Bump eslint from 8.53.0 to 8.56.0 #640

dependabot · 2023-12-18T01:29:57Z

Bumps eslint from 8.53.0 to 8.56.0.

Release notes

v8.56.0

Features

0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)

31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

Bug Fixes

7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)

74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

Documentation

9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)

3a22236 docs: Update README (GitHub Actions Bot)

54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)

4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)

fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)

48ed5a6 docs: Update README (GitHub Actions Bot)

Chores

ba6af85 chore: upgrade @eslint/js@8.56.0 (#17864) (Milos Djermanovic)

60a531a chore: package.json update for @eslint/js release (Jenkins)

ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])

9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)

70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)

f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)

905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)

4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)

fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)

v8.55.0

Features

8c9e6c1 feat: importNamePattern option in no-restricted-imports (#17721) (Tanuj Kanti)

Documentation

83ece2a docs: fix typo --rules -> --rule (#17806) (OKURA Masafumi)

fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta)

a6d9442 docs: fix correct/incorrect examples of rules (#17789) (Tanuj Kanti)

383e999 docs: update and fix examples for no-unused-vars (#17788) (Tanuj Kanti)

5a8efd5 docs: add specific stylistic rule for each deprecated rule (#17778) (Etienne)

Chores

eb8950c chore: upgrade @eslint/js@8.55.0 (#17811) (Milos Djermanovic)

93df384 chore: package.json update for @eslint/js release (Jenkins)

fe4b954 chore: upgrade @eslint/eslintrc@2.1.4 (#17799) (Milos Djermanovic)

bd8911d ci: pin Node.js 21.2.0 (#17809) (Milos Djermanovic)

b29a16b chore: fix several cli tests to run in the intended flat config mode (#17797) (Milos Djermanovic)

de165c1 chore: remove unused config-extends fixtures (#17781) (Milos Djermanovic)

d4304b8 chore: remove formatting/stylistic rules from new rule templates (#17780) (Francesco Trotta)

21024fe chore: check rule examples for syntax errors (#17718) (Francesco Trotta)

v8.54.0

... (truncated)

Changelog

Sourced from eslint's changelog.

v8.56.0 - December 15, 2023

ba6af85 chore: upgrade @eslint/js@8.56.0 (#17864) (Milos Djermanovic)

60a531a chore: package.json update for @eslint/js release (Jenkins)

0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)

31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])

7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)

9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)

70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)

9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)

f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)

905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)

4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)

3a22236 docs: Update README (GitHub Actions Bot)

54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)

4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)

fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)

fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)

48ed5a6 docs: Update README (GitHub Actions Bot)

74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

v8.55.0 - December 1, 2023

eb8950c chore: upgrade @eslint/js@8.55.0 (#17811) (Milos Djermanovic)

93df384 chore: package.json update for @eslint/js release (Jenkins)

fe4b954 chore: upgrade @eslint/eslintrc@2.1.4 (#17799) (Milos Djermanovic)

8c9e6c1 feat: importNamePattern option in no-restricted-imports (#17721) (Tanuj Kanti)

83ece2a docs: fix typo --rules -> --rule (#17806) (OKURA Masafumi)

bd8911d ci: pin Node.js 21.2.0 (#17809) (Milos Djermanovic)

b29a16b chore: fix several cli tests to run in the intended flat config mode (#17797) (Milos Djermanovic)

fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta)

a6d9442 docs: fix correct/incorrect examples of rules (#17789) (Tanuj Kanti)

383e999 docs: update and fix examples for no-unused-vars (#17788) (Tanuj Kanti)

5a8efd5 docs: add specific stylistic rule for each deprecated rule (#17778) (Etienne)

de165c1 chore: remove unused config-extends fixtures (#17781) (Milos Djermanovic)

d4304b8 chore: remove formatting/stylistic rules from new rule templates (#17780) (Francesco Trotta)

21024fe chore: check rule examples for syntax errors (#17718) (Francesco Trotta)

v8.54.0 - November 17, 2023

d644de9 chore: upgrade @eslint/js@8.54.0 (#17773) (Milos Djermanovic)

1e6e314 chore: package.json update for @eslint/js release (Jenkins)

98926e6 fix: Ensure that extra data is not accidentally stored in the cache file (#17760) (Milos Djermanovic)

a7a883b feat: for-direction rule add check for condition in reverse order (#17755) (Angelo Annunziata)

1452dc9 feat: Add suggestions to no-console (#17680) (Joel Mathew Koshy)

6fb8805 chore: Fixed grammar in issue_templates/rule_change (#17770) (Joel Mathew Koshy)

becfdd3 docs: Make clear when rules are removed (#17728) (Nicholas C. Zakas)

e8cf9f6 fix: Make dark scroll bar in dark theme (#17753) (Pavel)

85db724 chore: upgrade markdownlint to 0.31.1 (#17754) (Nitin Kumar)

... (truncated)

