build(deps): bump the ci group with 7 updates

[dependabot]

Bumps the ci group with 7 updates:

Package	From	To
mercedesbenzio/detect-action	1	2
actions/cache	3	4
8BitJonny/gh-get-current-pr	2.2.0	3.0.0
thollander/actions-comment-pull-request	2.4.3	2.5.0
release-drafter/release-drafter	5	6
anchore/sbom-action	0.15.11	0.16.0
goreleaser/goreleaser-action	5	6

Updates mercedesbenzio/detect-action from 1 to 2

Release notes

Sourced from mercedesbenzio/detect-action's releases.

v2.0.0

What's Changed

• feat!: update to node 20 by @​tvcsantos in tvcsantos/detect-action#17

Full Changelog: tvcsantos/detect-action@v1.5.0...v2.0.0

v1.5.0

What's Changed

• feat: add support for custom PR comments by @​tvcsantos in tvcsantos/detect-action#16

Full Changelog: tvcsantos/detect-action@v1.4.1...v1.5.0

v1.4.1

What's Changed

• feat: improve tool name on PR comment header by @​tvcsantos in mercedesbenzio/detect-action#13

Full Changelog: tvcsantos/detect-action@v1.4.0...v1.4.1

v1.4.0

What's Changed

• feat: add tool name to PR comment header by @​tvcsantos in mercedesbenzio/detect-action#12

Full Changelog: tvcsantos/detect-action@v1.3.0...v1.4.0

v1.3.0

What's Changed

• feat: add input to control PR comments on success by @​tvcsantos in mercedesbenzio/detect-action#11

Full Changelog: tvcsantos/detect-action@v1.2.0...v1.3.0

v1.2.0

What's Changed

• build: update package version by @​tvcsantos in mercedesbenzio/detect-action#10
• feat: improve debug log level and add fail-if-detect-fails by @​tvcsantos in mercedesbenzio/detect-action#9

Full Changelog: tvcsantos/detect-action@v1.1.0...v1.2.0

v1.1.0

What's Changed

• feat: make detect-version optional by downloading latest by @​tvcsantos in mercedesbenzio/detect-action#8

Full Changelog: tvcsantos/detect-action@v1.0.0...v1.1.0

Changelog

Sourced from mercedesbenzio/detect-action's changelog.

Commits

• 290ca63 fix: fix incompatible package @​actions/artifact (#18)
• c5123b0 feat!: update to node 20 (#17)
• See full diff in compare view

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

• Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

• Added option to fail job on cache miss.

3.2.3

• Support cross os caching on Windows as an opt-in feature.
• Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

... (truncated)

Commits

• 0c45773 Merge pull request #1327 from cdce8p/fix-fail-on-cache-miss
• 8a55f83 Add test case for process exit
• 3884cac Bump version
• e29dad3 Fix fail-on-cache-miss not working
• ab5e6d0 Merge pull request #1341 from bethanyj28/main
• 89c7d86 licensed cache
• d2c84da update @​actions/cache
• 37e7d4e Merge pull request #1340 from actions/bethanyj28/update-publish-flow
• a18323f add release action
• a2ed59d Merge pull request #1305 from actions/yacaovsnc/update_examples
• Additional commits viewable in compare view

Updates 8BitJonny/gh-get-current-pr from 2.2.0 to 3.0.0

Release notes

Sourced from 8BitJonny/gh-get-current-pr's releases.

v3.0.0

• Update to using Node20 (#295)
• docs(readme): correct step id (#261)

🤖 Dependency Updates

• build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#289)
• build(deps-dev): bump eslint from 8.34.0 to 8.45.0 (#288)
• build(deps-dev): bump eslint-plugin-jest from 27.2.1 to 27.2.3 (#286)
• build(deps-dev): bump @​types/node from 18.16.0 to 20.4.4 (#290)
• build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9 (#296)
• build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (#282)
• build(deps-dev): bump prettier from 2.8.1 to 2.8.8 (#251)
• build(deps-dev): bump @​vercel/ncc from 0.36.0 to 0.36.1 (#228)
• build(deps-dev): bump @​types/node from 18.13.0 to 18.16.0 (#252)
• build(deps-dev): bump eslint-plugin-github from 4.6.0 to 4.7.0 (#244)
• build(deps-dev): bump typescript from 4.9.3 to 4.9.5 (#222)
• build(deps-dev): bump @​types/node from 18.11.13 to 18.13.0 (#225)
• build(deps): bump json5 from 1.0.1 to 1.0.2 (#215)
• build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.2.1 (#217)
• build(deps-dev): bump eslint from 8.29.0 to 8.34.0 (#226)
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.1 to 5.52.0 (#227)
• build(deps-dev): bump @​typescript-eslint/parser from 5.45.1 to 5.46.1 (#200)
• build(deps-dev): bump eslint-plugin-github from 4.4.1 to 4.6.0 (#201)
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.0 (#199)
• build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#202)
• build(deps-dev): bump @​types/node from 18.11.11 to 18.11.13 (#203)

Full Changelog: 8BitJonny/gh-get-current-pr@2.2.0...v3.0.0

Contributors: @​8BitJonny, @​dargmuesli, @​dependabot and @​dependabot[bot]

