Update github-actions deps #5796

renovate-bot · 2024-08-01T00:25:51Z

This PR contains the following updates:

Package	Type	Update	Change
docker/setup-qemu-action	action	minor	`v3.1.0` -> `v3.2.0`
ossf/scorecard-action	action	minor	`v2.3.3` -> `v2.4.0`
step-security/harden-runner	action	minor	`v2.8.1` -> `v2.9.0`

Release Notes

docker/setup-qemu-action (docker/setup-qemu-action)

`v3.2.0`

Compare Source

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in https://github.com/docker/setup-qemu-action/pull/154 https://github.com/docker/setup-qemu-action/pull/155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

ossf/scorecard-action (ossf/scorecard-action)

`v2.4.0`

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
🐛 lower license sarif alert threshold to 9 by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

docs: dogfooding badge by @jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

@jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

step-security/harden-runner (step-security/harden-runner)

`v2.9.0`

Compare Source

What's Changed

Release v2.9.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
README Update:
A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
Dependency Update:
Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

Configuration

📅 Schedule: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: Mend Renovate <[email protected]>

codecov · 2024-08-01T00:32:15Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.65%. Comparing base (8afda31) to head (610d2db).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5796      +/-   ##
==========================================
- Coverage   96.66%   96.65%   -0.02%     
==========================================
  Files         342      342              
  Lines       16520    16520              
==========================================
- Hits        15969    15967       -2     
- Misses        362      363       +1     
- Partials      189      190       +1

Flag	Coverage Δ
badger_v1	`8.05% <ø> (ø)`
badger_v2	`1.81% <ø> (ø)`
cassandra-3.x-v1	`16.61% <ø> (ø)`
cassandra-3.x-v2	`1.74% <ø> (ø)`
cassandra-4.x-v1	`16.61% <ø> (ø)`
cassandra-4.x-v2	`1.74% <ø> (ø)`
elasticsearch-6.x-v1	`18.78% <ø> (ø)`
elasticsearch-7.x-v1	`18.83% <ø> (ø)`
elasticsearch-8.x-v1	`19.03% <ø> (ø)`
elasticsearch-8.x-v2	`1.81% <ø> (ø)`
grpc_v1	`9.51% <ø> (-0.02%)`	⬇️
grpc_v2	`7.14% <ø> (ø)`
kafka-v1	`9.74% <ø> (ø)`
kafka-v2	`1.80% <ø> (-0.02%)`	⬇️
memory_v2	`1.81% <ø> (ø)`
opensearch-1.x-v1	`18.89% <ø> (ø)`
opensearch-2.x-v1	`18.88% <ø> (-0.02%)`	⬇️
opensearch-2.x-v2	`1.81% <ø> (ø)`
unittests	`95.07% <ø> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://togithub.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://togithub.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [https://github.com/docker/setup-qemu-action/pull/154](https://togithub.com/docker/setup-qemu-action/pull/154) [https://github.com/docker/setup-qemu-action/pull/155](https://togithub.com/docker/setup-qemu-action/pull/155) **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410) - 🐛 lower license sarif alert threshold to 9 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@jkowalleck](https://togithub.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@jkowalleck](https://togithub.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger).  Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Jared Tan <[email protected]>

Update github-actions deps

610d2db

Signed-off-by: Mend Renovate <[email protected]>

renovate-bot requested a review from a team as a code owner August 1, 2024 00:25

forking-renovate bot added the changelog:dependencies Update to dependencies label Aug 1, 2024

renovate-bot requested a review from yurishkuro August 1, 2024 00:25

yurishkuro approved these changes Aug 1, 2024

View reviewed changes

yurishkuro merged commit e543c3e into jaegertracing:main Aug 1, 2024
46 checks passed

renovate-bot deleted the renovate/github-actions-deps branch August 1, 2024 15:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update github-actions deps #5796

Update github-actions deps #5796

renovate-bot commented Aug 1, 2024

codecov bot commented Aug 1, 2024 •

edited

Loading

Update github-actions deps #5796

Update github-actions deps #5796

Conversation

renovate-bot commented Aug 1, 2024

Release Notes

v3.2.0

v2.4.0

What's Changed

Documentation

New Contributors

v2.9.0

What's Changed

Configuration

codecov bot commented Aug 1, 2024 • edited Loading

Codecov Report

`v3.2.0`

`v2.4.0`

`v2.9.0`

codecov bot commented Aug 1, 2024 •

edited

Loading