Commits

8e8e9f8 8.56.0
085978b Build: changelog update for 8.56.0
ba6af85 chore: upgrade @eslint/js@8.56.0 (#17864)
60a531a chore: package.json update for @eslint/js release
0dd9704 feat: Support custom severity when reporting unused disable directives (#17212)
31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818)
ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783)
7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846)
9271d10 chore: add GitHub issue template for docs issues (#17845)
70a686b chore: Convert rule tests to FlatRuleTester (#17819)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [eslint](https://github.com/eslint/eslint) from 8.53.0 to 8.56.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.53.0...v8.56.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | major | `v3.1.4` -> `v4.0.0` | --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@takost](https://togithub.com/takost) in [actions/dependency-review-action#639 - Dependabot updates, see the full changelog for more details. #### New Contributors - [@takost](https://togithub.com/takost) made their first contribution in [actions/dependency-review-action#639 **Full Changelog**: actions/dependency-review-action@v3.1.5...v4.0.0 ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@hmaurer](https://togithub.com/hmaurer) in [actions/dependency-review-action#649 - Update dependencies: - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#630 - Bump prettier from 3.0.3 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#629 - Bump [@types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#637 - Bump nodemon from 3.0.1 to 3.0.2 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#636 - Replace pip -> pypi in PURL examples by [@febuiles](https://togithub.com/febuiles) in [actions/dependency-review-action#638 - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#644 - Bump eslint from 8.53.0 to 8.56.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#640 - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#645 - Bump prettier from 3.1.0 to 3.1.1 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#646 **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/xmldom/xmldom).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | major | `v2.5.1` -> `v4.1.3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3) Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see [actions/dependency-review-action#697). **Full Changelog**: actions/dependency-review-action@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.2): 4.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2) #### What's Changed - Expose dependency comment content by [@jsoref](https://togithub.com/jsoref) in [actions/dependency-review-action#696 **Full Changelog**: actions/dependency-review-action@v4.1.1...v4.1.2 ### [`v4.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.1): 4.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1) #### What's Changed - Bump `undici` to fix [GHSA-wqq4-5wpv-mx2g](https://togithub.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g) - Bump [@types/node](https://togithub.com/types/node) from 20.11.17 to 20.11.19 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#693 **Full Changelog**: actions/dependency-review-action@v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.0): 4.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0) #### What's Changed - Add `warn-only` by [@tgrall](https://togithub.com/tgrall) in [actions/dependency-review-action#432 Added a new configuration option (`warn-only`, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log. - Create stale.yaml by [@jonjanego](https://togithub.com/jonjanego) in [actions/dependency-review-action#671 - Use manual codeql config by [@juxtin](https://togithub.com/juxtin) in [actions/dependency-review-action#678 - Multiple dependency updates (see the changelog below for more information) #### New Contributors - [@jonjanego](https://togithub.com/jonjanego) made their first contribution in [actions/dependency-review-action#671 - [@tgrall](https://togithub.com/tgrall) made their first contribution in [actions/dependency-review-action#432 **Full Changelog**: actions/dependency-review-action@v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@takost](https://togithub.com/takost) in [actions/dependency-review-action#639 - Dependabot updates, see the full changelog for more details. #### New Contributors - [@takost](https://togithub.com/takost) made their first contribution in [actions/dependency-review-action#639 **Full Changelog**: actions/dependency-review-action@v3.1.5...v4.0.0 ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@hmaurer](https://togithub.com/hmaurer) in [actions/dependency-review-action#649 - Update dependencies: - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#630 - Bump prettier from 3.0.3 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#629 - Bump [@types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#637 - Bump nodemon from 3.0.1 to 3.0.2 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#636 - Replace pip -> pypi in PURL examples by [@febuiles](https://togithub.com/febuiles) in [actions/dependency-review-action#638 - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#644 - Bump eslint from 8.53.0 to 8.56.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#640 - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#645 - Bump prettier from 3.1.0 to 3.1.1 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#646 **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [actions/dependency-review-action#623. - Updates dependencies: - Bump [@types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#619 action/pull/620 - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#625 - Bump typescript from 5.2.2 to 5.3.2 by [@dependabot](https://togithub.com/dependabot) in [actions/dependency-review-action#624 **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@theztefan](https://togithub.com/theztefan) in [actions/dependency-review-action#617 **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@febuiles](https://togithub.com/febuiles) in [actions/dependency-review-action#611 **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 ### [`v3.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.0): 3.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.8...v3.1.0) #### What's New Added support for dependencies submitted through the [dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together). This includes two new configuration parameters: `retry-on-snapshot-warnings` and `retry-on-snapshot-warnings-timeout`. #### What's Changed - Fix(docs): Correct action input name by [@oerd](https://togithub.com/oerd) in [actions/dependency-review-action#551 #### New Contributors - [@oerd](https://togithub.com/oerd) made their first contribution in [actions/dependency-review-action#551 **Full Changelog**: actions/dependency-review-action@v3...v3.1.0 ### [`v3.0.8`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.8): 3.0.8 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.7...v3.0.8) #### What's Changed Added `on-failure` option to `comment-summary-in-pr` setting by [@sgmurphy](https://togithub.com/sgmurphy) in [actions/dependency-review-action#540 Previous configuration files using `true`/`false` for `comment-summary-in-pr` will be mapped automatically to the new values, but we encourage you to update to `always`/`on-failure`/`never`. #### New Contributors - [@sgmurphy](https://togithub.com/sgmurphy) made their first contribution in [actions/dependency-review-action#540 **Full Changelog**: actions/dependency-review-action@v3...v3.0.8 ### [`v3.0.7`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.7): 3.0.7 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.6...v3.0.7) #### What's Changed - Make GHES support / setup more clear by [@rajbos](https://togithub.com/rajbos) in [actions/dependency-review-action#534 - Add an option to deny packages or groups of packages by [@adrienpessu](https://togithub.com/adrienpessu) in [actions/dependency-review-action#544 #### New Contributors - [@rajbos](https://togithub.com/rajbos) made their first contribution in [actions/dependency-review-action#534 - [@adrienpessu](https://togithub.com/adrienpessu) made their first contribution in [actions/dependency-review-action#544 **Full Changelog**: actions/dependency-review-action@v3...v3.0.7 ### [`v3.0.6`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.6): 3.0.6 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.5...v3.0.6) Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty `package_url`. ### [`v3.0.