Commits

• 08e737c Merge pull request #295 from 8BitJonny/upgrade-to-node20
• f21b71e (dep): run npm audit fix
• 2fe5f33 (chore): update to node v20 in nvmrc
• 2011959 Merge branch 'master' into upgrade-to-node20
• fda1672 Merge pull request #289 from 8BitJonny/dependabot/npm_and_yarn/word-wrap-1.2.4
• f4fb4f8 Merge pull request #288 from 8BitJonny/dependabot/npm_and_yarn/eslint-8.45.0
• a293d8b Merge pull request #286 from 8BitJonny/dependabot/npm_and_yarn/eslint-plugin-...
• f24508c Merge pull request #290 from 8BitJonny/dependabot/npm_and_yarn/types/node-20.4.4
• f65b5c7 Merge pull request #296 from 8BitJonny/dependabot/npm_and_yarn/babel/traverse...
• 1b34411 build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9
• Additional commits viewable in compare view

Updates thollander/actions-comment-pull-request from 2.4.3 to 2.5.0

Release notes

Sourced from thollander/actions-comment-pull-request's releases.

v2.5.0 : Node 20 version support

What's Changed

• chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 by @​dependabot in thollander/actions-comment-pull-request#304
• feat: node 20 version support by @​thollander in thollander/actions-comment-pull-request#307

Full Changelog: thollander/actions-comment-pull-request@v2.4.3...v2.5.0

Commits

• fabd468 Merge pull request #307 from thollander/feat/node-20
• cb9f4be chore: bump to v2.5.0
• 2f69210 feat: node 20 version support
• 9d67388 chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 (#304)
• 88b3c3f docs: fix wrong indent
• See full diff in compare view

Updates release-drafter/release-drafter from 5 to 6

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

• Update Node.js to 20 (#1379) @​massongit

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

v5.25.0

What's Changed

New

• add prerelease increment behavior (#1303) @​neilime
• add latest input (#1348) @​o-mago

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

What's Changed

New

• Add release version to github action output (#1300) @​mehdihadeli

Bug Fixes

• fix(release): strip prefix before comparing version (#1255) @​neilime

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

What's Changed

New

• Add include-pre-releases configuration option (#1302) @​robbinjanssen

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

What's Changed

New

• Only use last full release when drafting (#1240) @​ssbarnea

... (truncated)

Commits

• 3f0f870 v6.0.0
• 80296b4 Update Node.js to 20 (#1379)
• See full diff in compare view

Updates anchore/sbom-action from 0.15.11 to 0.16.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.16

Changes in v0.16.0

• Update Syft to v1.4.1 (#465)
• Update GitHub artifact client (#463) [kzantow]

NOTE: if you are using this action within a matrix build and see failures attempting to upload artifacts with duplicate names, you will need to set the artifact-name to be unique based on the matrix properties (an example here). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names.

Commits

• e8d2a69 chore(deps): update Syft to v1.4.1 (#465)
• 610bea4 chore: update GitHub artifact client (#463)
• 0445e23 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#464)
• a66e2f3 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#461)
• 1abd786 chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 (#462)
• See full diff in compare view

Updates goreleaser/goreleaser-action from 5 to 6

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.0.0

[!WARNING] This is a breaking change!

Follow the instructions here to upgrade!

What's Changed

• feat!: use "~> v2" as default by @​caarlos0 in goreleaser/goreleaser-action#463

Full Changelog: goreleaser/goreleaser-action@v5...v6.0.0

v5.1.0

Important

This version changes the default behavior of latest to ~> v1.

The next major of this action (v6), will change this to ~> v2, and will be launched together with GoReleaser v2.

What's Changed

• docs: bump actions to latest major by @​crazy-max in goreleaser/goreleaser-action#435
• chore(deps): bump docker/bake-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#436
• chore(deps): bump codecov/codecov-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#437
• chore(deps): bump actions/setup-go from 4 to 5 by @​dependabot in goreleaser/goreleaser-action#443
• chore(deps): bump actions/upload-artifact from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#444
• Delete .kodiak.toml by @​vedantmgoyal9 in goreleaser/goreleaser-action#446
• chore(deps): bump codecov/codecov-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#448
• chore(deps): bump ip from 2.0.0 to 2.0.1 by @​dependabot in goreleaser/goreleaser-action#450
• Upgrade setup-go action version in README by @​kishaningithub in goreleaser/goreleaser-action#455
• chore(deps): bump tar from 6.1.14 to 6.2.1 by @​dependabot in goreleaser/goreleaser-action#456
• chore: use corepack to install yarn by @​crazy-max in goreleaser/goreleaser-action#458
• feat: lock this major version of the action to use '~> v1' as 'latest' by @​caarlos0 in goreleaser/goreleaser-action#461
• chore(deps): bump semver from 7.6.0 to 7.6.2 by @​dependabot in goreleaser/goreleaser-action#462
• chore(deps): bump @​actions/http-client from 2.2.0 to 2.2.1 by @​dependabot in goreleaser/goreleaser-action#451

New Contributors

• @​vedantmgoyal9 made their first contribution in goreleaser/goreleaser-action#446

Full Changelog: goreleaser/goreleaser-action@v5.0.0...v5.1.0

Commits

• 286f3b1 ci: fix tests
• beac410 ci: update workflow and .goreleaser.yml
• 18bbabc feat!: use "~> v2" as default (#463)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/mpas-product-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
LICENSE RISK HIGH	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI