forked from usnistgov/OSCAL
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump actions/github-script from 6.4.0 to 6.4.1 #311
Open
dependabot
wants to merge
139
commits into
develop
Choose a base branch
from
dependabot/github_actions/develop/actions/github-script-6.4.1
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Bump actions/github-script from 6.4.0 to 6.4.1 #311
dependabot
wants to merge
139
commits into
develop
from
dependabot/github_actions/develop/actions/github-script-6.4.1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Many fixes to the constraints in the OSCAL metaschemas to repair broken Metapaths. * fixing defects in metaschema constraints * Updating to latest Metaschema toolchain. Removed use of the "require" constraint. * updating readme with current links
…ts (usnistgov#1101) * Group scenarios and add edge case scenario * Group the scenarios that test o:glob-as-regex. * Add scenario for edge case where input is empty. * For selection, augment XSpec and update XSLT * Add XSpec tests for oscal-profile-resolve-select.xsl, mostly at the level of templates and functions. * Minor enhancements in oscal-profile-resolve-select.xsl: * Add support for with-parent-controls * Generate fatal error if resource cannot be fetched * Provide focused error message if resource has no suitable rlink * Handle missing matching pattern * Fix indentation * Fix scenario that intentionally omits pattern * Rename o:resource-or-warning as o:resource-or-error * Attributes, not elements, for "from" and "to" * Update expected value for 4a3cadf changes in catalog * The abc-full_catalog.xml file has changed, so the "Loose parameters" test scenario needs adjustment. * Reduce redundancy in expected metadata * metadata is copied verbatim, so no need to check details in multiple test scenarios for the match=profile template * Update verbiage to cross-reference with logged discussion pages
For consistency with select.xspec, use XSpec variable instead of entity for the path to the profile resolution examples.
random-util.xsl provides r:make-uuid and r:make-uuid-sequence for creating one or more random UUIDs. The r:make-random-string-sequence function supports more flexible random patterns. Implementations here use the XPath function, random-number-generator. random-util.xspec provides template- and function-level tests for code in random-util.xsl.
Implementing an idea from @wendellpiez: Instead of iterating over a numeric sequence that represents the position of each character in a long string, iterate over the sequence of characters. This change is in the implementation only, not in the function output. I used ad hoc modifications of the label="seq-length=10000" scenario in the XSpec test to check that the original and modified functions produce the same UUID sequence.
…istgov#1175) - Metadata tests and way of determining top UUID - Remove global parameter assign-uuid (note backward incompatibility - is it OK?) - Instead, support global parameters uuid-method and top-uuid, in uuid-method-choice.xsl - Support global parameter hide-source-profile-uri - Stub of opr:oscal-version function - Stub of message handler template, using xsl:message for now - Add XSpec tests - Add table of parameters and clarify testing folder content - Change "home" from global param to global variable; does not need to be set from outside
XSLT - Move some code from oscal-profile-resolve-select.xsl to new file, select-or-custom-merge.xsl, and share it between Selection phase and Merge phase. - Add error checking for multiple structuring directives. - Finish the incomplete support for `insert-controls/@order`. - Fix bug in support for `@with-parent-controls` in Selection phase. XSpec - In select.xspec, add test for order of controls matching imported document, not profile document. Also, add test for `@with-parent-controls` bug fix. - Create merge-combine.xspec for testing combine-elements and mode="o:combine-elements" templates. - Organize tests among merge.xspec, merge-combine.xspec, merge-as-is.xspec, and merge-custom.xspec. - Integrate back-matter testing into template-level tests in merge.xspec and merge-as-is.xspec, and delete merge-back-matter.xspec.
* Added mapping model supporting mapping controls and control statements between two catalogs. * Adjusted relationships based on PR usnistgov#1150 discussions. Added type enumerations. * Included a simple example
Adding the mapping model to the metaschema CI build.
