Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump @actions/artifact version #436

Merged
merged 3 commits into from
Sep 6, 2023
Merged

Bump @actions/artifact version #436

merged 3 commits into from
Sep 6, 2023

Conversation

bethanyj28
Copy link
Contributor

Updates vulnerable dependencies and the GHES error for 403s.

@bethanyj28 bethanyj28 marked this pull request as ready for review September 6, 2023 18:51
@bethanyj28 bethanyj28 requested a review from a team as a code owner September 6, 2023 18:51
@bethanyj28 bethanyj28 merged commit a8a3f3a into actions:main Sep 6, 2023
7 checks passed
renovate bot referenced this pull request in trunk-io/trunk-action Sep 6, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

##### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/trunk-io/trunk-action).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
rpdelaney referenced this pull request in rpdelaney/uncolor Sep 7, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.0` -> `v3.6.0` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fcheckout/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fcheckout/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fcheckout/v3.5.0/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fcheckout/v3.5.0/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.1` -> `v3.1.3` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fupload-artifact/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fupload-artifact/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fupload-artifact/v3.1.1/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fupload-artifact/v3.1.1/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [black](https://togithub.com/psf/black)
([changelog](https://togithub.com/psf/black/blob/main/CHANGES.md)) |
dev-dependencies | minor | `23.3.0` -> `23.7.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/black/23.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/black/23.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/black/23.3.0/23.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/23.3.0/23.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [flake8-bugbear](https://togithub.com/PyCQA/flake8-bugbear#change-log)
([changelog](https://togithub.com/PyCQA/flake8-bugbear#change-log)) |
dev-dependencies | minor | `23.3.12` -> `23.7.10` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/flake8-bugbear/23.7.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/flake8-bugbear/23.7.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/flake8-bugbear/23.3.12/23.7.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/flake8-bugbear/23.3.12/23.7.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [isort](https://pycqa.github.io/isort/)
([source](https://togithub.com/pycqa/isort),
[changelog](https://togithub.com/pycqa/isort/blob/main/CHANGELOG.md)) |
dev-dependencies | minor | `5.11.5` -> `5.12.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/isort/5.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/isort/5.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/isort/5.11.5/5.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/isort/5.11.5/5.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [mypy](https://www.mypy-lang.org/)
([source](https://togithub.com/python/mypy),
[changelog](https://mypy-lang.blogspot.com/)) | dev-dependencies | minor
| `1.4.1` -> `1.5.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/mypy/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/mypy/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/mypy/1.4.1/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/mypy/1.4.1/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

###
[`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3)

- [Fix: Checkout fail in self-hosted runners when faulty submodule are
checked-in](https://togithub.com/actions/checkout/pull/1196)
- [Fix typos found by
codespell](https://togithub.com/actions/checkout/pull/1287)
- [Add support for sparse
checkouts](https://togithub.com/actions/checkout/pull/1369)

###
[`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2)

- [Fix api endpoint for
GHES](https://togithub.com/actions/checkout/pull/1289)

###
[`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1)

- [Fix slow checkout on
Windows](https://togithub.com/actions/checkout/pull/1246)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)

- Update all `@actions/*` NPM packages to their latest versions-
[#&#8203;374](https://togithub.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#&#8203;375](https://togithub.com/actions/upload-artifact/issues/375)

</details>

<details>
<summary>psf/black (black)</summary>

###
[`v23.7.0`](https://togithub.com/psf/black/blob/HEAD/CHANGES.md#2370)

[Compare Source](https://togithub.com/psf/black/compare/23.3.0...23.7.0)

##### Highlights

- Runtime support for Python 3.7 has been removed. Formatting 3.7 code
will still be
supported until further notice
([#&#8203;3765](https://togithub.com/psf/black/issues/3765))

##### Stable style

- Fix a bug where an illegal trailing comma was added to return type
annotations using
PEP 604 unions
([#&#8203;3735](https://togithub.com/psf/black/issues/3735))
- Fix several bugs and crashes where comments in stub files were removed
or mishandled
under some circumstances
([#&#8203;3745](https://togithub.com/psf/black/issues/3745))
- Fix a crash with multi-line magic comments like `type: ignore` within
parentheses
    ([#&#8203;3740](https://togithub.com/psf/black/issues/3740))
- Fix error in AST validation when *Black* removes trailing whitespace
in a type comment
    ([#&#8203;3773](https://togithub.com/psf/black/issues/3773))

##### Preview style

- Implicitly concatenated strings used as function args are no longer
wrapped inside
parentheses ([#&#8203;3640](https://togithub.com/psf/black/issues/3640))
- Remove blank lines between a class definition and its docstring
([#&#8203;3692](https://togithub.com/psf/black/issues/3692))

##### Configuration

- The `--workers` argument to *Black* can now be specified via the
`BLACK_NUM_WORKERS`
environment variable
([#&#8203;3743](https://togithub.com/psf/black/issues/3743))
- `.pytest_cache`, `.ruff_cache` and `.vscode` are now excluded by
default ([#&#8203;3691](https://togithub.com/psf/black/issues/3691))
- Fix *Black* not honouring `pyproject.toml` settings when running
`--stdin-filename`
and the `pyproject.toml` found isn't in the current working directory
([#&#8203;3719](https://togithub.com/psf/black/issues/3719))
- *Black* will now error if `exclude` and `extend-exclude` have invalid
data types in
`pyproject.toml`, instead of silently doing the wrong thing
([#&#8203;3764](https://togithub.com/psf/black/issues/3764))

##### Packaging

- Upgrade mypyc from 0.991 to 1.3
([#&#8203;3697](https://togithub.com/psf/black/issues/3697))
- Remove patching of Click that mitigated errors on Python 3.6 with
`LANG=C` ([#&#8203;3768](https://togithub.com/psf/black/issues/3768))

##### Parser

- Add support for the new PEP 695 syntax in Python 3.12
([#&#8203;3703](https://togithub.com/psf/black/issues/3703))

##### Performance

- Speed up *Black* significantly when the cache is full
([#&#8203;3751](https://togithub.com/psf/black/issues/3751))
- Avoid importing `IPython` in a case where we wouldn't need it
([#&#8203;3748](https://togithub.com/psf/black/issues/3748))

##### Output

- Use aware UTC datetimes internally, avoids deprecation warning on
Python 3.12 ([#&#8203;3728](https://togithub.com/psf/black/issues/3728))
- Change verbose logging to exactly mirror *Black*'s logic for source
discovery ([#&#8203;3749](https://togithub.com/psf/black/issues/3749))

##### *Blackd*

- The `blackd` argument parser now shows the default values for options
in their help
    text ([#&#8203;3712](https://togithub.com/psf/black/issues/3712))

##### Integrations

-   Black is now tested with
[`PYTHONWARNDEFAULTENCODING =
1`](https://docs.python.org/3/library/io.html#io-encoding-warning)
    ([#&#8203;3763](https://togithub.com/psf/black/issues/3763))
- Update GitHub Action to display black output in the job summary
([#&#8203;3688](https://togithub.com/psf/black/issues/3688))

##### Documentation

- Add a CITATION.cff file to the root of the repository, containing
metadata on how to
cite this software
([#&#8203;3723](https://togithub.com/psf/black/issues/3723))
- Update the *classes* and *exceptions* documentation in Developer
reference to match
the latest code base
([#&#8203;3755](https://togithub.com/psf/black/issues/3755))

</details>

<details>
<summary>PyCQA/flake8-bugbear (flake8-bugbear)</summary>

###
[`v23.7.10`](https://togithub.com/PyCQA/flake8-bugbear/releases/tag/23.7.10)

[Compare
Source](https://togithub.com/PyCQA/flake8-bugbear/compare/23.6.5...23.7.10)

- Add B034: re.sub/subn/split must pass flags/count/maxsplit as keyword
arguments.
- Fix a crash and several test failures on Python 3.12, all relating to
the B907
    check.
-   Declare support for Python 3.12.

###
[`v23.6.5`](https://togithub.com/PyCQA/flake8-bugbear/releases/tag/23.6.5)

[Compare
Source](https://togithub.com/PyCQA/flake8-bugbear/compare/23.5.9...23.6.5)

- Include tox.ini in MANIFEST.in for sdist.
([#&#8203;389](https://togithub.com/PyCQA/flake8-bugbear/issues/389))
- Improve B033 (duplicate set items)
([#&#8203;385](https://togithub.com/PyCQA/flake8-bugbear/issues/385))

###
[`v23.5.9`](https://togithub.com/PyCQA/flake8-bugbear/releases/tag/23.5.9)

[Compare
Source](https://togithub.com/PyCQA/flake8-bugbear/compare/23.3.23...23.5.9)

-   Add B033: Detect duplicate items in sets
- Add B908: Detect assertRauses like contexts only has top level
statements that could throw
- Add B028: Allow stacklevel to be explicitly assigned as a positional
argument
-   Remove more < 3.8 checks / assertions

###
[`v23.3.23`](https://togithub.com/PyCQA/flake8-bugbear/releases/tag/23.3.23)

[Compare
Source](https://togithub.com/PyCQA/flake8-bugbear/compare/23.3.12...23.3.23)

-   flake8-bugbear is now >= 3.8.1 project like flake8>=6.0.0
- This has allowed some more modern AST usage cleanup and less CI
running etc.
- B030: Fix crash on certain unusual except handlers (e.g. `except
a[0].b:`)

</details>

<details>
<summary>pycqa/isort (isort)</summary>

###
[`v5.12.0`](https://togithub.com/pycqa/isort/blob/HEAD/CHANGELOG.md#5120-January-28-2023)

[Compare
Source](https://togithub.com/pycqa/isort/compare/5.11.5...5.12.0)

-   Removed support for Python 3.7
    -   Fixed incompatiblity with latest poetry version
    -   Added support for directory limitations within built in git hook

</details>

<details>
<summary>python/mypy (mypy)</summary>

### [`v1.5.1`](https://togithub.com/python/mypy/compare/v1.5.0...v1.5.1)

[Compare
Source](https://togithub.com/python/mypy/compare/v1.5.0...v1.5.1)

### [`v1.5.0`](https://togithub.com/python/mypy/compare/v1.4.1...v1.5.0)

[Compare
Source](https://togithub.com/python/mypy/compare/v1.4.1...v1.5.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekday,after 9am and before
5pm" in timezone America/Los_Angeles, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/rpdelaney/uncolor).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
another-rex referenced this pull request in google/osv-scanner Sep 11, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | digest | `4c0219f` -> `885d146` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.21.4` -> `v2.21.5` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v4.3.0` -> `v4.6.0` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.8.0` -> `v1.9.0` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v4.6.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.6.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.5.0...v4.6.0)

Reverts the change to `node20` runtime.

**Full Changelog**:
goreleaser/goreleaser-action@v4.5.0...v4.6.0

###
[`v4.5.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.5.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.4.0...v4.5.0)

#### What's Changed

- chore(deps): bump word-wrap from 1.2.3 to 1.2.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/427](https://togithub.com/goreleaser/goreleaser-action/pull/427)
- feat: bump to use node20 runtime, actions/checkout to v4 by
[@&#8203;kbdharun](https://togithub.com/kbdharun) in
[https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430)

#### New Contributors

- [@&#8203;kbdharun](https://togithub.com/kbdharun) made their first
contribution in
[https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430)

**Full Changelog**:
goreleaser/goreleaser-action@v4.4.0...v4.5.0

###
[`v4.4.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.4.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.3.0...v4.4.0)

##### What's Changed

- chore(deps): bump semver from 7.5.0 to 7.5.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/417](https://togithub.com/goreleaser/goreleaser-action/pull/417)
- feat: support oss nightlies by
[@&#8203;caarlos0](https://togithub.com/caarlos0) in
[https://github.com/goreleaser/goreleaser-action/pull/424](https://togithub.com/goreleaser/goreleaser-action/pull/424)

**Full Changelog**:
goreleaser/goreleaser-action@v4.3.0...v4.4.0

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.9.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v190)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

Release \[v1.9.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0).

##### v1.9.0: BYOB framework (beta)

- **New**: A [new
framework](https://togithub.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md)
to turn GitHub Actions into SLSA compliant builders.

##### v1.9.0: Maven builder (beta)

- **New**: A [Maven
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven)
to build Java projects and publish to Maven central.

##### v1.9.0: Gradle builder (beta)

- **New**: A [Gradle
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle)
to build Java projects and publish to Maven central.

##### v1.9.0: JReleaser builder

- **New**: A [JReleaser
builder](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java)
that wraps the official [JReleaser
Action](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
michaelkedar referenced this pull request in google/osv.dev Sep 11, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.20.1` -> `v2.21.5` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.8` -> `v1.8.10` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.10`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.10)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10)

#### 🐛 What's Fixed

[@&#8203;woodruffw](https://togithub.com/woodruffw) fixed decoding OIDC
claims in debug output on failure by applying correct padding to the
encoded payload via
[https://github.com/pypa/gh-action-pypi-publish/pull/177](https://togithub.com/pypa/gh-action-pypi-publish/pull/177).

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.9...v1.8.10

###
[`v1.8.9`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.9)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9)

#### 💅 Cosmetic output improvements

- [@&#8203;woodruffw](https://togithub.com/woodruffw) added debug output
to the trusted publishing OIDC exchange on failures in
[https://github.com/pypa/gh-action-pypi-publish/pull/174](https://togithub.com/pypa/gh-action-pypi-publish/pull/174)
- [@&#8203;woodruffw](https://togithub.com/woodruffw) implemented
Markdown semantic callouts in README via
[https://github.com/pypa/gh-action-pypi-publish/pull/175](https://togithub.com/pypa/gh-action-pypi-publish/pull/175)

#### 🛠️ Internal dependencies

- Certifi was bumped from 2023.5.7 to 2023.7.22
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/171](https://togithub.com/pypa/gh-action-pypi-publish/pull/171)ll/171
- Cryptography was bumped from 41.0.2 to 41.0.3
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/172](https://togithub.com/pypa/gh-action-pypi-publish/pull/172)ll/172

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.8...v1.8.9

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi42OC4xIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
TylerJang27 referenced this pull request in trunk-io/plugins Sep 11, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
| [@jest/console](https://togithub.com/jestjs/jest) | [`29.6.2` ->
`29.6.4`](https://renovatebot.com/diffs/npm/@jest%2fconsole/29.6.2/29.6.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@jest%2fconsole/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@jest%2fconsole/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@jest%2fconsole/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@jest%2fconsole/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [@jest/reporters](https://jestjs.io/)
([source](https://togithub.com/jestjs/jest)) | [`29.6.2` ->
`29.6.4`](https://renovatebot.com/diffs/npm/@jest%2freporters/29.6.2/29.6.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@jest%2freporters/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@jest%2freporters/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@jest%2freporters/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@jest%2freporters/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [@jest/test-result](https://togithub.com/jestjs/jest) | [`29.6.2` ->
`29.6.4`](https://renovatebot.com/diffs/npm/@jest%2ftest-result/29.6.2/29.6.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@jest%2ftest-result/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@jest%2ftest-result/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@jest%2ftest-result/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@jest%2ftest-result/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`29.5.3` ->
`29.5.4`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.3/29.5.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.3/29.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.3/29.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`18.17.6` ->
`18.17.15`](https://renovatebot.com/diffs/npm/@types%2fnode/18.17.6/18.17.15)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.17.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.17.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.17.6/18.17.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.17.6/18.17.15?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [actions/cache](https://togithub.com/actions/cache) | `v3.3.1` ->
`v3.3.2` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fcache/v3.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fcache/v3.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fcache/v3.3.1/v3.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fcache/v3.3.1/v3.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [actions/checkout](https://togithub.com/actions/checkout) | `v3.5.3`
-> `v3.6.0` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fcheckout/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fcheckout/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fcheckout/v3.5.3/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fcheckout/v3.5.3/v3.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | minor |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| `v3.1.2` -> `v3.1.3` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fupload-artifact/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fupload-artifact/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fupload-artifact/v3.1.2/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fupload-artifact/v3.1.2/v3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [eslint](https://eslint.org)
([source](https://togithub.com/eslint/eslint)) | [`8.47.0` ->
`8.49.0`](https://renovatebot.com/diffs/npm/eslint/8.47.0/8.49.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.49.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.49.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.47.0/8.49.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.47.0/8.49.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v2.21.4` -> `v2.21.5` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.21.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.21.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.21.4/v2.21.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.21.4/v2.21.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [jest](https://jestjs.io/)
([source](https://togithub.com/jestjs/jest)) | [`29.6.2` ->
`29.6.4`](https://renovatebot.com/diffs/npm/jest/29.6.2/29.6.4) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/jest/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jest/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jest/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jest/29.6.2/29.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [typescript](https://www.typescriptlang.org/)
([source](https://togithub.com/Microsoft/TypeScript)) | [`5.1.6` ->
`5.2.2`](https://renovatebot.com/diffs/npm/typescript/5.1.6/5.2.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/typescript/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typescript/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typescript/5.1.6/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript/5.1.6/5.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [yaml](https://eemeli.org/yaml/)
([source](https://togithub.com/eemeli/yaml)) | [`2.3.1` ->
`2.3.2`](https://renovatebot.com/diffs/npm/yaml/2.3.1/2.3.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.1/2.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.1/2.3.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |

---

### Release Notes

<details>
<summary>jestjs/jest (@&#8203;jest/console)</summary>

###
[`v29.6.4`](https://togithub.com/jestjs/jest/blob/HEAD/CHANGELOG.md#2964)

[Compare
Source](https://togithub.com/jestjs/jest/compare/v29.6.3...v29.6.4)

##### Fixes

- `[jest-core]` Fix typo in `scheduleAndRun` performance marker
([#&#8203;14434](https://togithub.com/jestjs/jest/pull/14434))
- `[jest-environment-node]` Make sure `atob` and `btoa` are writeable in
Node 20 ([#&#8203;14446](https://togithub.com/jestjs/jest/pull/14446))
- `[jest-worker]` Additional error wrapper for `parentPort.postMessage`
to fix unhandled `DataCloneError`.
([#&#8203;14437](https://togithub.com/jestjs/jest/pull/14437))

###
[`v29.6.3`](https://togithub.com/jestjs/jest/blob/HEAD/CHANGELOG.md#2963)

[Compare
Source](https://togithub.com/jestjs/jest/compare/v29.6.2...v29.6.3)

##### Fixes

- `[expect, @&#8203;jest/expect-utils]` `ObjectContaining` support
`sumbol` as key
([#&#8203;14414](https://togithub.com/jestjs/jest/pull/14414))
- `[expect]` Remove `@types/node` from dependencies
([#&#8203;14385](https://togithub.com/jestjs/jest/pull/14385))
- `[jest-core]` Use workers in watch mode by default to avoid crashes
([#&#8203;14059](https://togithub.com/facebook/jest/pull/14059) &
[#&#8203;14085](https://togithub.com/facebook/jest/pull/14085)).
- `[jest-reporters]` Update `istanbul-lib-instrument` dependency to v6.
([#&#8203;14401](https://togithub.com/jestjs/jest/pull/14401))
- `[jest-mock]` Revert
[#&#8203;13692](https://togithub.com/jestjs/jest/pull/13692) as it was a
breaking change
([#&#8203;14429](https://togithub.com/jestjs/jest/pull/14429))
- `[jest-mock]` Revert
[#&#8203;13866](https://togithub.com/jestjs/jest/pull/13866) as it was a
breaking change
([#&#8203;14429](https://togithub.com/jestjs/jest/pull/14429))
- `[jest-mock]` Revert
[#&#8203;13867](https://togithub.com/jestjs/jest/pull/13867) as it was a
breaking change
([#&#8203;14429](https://togithub.com/jestjs/jest/pull/14429))
- `[@jest/reporters]` Marks Reporter's hooks as optional
([#&#8203;14433](https://togithub.com/jestjs/jest/pull/14433))
- `[jest-runtime]` Fix dynamic ESM import module bug when loaded module
through `jest.isolateModulesAsync`
([#&#8203;14397](https://togithub.com/jestjs/jest/pull/14397))

##### Chore & Maintenance

- `[jest-changed-files, jest-circus, jest-console, @&#8203;jest/core,
@&#8203;jest/runtime, @&#8203;jest/transform]` Use `invariant` and
`notEmpty` from `jest-util` rather than own internal
([#&#8203;14366](https://togithub.com/jestjs/jest/pull/14366))

</details>

<details>
<summary>actions/cache (actions/cache)</summary>

### [`v3.3.2`](https://togithub.com/actions/cache/releases/tag/v3.3.2)

[Compare
Source](https://togithub.com/actions/cache/compare/v3.3.1...v3.3.2)

##### What's Changed

- Fixed readme with new segment timeout values by
[@&#8203;kotewar](https://togithub.com/kotewar) in
[https://github.com/actions/cache/pull/1133](https://togithub.com/actions/cache/pull/1133)
- Readme fixes by [@&#8203;kotewar](https://togithub.com/kotewar) in
[https://github.com/actions/cache/pull/1134](https://togithub.com/actions/cache/pull/1134)
- Updated description of the lookup-only input for main action by
[@&#8203;kotewar](https://togithub.com/kotewar) in
[https://github.com/actions/cache/pull/1130](https://togithub.com/actions/cache/pull/1130)
- Change two new actions mention as quoted text by
[@&#8203;bishal-pdMSFT](https://togithub.com/bishal-pdMSFT) in
[https://github.com/actions/cache/pull/1131](https://togithub.com/actions/cache/pull/1131)
- Update Cross-OS Caching tips by
[@&#8203;pdotl](https://togithub.com/pdotl) in
[https://github.com/actions/cache/pull/1122](https://togithub.com/actions/cache/pull/1122)
- Bazel example (Take
[#&#8203;2](https://togithub.com/actions/cache/issues/2)️⃣) by
[@&#8203;vorburger](https://togithub.com/vorburger) in
[https://github.com/actions/cache/pull/1132](https://togithub.com/actions/cache/pull/1132)
- Remove actions to add new PRs and issues to a project board by
[@&#8203;jorendorff](https://togithub.com/jorendorff) in
[https://github.com/actions/cache/pull/1187](https://togithub.com/actions/cache/pull/1187)
- Consume latest toolkit and fix dangling promise bug by
[@&#8203;chkimes](https://togithub.com/chkimes) in
[https://github.com/actions/cache/pull/1217](https://togithub.com/actions/cache/pull/1217)
- Bump action version to 3.3.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/cache/pull/1236](https://togithub.com/actions/cache/pull/1236)

##### New Contributors

- [@&#8203;vorburger](https://togithub.com/vorburger) made their first
contribution in
[https://github.com/actions/cache/pull/1132](https://togithub.com/actions/cache/pull/1132)
- [@&#8203;jorendorff](https://togithub.com/jorendorff) made their first
contribution in
[https://github.com/actions/cache/pull/1187](https://togithub.com/actions/cache/pull/1187)
- [@&#8203;chkimes](https://togithub.com/chkimes) made their first
contribution in
[https://github.com/actions/cache/pull/1217](https://togithub.com/actions/cache/pull/1217)
- [@&#8203;bethanyj28](https://togithub.com/bethanyj28) made their first
contribution in
[https://github.com/actions/cache/pull/1236](https://togithub.com/actions/cache/pull/1236)

**Full Changelog**: actions/cache@v3...v3.3.2

</details>

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

##### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>eslint/eslint (eslint)</summary>

### [`v8.49.0`](https://togithub.com/eslint/eslint/releases/tag/v8.49.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.48.0...v8.49.0)

#### Features

-
[`da09f4e`](https://togithub.com/eslint/eslint/commit/da09f4e641141f585ef611c6e9d63d4331054706)
feat: Implement onUnreachableCodePathStart/End
([#&#8203;17511](https://togithub.com/eslint/eslint/issues/17511))
(Nicholas C. Zakas)
-
[`32b2327`](https://togithub.com/eslint/eslint/commit/32b2327aafdd3b911fabab69ed75c9ff97658c60)
feat: Emit deprecation warnings in RuleTester
([#&#8203;17527](https://togithub.com/eslint/eslint/issues/17527))
(Nicholas C. Zakas)
-
[`acb7df3`](https://togithub.com/eslint/eslint/commit/acb7df35b9a7485f26bc6b3e1f9083d1c585dce9)
feat: add new `enforce` option to `lines-between-class-members`
([#&#8203;17462](https://togithub.com/eslint/eslint/issues/17462))
(Nitin Kumar)

#### Documentation

-
[`ecfb54f`](https://togithub.com/eslint/eslint/commit/ecfb54ff4cdd18f28b4f9b78f0a78fb4cf80f1b8)
docs: Update README (GitHub Actions Bot)
-
[`de86b3b`](https://togithub.com/eslint/eslint/commit/de86b3b2e58edd5826200c23255d8325abe375e1)
docs: update `no-promise-executor-return` examples
([#&#8203;17529](https://togithub.com/eslint/eslint/issues/17529))
(Nitin Kumar)
-
[`032c4b1`](https://togithub.com/eslint/eslint/commit/032c4b1476a7b8cfd917a66772d2221950ea87eb)
docs: add typescript template
([#&#8203;17500](https://togithub.com/eslint/eslint/issues/17500))
(James)
-
[`cd7da5c`](https://togithub.com/eslint/eslint/commit/cd7da5cc3154f86f7ca45fb58929d27a7af359ed)
docs: Update README (GitHub Actions Bot)

#### Chores

-
[`b7621c3`](https://togithub.com/eslint/eslint/commit/b7621c3b16cf7d5539f05336a827e1b32d95e6ac)
chore: remove browser test from `npm test`
([#&#8203;17550](https://togithub.com/eslint/eslint/issues/17550))
(Milos Djermanovic)
-
[`cac45d0`](https://togithub.com/eslint/eslint/commit/cac45d04b890b0700dd8908927300608adad05fe)
chore: upgrade
[@&#8203;eslint/js](https://togithub.com/eslint/js)[@&#8203;8](https://togithub.com/8).49.0
([#&#8203;17549](https://togithub.com/eslint/eslint/issues/17549))
(Milos Djermanovic)
-
[`cd39508`](https://togithub.com/eslint/eslint/commit/cd395082bffcb4b68efa09226d7c682cef56179e)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`203a971`](https://togithub.com/eslint/eslint/commit/203a971c0abc3a95ae02ff74104a01e569707060)
ci: bump actions/checkout from 3 to 4
([#&#8203;17530](https://togithub.com/eslint/eslint/issues/17530))
(dependabot\[bot])
-
[`a40fa50`](https://togithub.com/eslint/eslint/commit/a40fa509922b36bb986eb1be9394591f84f62d9e)
chore: use eslint-plugin-jsdoc's flat config
([#&#8203;17516](https://togithub.com/eslint/eslint/issues/17516))
(Milos Djermanovic)
-
[`926a286`](https://togithub.com/eslint/eslint/commit/926a28684282aeec37680bbc52a66973b8055f54)
test: replace Karma with Webdriver.IO
([#&#8203;17126](https://togithub.com/eslint/eslint/issues/17126))
(Christian Bromann)
-
[`f591d2c`](https://togithub.com/eslint/eslint/commit/f591d2c88bf15af72e3a207b34fa872b4b90464b)
chore: Upgrade config-array
([#&#8203;17512](https://togithub.com/eslint/eslint/issues/17512))
(Nicholas C. Zakas)

### [`v8.48.0`](https://togithub.com/eslint/eslint/releases/tag/v8.48.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.47.0...v8.48.0)

#### Features

-
[`1fbb3b0`](https://togithub.com/eslint/eslint/commit/1fbb3b0b477c814c0d179564fe495f4c50a451e9)
feat: correct update direction in `for-direction`
([#&#8203;17483](https://togithub.com/eslint/eslint/issues/17483))
(Francesco Trotta)
-
[`d73fbf2`](https://togithub.com/eslint/eslint/commit/d73fbf2228631d6c468cd24710e2579fe6cb70fd)
feat: rule tester do not create empty valid or invalid test suites
([#&#8203;17475](https://togithub.com/eslint/eslint/issues/17475)) (fnx)
-
[`ee2f718`](https://togithub.com/eslint/eslint/commit/ee2f718188d32e9888b1932fe6b9bd2a62c529a4)
feat: Allow `void` in rule `no-promise-executor-return`
([#&#8203;17282](https://togithub.com/eslint/eslint/issues/17282))
(nopeless)

#### Bug Fixes

-
[`7234f6a`](https://togithub.com/eslint/eslint/commit/7234f6a706a209aa2d79259110328752e9ae3928)
fix: update RuleTester JSDoc and deprecations
([#&#8203;17496](https://togithub.com/eslint/eslint/issues/17496))
(Jonas Berlin)

