build(deps): bump the ci group with 7 updates

[dependabot]

Bumps the ci group with 7 updates:

Package	From	To
mercedesbenzio/detect-action	1	2
actions/cache	3	4
helm/kind-action	1.8.0	1.9.0
yokawasa/action-setup-kube-tools	0.9.3	0.11.1
slackapi/slack-github-action	1.24.0	1.25.0
8BitJonny/gh-get-current-pr	2.2.0	3.0.0
thollander/actions-comment-pull-request	2.4.3	2.5.0

Updates mercedesbenzio/detect-action from 1 to 2

Release notes

Sourced from mercedesbenzio/detect-action's releases.

v2.0.0

What's Changed

• feat!: update to node 20 by @​tvcsantos in tvcsantos/detect-action#17

Full Changelog: tvcsantos/detect-action@v1.5.0...v2.0.0

v1.5.0

What's Changed

• feat: add support for custom PR comments by @​tvcsantos in tvcsantos/detect-action#16

Full Changelog: tvcsantos/detect-action@v1.4.1...v1.5.0

v1.4.1

What's Changed

• feat: improve tool name on PR comment header by @​tvcsantos in mercedesbenzio/detect-action#13

Full Changelog: tvcsantos/detect-action@v1.4.0...v1.4.1

v1.4.0

What's Changed

• feat: add tool name to PR comment header by @​tvcsantos in mercedesbenzio/detect-action#12

Full Changelog: tvcsantos/detect-action@v1.3.0...v1.4.0

v1.3.0

What's Changed

• feat: add input to control PR comments on success by @​tvcsantos in mercedesbenzio/detect-action#11

Full Changelog: tvcsantos/detect-action@v1.2.0...v1.3.0

v1.2.0

What's Changed

• build: update package version by @​tvcsantos in mercedesbenzio/detect-action#10
• feat: improve debug log level and add fail-if-detect-fails by @​tvcsantos in mercedesbenzio/detect-action#9

Full Changelog: tvcsantos/detect-action@v1.1.0...v1.2.0

v1.1.0

What's Changed

• feat: make detect-version optional by downloading latest by @​tvcsantos in mercedesbenzio/detect-action#8

Full Changelog: tvcsantos/detect-action@v1.0.0...v1.1.0

Changelog

Sourced from mercedesbenzio/detect-action's changelog.

Commits

• 290ca63 fix: fix incompatible package @​actions/artifact (#18)
• c5123b0 feat!: update to node 20 (#17)
• See full diff in compare view

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

• Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

• Added option to fail job on cache miss.

3.2.3

• Support cross os caching on Windows as an opt-in feature.
• Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

... (truncated)

Commits

• 0c45773 Merge pull request #1327 from cdce8p/fix-fail-on-cache-miss
• 8a55f83 Add test case for process exit
• 3884cac Bump version
• e29dad3 Fix fail-on-cache-miss not working
• ab5e6d0 Merge pull request #1341 from bethanyj28/main
• 89c7d86 licensed cache
• d2c84da update @​actions/cache
• 37e7d4e Merge pull request #1340 from actions/bethanyj28/update-publish-flow
• a18323f add release action
• a2ed59d Merge pull request #1305 from actions/yacaovsnc/update_examples
• Additional commits viewable in compare view

Updates helm/kind-action from 1.8.0 to 1.9.0

Release notes

Sourced from helm/kind-action's releases.

v1.9.0

What's Changed

• Bump actions/checkout from 3.3.0 to 3.5.3 by @​dependabot in helm/kind-action#90
• Bump actions/checkout from 3.5.3 to 3.6.0 by @​dependabot in helm/kind-action#96
• Bump actions/checkout from 3.6.0 to 4.0.0 by @​dependabot in helm/kind-action#97
• Bump actions/checkout from 4.0.0 to 4.1.0 by @​dependabot in helm/kind-action#98
• Bump actions/checkout from 4.1.0 to 4.1.1 by @​dependabot in helm/kind-action#99
• chore: Bump node version to node20 by @​sayboras in helm/kind-action#102
• Fix arch detection in non-Debian distros by @​musse in helm/kind-action#93
• docs: fix default version in action.yml by @​dunglas in helm/kind-action#91
• docs: bump outdated action version in README by @​dunglas in helm/kind-action#92

New Contributors

• @​musse made their first contribution in helm/kind-action#93
• @​dunglas made their first contribution in helm/kind-action#91

Full Changelog: helm/kind-action@v1.8.0...v1.9.0

Commits

• 99576bf docs: bump outdated action version in README (#92)
• 0ca85d0 docs: fix default version in action.yml (#91)
• fc8d4ed Fix arch detection in non-Debian distros (#93)
• 4be822c chore: Bump node version to node20 (#102)
• 100421e Bump actions/checkout from 4.1.0 to 4.1.1 (#99)
• 5adb538 Bump actions/checkout from 4.0.0 to 4.1.0 (#98)
• 49375a6 Bump actions/checkout from 3.6.0 to 4.0.0 (#97)
• 2d498b1 Bump actions/checkout from 3.5.3 to 3.6.0 (#96)
• 77db130 Bump actions/checkout from 3.3.0 to 3.5.3 (#90)
• See full diff in compare view

Updates yokawasa/action-setup-kube-tools from 0.9.3 to 0.11.1

Release notes

Sourced from yokawasa/action-setup-kube-tools's releases.

v0.11.1

What's Changed

• updated sample tool versions in README by @​yokawasa in yokawasa/action-setup-kube-tools#55
• Bump undici from 5.28.3 to 5.28.4 by @​dependabot in yokawasa/action-setup-kube-tools#56
• Release v0.11.1 by @​yokawasa in yokawasa/action-setup-kube-tools#57

Full Changelog: yokawasa/action-setup-kube-tools@v0.11.0...v0.11.1

v0.11.0

What's Changed

• Support arch-type by @​yokawasa in yokawasa/action-setup-kube-tools#53
• release v0.11.0 by @​yokawasa in yokawasa/action-setup-kube-tools#54

Full Changelog: yokawasa/action-setup-kube-tools@v0.10.0...v0.11.0

v0.10.0

What's Changed

• node 20 by @​till in yokawasa/action-setup-kube-tools#49
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in yokawasa/action-setup-kube-tools#45
• Bump undici from 5.19.1 to 5.26.3 by @​dependabot in yokawasa/action-setup-kube-tools#46
• Bump undici from 5.26.3 to 5.28.3 by @​dependabot in yokawasa/action-setup-kube-tools#50
• Bump @​babel/traverse from 7.7.4 to 7.23.9 by @​dependabot in yokawasa/action-setup-kube-tools#51
• fix readme and add dependencies for v0.10.0 release by @​yokawasa in yokawasa/action-setup-kube-tools#52

New Contributors

• @​till made their first contribution in yokawasa/action-setup-kube-tools#49

Full Changelog: yokawasa/action-setup-kube-tools@v0.9.3...v0.10.0

Commits

• 5fe3850 Merge pull request #57 from yokawasa/release-v0.11.1
• 31ec3e1 update README, remove CHANGELOG
• 714d1f0 Merge pull request #56 from yokawasa/dependabot/npm_and_yarn/undici-5.28.4
• ad566aa Bump undici from 5.28.3 to 5.28.4
• 448b9bd Merge pull request #55 from yokawasa/update-readme
• 06c35f4 updated sample tool versions
• dc0754a Merge pull request #54 from yokawasa/release-v0.11.0
• 953eee8 release v0.11.0
• 2e3262f Merge pull request #53 from yokawasa/add-arch-type
• e651ff0 fix test
• Additional commits viewable in compare view

Updates slackapi/slack-github-action from 1.24.0 to 1.25.0

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send V1.25.0

What's Changed

• Update payload integration test to escape invalid characters by @​hello-ashleyintech in slackapi/slack-github-action#207
• #204: Handle proxies when using Slack WebClient by @​raihle in slackapi/slack-github-action#205
• README: clarify limitations to workflow builder approach by @​ryan-williams in slackapi/slack-github-action#228
• Add instructions for developing with a local version of the action by @​zimeg in slackapi/slack-github-action#250
• Pass secrets to approved workflow jobs by @​zimeg in slackapi/slack-github-action#258
• build(node): bump the runtime version to node 20 by @​zimeg in slackapi/slack-github-action#267
• ci(security): require access checks to pass before running unit tests by @​zimeg in slackapi/slack-github-action#279
• ci(security): check for pull_request_target events in the access check by @​zimeg in slackapi/slack-github-action#282

New Contributors

• @​raihle made their first contribution in slackapi/slack-github-action#205
• @​ryan-williams made their first contribution in slackapi/slack-github-action#228
• @​zimeg made their first contribution in slackapi/slack-github-action#250