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.5): 3.0.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.4...v3.0.5) #### What's Changed Thanks to [@theztefan](https://togithub.com/theztefan), we now have a new `allow-dependencies-licenses` option that takes a list of dependencies that will be excluded from license checks. See the [configuration options](https://togithub.com/actions/dependency-review-action#configuration-options) for more information on how to use it. - Exclude dependencies from license checks by [@theztefan](https://togithub.com/theztefan) in [actions/dependency-review-action#423 - Documentation examples by [@theztefan](https://togithub.com/theztefan) in [actions/dependency-review-action#423 - Show snapshot warnings in the summary by [@juxtin](https://togithub.com/juxtin) in [actions/dependency-review-action#439 - Fix default values for fail-on-severity by [@febuiles](https://togithub.com/febuiles) in [actions/dependency-review-action#451 - Updated dependencies. #### New Contributors - [@juxtin](https://togithub.com/juxtin) made their first contribution in [actions/dependency-review-action#439 - [@theztefan](https://togithub.com/theztefan) made their first contribution in [actions/dependency-review-action#423 **Full Changelog**: actions/dependency-review-action@v3...v3.0.5 ### [`v3.0.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.4): 3.0.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.3...v3.0.4) #### What's New? The Action can now publish a comment in the pull request if the `comment-summary-in-pr` option is set. More information can be found in the [README](https://togithub.com/actions/dependency-review-action#configuration-options). #### New Contributors - [@davelosert](https://togithub.com/davelosert) made their first contribution in [actions/dependency-review-action#393 #### Changelog - Write Summary as comment to the pull request by [@davelosert](https://togithub.com/davelosert) in [actions/dependency-review-action#393 - Adjust summary format by [@davelosert](https://togithub.com/davelosert) in [actions/dependency-review-action#416 - Security updates. **Full Changelog**: actions/dependency-review-action@v3...v3.0.4 ### [`v3.0.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.3): 3.0.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.2...v3.0.3) #### What's Changed - Use cache in check-dist.yml by [@jongwooo](https://togithub.com/jongwooo) in [actions/dependency-review-action#359 - Fix Dependency Review API response error handling by [@felickz](https://togithub.com/felickz) in [actions/dependency-review-action#370 - Security updates #### New Contributors - [@jongwooo](https://togithub.com/jongwooo) made their first contribution in [actions/dependency-review-action#359 - [@felickz](https://togithub.com/felickz) made their first contribution in [actions/dependency-review-action#370 **Full Changelog**: actions/dependency-review-action@v3...v3.0.3 ### [`v3.0.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.2): 3.0.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.1...v3.0.2) This release fixes spelling errors [actions/dependency-review-action#348 and upgrades dependencies to fix known vulnerabilities **Full Changelog**: actions/dependency-review-action@v3...v3.0.2 ### [`v3.0.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.1): 3.0.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.0...v3.0.1) This release contains the following bugfixes: - Fixing API URL for GHES: [actions/dependency-review-action#331 - Improve list handling for external config files: [actions/dependency-review-action#330 **Full Changelog**: actions/dependency-review-action@v3...v3.0.1 ### [`v3.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.0): 3.0.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v2.5.1...v3.0.0) #### Breaking Changes By default the action now expects [SPDX-compliant licenses](https://spdx.org/licenses/) everywhere. If you were previously using license names in the allow or deny lists make sure they're valid! #### What's Changed ##### Support for external configuration files You can now specify a [configuration file external to your repository](https://togithub.com/actions/dependency-review-action/#configuration-file). This allows organizations to have a single configuration file for all their repos. ##### Broader license support We've added support for a much broader set of project licenses by using GitHub's [Licenses API](https://docs.github.com/en/rest/licenses). ##### SPDX Compliance All of our license-related code now expects [SPDX-compliant licenses or expressions](https://spdx.org/licenses/). This allows us to standardize on a license naming scheme that already supports `OR`/`AND` expressions. ##### Disable individual checks You can now use the boolean options `license-check` and `vulnerability-check` to disable either one of the checks. More information in [our configuration options](https://togithub.com/actions/dependency-review-action/#configuration-options). #### Thanks Contributors for this release include: - [@cnagadya](https://togithub.com/cnagadya) - [@courtneycl](https://togithub.com/courtneycl) - [@ericcornelissen](https://togithub.com/ericcornelissen) - [@elireisman](https://togithub.com/elireisman) - [@hmaurer](https://togithub.com/hmaurer) Thanks everyone! **Full Changelog**: actions/dependency-review-action@v2...v3.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3.6.0` -> `v4.1.1` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | major | `v2.5.1` -> `v4.2.5` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | minor | `v4.0.0` -> `v4.3.1` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.3.3` -> `v0.3.9` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | patch | `v0.3.3` -> `v0.3.9` | | [defenseunicorns/uds-common-tasks](https://togithub.com/defenseunicorns/uds-common-tasks) | | patch | `v0.3.3` -> `v0.3.9` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.29.1` -> `v0.32.6` | | [docker/login-action](https://togithub.com/docker/login-action) | action | digest | `343f7c4` -> `e92390c` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.22.12` -> `v3.24.9` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | major | `v2.24.5` -> `v3.24.9` | | [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint) | repository | minor | `v1.55.2` -> `v1.57.2` | | [google-github-actions/release-please-action](https://togithub.com/google-github-actions/release-please-action) | action | minor | `v4.0.2` -> `v4.1.0` | | [python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema) | repository | minor | `0.27.4` -> `0.28.0` | | [renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks) | repository | minor | `37.165.5` -> `37.275.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://togithub.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@joshmgross](https://togithub.com/joshmgross) in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - Correct link to GitHub Docs by [@peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ##### New Contributors - [@joshmgross](https://togithub.com/joshmgross) made their first contribution in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - [@peterbe](https://togithub.com/peterbe) made their first contribution in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) ### [`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.2.