#### Documentation

-
[`7a51d77`](https://togithub.com/eslint/eslint/commit/7a51d77c0a066e461ff288568fdfee0e9539a2b5)
docs: no-param-reassign mention strict mode
([#&#8203;17494](https://togithub.com/eslint/eslint/issues/17494))
(Stephen Hardy)
-
[`9cd7ac2`](https://togithub.com/eslint/eslint/commit/9cd7ac2fdb6b1d71a9fb1b8297a478cafacbdafd)
docs: add `fetch` script to package.json conventions
([#&#8203;17459](https://togithub.com/eslint/eslint/issues/17459))
(Nitin Kumar)
-
[`cab21e6`](https://togithub.com/eslint/eslint/commit/cab21e64a8f79779c641178f825945958667c6e4)
docs: advice for inline disabling of rules
([#&#8203;17458](https://togithub.com/eslint/eslint/issues/17458))
(Ashish Yadav)
-
[`056499d`](https://togithub.com/eslint/eslint/commit/056499de31a139dbc965d18652b0b520e11b408d)
docs: fix example of flat config from plugin
([#&#8203;17482](https://togithub.com/eslint/eslint/issues/17482))
(Francesco Trotta)
-
[`9e9edf9`](https://togithub.com/eslint/eslint/commit/9e9edf93ecfa0658e8b79e71bc98530ade150081)
docs: update documentation URL in error message
([#&#8203;17465](https://togithub.com/eslint/eslint/issues/17465))
(Nitin Kumar)

#### Chores

-
[`8dd3cec`](https://togithub.com/eslint/eslint/commit/8dd3cec90c97ed97d243a83b87ad4ea9e6b4781a)
chore: upgrade
[@&#8203;eslint/js](https://togithub.com/eslint/js)[@&#8203;8](https://togithub.com/8).48.0
([#&#8203;17501](https://togithub.com/eslint/eslint/issues/17501))
(Milos Djermanovic)
-
[`6d0496e`](https://togithub.com/eslint/eslint/commit/6d0496e9476fb2210fba0a3d541df8c052ecf73a)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`9d4216d`](https://togithub.com/eslint/eslint/commit/9d4216d638d39844decffac33ee3d5a47413c80a)
chore: Refactor and document CodePathSegment
([#&#8203;17474](https://togithub.com/eslint/eslint/issues/17474))
(Nicholas C. Zakas)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

</details>

<details>
<summary>Microsoft/TypeScript (typescript)</summary>

###
[`v5.2.2`](https://togithub.com/microsoft/TypeScript/releases/tag/v5.2.2):
TypeScript 5.2

[Compare
Source](https://togithub.com/Microsoft/TypeScript/compare/v5.1.6...v5.2.2)

For release notes, check out the [release
announcement](https://devblogs.microsoft.com/typescript/announcing-typescript-5-2/).

For the complete list of fixed issues, check out the

- [fixed issues query for Typescript 5.2.0
(Beta)](https://togithub.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.2.0%22+is%3Aclosed+).
- [fixed issues query for Typescript 5.2.1
(RC)](https://togithub.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.2.1%22+is%3Aclosed+).
- [fixed issues query for Typescript 5.2.2
(Stable)](https://togithub.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.2.2%22+is%3Aclosed+).

Downloads are available on:

- [NuGet
package](https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild)

</details>

<details>
<summary>eemeli/yaml (yaml)</summary>

### [`v2.3.2`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.2)

[Compare
Source](https://togithub.com/eemeli/yaml/compare/v2.3.1...v2.3.2)

- Fix docs typo
([#&#8203;489](https://togithub.com/eemeli/yaml/issues/489))
- Do not require quotes for implicit keys with flow indicators
([#&#8203;494](https://togithub.com/eemeli/yaml/issues/494))
-   Update Prettier to v3 & update ESLint config

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/trunk-io/plugins).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi42NC44IiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this pull request in 4m-mazi/gh-test Sep 17, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

##### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Mogyuchi/gh-test).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
karfau referenced this pull request in xmldom/xmldom Sep 28, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.3` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)

- Update all `@actions/*` NPM packages to their latest versions-
[#&#8203;374](https://togithub.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#&#8203;375](https://togithub.com/actions/upload-artifact/issues/375)

###
[`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)

- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#&#8203;351](https://togithub.com/actions/upload-artifact/issues/351)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/xmldom/xmldom).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ianlewis referenced this pull request in slsa-framework/slsa-github-generator Oct 23, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | digest | `96f5310` -> `b4ffde6` |
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v4.0.0` -> `v4.1.1` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
minor | `v4.0.1` -> `v4.1.0` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| minor | `v3.12.0` -> `v3.13.0` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| minor | `v3.7.0` -> `v3.8.1` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| digest | `e33196f` -> `5e21ff4` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.21.2` -> `v2.22.4` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v2.7.0` -> `v2.9.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.2.0` -> `v2.3.0` |
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | patch | `v3.1.1` -> `v3.1.2` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1)

##### What's Changed

- Update CODEOWNERS to Launch team by
[@&#8203;joshmgross](https://togithub.com/joshmgross) in
[https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510)
- Correct link to GitHub Docs by
[@&#8203;peterbe](https://togithub.com/peterbe) in
[https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511)
- Link to release page from what's new section by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514)

##### New Contributors

- [@&#8203;joshmgross](https://togithub.com/joshmgross) made their first
contribution in
[https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510)
- [@&#8203;peterbe](https://togithub.com/peterbe) made their first
contribution in
[https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511)

**Full Changelog**:
actions/checkout@v4...v4.1.1

###
[`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0)

- [Add support for partial checkout
filters](https://togithub.com/actions/checkout/pull/1396)

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v4.1.0`](https://togithub.com/actions/setup-go/releases/tag/v4.1.0)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v4.0.1...v4.1.0)

#### What's Changed

In scope of this release, slow installation on Windows was fixed by
[@&#8203;dsame](https://togithub.com/dsame) in
[https://github.com/actions/setup-go/pull/393](https://togithub.com/actions/setup-go/pull/393)
and OS version was added to `primaryKey` for Ubuntu runners to avoid
conflicts
([https://github.com/actions/setup-go/pull/383](https://togithub.com/actions/setup-go/pull/383))

This release also includes the following changes:

- Remove implicit dependencies by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-go/pull/378](https://togithub.com/actions/setup-go/pull/378)
- Update action.yml by [@&#8203;mkelly](https://togithub.com/mkelly) in
[https://github.com/actions/setup-go/pull/379](https://togithub.com/actions/setup-go/pull/379)
- Added a description that go-version should be specified as a string
type by [@&#8203;n3xem](https://togithub.com/n3xem) in
[https://github.com/actions/setup-go/pull/367](https://togithub.com/actions/setup-go/pull/367)
- Add note about YAML parsing versions by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-go/pull/382](https://togithub.com/actions/setup-go/pull/382)
- Automatic update of configuration files from 05/23/2023 by
[@&#8203;github-actions](https://togithub.com/github-actions) in
[https://github.com/actions/setup-go/pull/377](https://togithub.com/actions/setup-go/pull/377)
- Bump tough-cookie and
[@&#8203;azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-go/pull/392](https://togithub.com/actions/setup-go/pull/392)
- Bump word-wrap from 1.2.3 to 1.2.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-go/pull/397](https://togithub.com/actions/setup-go/pull/397)
- Bump semver from 6.3.0 to 6.3.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-go/pull/396](https://togithub.com/actions/setup-go/pull/396)

#### New Contributors

- [@&#8203;mkelly](https://togithub.com/mkelly) made their first
contribution in
[https://github.com/actions/setup-go/pull/379](https://togithub.com/actions/setup-go/pull/379)
- [@&#8203;n3xem](https://togithub.com/n3xem) made their first
contribution in
[https://github.com/actions/setup-go/pull/367](https://togithub.com/actions/setup-go/pull/367)

**Full Changelog**:
actions/setup-go@v4...v4.1.0

</details>

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v3.13.0`](https://togithub.com/actions/setup-java/releases/tag/v3.13.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v3.12.0...v3.13.0)

##### What's changed

In the scope of this release, support for Dragonwell JDK was added by
[@&#8203;Accelerator1996](https://togithub.com/Accelerator1996) in
[https://github.com/actions/setup-java/pull/532](https://togithub.com/actions/setup-java/pull/532)

```yaml
steps:
 - name: Checkout
   uses: actions/checkout@v3
 - name: Setup-java
   uses: actions/setup-java@v3
   with:
     distribution: 'dragonwell'
     java-version: '17'
```

Several inaccuracies were also fixed:

- Fix XML namespaces wrongly using https by
[@&#8203;gnodet](https://togithub.com/gnodet) in
[https://github.com/actions/setup-java/pull/503](https://togithub.com/actions/setup-java/pull/503)
- Fix typo and remove unintentional(?) word by
[@&#8203;CyberFlameGO](https://togithub.com/CyberFlameGO) in
[https://github.com/actions/setup-java/pull/518](https://togithub.com/actions/setup-java/pull/518)
- Fix usage link within the README.md file by
[@&#8203;dassiorleando](https://togithub.com/dassiorleando) in
[https://github.com/actions/setup-java/pull/525](https://togithub.com/actions/setup-java/pull/525)

##### New Contributors

- [@&#8203;CyberFlameGO](https://togithub.com/CyberFlameGO) made their
first contribution in
[https://github.com/actions/setup-java/pull/518](https://togithub.com/actions/setup-java/pull/518)
- [@&#8203;dassiorleando](https://togithub.com/dassiorleando) made their
first contribution in
[https://github.com/actions/setup-java/pull/525](https://togithub.com/actions/setup-java/pull/525)
- [@&#8203;gnodet](https://togithub.com/gnodet) made their first
contribution in
[https://github.com/actions/setup-java/pull/503](https://togithub.com/actions/setup-java/pull/503)
- [@&#8203;Accelerator1996](https://togithub.com/Accelerator1996) made
their first contribution in
[https://github.com/actions/setup-java/pull/532](https://togithub.com/actions/setup-java/pull/532)

**Full Changelog**:
actions/setup-java@v3...v3.13.0

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.1`](https://togithub.com/actions/setup-node/releases/tag/v3.8.1)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.0...v3.8.1)

#### What's Changed

In scope of this release, the filter was removed within the cache-save
step by [@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov)
in
[https://github.com/actions/setup-node/pull/831](https://togithub.com/actions/setup-node/pull/831).
It is filtered and checked in the toolkit/cache library.