Bumps [ajv-cli](https://github.com/ajv-validator/ajv-cli) from 4.2.0 to 5.0.0. - [Release notes](https://github.com/ajv-validator/ajv-cli/releases) - [Commits](ajv-validator/ajv-cli@v4.2.0...v5.0.0) --- updated-dependencies: - dependency-name: ajv-cli dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 3.0.0 to 4. - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](peter-evans/create-issue-from-file@97e6f90...99b87c3) --- updated-dependencies: - dependency-name: peter-evans/create-issue-from-file dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tgov#1357) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.9.2 to 4.14.1. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@be7095c...49620cd) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tgov#1358) Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.83.1 to 0.101.0. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/goreleaser.yml) - [Commits](gohugoio/hugo@v0.83.1...v0.101.0) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Saxon-HE from 10.6 to 10.8. --- updated-dependencies: - dependency-name: net.sf.saxon:Saxon-HE dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@5b949b5...2fddd88) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.2.5-100 to 1.4.1-100. - [Release notes](https://github.com/ndw/xmlcalabash1/releases) - [Commits](ndw/xmlcalabash1@1.2.5-100...1.4.1-100) --- updated-dependencies: - dependency-name: com.xmlcalabash:xmlcalabash dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…gov#1361) Bumps golang from 1.18.3-bullseye to 1.18.4-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add mapping model to docs collection.
…s and profiles (usnistgov#1380) Addresses usnistgov#1312
* Revised text to address ambiguity around handling `oscal-version` in the generated catalog target based on the versions provided in the imports and source profile. Resolves usnistgov#1272. * Adding swap space to resolve memory issue with Hugo build
…gov#1381) * Profile Resolution spec: updated names of 'remove' directives * Resolves usnistgov#1246. Also repairs a few errors in surrounding copy. * Adding swap space to address Hugo memory exhaustion. Co-authored-by: David Waltermire <[email protected]>
…gov#1577) Bumps golang from 1.19.3-bullseye to 1.19.4-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ops in the OSCAL namespace are properly closed and all link rels are open for extension. (usnistgov#1579)
* Bump xmlcalabash from 1.5.1-100 to 1.5.3-110 in /build Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.5.1-100 to 1.5.3-110. - [Release notes](https://github.com/ndw/xmlcalabash1/releases) - [Commits](ndw/xmlcalabash1@1.5.1-100...1.5.3-110) --- updated-dependencies: - dependency-name: com.xmlcalabash:xmlcalabash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update pom.xml Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David Waltermire <[email protected]>
* Fix Dockerfile multi-stage builds, closes usnistgov#1597. * Add maven.restlet.org workaround. If the TLS cert is bad, it will break local build just like maven building Java deps in GHA. * Fix directory safety for doctor, closes usnistgov#1600. * Somehow, docs/run-server.sh set to non-executable again.
Dependabot couldn't find the original pull request head commit, 6a131ed. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, bac5397. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 794aaad. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 0fc50f7. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 4abee5e. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 1ea8e7a. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…gov#1609) Bumps golang from 1.19.4-bullseye to 1.19.5-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…stgov#1593) Dependabot couldn't find the original pull request head commit, 6e86f78. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](peaceiris/actions-gh-pages@de7ea6f...64b46b4) --- updated-dependencies: - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#1613) Bumps [maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.4.0...maven-dependency-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3.1.1...0b7f8ab) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@8c91899...64ed1c7) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.1 to 3.9.2. - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](peaceiris/actions-gh-pages@64b46b4...bd8c6b0) --- updated-dependencies: - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…stgov#1617) Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.109.0 to 0.110.0. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.toml) - [Commits](gohugoio/hugo@v0.109.0...v0.110.0) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@d556fea...98814c5) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…bmodule-20230131 [WIP] Test out usnistgov/metaschema#253 fix for usnistgov/metaschema#…
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@98814c5...d7906e4) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
labels
Apr 7, 2023
aj-stein-nist
force-pushed
the
develop
branch
from
September 28, 2023 05:13
aed20d4
to
0825b9f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps actions/github-script from 6.4.0 to 6.4.1.
Release notes
Sourced from actions/github-script's releases.
Commits
d7906e4
Merge pull request #363 from mjpieters/auto_debugea954ff
Default debug to current runner debug state57c10d4
Merge pull request #356 from mjpieters/clean_depseae7dc1
Merge branch 'main' into clean_depsf1ab577
Merge pull request #357 from mjpieters/fix_input_handling8d9f8fc
Fix null handling, covered by integration testsa4f398e
Remove unused dependencies806be26
Clean and spruce up the integration tests a bit8d76c9a
Merge pull request #358 from mjpieters/request-log-plugin78f623b
Add@octokit/plugin-request-log
, to produce debug output for requestsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)