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.5): 4.2.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5) #### What's Changed - Fixed a bug where some configuration options in external files were not being properly picked up -- [https://github.com/actions/dependency-review-action/pull/722](https://togithub.com/actions/dependency-review-action/pull/722) - Bump eslint from 8.56.0 to 8.57.0 **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5 ### [`v4.2.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.4) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4) #### What's Changed Fixed a bug in the output of OpenSSF cards for GitHub Actions. #### New Contributors - [@sporkmonger](https://togithub.com/sporkmonger) made their first contribution in [https://github.com/actions/dependency-review-action/pull/721](https://togithub.com/actions/dependency-review-action/pull/721) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4 ### [`v4.2.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.3): 4.2.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3) #### What's Changed - Set comment as output by [@jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/698](https://togithub.com/actions/dependency-review-action/pull/698) - Add support for calculating OpenSSF Scorecards by [@jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - Add outputs for the changes data by [@laughedelic](https://togithub.com/laughedelic) in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) #### New Contributors - [@jhutchings1](https://togithub.com/jhutchings1) made their first contribution in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - [@laughedelic](https://togithub.com/laughedelic) made their first contribution in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3 ### [`v4.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3) Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see [https://github.com/actions/dependency-review-action/issues/697](https://togithub.com/actions/dependency-review-action/issues/697)). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.2): 4.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2) #### What's Changed - Expose dependency comment content by [@jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/696](https://togithub.com/actions/dependency-review-action/pull/696) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2 ### [`v4.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.1): 4.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1) #### What's Changed - Bump `undici` to fix [GHSA-wqq4-5wpv-mx2g](https://togithub.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g) - Bump [@types/node](https://togithub.com/types/node) from 20.11.17 to 20.11.19 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/693](https://togithub.com/actions/dependency-review-action/pull/693) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.0): 4.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0) #### What's Changed - Add `warn-only` by [@tgrall](https://togithub.com/tgrall) in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) Added a new configuration option (`warn-only`, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log. - Create stale.yaml by [@jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - Use manual codeql config by [@juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/678](https://togithub.com/actions/dependency-review-action/pull/678) - Multiple dependency updates (see the changelog below for more information) #### New Contributors - [@jonjanego](https://togithub.com/jonjanego) made their first contribution in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - [@tgrall](https://togithub.com/tgrall) made their first contribution in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@takost](https://togithub.com/takost) in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) - Dependabot updates, see the full changelog for more details. #### New Contributors - [@takost](https://togithub.com/takost) made their first contribution in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0 ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1 ### [`v3.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.0): 3.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.8...v3.1.0) #### What's New Added support for dependencies submitted through the [dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#best-practices-for-using-the-dependency-review-api-and-the-dependency-submission-api-together). This includes two new configuration parameters: `retry-on-snapshot-warnings` and `retry-on-snapshot-warnings-timeout`. #### What's Changed - Fix(docs): Correct action input name by [@oerd](https://togithub.com/oerd) in [https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551) #### New Contributors - [@oerd](https://togithub.com/oerd) made their first contribution in [https://github.com/actions/dependency-review-action/pull/551](https://togithub.com/actions/dependency-review-action/pull/551) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.1.0 ### [`v3.0.8`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.8): 3.0.8 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.7...v3.0.8) #### What's Changed Added `on-failure` option to `comment-summary-in-pr` setting by [@sgmurphy](https://togithub.com/sgmurphy) in [https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540) Previous configuration files using `true`/`false` for `comment-summary-in-pr` will be mapped automatically to the new values, but we encourage you to update to `always`/`on-failure`/`never`. #### New Contributors - [@sgmurphy](https://togithub.com/sgmurphy) made their first contribution in [https://github.com/actions/dependency-review-action/pull/540](https://togithub.com/actions/dependency-review-action/pull/540) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.8 ### [`v3.0.7`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.7): 3.0.7 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.6...v3.0.7) #### What's Changed - Make GHES support / setup more clear by [@rajbos](https://togithub.com/rajbos) in [https://github.com/actions/dependency-review-action/pull/534](https://togithub.com/actions/dependency-review-action/pull/534) - Add an option to deny packages or groups of packages by [@adrienpessu](https://togithub.com/adrienpessu) in [https://github.com/actions/dependency-review-action/pull/544](https://togithub.com/actions/dependency-review-action/pull/544) #### New Contributors - [@rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/actions/dependency-review-action/pull/534](https://togithub.com/actions/dependency-review-action/pull/534) - [@adrienpessu](https://togithub.com/adrienpessu) made their first contribution in [https://github.com/actions/dependency-review-action/pull/544](https://togithub.com/actions/dependency-review-action/pull/544) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.7 ### [`v3.0.6`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.6): 3.0.6 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.5...v3.0.6) Fixes a bug introduced in 3.0.5 where we raised PURL errors when Dependency Graph returns an empty `package_url`. ### [`v3.0.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.5): 3.0.