**Full Changelog**:
actions/setup-node@v3...v3.8.1

###
[`v3.8.0`](https://togithub.com/actions/setup-node/releases/tag/v3.8.0)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.7.0...v3.8.0)

##### What's Changed

##### Bug fixes:

- Add check for existing paths by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/803](https://togithub.com/actions/setup-node/pull/803)
- Resolve SymbolicLink by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/809](https://togithub.com/actions/setup-node/pull/809)
- Change passing logic for cache input by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/816](https://togithub.com/actions/setup-node/pull/816)
- Fix armv7 cache issue by
[@&#8203;louislam](https://togithub.com/louislam) in
[https://github.com/actions/setup-node/pull/794](https://togithub.com/actions/setup-node/pull/794)
- Update check-dist workflow name by
[@&#8203;sinchang](https://togithub.com/sinchang) in
[https://github.com/actions/setup-node/pull/710](https://togithub.com/actions/setup-node/pull/710)

##### Feature implementations:

- feat: handling the case where "node" is used for tool-versions file.
by [@&#8203;xytis](https://togithub.com/xytis) in
[https://github.com/actions/setup-node/pull/812](https://togithub.com/actions/setup-node/pull/812)

##### Documentation changes:

- Refer to semver package name in README.md by
[@&#8203;olleolleolle](https://togithub.com/olleolleolle) in
[https://github.com/actions/setup-node/pull/808](https://togithub.com/actions/setup-node/pull/808)

##### Update dependencies:

- Update toolkit cache to fix zstd by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/804](https://togithub.com/actions/setup-node/pull/804)
- Bump tough-cookie and
[@&#8203;azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-node/pull/802](https://togithub.com/actions/setup-node/pull/802)
- Bump semver from 6.1.2 to 6.3.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-node/pull/807](https://togithub.com/actions/setup-node/pull/807)
- Bump word-wrap from 1.2.3 to 1.2.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-node/pull/815](https://togithub.com/actions/setup-node/pull/815)

##### New Contributors

- [@&#8203;olleolleolle](https://togithub.com/olleolleolle) made their
first contribution in
[https://github.com/actions/setup-node/pull/808](https://togithub.com/actions/setup-node/pull/808)
- [@&#8203;louislam](https://togithub.com/louislam) made their first
contribution in
[https://github.com/actions/setup-node/pull/794](https://togithub.com/actions/setup-node/pull/794)
- [@&#8203;sinchang](https://togithub.com/sinchang) made their first
contribution in
[https://github.com/actions/setup-node/pull/710](https://togithub.com/actions/setup-node/pull/710)
- [@&#8203;xytis](https://togithub.com/xytis) made their first
contribution in
[https://github.com/actions/setup-node/pull/812](https://togithub.com/actions/setup-node/pull/812)

**Full Changelog**:
actions/setup-node@v3...v3.8.0

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

###
[`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

###
[`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

###
[`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

###
[`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v2.9.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0)

The GitHub
[dependency-review-action](https://togithub.com/actions/dependency-review-action)
helps you understand dependency changes (and the security impact of
these changes) for a pull request. This release updates the GItHub
Dependency Graph support to be compatible with the
`dependency-review-action`.

See [the
documentation](https://togithub.com/gradle/gradle-build-action#integrating-the-dependency-review-action)
for detailed examples.

##### Changelog

- \[FIX] Use correct SHA for `pull-request` events
[#&#8203;882](https://togithub.com/gradle/gradle-build-action/issues/882)
- \[FIX] Avoid generating dependency graph during cache cleanup
[#&#8203;905](https://togithub.com/gradle/gradle-build-action/issues/905)
-   \[NEW] Improve warning on failure to submit dependency graph
- \[NEW] Compatibility with GitHub `dependency-review-action`
[#&#8203;879](https://togithub.com/gradle/gradle-build-action/issues/879)

**Full-changelog**:
gradle/gradle-build-action@v2.8.1...v2.9.0

###
[`v2.8.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.1)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.8.0...v2.8.1)

Fixes an issue that prevented Dependency Graph submission when running
on GitHub Enterprise Server.

##### Fixes

- Incorrect endpoint used to submit Dependency Graph on GitHub
Enterprise
[#&#8203;885](https://togithub.com/gradle/gradle-build-action/issues/885)

##### Changelog

###
[`v2.8.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0)

The `v2.8.0` release of the `gradle-build-action` introduces an easy
mechanism to connect to Gradle Enterprise, as well improved support for
self-hosted GitHub Actions runners.

##### Automatic injection of Gradle Enterprise connectivity

It is now possible to connect a Gradle build to Gradle Enterprise
without changing any of the Gradle project sources. This is achieved
through Gradle Enterprise injection, where an init-script will apply the
Gradle Enterprise plugin and associated configuration.

This feature can be useful to easily trial Gradle Enterprise on a
project, or to centralize Gradle Enterprise configuration for all GitHub
Actions workflows in an organization.

See [Gradle Enterprise injection in the
README](https://togithub.com/gradle/gradle-build-action/blob/v2.8.0/README.md#gradle-enterprise-plugin-injection)
for more info.

##### Restore Gradle User Home when directory already exists

Previously, the Gradle User Home would not be restored if the directory
already exists. This wasn't normally an issue with GitHub-hosted
runners, but limited the usefulness of the action for persistent,
self-hosted runners.

This behaviour has been improved in this release:

- The Job Summary now includes a useful error message when Gradle User
Home was not restored because the directory already exists.
- The action can now be configured to restore the Gradle User Home when
the directory already exists, overwriting existing content with content
from the GitHub Actions cache. See
https://github.com/gradle/gradle-build-action#overwriting-an-existing-gradle-user-home
for more details.

##### Changes

**Issues fixed**:
https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed
**Full changelog**:
gradle/gradle-build-action@v2.7.1...v2.8.0

###
[`v2.7.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.1)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.7.0...v2.7.1)

This release contains no code changes, only dependency updates and
documentation improvements.

##### Changelog

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.1.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2)

#### What's Changed

- Fix build and push step Readme missing id by
[@&#8203;hbenali](https://togithub.com/hbenali) in
[https://github.com/sigstore/cosign-installer/pull/138](https://togithub.com/sigstore/cosign-installer/pull/138)
- bump cosign to v2.2.0 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[https://github.com/sigstore/cosign-installer/pull/142](https://togithub.com/sigstore/cosign-installer/pull/142)

#### New Contributors

- [@&#8203;hbenali](https://togithub.com/hbenali) made their first
contribution in
[https://github.com/sigstore/cosign-installer/pull/138](https://togithub.com/sigstore/cosign-installer/pull/138)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.1.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4xOS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <[email protected]>
laurentsimon referenced this pull request in slsa-framework/slsa-verifier Dec 1, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | minor | `v3.0.7` -> `v3.1.0` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v3.8.0` -> `v3.8.1` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.21.4` -> `v2.22.1` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.2.0` -> `v2.3.0` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.8.0` -> `v1.9.0` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | minor | `v2.3.0` -> `v2.4.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v3.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.0):
3.1.0

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.8...v3.1.0)

#### What's New

Added support for dependencies submitted through the [dependency
submission
API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together).
This includes two new configuration parameters:
`retry-on-snapshot-warnings` and `retry-on-snapshot-warnings-timeout`.

#### What's Changed

- Fix(docs): Correct action input name by
[@&#8203;oerd](https://togithub.com/oerd) in
[https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551)

#### New Contributors

- [@&#8203;oerd](https://togithub.com/oerd) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551)

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.0

###
[`v3.0.8`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.8):
3.0.8

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.7...v3.0.8)

#### What's Changed

Added `on-failure` option to `comment-summary-in-pr` setting by
[@&#8203;sgmurphy](https://togithub.com/sgmurphy) in
[https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540)

Previous configuration files using `true`/`false` for
`comment-summary-in-pr` will be mapped automatically to the new values,
but we encourage you to update to `always`/`on-failure`/`never`.

#### New Contributors

- [@&#8203;sgmurphy](https://togithub.com/sgmurphy) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540)

**Full Changelog**:
actions/dependency-review-action@v3...v3.0.8

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.1`](https://togithub.com/actions/setup-node/releases/tag/v3.8.1)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.0...v3.8.1)

#### What's Changed

In scope of this release, the filter was removed within the cache-save
step by [@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov)
in
[https://github.com/actions/setup-node/pull/831](https://togithub.com/actions/setup-node/pull/831).
It is filtered and checked in the toolkit/cache library.

**Full Changelog**:
actions/setup-node@v3...v3.8.1

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

###
[`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

###
[`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

###
[`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

###
[`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.9.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v190)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

Release \[v1.9.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0).

##### v1.9.0: BYOB framework (beta)

- **New**: A [new
framework](https://togithub.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md)
to turn GitHub Actions into SLSA compliant builders.

##### v1.9.0: Maven builder (beta)

- **New**: A [Maven
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven)
to build Java projects and publish to Maven central.

##### v1.9.0: Gradle builder (beta)

- **New**: A [Gradle
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle)
to build Java projects and publish to Maven central.

##### v1.9.0: JReleaser builder

- **New**: A [JReleaser
builder](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java)
that wraps the official [JReleaser
Action](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java).