Full Changelog: slackapi/slack-github-action@v1.24.0...v1.25.0

Commits

• 6c661ce Automatic compilation
• 2a8087d v1.25.0
• a678e58 ci(security): check for pull_request_target events in the access check (#282)
• 84a8f7d ci(security): require access checks to pass before running unit tests (#279)
• f6aff2f Bump eslint from 8.54.0 to 8.56.0 (#275)
• 372e934 Bump eslint-plugin-import from 2.29.0 to 2.29.1 (#274)
• bac28df Bump @​slack/web-api from 6.9.1 to 6.11.1 (#277)
• 0474a45 Unit tests in GitHub CI should test the PR/branch (#276)
• 34ae0b4 Bump @​actions/github from 5.1.1 to 6.0.0 (#265)
• e7f3840 Bump whatwg-url from 13.0.0 to 14.0.0 (#263)
• Additional commits viewable in compare view

Updates 8BitJonny/gh-get-current-pr from 2.2.0 to 3.0.0

Release notes

Sourced from 8BitJonny/gh-get-current-pr's releases.

v3.0.0

• Update to using Node20 (#295)
• docs(readme): correct step id (#261)

🤖 Dependency Updates

• build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#289)
• build(deps-dev): bump eslint from 8.34.0 to 8.45.0 (#288)
• build(deps-dev): bump eslint-plugin-jest from 27.2.1 to 27.2.3 (#286)
• build(deps-dev): bump @​types/node from 18.16.0 to 20.4.4 (#290)
• build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9 (#296)
• build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (#282)
• build(deps-dev): bump prettier from 2.8.1 to 2.8.8 (#251)
• build(deps-dev): bump @​vercel/ncc from 0.36.0 to 0.36.1 (#228)
• build(deps-dev): bump @​types/node from 18.13.0 to 18.16.0 (#252)
• build(deps-dev): bump eslint-plugin-github from 4.6.0 to 4.7.0 (#244)
• build(deps-dev): bump typescript from 4.9.3 to 4.9.5 (#222)
• build(deps-dev): bump @​types/node from 18.11.13 to 18.13.0 (#225)
• build(deps): bump json5 from 1.0.1 to 1.0.2 (#215)
• build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.2.1 (#217)
• build(deps-dev): bump eslint from 8.29.0 to 8.34.0 (#226)
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.1 to 5.52.0 (#227)
• build(deps-dev): bump @​typescript-eslint/parser from 5.45.1 to 5.46.1 (#200)
• build(deps-dev): bump eslint-plugin-github from 4.4.1 to 4.6.0 (#201)
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.0 (#199)
• build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#202)
• build(deps-dev): bump @​types/node from 18.11.11 to 18.11.13 (#203)

Full Changelog: 8BitJonny/gh-get-current-pr@2.2.0...v3.0.0

Contributors: @​8BitJonny, @​dargmuesli, @​dependabot and @​dependabot[bot]

Commits

• 08e737c Merge pull request #295 from 8BitJonny/upgrade-to-node20
• f21b71e (dep): run npm audit fix
• 2fe5f33 (chore): update to node v20 in nvmrc
• 2011959 Merge branch 'master' into upgrade-to-node20
• fda1672 Merge pull request #289 from 8BitJonny/dependabot/npm_and_yarn/word-wrap-1.2.4
• f4fb4f8 Merge pull request #288 from 8BitJonny/dependabot/npm_and_yarn/eslint-8.45.0
• a293d8b Merge pull request #286 from 8BitJonny/dependabot/npm_and_yarn/eslint-plugin-...
• f24508c Merge pull request #290 from 8BitJonny/dependabot/npm_and_yarn/types/node-20.4.4
• f65b5c7 Merge pull request #296 from 8BitJonny/dependabot/npm_and_yarn/babel/traverse...
• 1b34411 build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9
• Additional commits viewable in compare view

Updates thollander/actions-comment-pull-request from 2.4.3 to 2.5.0

Release notes

Sourced from thollander/actions-comment-pull-request's releases.

v2.5.0 : Node 20 version support

What's Changed

• chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 by @​dependabot in thollander/actions-comment-pull-request#304
• feat: node 20 version support by @​thollander in thollander/actions-comment-pull-request#307

Full Changelog: thollander/actions-comment-pull-request@v2.4.3...v2.5.0

Commits

• fabd468 Merge pull request #307 from thollander/feat/node-20
• cb9f4be chore: bump to v2.5.0
• 2f69210 feat: node 20 version support
• 9d67388 chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 (#304)
• 88b3c3f docs: fix wrong indent
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/MPAS

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.