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.4...v3.0.5) #### What's Changed Thanks to [@theztefan](https://togithub.com/theztefan), we now have a new `allow-dependencies-licenses` option that takes a list of dependencies that will be excluded from license checks. See the [configuration options](https://togithub.com/actions/dependency-review-action#configuration-options) for more information on how to use it. - Exclude dependencies from license checks by [@theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/423](https://togithub.com/actions/dependency-review-action/pull/423) - Documentation examples by [@theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/423](https://togithub.com/actions/dependency-review-action/pull/423) - Show snapshot warnings in the summary by [@juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/439](https://togithub.com/actions/dependency-review-action/pull/439) - Fix default values for fail-on-severity by [@febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/451](https://togithub.com/actions/dependency-review-action/pull/451) - Updated dependencies. #### New Contributors - [@juxtin](https://togithub.com/juxtin) made their first contribution in [https://github.com/actions/dependency-review-action/pull/439](https://togithub.com/actions/dependency-review-action/pull/439) - [@theztefan](https://togithub.com/theztefan) made their first contribution in [https://github.com/actions/dependency-review-action/pull/423](https://togithub.com/actions/dependency-review-action/pull/423) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.5 ### [`v3.0.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.4): 3.0.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.3...v3.0.4) #### What's New? The Action can now publish a comment in the pull request if the `comment-summary-in-pr` option is set. More information can be found in the [README](https://togithub.com/actions/dependency-review-action#configuration-options). #### New Contributors - [@davelosert](https://togithub.com/davelosert) made their first contribution in [https://github.com/actions/dependency-review-action/pull/393](https://togithub.com/actions/dependency-review-action/pull/393) #### Changelog - Write Summary as comment to the pull request by [@davelosert](https://togithub.com/davelosert) in [https://github.com/actions/dependency-review-action/pull/393](https://togithub.com/actions/dependency-review-action/pull/393) - Adjust summary format by [@davelosert](https://togithub.com/davelosert) in [https://github.com/actions/dependency-review-action/pull/416](https://togithub.com/actions/dependency-review-action/pull/416) - Security updates. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.4 ### [`v3.0.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.3): 3.0.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.2...v3.0.3) #### What's Changed - Use cache in check-dist.yml by [@jongwooo](https://togithub.com/jongwooo) in [https://github.com/actions/dependency-review-action/pull/359](https://togithub.com/actions/dependency-review-action/pull/359) - Fix Dependency Review API response error handling by [@felickz](https://togithub.com/felickz) in [https://github.com/actions/dependency-review-action/pull/370](https://togithub.com/actions/dependency-review-action/pull/370) - Security updates #### New Contributors - [@jongwooo](https://togithub.com/jongwooo) made their first contribution in [https://github.com/actions/dependency-review-action/pull/359](https://togithub.com/actions/dependency-review-action/pull/359) - [@felickz](https://togithub.com/felickz) made their first contribution in [https://github.com/actions/dependency-review-action/pull/370](https://togithub.com/actions/dependency-review-action/pull/370) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.3 ### [`v3.0.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.2): 3.0.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.1...v3.0.2) This release fixes spelling errors [https://github.com/actions/dependency-review-action/pull/348](https://togithub.com/actions/dependency-review-action/pull/348) and upgrades dependencies to fix known vulnerabilities **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.2 ### [`v3.0.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.1): 3.0.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.0...v3.0.1) This release contains the following bugfixes: - Fixing API URL for GHES: [https://github.com/actions/dependency-review-action/pull/331](https://togithub.com/actions/dependency-review-action/pull/331) - Improve list handling for external config files: [https://github.com/actions/dependency-review-action/pull/330](https://togithub.com/actions/dependency-review-action/pull/330) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3...v3.0.1 ### [`v3.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.0): 3.0.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v2.5.1...v3.0.0) #### Breaking Changes By default the action now expects [SPDX-compliant licenses](https://spdx.org/licenses/) everywhere. If you were previously using license names in the allow or deny lists make sure they're valid! #### What's Changed ##### Support for external configuration files You can now specify a [configuration file external to your repository](https://togithub.com/actions/dependency-review-action/#configuration-file). This allows organizations to have a single configuration file for all their repos. ##### Broader license support We've added support for a much broader set of project licenses by using GitHub's [Licenses API](https://docs.github.com/en/rest/licenses). ##### SPDX Compliance All of our license-related code now expects [SPDX-compliant licenses or expressions](https://spdx.org/licenses/). This allows us to standardize on a license naming scheme that already supports `OR`/`AND` expressions. ##### Disable individual checks You can now use the boolean options `license-check` and `vulnerability-check` to disable either one of the checks. More information in [our configuration options](https://togithub.com/actions/dependency-review-action/#configuration-options). #### Thanks Contributors for this release include: - [@cnagadya](https://togithub.com/cnagadya) - [@courtneycl](https://togithub.com/courtneycl) - [@ericcornelissen](https://togithub.com/ericcornelissen) - [@elireisman](https://togithub.com/elireisman) - [@hmaurer](https://togithub.com/hmaurer) Thanks everyone! **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v2...v3.0.0 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.1`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.0...v4.3.1) - Bump [@actions/artifacts](https://togithub.com/actions/artifacts) to latest version to include [updated GHES host check](https://togithub.com/actions/toolkit/pull/1648) ### [`v4.3.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.2.0...v4.3.0) ##### What's Changed - Reorganize upload code in prep for merge logic & add more tests by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/504](https://togithub.com/actions/upload-artifact/pull/504) - Add sub-action to merge artifacts by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/505](https://togithub.com/actions/upload-artifact/pull/505) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.3.0 ### [`v4.2.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.2.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.1.0...v4.2.0) ##### What's Changed - Ability to overwrite an Artifact by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/501](https://togithub.com/actions/upload-artifact/pull/501) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.2.0 ### [`v4.1.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.0.0...v4.1.0) #### What's Changed - Add migrations docs by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/482](https://togithub.com/actions/upload-artifact/pull/482) - Update README.md by [@samuelwine](https://togithub.com/samuelwine) in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) - Support artifact-url output by [@konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/496](https://togithub.com/actions/upload-artifact/pull/496) - Update readme to reflect new 500 artifact per job limit by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/497](https://togithub.com/actions/upload-artifact/pull/497) #### New Contributors - [@samuelwine](https://togithub.com/samuelwine) made their first contribution in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.1.0 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.3.9`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.9) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9) ##### Miscellaneous - fix missing keys in setup actions ([#93](https://togithub.com/defenseunicorns/uds-common/issues/93)) ([39d7395](https://togithub.