</details>

<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>

###
[`v2.4.0`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.3.0...v2.4.0)

#### Summary

Support for BYOB-based builders released in
https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.0

#### What's Changed

- chore: Update SHA256SUM.md for v2.3.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/592](https://togithub.com/slsa-framework/slsa-verifier/pull/592)
- docs: Make npm package version and name non-optional by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/591](https://togithub.com/slsa-framework/slsa-verifier/pull/591)
- docs: npm provenance verification from GitHub runner by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/595](https://togithub.com/slsa-framework/slsa-verifier/pull/595)
- chore(deps): update dependency
[@&#8203;types/node](https://togithub.com/types/node) to v18.16.9 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/596](https://togithub.com/slsa-framework/slsa-verifier/pull/596)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/597](https://togithub.com/slsa-framework/slsa-verifier/pull/597)
- chore(deps): update dependency jasmine to v5 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/598](https://togithub.com/slsa-framework/slsa-verifier/pull/598)
- feat: BYOB verification support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/604](https://togithub.com/slsa-framework/slsa-verifier/pull/604)
- feat: Support for v1.0 verification in BYOB by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/609](https://togithub.com/slsa-framework/slsa-verifier/pull/609)
- feat: Use env variable to retrieve trigger workflow by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/615](https://togithub.com/slsa-framework/slsa-verifier/pull/615)
- test: Add test data for v1.6.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/612](https://togithub.com/slsa-framework/slsa-verifier/pull/612)
- fix: Verify the TRW tag is a semver tag by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/619](https://togithub.com/slsa-framework/slsa-verifier/pull/619)
- chore: Don't be verbose with tests locally by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/620](https://togithub.com/slsa-framework/slsa-verifier/pull/620)
- fix: use ExternalParameters\["source"] for the Source URI for SLSA
v1.0 provenance by [@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/621](https://togithub.com/slsa-framework/slsa-verifier/pull/621)
- test: re-generate container-based tests by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/627](https://togithub.com/slsa-framework/slsa-verifier/pull/627)
- fix: revert to using resolvedDepdendencies for source verification by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/629](https://togithub.com/slsa-framework/slsa-verifier/pull/629)
- refactor: Provenance tests by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/628](https://togithub.com/slsa-framework/slsa-verifier/pull/628)
- fix(deps): update module github.com/sigstore/rekor to v1.2.0
\[security] by [@&#8203;renovate-bot](https://togithub.com/renovate-bot)
in
[https://github.com/slsa-framework/slsa-verifier/pull/622](https://togithub.com/slsa-framework/slsa-verifier/pull/622)
- fix: only allow hashes of 256 bits or more by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/633](https://togithub.com/slsa-framework/slsa-verifier/pull/633)
- fix: builder ID verification for testing by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/635](https://togithub.com/slsa-framework/slsa-verifier/pull/635)
- feat: remove experimental on Sigstore bundle and v1.0 SLSA provenance
format by [@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/634](https://togithub.com/slsa-framework/slsa-verifier/pull/634)
- chore: update toc in README.md by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/636](https://togithub.com/slsa-framework/slsa-verifier/pull/636)
- fix: allow workflow_dispatch to trigger release.yml by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/637](https://togithub.com/slsa-framework/slsa-verifier/pull/637)
- test: add tests for v1.7.0 builders by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/638](https://togithub.com/slsa-framework/slsa-verifier/pull/638)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/607](https://togithub.com/slsa-framework/slsa-verifier/pull/607)
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to
[`c623859`](https://togithub.com/slsa-framework/slsa-verifier/commit/c623859)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/567](https://togithub.com/slsa-framework/slsa-verifier/pull/567)
- fix(deps): update github.com/sigstore/protobuf-specs digest to
[`5ef5406`](https://togithub.com/slsa-framework/slsa-verifier/commit/5ef5406)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/606](https://togithub.com/slsa-framework/slsa-verifier/pull/606)
- chore(deps): update npm dev by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/608](https://togithub.com/slsa-framework/slsa-verifier/pull/608)
- chore(deps): update golang:1.19 docker digest to
[`83f9f84`](https://togithub.com/slsa-framework/slsa-verifier/commit/83f9f84)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/583](https://togithub.com/slsa-framework/slsa-verifier/pull/583)
- feat: Verify provenance by build type by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/632](https://togithub.com/slsa-framework/slsa-verifier/pull/632)
- refactor: Use Go 1.20 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/643](https://togithub.com/slsa-framework/slsa-verifier/pull/643)
- test: Add more ProvenanceFromEnvelope tests by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/640](https://togithub.com/slsa-framework/slsa-verifier/pull/640)
- fix: pre-submit: e2e-cli.sh artifact download by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/646](https://togithub.com/slsa-framework/slsa-verifier/pull/646)
- refactor: Add more git utils by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/645](https://togithub.com/slsa-framework/slsa-verifier/pull/645)
- refactor: Use full builder id by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/648](https://togithub.com/slsa-framework/slsa-verifier/pull/648)
- feat: Use tags `vX.Y.Z-<language>` for JReleaser builders by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/644](https://togithub.com/slsa-framework/slsa-verifier/pull/644)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/651](https://togithub.com/slsa-framework/slsa-verifier/pull/651)
- feat: move maven-plugin from slsa-github-generator by
[@&#8203;AdamKorcz](https://togithub.com/AdamKorcz) in
[https://github.com/slsa-framework/slsa-verifier/pull/664](https://togithub.com/slsa-framework/slsa-verifier/pull/664)
- docs: Fix maven-plugin README by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/671](https://togithub.com/slsa-framework/slsa-verifier/pull/671)
- feat: Verification for when sha1 is specified in BYOB TRW by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/641](https://togithub.com/slsa-framework/slsa-verifier/pull/641)
- docs: Add example for maven verification plugin by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/676](https://togithub.com/slsa-framework/slsa-verifier/pull/676)
- chore: Add Kris to codeowners by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/678](https://togithub.com/slsa-framework/slsa-verifier/pull/678)
- feat: Print byob builder by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/677](https://togithub.com/slsa-framework/slsa-verifier/pull/677)
- test: Add test data for v1.8.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/681](https://togithub.com/slsa-framework/slsa-verifier/pull/681)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/666](https://togithub.com/slsa-framework/slsa-verifier/pull/666)
- feat: Non-compulsory BuilderID for BYOB Builders by
[@&#8203;enteraga6](https://togithub.com/enteraga6) in
[https://github.com/slsa-framework/slsa-verifier/pull/674](https://togithub.com/slsa-framework/slsa-verifier/pull/674)
- chore(deps): update golang docker tag to v1.21 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/687](https://togithub.com/slsa-framework/slsa-verifier/pull/687)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/686](https://togithub.com/slsa-framework/slsa-verifier/pull/686)
- feat: GCB refactor for v1.0 support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/682](https://togithub.com/slsa-framework/slsa-verifier/pull/682)
- feat: Allow byob builders ref at main for e2e tests by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/689](https://togithub.com/slsa-framework/slsa-verifier/pull/689)
- feat: Update doc and code for Maven plugin by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/680](https://togithub.com/slsa-framework/slsa-verifier/pull/680)
- feat: gcb v1.0 support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/691](https://togithub.com/slsa-framework/slsa-verifier/pull/691)
- feat: v1.9.0 regression tests by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/696](https://togithub.com/slsa-framework/slsa-verifier/pull/696)
- fix: release failure by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/697](https://togithub.com/slsa-framework/slsa-verifier/pull/697)

#### New Contributors

- [@&#8203;AdamKorcz](https://togithub.com/AdamKorcz) made their first
contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/664](https://togithub.com/slsa-framework/slsa-verifier/pull/664)
- [@&#8203;enteraga6](https://togithub.com/enteraga6) made their first
contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/674](https://togithub.com/slsa-framework/slsa-verifier/pull/674)

**Full Changelog**:
v2.3.0...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40My4yIiwidXBkYXRlZEluVmVyIjoiMzcuOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <[email protected]>
Co-authored-by: laurentsimon <[email protected]>
@lobo1984
Copy link

lobo1984 commented Dec 4, 2023

Liberado

codeboten referenced this pull request in open-telemetry/opentelemetry-collector Jan 30, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.1.0` -> `v3.6.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.2.4` -> `v2.23.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.23.1` -> `v3.23.2` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.1.2` -> `v2.3.1` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

###
[`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3)

- [Fix: Checkout fail in self-hosted runners when faulty submodule are
checked-in](https://togithub.com/actions/checkout/pull/1196)
- [Fix typos found by
codespell](https://togithub.com/actions/checkout/pull/1287)
- [Add support for sparse
checkouts](https://togithub.com/actions/checkout/pull/1369)

###
[`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2)

- [Fix api endpoint for
GHES](https://togithub.com/actions/checkout/pull/1289)

###
[`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1)

- [Fix slow checkout on
Windows](https://togithub.com/actions/checkout/pull/1246)

###
[`v3.5.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0)

- [Add new public key for
known_hosts](https://togithub.com/actions/checkout/pull/1237)

###
[`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0)

- [Upgrade codeql actions to
v2](https://togithub.com/actions/checkout/pull/1209)
- [Upgrade
dependencies](https://togithub.com/actions/checkout/pull/1210)
- [Upgrade
@&#8203;actions/io](https://togithub.com/actions/checkout/pull/1225)

###
[`v3.3.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0)

- [Implement branch list using callbacks from exec
function](https://togithub.com/actions/checkout/pull/1045)
- [Add in explicit reference to private checkout
options](https://togithub.com/actions/checkout/pull/1050)
- [Fix comment typos (that got added in
#&#8203;770)](https://togithub.com/actions/checkout/pull/1057)

###
[`v3.2.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v320)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0)

- [Add GitHub Action to perform
release](https://togithub.com/actions/checkout/pull/942)
-   [Fix status badge](https://togithub.com/actions/checkout/pull/967)
- [Replace datadog/squid with ubuntu/squid Docker
image](https://togithub.com/actions/checkout/pull/1002)
- [Wrap pipeline commands for submoduleForeach in
quotes](https://togithub.com/actions/checkout/pull/964)
- [Update @&#8203;actions/io to
1.1.2](https://togithub.com/actions/checkout/pull/1029)
- [Upgrading version to
3.2.0](https://togithub.com/actions/checkout/pull/1039)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)

- Update all `@actions/*` NPM packages to their latest versions-
[#&#8203;374](https://togithub.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#&#8203;375](https://togithub.com/actions/upload-artifact/issues/375)

###
[`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)

- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#&#8203;351](https://togithub.com/actions/upload-artifact/issues/351)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

###
[`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

###
[`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

###
[`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

###
[`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

###
[`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)

###
[`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0)

###
[`v2.3.6`](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6)

###
[`v2.3.5`](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5)

###
[`v2.3.4`](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4)

###
[`v2.3.3`](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3)

###
[`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2)

###
[`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1)

###
[`v2.3.0`](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0)

###
[`v2.2.12`](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12)

###
[`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

###
[`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

###
[`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9)

###
[`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8)

###
[`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7)

###
[`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6)

###
[`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

###
[`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192)

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://togithub.com/cynthia-sg) and
[@&#8203;tegioz](https://togithub.com/tegioz) at
[CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406)
-
[https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422)

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156),
resolved
[https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150))
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191))

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://togithub.com/pnacht) in
[https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175)
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://togithub.com/joycebrum) in
[https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153)
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://togithub.com/bobcallaway) made their
first contribution in
[https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140)
- [@&#8203;pnacht](https://togithub.com/pnacht) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175)

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111)

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://togithub.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://togithub.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://togithub.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://togithub.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Boten <[email protected]>
ramonpetgrave64 referenced this pull request in ramonpetgrave64/slsa-verifier Apr 10, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | minor | `v3.0.7` -> `v3.1.0` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v3.8.0` -> `v3.8.1` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.21.4` -> `v2.22.1` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.2.0` -> `v2.3.0` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.8.0` -> `v1.9.0` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | minor | `v2.3.0` -> `v2.4.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v3.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.0):
3.1.0

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.8...v3.1.0)

#### What's New

Added support for dependencies submitted through the [dependency
submission
API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together).
This includes two new configuration parameters:
`retry-on-snapshot-warnings` and `retry-on-snapshot-warnings-timeout`.

#### What's Changed

- Fix(docs): Correct action input name by
[@&#8203;oerd](https://togithub.com/oerd) in
[https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551)

#### New Contributors

- [@&#8203;oerd](https://togithub.com/oerd) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551)

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.0

###
[`v3.0.8`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.8):
3.0.8

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.7...v3.0.8)

#### What's Changed

Added `on-failure` option to `comment-summary-in-pr` setting by
[@&#8203;sgmurphy](https://togithub.com/sgmurphy) in
[https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540)

Previous configuration files using `true`/`false` for
`comment-summary-in-pr` will be mapped automatically to the new values,
but we encourage you to update to `always`/`on-failure`/`never`.

#### New Contributors

- [@&#8203;sgmurphy](https://togithub.com/sgmurphy) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540)

**Full Changelog**:
actions/dependency-review-action@v3...v3.0.8

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.1`](https://togithub.com/actions/setup-node/releases/tag/v3.8.1)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.0...v3.8.1)

#### What's Changed

In scope of this release, the filter was removed within the cache-save
step by [@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov)
in
[https://github.com/actions/setup-node/pull/831](https://togithub.com/actions/setup-node/pull/831).
It is filtered and checked in the toolkit/cache library.

**Full Changelog**:
actions/setup-node@v3...v3.8.1

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

###
[`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

###
[`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

###
[`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

###
[`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1270](https://togithub.com/ossf/scorecard-action/pull/1270)
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1169](https://togithub.com/ossf/scorecard-action/pull/1169)
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1225](https://togithub.com/ossf/scorecard-action/pull/1225)

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[https://github.com/ossf/scorecard-action/pull/1229](https://togithub.com/ossf/scorecard-action/pull/1229)
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1221](https://togithub.com/ossf/scorecard-action/pull/1221)
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[https://github.com/ossf/scorecard-action/pull/1250](https://togithub.com/ossf/scorecard-action/pull/1250)
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1258](https://togithub.com/ossf/scorecard-action/pull/1258)

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.9.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v190)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

Release \[v1.9.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0).

##### v1.9.0: BYOB framework (beta)

- **New**: A [new
framework](https://togithub.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md)
to turn GitHub Actions into SLSA compliant builders.

##### v1.9.0: Maven builder (beta)

- **New**: A [Maven
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven)
to build Java projects and publish to Maven central.

##### v1.9.0: Gradle builder (beta)

- **New**: A [Gradle
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle)
to build Java projects and publish to Maven central.

##### v1.9.0: JReleaser builder

- **New**: A [JReleaser
builder](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java)
that wraps the official [JReleaser
Action](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java).

</details>

<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>

###
[`v2.4.0`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.3.0...v2.4.0)

#### Summary

Support for BYOB-based builders released in
https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.0

#### What's Changed

- chore: Update SHA256SUM.md for v2.3.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/592](https://togithub.com/slsa-framework/slsa-verifier/pull/592)
- docs: Make npm package version and name non-optional by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/591](https://togithub.com/slsa-framework/slsa-verifier/pull/591)
- docs: npm provenance verification from GitHub runner by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/595](https://togithub.com/slsa-framework/slsa-verifier/pull/595)
- chore(deps): update dependency
[@&#8203;types/node](https://togithub.com/types/node) to v18.16.9 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/596](https://togithub.com/slsa-framework/slsa-verifier/pull/596)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/597](https://togithub.com/slsa-framework/slsa-verifier/pull/597)
- chore(deps): update dependency jasmine to v5 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/598](https://togithub.com/slsa-framework/slsa-verifier/pull/598)
- feat: BYOB verification support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/604](https://togithub.com/slsa-framework/slsa-verifier/pull/604)
- feat: Support for v1.0 verification in BYOB by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/609](https://togithub.com/slsa-framework/slsa-verifier/pull/609)
- feat: Use env variable to retrieve trigger workflow by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/615](https://togithub.com/slsa-framework/slsa-verifier/pull/615)
- test: Add test data for v1.6.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/612](https://togithub.com/slsa-framework/slsa-verifier/pull/612)
- fix: Verify the TRW tag is a semver tag by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/619](https://togithub.com/slsa-framework/slsa-verifier/pull/619)
- chore: Don't be verbose with tests locally by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/620](https://togithub.com/slsa-framework/slsa-verifier/pull/620)
- fix: use ExternalParameters\["source"] for the Source URI for SLSA
v1.0 provenance by [@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/621](https://togithub.com/slsa-framework/slsa-verifier/pull/621)
- test: re-generate container-based tests by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/627](https://togithub.com/slsa-framework/slsa-verifier/pull/627)
- fix: revert to using resolvedDepdendencies for source verification by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/629](https://togithub.com/slsa-framework/slsa-verifier/pull/629)
- refactor: Provenance tests by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/628](https://togithub.com/slsa-framework/slsa-verifier/pull/628)
- fix(deps): update module github.com/sigstore/rekor to v1.2.0
\[security] by [@&#8203;renovate-bot](https://togithub.com/renovate-bot)
in
[https://github.com/slsa-framework/slsa-verifier/pull/622](https://togithub.com/slsa-framework/slsa-verifier/pull/622)
- fix: only allow hashes of 256 bits or more by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/633](https://togithub.com/slsa-framework/slsa-verifier/pull/633)
- fix: builder ID verification for testing by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/635](https://togithub.com/slsa-framework/slsa-verifier/pull/635)
- feat: remove experimental on Sigstore bundle and v1.0 SLSA provenance
format by [@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/634](https://togithub.com/slsa-framework/slsa-verifier/pull/634)
- chore: update toc in README.md by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/636](https://togithub.com/slsa-framework/slsa-verifier/pull/636)
- fix: allow workflow_dispatch to trigger release.yml by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/637](https://togithub.com/slsa-framework/slsa-verifier/pull/637)
- test: add tests for v1.7.0 builders by
[@&#8203;asraa](https://togithub.com/asraa) in
[https://github.com/slsa-framework/slsa-verifier/pull/638](https://togithub.com/slsa-framework/slsa-verifier/pull/638)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/607](https://togithub.com/slsa-framework/slsa-verifier/pull/607)
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to
[`c623859`](https://togithub.com/slsa-framework/slsa-verifier/commit/c623859)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/567](https://togithub.com/slsa-framework/slsa-verifier/pull/567)
- fix(deps): update github.com/sigstore/protobuf-specs digest to
[`5ef5406`](https://togithub.com/slsa-framework/slsa-verifier/commit/5ef5406)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/606](https://togithub.com/slsa-framework/slsa-verifier/pull/606)
- chore(deps): update npm dev by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/608](https://togithub.com/slsa-framework/slsa-verifier/pull/608)
- chore(deps): update golang:1.19 docker digest to
[`83f9f84`](https://togithub.com/slsa-framework/slsa-verifier/commit/83f9f84)
by [@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/583](https://togithub.com/slsa-framework/slsa-verifier/pull/583)
- feat: Verify provenance by build type by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/632](https://togithub.com/slsa-framework/slsa-verifier/pull/632)
- refactor: Use Go 1.20 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/643](https://togithub.com/slsa-framework/slsa-verifier/pull/643)
- test: Add more ProvenanceFromEnvelope tests by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/640](https://togithub.com/slsa-framework/slsa-verifier/pull/640)
- fix: pre-submit: e2e-cli.sh artifact download by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/646](https://togithub.com/slsa-framework/slsa-verifier/pull/646)
- refactor: Add more git utils by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/645](https://togithub.com/slsa-framework/slsa-verifier/pull/645)
- refactor: Use full builder id by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/648](https://togithub.com/slsa-framework/slsa-verifier/pull/648)
- feat: Use tags `vX.Y.Z-<language>` for JReleaser builders by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/644](https://togithub.com/slsa-framework/slsa-verifier/pull/644)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/651](https://togithub.com/slsa-framework/slsa-verifier/pull/651)
- feat: move maven-plugin from slsa-github-generator by
[@&#8203;AdamKorcz](https://togithub.com/AdamKorcz) in
[https://github.com/slsa-framework/slsa-verifier/pull/664](https://togithub.com/slsa-framework/slsa-verifier/pull/664)
- docs: Fix maven-plugin README by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/671](https://togithub.com/slsa-framework/slsa-verifier/pull/671)
- feat: Verification for when sha1 is specified in BYOB TRW by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/641](https://togithub.com/slsa-framework/slsa-verifier/pull/641)
- docs: Add example for maven verification plugin by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/676](https://togithub.com/slsa-framework/slsa-verifier/pull/676)
- chore: Add Kris to codeowners by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/678](https://togithub.com/slsa-framework/slsa-verifier/pull/678)
- feat: Print byob builder by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/677](https://togithub.com/slsa-framework/slsa-verifier/pull/677)
- test: Add test data for v1.8.0 by
[@&#8203;ianlewis](https://togithub.com/ianlewis) in
[https://github.com/slsa-framework/slsa-verifier/pull/681](https://togithub.com/slsa-framework/slsa-verifier/pull/681)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/666](https://togithub.com/slsa-framework/slsa-verifier/pull/666)
- feat: Non-compulsory BuilderID for BYOB Builders by
[@&#8203;enteraga6](https://togithub.com/enteraga6) in
[https://github.com/slsa-framework/slsa-verifier/pull/674](https://togithub.com/slsa-framework/slsa-verifier/pull/674)
- chore(deps): update golang docker tag to v1.21 by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/687](https://togithub.com/slsa-framework/slsa-verifier/pull/687)
- chore(deps): update github-actions by
[@&#8203;renovate-bot](https://togithub.com/renovate-bot) in
[https://github.com/slsa-framework/slsa-verifier/pull/686](https://togithub.com/slsa-framework/slsa-verifier/pull/686)
- feat: GCB refactor for v1.0 support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/682](https://togithub.com/slsa-framework/slsa-verifier/pull/682)
- feat: Allow byob builders ref at main for e2e tests by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/689](https://togithub.com/slsa-framework/slsa-verifier/pull/689)
- feat: Update doc and code for Maven plugin by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/680](https://togithub.com/slsa-framework/slsa-verifier/pull/680)
- feat: gcb v1.0 support by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/691](https://togithub.com/slsa-framework/slsa-verifier/pull/691)
- feat: v1.9.0 regression tests by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/696](https://togithub.com/slsa-framework/slsa-verifier/pull/696)
- fix: release failure by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[https://github.com/slsa-framework/slsa-verifier/pull/697](https://togithub.com/slsa-framework/slsa-verifier/pull/697)

