Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update all non-major dependencies #187

Merged
merged 1 commit into from
Sep 18, 2024
Merged

chore(deps): update all non-major dependencies #187

merged 1 commit into from
Sep 18, 2024

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Feb 1, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v4.1.1 -> v4.1.7
actions/setup-go action patch v5.0.0 -> v5.0.2
github/codeql-action action minor v2.23.0 -> v2.26.7
ossf/scorecard-action action minor v2.3.1 -> v2.4.0
step-security/harden-runner action minor v2.6.1 -> v2.10.1

Release Notes

actions/checkout (actions/checkout)

v4.1.7

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

What's Changed

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

Compare Source

v4.1.3

Compare Source

What's Changed

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

Compare Source

actions/setup-go (actions/setup-go)

v5.0.2

Compare Source

v5.0.1

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

github/codeql-action (github/codeql-action)

v2.26.7

Compare Source

v2.26.6

Compare Source

v2.26.5

Compare Source

v2.26.4

Compare Source

v2.26.3

Compare Source

v2.26.2

Compare Source

v2.26.1

Compare Source

v2.26.0

Compare Source

v2.25.15

Compare Source

v2.25.14

Compare Source

v2.25.13

Compare Source

v2.25.12

Compare Source

v2.25.11

Compare Source

v2.25.10

Compare Source

v2.25.9

Compare Source

v2.25.8

Compare Source

v2.25.7

Compare Source

v2.25.6

Compare Source

v2.25.5

Compare Source

v2.25.4

Compare Source

v2.25.3

Compare Source

v2.25.2

Compare Source

v2.25.1

Compare Source

v2.25.0

Compare Source

v2.24.11

Compare Source

v2.24.10

Compare Source

v2.24.9

Compare Source

v2.24.8

Compare Source

v2.24.7

Compare Source

v2.24.6

Compare Source

v2.24.5

Compare Source

v2.24.4

Compare Source

v2.24.3

Compare Source

v2.24.2

Compare Source

v2.24.1

Compare Source

v2.24.0

Compare Source

v2.23.2

Compare Source

v2.23.1

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source

step-security/harden-runner (step-security/harden-runner)

v2.10.1

Compare Source

What's Changed

Release v2.10.1 by @​varunsh-coder in https://github.com/step-security/harden-runner/pull/463
Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

v2.10.0

Compare Source

What's Changed

Release v2.10.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

v2.9.1

Compare Source

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #​440
This release includes two changes:

  1. Updated markdown displayed in the job summary by the Harden-Runner Action.
  2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

v2.8.1

Compare Source

What's Changed

Full Changelog: step-security/harden-runner@v2...v2.8.1

v2.8.0

Compare Source

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/416
This release includes:

  • File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
  • Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

Compare Source

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

  • Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
  • Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
  • Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

v2.7.0

Compare Source

What's Changed

Release 2.7.0 by @​varunsh-coder and @​h0x0er in https://github.com/step-security/harden-runner/pull/376
This release:

  1. Updates the node runtime to node20
  2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners

Full Changelog: step-security/harden-runner@v2...v2.7.0

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 0b5d957 to 5254c60 Compare February 1, 2024 01:18
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 5254c60 to 3d3c4cf Compare February 2, 2024 22:58
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 8a2fadb to 046982c Compare February 15, 2024 16:30
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 2c6c170 to 24b298f Compare February 23, 2024 12:27
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 24b298f to 68b0012 Compare March 1, 2024 14:34
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from a78ed13 to 48c73c0 Compare March 18, 2024 16:45
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 48c73c0 to b61333c Compare March 22, 2024 12:30
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from b61333c to 9658214 Compare April 5, 2024 17:35
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 7138786 to 2d88133 Compare April 22, 2024 15:16
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 9595595 to 4d6f387 Compare April 30, 2024 00:55
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 8143dcb to d8e3ef1 Compare May 8, 2024 21:46
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from fc3155a to 798bc30 Compare May 16, 2024 20:52
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 80244d2 to 51fe751 Compare May 22, 2024 03:32
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 51fe751 to edbd9f1 Compare May 31, 2024 13:10
@HKWinterhalter HKWinterhalter removed their assignment Jun 3, 2024
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from bcfbc41 to 4da3384 Compare June 13, 2024 15:42
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 4da3384 to 9aee17b Compare June 28, 2024 18:02
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 40c7da3 to d5cecbf Compare July 12, 2024 10:10
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 1a35a0d to 9c93da1 Compare July 25, 2024 10:58
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 9c93da1 to acf752b Compare July 26, 2024 17:05
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from acf752b to 119651a Compare August 6, 2024 00:47
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 9bd69e0 to ce6776e Compare August 19, 2024 18:47
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 5c39020 to 5be91ee Compare August 24, 2024 01:33
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 5be91ee to 1312834 Compare August 29, 2024 12:13
@renovate-bot renovate-bot force-pushed the renovate/all-minor-patch branch from 1312834 to e4118cc Compare September 18, 2024 01:35
@jrmfg jrmfg added the automerge Summon MOG for automerging label Sep 18, 2024
@jrmfg jrmfg assigned jrmfg and akerekes and unassigned akerekes and jrmfg Sep 18, 2024
@jrmfg jrmfg merged commit 1dc699f into GoogleCloudPlatform:main Sep 18, 2024
15 checks passed
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge Summon MOG for automerging label Sep 18, 2024
@release-please release-please bot mentioned this pull request Sep 18, 2024
Merged
@renovate-bot renovate-bot deleted the renovate/all-minor-patch branch September 18, 2024 22:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akerekes akerekes akerekes approved these changes

Assignees

@akerekes akerekes

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@renovate-bot @akerekes @HKWinterhalter @jrmfg