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a)) ### [`v0.3.8`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.8) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8) ##### Miscellaneous - add upgrade tests to common ([#91](https://togithub.com/defenseunicorns/uds-common/issues/91)) ([bb2e590](https://togithub.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d)) - **deps:** update dependency defenseunicorns/uds-cli to v0.10.1 ([#84](https://togithub.com/defenseunicorns/uds-common/issues/84)) ([6b455b7](https://togithub.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7)) - **deps:** update dependency defenseunicorns/uds-core to v0.17.0 ([#83](https://togithub.com/defenseunicorns/uds-common/issues/83)) ([b8d8181](https://togithub.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c)) - **deps:** update uds common package dependencies to v6.6.1 ([#92](https://togithub.com/defenseunicorns/uds-common/issues/92)) ([862b635](https://togithub.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3)) - update registry login to happen in the common env setup action ([#88](https://togithub.com/defenseunicorns/uds-common/issues/88)) ([b7bce88](https://togithub.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae)) ### [`v0.3.7`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.7) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7) ##### Miscellaneous - remove schedule on renovate ([#85](https://togithub.com/defenseunicorns/uds-common/issues/85)) ([fda7e57](https://togithub.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27)) - update k3d-core-istio-dev to k3d-core-slim-dev ([#86](https://togithub.com/defenseunicorns/uds-common/issues/86)) ([aa0e6da](https://togithub.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493)) ### [`v0.3.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.6) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6) ##### Miscellaneous - hotfix the spoof containing a dash in the input and add a publish step ([#81](https://togithub.com/defenseunicorns/uds-common/issues/81)) ([f9c7aac](https://togithub.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39)) ### [`v0.3.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5) ##### Miscellaneous - fix spoof to not include a dash ([#79](https://togithub.com/defenseunicorns/uds-common/issues/79)) ([5d1738b](https://togithub.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb)) ### [`v0.3.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4) ##### Miscellaneous - add the ability to spoof to common ([#77](https://togithub.com/defenseunicorns/uds-common/issues/77)) ([49634e1](https://togithub.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38)) - **deps:** update dependency defenseunicorns/uds-core to v0.16.1 ([#72](https://togithub.com/defenseunicorns/uds-common/issues/72)) ([32d1ad6](https://togithub.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855)) </details> <details> <summary>defenseunicorns/uds-common-tasks (defenseunicorns/uds-common-tasks)</summary> ### [`v0.3.9`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.9) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.8...v0.3.9) ##### Miscellaneous - fix missing keys in setup actions ([#93](https://togithub.com/defenseunicorns/uds-common/issues/93)) ([39d7395](https://togithub.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a)) ### [`v0.3.8`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.8) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.7...v0.3.8) ##### Miscellaneous - add upgrade tests to common ([#91](https://togithub.com/defenseunicorns/uds-common/issues/91)) ([bb2e590](https://togithub.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d)) - **deps:** update dependency defenseunicorns/uds-cli to v0.10.1 ([#84](https://togithub.com/defenseunicorns/uds-common/issues/84)) ([6b455b7](https://togithub.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7)) - **deps:** update dependency defenseunicorns/uds-core to v0.17.0 ([#83](https://togithub.com/defenseunicorns/uds-common/issues/83)) ([b8d8181](https://togithub.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c)) - **deps:** update uds common package dependencies to v6.6.1 ([#92](https://togithub.com/defenseunicorns/uds-common/issues/92)) ([862b635](https://togithub.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3)) - update registry login to happen in the common env setup action ([#88](https://togithub.com/defenseunicorns/uds-common/issues/88)) ([b7bce88](https://togithub.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae)) ### [`v0.3.7`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.7) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.6...v0.3.7) ##### Miscellaneous - remove schedule on renovate ([#85](https://togithub.com/defenseunicorns/uds-common/issues/85)) ([fda7e57](https://togithub.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27)) - update k3d-core-istio-dev to k3d-core-slim-dev ([#86](https://togithub.com/defenseunicorns/uds-common/issues/86)) ([aa0e6da](https://togithub.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493)) ### [`v0.3.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.6) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.5...v0.3.6) ##### Miscellaneous - hotfix the spoof containing a dash in the input and add a publish step ([#81](https://togithub.com/defenseunicorns/uds-common/issues/81)) ([f9c7aac](https://togithub.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39)) ### [`v0.3.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.4...v0.3.5) ##### Miscellaneous - fix spoof to not include a dash ([#79](https://togithub.com/defenseunicorns/uds-common/issues/79)) ([5d1738b](https://togithub.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb)) ### [`v0.3.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common-tasks/compare/v0.3.3...v0.3.4) ##### Miscellaneous - add the ability to spoof to common ([#77](https://togithub.com/defenseunicorns/uds-common/issues/77)) ([49634e1](https://togithub.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38)) - **deps:** update dependency defenseunicorns/uds-core to v0.16.1 ([#72](https://togithub.com/defenseunicorns/uds-common/issues/72)) ([32d1ad6](https://togithub.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855)) </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6) ##### \[0.32.6] - 2024-03-22 > trying out some different release note generators, formatting may vary for a few releases while we figure out what works best ~[@Noxsios](https://togithub.com/Noxsios) ##### 🚀 Features - \[**ALPHA**] feat: package generation ALPHA by [@andrewg-xyz](https://togithub.com/andrewg-xyz) in [#2269](https://togithub.com/defenseunicorns/zarf/pull/2269) - *(lib)* feat(lib): configurable log file location by [@Noxsios](https://togithub.com/Noxsios) in [#2380](https://togithub.com/defenseunicorns/zarf/pull/2380) - \[**BREAKING**] feat!: filter package components with strategy interface by [@Noxsios](https://togithub.com/Noxsios) in [#2321](https://togithub.com/defenseunicorns/zarf/pull/2321) ##### 🐛 Bug Fixes - fix: refactor create stages into separate lib by [@lucasrod16](https://togithub.com/lucasrod16) in [#2223](https://togithub.com/defenseunicorns/zarf/pull/2223) - fix: handle registry caBundle as a multiline string by [@AbrohamLincoln](https://togithub.com/AbrohamLincoln) in [#2381](https://togithub.com/defenseunicorns/zarf/pull/2381) - *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and `mirror` by [@lucasrod16](https://togithub.com/lucasrod16) in [#2386](https://togithub.com/defenseunicorns/zarf/pull/2386) - fix: allow absolute paths for differential packages by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2397](https://togithub.com/defenseunicorns/zarf/pull/2397) - fix: hotfix skeleton publish by [@Noxsios](https://togithub.com/Noxsios) in [#2398](https://togithub.com/defenseunicorns/zarf/pull/2398) ##### 🚜 Refactor - refactor: split helpers/exec libs by [@Racer159](https://togithub.com/Racer159) in [#2379](https://togithub.com/defenseunicorns/zarf/pull/2379) ##### 🧪 Testing - test: data injection flake by [@lucasrod16](https://togithub.com/lucasrod16) in [#2361](https://togithub.com/defenseunicorns/zarf/pull/2361) ##### ⚙️ Miscellaneous Tasks - ci: add commitlint workflow and update contributing guide by [@lucasrod16](https://togithub.com/lucasrod16) in [#2391](https://togithub.com/defenseunicorns/zarf/pull/2391) ##### 🛡️ Security - *(release)* build: create PRs on `homebrew-tap` by [@Noxsios](https://togithub.com/Noxsios) in [#2385](https://togithub.com/defenseunicorns/zarf/pull/2385) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6 ### [`v0.32.5`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.5) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.4...v0.32.5) ##### \[0.32.5] - 2024-03-11 > trying out some different release note generators, formatting may vary for a few releases while we figure out what works best ~[@Noxsios](https://togithub.com/Noxsios) ##### 🚀 Features - feat: add missing vendored tool version commands by [@eddiezane](https://togithub.com/eddiezane) in [#2232](https://togithub.com/defenseunicorns/zarf/pull/2232) - feat: add `--why` flag for `zarf dev find-images` by [@waveywaves](https://togithub.com/waveywaves) in [#2309](https://togithub.com/defenseunicorns/zarf/pull/2309) - feat: set variables on find images by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2282](https://togithub.com/defenseunicorns/zarf/pull/2282) - feat: add configurable backoff and retries for Zarf operations by [@Racer159](https://togithub.com/Racer159) in [#2345](https://togithub.com/defenseunicorns/zarf/pull/2345) ##### 🐛 Bug Fixes - *(deps)*: update github.com/anchore/clio digest to [`abcb719`](https://togithub.com/defenseunicorns/zarf/commit/abcb719) by [@renovate](https://togithub.com/renovate)\[bot] in [#2347](https://togithub.com/defenseunicorns/zarf/pull/2347) - *(ci)*: change ECR image to docker.io image by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2353](https://togithub.com/defenseunicorns/zarf/pull/2353) - fix: added OCI Image Index mediaType by [@mdaizcorbe](https://togithub.com/mdaizcorbe) in [#2352](https://togithub.com/defenseunicorns/zarf/pull/2352) - fix: package publish progress bar frozen at zero by [@Noxsios](https://togithub.com/Noxsios) in [#2367](https://togithub.com/defenseunicorns/zarf/pull/2367) - *(release)* hotfix `publish` not respecting source package architecture by [@Noxsios](https://togithub.com/Noxsios) in [#2376](https://togithub.com/defenseunicorns/zarf/pull/2376) ##### 📚 Documentation - chore: fix spelling by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2333](https://togithub.com/defenseunicorns/zarf/pull/2333) - docs: formatting and grammar by [@beholdenkey](https://togithub.com/beholdenkey) in [#2350](https://togithub.com/defenseunicorns/zarf/pull/2350) ##### ⚙️ Miscellaneous Tasks - chore: sorted go imports by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [#2349](https://togithub.com/defenseunicorns/zarf/pull/2349) - chore: fix bb test by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2340](https://togithub.com/defenseunicorns/zarf/pull/2340) - chore: update CODEOWNERS with [@AustinAbro321](https://togithub.com/AustinAbro321) by [@Racer159](https://togithub.com/Racer159) in [#2354](https://togithub.com/defenseunicorns/zarf/pull/2354) - chore: refactor and purify the OCI library within Zarf by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2235](https://togithub.com/defenseunicorns/zarf/pull/2235) - chore: default to temp zarf cache in e2e tests by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2355](https://togithub.com/defenseunicorns/zarf/pull/2355) ##### 🛡️ Security - chore: configure agent server to avoid slowloris attack by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [#2342](https://togithub.com/defenseunicorns/zarf/pull/2342) - chore: fix implicit memory aliasing in for loop by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [#2341](https://togithub.com/defenseunicorns/zarf/pull/2341) - *(release)*: update release workflow to use token from gh app by [@Noxsios](https://togithub.com/Noxsios) in [#2368](https://togithub.com/defenseunicorns/zarf/pull/2368) - *(release)*: use release environment secrets by [@Noxsios](https://togithub.com/Noxsios) in [#2374](https://togithub.com/defenseunicorns/zarf/pull/2374) ##### First Time Contributors - [@eddiezane](https://togithub.com/eddiezane) made their first contribution in [#2232](https://togithub.com/defenseunicorns/zarf/issues/2232) - [@beholdenkey](https://togithub.com/beholdenkey) made their first contribution in [#2350](https://togithub.com/defenseunicorns/zarf/issues/2350) - [@mdaizcorbe](https://togithub.com/mdaizcorbe) made their first contribution in [#2352](https://togithub.com/defenseunicorns/zarf/issues/2352) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.4...v0.32.5 ### [`v0.32.4`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.4) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.3...v0.32.4) ##### What's Changed ##### Fixes - Improve `cmd` failure messaging when no timeout or retries are given by [@docandrew](https://togithub.com/docandrew) in [https://github.com/defenseunicorns/zarf/pull/2301](https://togithub.com/defenseunicorns/zarf/pull/2301) - Revert init package storageclass checks for git server and seed registry by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2311](https://togithub.com/defenseunicorns/zarf/pull/2311) - Fix multi-part tarballs being mismatched sizes by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2314](https://togithub.com/defenseunicorns/zarf/pull/2314) - Change text template detection to check first *and* last 512 bytes by [@WeaponX314](https://togithub.com/WeaponX314) in [https://github.com/defenseunicorns/zarf/pull/2310](https://togithub.com/defenseunicorns/zarf/pull/2310) - Improve `zarf tools registry prune` messaging by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2323](https://togithub.com/defenseunicorns/zarf/pull/2323) - Add http request header timeout to mitigate stalling image push by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2319](https://togithub.com/defenseunicorns/zarf/pull/2319) - Allow host+subpath as the source registry for `--registry-override` in package create by [@waveywaves](https://togithub.com/waveywaves) in [https://github.com/defenseunicorns/zarf/pull/2306](https://togithub.com/defenseunicorns/zarf/pull/2306) ##### Dependencies - Update github.com/anchore/clio digest to [`cb94e40`](https://togithub.com/defenseunicorns/zarf/commit/cb94e40) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2294](https://togithub.com/defenseunicorns/zarf/pull/2294), [https://github.com/defenseunicorns/zarf/pull/2297](https://togithub.com/defenseunicorns/zarf/pull/2297) and [https://github.com/defenseunicorns/zarf/pull/2300](https://togithub.com/defenseunicorns/zarf/pull/2300) - **\[security]** Update module helm.sh/helm/v3 to v3.14.2 by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2307](https://togithub.com/defenseunicorns/zarf/pull/2307) and [https://github.com/defenseunicorns/zarf/pull/2329](https://togithub.com/defenseunicorns/zarf/pull/2329) - Update actions/checkout action to v4 by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2317](https://togithub.com/defenseunicorns/zarf/pull/2317) - Update actions/dependency-review-action action to v4 by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2318](https://togithub.com/defenseunicorns/zarf/pull/2318) ##### Docs - Update [Zarf roadmap](https://docs.zarf.dev/docs/roadmap) per 2024 goals by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2305](https://togithub.com/defenseunicorns/zarf/pull/2305) ##### Development - Included Dependency Review action for PR reviews by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/zarf/pull/2298](https://togithub.com/defenseunicorns/zarf/pull/2298) - Resolve CodeQL linting issues across Zarf by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2322](https://togithub.com/defenseunicorns/zarf/pull/2322) ##### New Contributors - [@docandrew](https://togithub.com/docandrew) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2301](https://togithub.com/defenseunicorns/zarf/pull/2301) - [@naveensrinivasan](https://togithub.com/naveensrinivasan) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2298](https://togithub.com/defenseunicorns/zarf/pull/2298) - [@waveywaves](https://togithub.com/waveywaves) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2306](https://togithub.com/defenseunicorns/zarf/pull/2306) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.3...v0.32.4 ### [`v0.32.3`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.3) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.2...v0.32.3) ##### What's Changed ##### Fixes - Properly handle panic that could occur during checksum validation by [@mjnagel](https://togithub.com/mjnagel) in [https://github.com/defenseunicorns/zarf/pull/2262](https://togithub.com/defenseunicorns/zarf/pull/2262) - Add the `--key` flag to the init cmd to properly allow for signed init packages by [@dgershman](https://togithub.com/dgershman) in [https://github.com/defenseunicorns/zarf/pull/2259](https://togithub.com/defenseunicorns/zarf/pull/2259) - Restore destroy script functionality during `zarf destroy` by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2274](https://togithub.com/defenseunicorns/zarf/pull/2274) - Fix symlink inclusion within component resources by [@dgershman](https://togithub.com/dgershman) in [https://github.com/defenseunicorns/zarf/pull/2256](https://togithub.com/defenseunicorns/zarf/pull/2256) - Use memory friendly file split logic for partial packages by [@daniel-palmer-gu](https://togithub.com/daniel-palmer-gu) in [https://github.com/defenseunicorns/zarf/pull/2264](https://togithub.com/defenseunicorns/zarf/pull/2264) - Fix reproducible tarball creation on Windows systems by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2293](https://togithub.com/defenseunicorns/zarf/pull/2293) ##### Docs - Make branding more consistent and add community meetup references to docs by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2258](https://togithub.com/defenseunicorns/zarf/pull/2258) ##### Dependencies - Update github.com/anchore/clio digest by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2277](https://togithub.com/defenseunicorns/zarf/pull/2277) and [https://github.com/defenseunicorns/zarf/pull/2283](https://togithub.com/defenseunicorns/zarf/pull/2283) - Update all non-major dependencies (including Gitea v1.21.5, Syft v0.100.0, K9s v0.31.7 and Crane v0.19.0) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2187](https://togithub.com/defenseunicorns/zarf/pull/2187) ##### Development - Add a more robust chart search regexManager by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2278](https://togithub.com/defenseunicorns/zarf/pull/2278) and [https://github.com/defenseunicorns/zarf/pull/2284](https://togithub.com/defenseunicorns/zarf/pull/2284) - Partial refactor of injector logic in `k8s`, and `cluster` packages by [@chrishorton](https://togithub.com/chrishorton) in [https://github.com/defenseunicorns/zarf/pull/2271](https://togithub.com/defenseunicorns/zarf/pull/2271) ##### New Contributors - [@daniel-palmer-gu](https://togithub.com/daniel-palmer-gu) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2264](https://togithub.com/defenseunicorns/zarf/pull/2264) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.2...v0.32.3 ### [`v0.32.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.1...v0.32.2) #### What's Changed #### Features - Support authenticated Helm repositories that have been configured with `helm repo add` by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2196](https://togithub.com/defenseunicorns/zarf/pull/2196) - Verify that the specified storage class exists during `zarf init` by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2180](https://togithub.com/defenseunicorns/zarf/pull/2180) - Check for available node resources before building injector pod by [@chrishorton](https://togithub.com/chrishorton) in [https://github.com/defenseunicorns/zarf/pull/2220](https://togithub.com/defenseunicorns/zarf/pull/2220) - Officially support yaml extensions within the `zarf.yaml` using `x-` keys by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2217](https://togithub.com/defenseunicorns/zarf/pull/2217) #### Fixes - Fix the inclusion of helm sub commands when rendering `zarf tools help` by [@jbrewer3](https://togithub.com/jbrewer3) in [https://github.com/defenseunicorns/zarf/pull/2216](https://togithub.com/defenseunicorns/zarf/pull/2216) #### Docs - Fix typos in the extension `README.md` by [@mjnagel](https://togithub.com/mjnagel) in [https://github.com/defenseunicorns/zarf/pull/2227](https://togithub.com/defenseunicorns/zarf/pull/2227) - Fix a small grammatical error in the base `README.md` by [@cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/zarf/pull/2219](https://togithub.com/defenseunicorns/zarf/pull/2219) #### Dependencies - Update github.com/anchore/clio digest to [`89e2fe8`](https://togithub.com/defenseunicorns/zarf/commit/89e2fe8) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2214](https://togithub.com/defenseunicorns/zarf/pull/2214) - Update github.com/anchore/clio digest to [`a5e93b6`](https://togithub.com/defenseunicorns/zarf/commit/a5e93b6) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2229](https://togithub.com/defenseunicorns/zarf/pull/2229) - Update github.com/anchore/stereoscope digest to [`eb656fc`](https://togithub.com/defenseunicorns/zarf/commit/eb656fc) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2230](https://togithub.com/defenseunicorns/zarf/pull/2230) #### Development - Remove workflow for automatically adding issues to the zarf project by [@YrrepNoj](https://togithub.com/YrrepNoj) in [https://github.com/defenseunicorns/zarf/pull/2239](https://togithub.com/defenseunicorns/zarf/pull/2239) - Delete unnecessary waitgroup from concurrencyTools by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2244](https://togithub.com/defenseunicorns/zarf/pull/2244) - Update `NewOrasRemote` to take `ocispec.Platform` as an argument by [@decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2241](https://togithub.com/defenseunicorns/zarf/pull/2241) #### New Contributors - [@jbrewer3](https://togithub.com/jbrewer3) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2216](https://togithub.com/defenseunicorns/zarf/pull/2216) - [@chrishorton](https://togithub.com/chrishorton) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2220](https://togithub.com/defenseunicorns/zarf/pull/2220) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.1...v0.32.2 ### [`v0.32.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>

dependabot bot requested a review from a team as a code owner December 18, 2023 01:29

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 18, 2023

dependabot bot force-pushed the dependabot/npm_and_yarn/eslint-8.56.0 branch from 35333e2 to e5c6735 Compare December 28, 2023 15:37

febuiles merged commit 2597ca4 into main Dec 28, 2023
4 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/eslint-8.56.0 branch December 28, 2023 17:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump eslint from 8.53.0 to 8.56.0 #640

Bump eslint from 8.53.0 to 8.56.0 #640

dependabot bot commented on behalf of github Dec 18, 2023 •

edited

Bump eslint from 8.53.0 to 8.56.0 #640

Bump eslint from 8.53.0 to 8.56.0 #640

Conversation

dependabot bot commented on behalf of github Dec 18, 2023 • edited

v8.56.0

Features

Bug Fixes

Documentation

Chores

v8.55.0

Features

Documentation

Chores

v8.54.0

dependabot bot commented on behalf of github Dec 18, 2023 •

edited