1260) Bump the all-actions group with 4 updates Bumps the all-actions group with 4 updates: actions/checkout, azure/setup-helm, actions/setup-python and peter-evans/create-pull-request. Updates actions/checkout from 3 to 4 Release notes Sourced from actions/checkout's releases. v4.0.0 What's Changed Update default runtime to node20 by @takost in actions/checkout#1436 Support fetching without the --progress option by @simonbaird in actions/checkout#1067 Release 4.0.0 by @takost in actions/checkout#1447 New Contributors @takost made their first contribution in actions/checkout#1436 @simonbaird made their first contribution in actions/checkout#1067 Full Changelog: actions/checkout@v3...v4.0.0 v3.6.0 What's Changed Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377 Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579 Release 3.6.0 by @luketomlinson in actions/checkout#1437 New Contributors @RobertWieczoreck made their first contribution in actions/checkout#579 @luketomlinson made their first contribution in actions/checkout#1437 Full Changelog: actions/checkout@v3.5.3...v3.6.0 v3.5.3 What's Changed Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196 Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287 Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369 Release v3.5.3 by @TingluoHuang in actions/checkout#1376 New Contributors @megamanics made their first contribution in actions/checkout#1196 @DimitriPapadopoulos made their first contribution in actions/checkout#1287 @dfdez made their first contribution in actions/checkout#1369 Full Changelog: actions/checkout@v3...v3.5.3 v3.5.2 What's Changed Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr Full Changelog: actions/checkout@v3.5.1...v3.5.2 v3.5.1 What's Changed Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246 New Contributors @BrettDong made their first contribution in actions/checkout#1246 ... (truncated) Changelog Sourced from actions/checkout's changelog. Changelog v4.2.2 url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941 Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946 v4.2.1 Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924 v4.2.0 Add Ref and Commit outputs by @lucacome in actions/checkout#1180 Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872 v4.1.7 Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739 Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697 Check out other refs/* by commit by @orhantoy in actions/checkout#1774 Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776 v4.1.6 Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732 v4.1.5 Update NPM dependencies by @cory-miller in actions/checkout#1703 Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694 Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696 Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695 README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707 v4.1.4 Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692 Add dependabot config by @cory-miller in actions/checkout#1688 Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693 Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643 v4.1.3 Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656 Add SSH user parameter by @cory-miller in actions/checkout#1685 Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650 v4.1.2 Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598 v4.1.1 Correct link to GitHub Docs by @peterbe in actions/checkout#1511 Link to release page from what's new section by @cory-miller in actions/checkout#1514 v4.1.0 Add support for partial checkout filters ... (truncated) Commits 11bd719 Prepare 4.2.2 Release (#1953) e3d2460 Expand unit test coverage (#1946) 163217d url-helper.ts now leverages well-known environment variables. (#1941) eef6144 Prepare 4.2.1 release (#1925) 6b42224 Add workflow file for publishing releases to immutable action package (#1919) de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924) d632683 Prepare 4.2.0 release (#1878) 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777) db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872) b684943 Add Ref and Commit outputs (#1180) Additional commits viewable in compare view Updates azure/setup-helm from 3 to 4 Release notes Sourced from azure/setup-helm's releases. v4.0.0 v3.5 release Bump @actions/core version to remove output warning. v3.4 release Improves the querying method to find the latest Helm release. Takes advantage of new GitHub api changes. v3.3 release Add token input. Needed for fetching latest v3.1 release Swap to GraphQL GitHub API Changelog Sourced from azure/setup-helm's changelog. Change Log [4.3.0] - 2025-02-15 [4.2.0] - 2024-04-15 [4.1.0] - 2024-03-01 [4.0.0] - 2024-02-12 Commits b9e5190 build 0e8654b Release setup-helm version 4.3.0 (#162) b48e1df feat: log when restoring from cache (#152) 855ae7a Bump the actions group across 1 directory with 3 updates (#159) 124c6d8 Dependencies Update (#157) 048f4e7 Bump the actions group across 1 directory with 2 updates (#151) 8618769 Bump the actions group across 1 directory with 4 updates (#149) 4eb898e Bump the actions group across 1 directory with 2 updates (#145) 7a2001c Bump the actions group across 1 directory with 2 updates (#143) e90c86c Bump the actions group across 1 directory with 9 updates (#141) Additional commits viewable in compare view Updates actions/setup-python from 4 to 5 Release notes Sourced from actions/setup-python's releases. v5.0.0 What's Changed In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions. Full Changelog: actions/setup-python@v4.8.0...v5.0.0 v4.9.1 What's Changed Add workflow file for publishing releases to immutable action package by @aparnajyothi-y in actions/setup-python#1084 Full Changelog: actions/setup-python@v4...v4.9.1 v4.9.0 What's Changed Upgrade actions/cache to 4.0.3 by @priya-kinthali in actions/setup-python#1073 In scope of this release we updated actions/cache package to ensure continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache. Full Changelog: actions/setup-python@v4.8.0...v4.9.0 v4.8.0 What's Changed In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy: steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 'graalpy-22.3' - run: python my_script.py Besides, the release contains such changes as: Trim python version when reading from file by @FerranPares in actions/setup-python#628 Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724 Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723 Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743 advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729 Examples now use checkout@v4 by @simonw in actions/setup-python#738 Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761 New Contributors @FerranPares made their first contribution in actions/setup-python#628 @timfel made their first contribution in actions/setup-python#694 @jeffwidman made their first contribution in actions/setup-python#724 Full Changelog: actions/setup-python@v4...v4.8.0 ... (truncated) Commits a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081) 30eafe9 Bump prettier from 2.8.8 to 3.5.3 (#1046) 5d95bc1 Bump semver and @types/semver (#1091) 6ed2c67 Fix for Candidate Not Iterable Error (#1082) e348410 Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (#1065) 8d9ed9a Add e2e Testing for free threaded and Bump @action/cache from 4.0.0 to 4.0.3 ... 19e4675 Add support for .tool-versions file in setup-python (#1043) 6fd11e1 Bump @actions/glob from 0.4.0 to 0.5.0 (#1015) 9e62be8 Support free threaded Python versions like '3.13t' (#973) 6ca8e85 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1016) Additional commits viewable in compare view Updates peter-evans/create-pull-request from 5 to 7 Release notes Sourced from peter-evans/create-pull-request's releases. Create Pull Request v7.0.0 ✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖 Behaviour changes Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch. The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried. The pull-request-operation output now returns none when no operation was executed. Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead. What's new The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details. Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation. A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action. A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified. What's Changed build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot in peter-evans/create-pull-request#3000 build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in peter-evans/create-pull-request#3008 build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot in peter-evans/create-pull-request#3018 build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in peter-evans/create-pull-request#3019 build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot in peter-evans/create-pull-request#3035 build(deps-dev): bump @types/node from 18.19.39 to 18.19.41 by @dependabot in peter-evans/create-pull-request#3037 build(deps): bump undici from 6.19.2 to 6.19.4 by @dependabot in peter-evans/create-pull-request#3036 build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @dependabot in peter-evans/create-pull-request#3038 build(deps-dev): bump @types/node from 18.19.41 to 18.19.42 by @dependabot in peter-evans/create-pull-request#3070 build(deps): bump undici from 6.19.4 to 6.19.5 by @dependabot in peter-evans/create-pull-request#3086 build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot in peter-evans/create-pull-request#3087 build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @dependabot in peter-evans/create-pull-request#3088 build(deps): bump undici from 6.19.5 to 6.19.7 by @dependabot in peter-evans/create-pull-request#3145 build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot in peter-evans/create-pull-request#3144 Update distribution by @actions-bot in peter-evans/create-pull-request#3154 build(deps): bump undici from 6.19.7 to 6.19.8 by @dependabot in peter-evans/create-pull-request#3213 build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot in peter-evans/create-pull-request#3214 Update distribution by @actions-bot in peter-evans/create-pull-request#3221 build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by @dependabot in peter-evans/create-pull-request#3255 build(deps-dev): bump @types/node from 18.19.45 to 18.19.46 by @dependabot in peter-evans/create-pull-request#3254 build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @dependabot in peter-evans/create-pull-request#3256 v7 - signed commits by @peter-evans in peter-evans/create-pull-request#3057 New Contributors @rustycl0ck made their first contribution in peter-evans/create-pull-request#3057 Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0 Create Pull Request v6.1.0 ✨ Adds pull-request-branch as an action output. What's Changed ... (truncated) Commits 271a8d0 fix: suppress output for some git operations (#3776) 6f7efd1 test: update cpr-example-command 13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754) 63e5829 build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753) a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752) b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751) dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744) 367180c ci: remove testv5 cmd 25575a1 build: update distribution (#3736) a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions Reviewed-by: Vladimir Vshivkov
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a worktree is reused by
actions/checkoutand the first time sparse checkout was enabled, we need to ensure that the second time it is only a sparse checkout if explicitly asked for. Otherwise we need to disable the sparse checkout so that a full checkout is the outcome of this Action.This fixes #1475