#### New Contributors

- [@&#8203;AdamKorcz](https://togithub.com/AdamKorcz) made their first
contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/664](https://togithub.com/slsa-framework/slsa-verifier/pull/664)
- [@&#8203;enteraga6](https://togithub.com/enteraga6) made their first
contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/674](https://togithub.com/slsa-framework/slsa-verifier/pull/674)

**Full Changelog**:
slsa-framework/slsa-verifier@v2.3.0...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40My4yIiwidXBkYXRlZEluVmVyIjoiMzcuOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <[email protected]>
Co-authored-by: laurentsimon <[email protected]>
Signed-off-by: Ramon Petgrave <[email protected]>
rafegoldberg pushed a commit to readmeio/markdown that referenced this pull request Oct 30, 2024
## Version 7.8.0
### ✨ New & Improved

* compat parser ([#1004](#1004)) ([ead267e](ead267e))

### 🛠 Fixes & Updates

* bold in tables ([#1006](#1006)) ([bc481d9](bc481d9))
* **deps:** bump actions/setup-node from 3 to 4 ([#821](#821)) ([f96ea89](f96ea89)), closes [actions/setup-node#866](actions/setup-node#866) [actions/setup-node#868](actions/setup-node#868) [actions/setup-node#876](actions/setup-node#876) [actions/setup-node#868](actions/setup-node#868) [actions/setup-node#861](actions/setup-node#861) [actions/setup-node#859](actions/setup-node#859) [actions/setup-node#870](actions/setup-node#870) [actions/setup-node#872](actions/setup-node#872) [actions/setup-node#875](actions/setup-node#875) [actions/setup-node#831](actions/setup-node#831) [actions/setup-node#803](actions/setup-node#803) [actions/setup-node#809](actions/setup-node#809) [actions/setup-node#816](actions/setup-node#816) [actions/setup-node#794](actions/setup-node#794) [actions/setup-node#710](actions/setup-node#710) [actions/setup-node#812](actions/setup-node#812) [actions/setup-node#808](actions/setup-node#808) [actions/setup-node#804](actions/setup-node#804) [actions/setup-node#802](actions/setup-node#802) [actions/setup-node#807](actions/setup-node#807) [#876](#876) [#868](#868) [#866](#866)
* **deps:** bump actions/upload-artifact from 3 to 4 ([#846](#846)) ([5a72802](5a72802)), closes [actions/upload-artifact#464](actions/upload-artifact#464) [actions/upload-artifact#313](actions/upload-artifact#313) [actions/upload-artifact#436](actions/upload-artifact#436) [#374](#374) [#375](#375) [#351](#351) [actions/upload-artifact#327](actions/upload-artifact#327) [actions/toolkit#1095](actions/toolkit#1095) [actions/toolkit#1063](actions/toolkit#1063) [#515](#515) [#511](#511) [#509](#509) [#505](#505)
* **deps:** bump braces from 3.0.2 to 3.0.3 ([#907](#907)) ([6b017a7](6b017a7)), closes [#40](#40) [#37](#37) [#27](#27)
* **deps:** bump core-js from 3.36.1 to 3.38.1 ([#1013](#1013)) ([58ceef7](58ceef7)), closes [#1357](https://github.com/readmeio/markdown/issues/1357) [#1361](https://github.com/readmeio/markdown/issues/1361) [#1352](https://github.com/readmeio/markdown/issues/1352) [#1345](https://github.com/readmeio/markdown/issues/1345) [#1344](https://github.com/readmeio/markdown/issues/1344) [#1361](https://github.com/readmeio/markdown/issues/1361)
* **deps-dev:** bump css-loader from 6.11.0 to 7.1.2 ([#1015](#1015)) ([6be77cf](6be77cf)), closes [#1600](https://github.com/readmeio/markdown/issues/1600) [#1590](https://github.com/readmeio/markdown/issues/1590) [#1577](https://github.com/readmeio/markdown/issues/1577) [#1600](https://github.com/readmeio/markdown/issues/1600) [#1590](https://github.com/readmeio/markdown/issues/1590) [#1577](https://github.com/readmeio/markdown/issues/1577) [#1600](https://github.com/readmeio/markdown/issues/1600) [#1596](https://github.com/readmeio/markdown/issues/1596) [#1595](https://github.com/readmeio/markdown/issues/1595) [#1591](https://github.com/readmeio/markdown/issues/1591) [#1587](https://github.com/readmeio/markdown/issues/1587) [#1586](https://github.com/readmeio/markdown/issues/1586)
* **deps:** bump dset from 3.1.3 to 3.1.4 ([#1018](#1018)) ([be480d7](be480d7))
* **deps:** bump github/codeql-action from 2 to 3 ([#847](#847)) ([4b97fe6](4b97fe6)), closes [#2203](https://github.com/readmeio/markdown/issues/2203) [#2195](https://github.com/readmeio/markdown/issues/2195) [#2185](https://github.com/readmeio/markdown/issues/2185) [#2156](https://github.com/readmeio/markdown/issues/2156) [#2151](https://github.com/readmeio/markdown/issues/2151) [#2147](https://github.com/readmeio/markdown/issues/2147) [#2141](https://github.com/readmeio/markdown/issues/2141) [#2124](https://github.com/readmeio/markdown/issues/2124) [#2121](https://github.com/readmeio/markdown/issues/2121) [/github.com/github/codeql-action/blob/main/#3230---08-jan-2024](https://github.com/readmeio//github.com/github/codeql-action/blob/main//issues/3230---08-jan-2024) [#2106](https://github.com/readmeio/markdown/issues/2106) [#2083](https://github.com/readmeio/markdown/issues/2083) [#2096](https://github.com/readmeio/markdown/issues/2096) [#2073](https://github.com/readmeio/markdown/issues/2073) [#2079](https://github.com/readmeio/markdown/issues/2079) [#2200](https://github.com/readmeio/markdown/issues/2200) [#2198](https://github.com/readmeio/markdown/issues/2198) [#2197](https://github.com/readmeio/markdown/issues/2197)
* **deps-dev:** bump jest-puppeteer from 8.0.6 to 10.1.4 ([#1016](#1016)) ([33aa434](33aa434)), closes [#604](#604) [#602](#602) [#599](#599) [#586](#586) [#578](#578) [#576](#576) [#605](#605)
* **deps:** bump micromatch from 4.0.5 to 4.0.8 ([#1019](#1019)) ([7be267e](7be267e)), closes [#266](#266)
* **deps-dev:** bump mini-css-extract-plugin from 2.8.1 to 2.9.1 ([#1017](#1017)) ([9fb25da](9fb25da))
* **deps-dev:** bump semantic-release from 22.0.12 to 24.2.0 ([#1011](#1011)) ([443c843](443c843)), closes [#3462](https://github.com/readmeio/markdown/issues/3462) [#3460](https://github.com/readmeio/markdown/issues/3460) [#3436](https://github.com/readmeio/markdown/issues/3436) [#3423](https://github.com/readmeio/markdown/issues/3423) [#3462](https://github.com/readmeio/markdown/issues/3462) [#3489](https://github.com/readmeio/markdown/issues/3489) [#3488](https://github.com/readmeio/markdown/issues/3488) [#3486](https://github.com/readmeio/markdown/issues/3486) [#3487](https://github.com/readmeio/markdown/issues/3487) [#3485](https://github.com/readmeio/markdown/issues/3485) [#3483](https://github.com/readmeio/markdown/issues/3483) [#3450](https://github.com/readmeio/markdown/issues/3450) [#3481](https://github.com/readmeio/markdown/issues/3481) [#3424](https://github.com/readmeio/markdown/issues/3424)
* **deps-dev:** bump webpack from 5.91.0 to 5.95.0 ([#1014](#1014)) ([b9c8dd2](b9c8dd2))
* update conventional commits ([50a4be9](50a4be9))
* upgrade conventionalcommits ([3646513](3646513))

<!--SKIP CI-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants