fix(deps): update all non-major dependencies

.github/actions/golang/action.yaml

@@ -4,7 +4,7 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
       with:
-        go-version: 1.20.x
+        go-version: 1.21.x
         cache: true

.github/actions/install-tools/action.yaml

@@ -11,4 +11,4 @@ runs:
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin --tag v0.64.2"
       shell: bash
 
-    - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+    - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0

.github/actions/node/action.yaml

@@ -4,7 +4,7 @@ description: "Node cache"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+    - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
       with:
         node-version: 18
         cache: "npm"

.github/actions/save-logs/action.yaml

@@ -9,7 +9,7 @@ runs:
         sudo chown $USER /tmp/zarf-*.log || echo ""
       shell: bash
 
-    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
       with:
         name: debug-log
         path: /tmp/zarf-*.log

.github/workflows/release.yml

@@ -74,7 +74,7 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: build-artifacts
           path: build/
@@ -157,7 +157,7 @@ jobs:
 
       # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
+        uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
         with:
           distribution: goreleaser
           version: latest
@@ -167,7 +167,7 @@ jobs:
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.ZARF_ORG_PROJECT_TOKEN }}
 
       - name: Save CVE report
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: cve-report
           path: build/zarf-known-cves.csv

.github/workflows/scan-codeql.yml

@@ -46,7 +46,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2
+        uses: github/codeql-action/init@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -57,6 +57,6 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2
+        uses: github/codeql-action/analyze@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yaml

@@ -37,14 +37,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@004c5de30b6423267685b897a3d595e944f7fed5 # v2.20.2
+        uses: github/codeql-action/upload-sarif@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
         with:
           sarif_file: results.sarif

.github/workflows/test-bigbang.yml

@@ -56,7 +56,7 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: build-artifacts
           path: build/

.github/workflows/test-e2e.yml

@@ -40,7 +40,7 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: build-artifacts
           path: build/

.github/workflows/test-upgrade.yml

@@ -39,7 +39,7 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: build-artifacts
           path: build/

.grype.yaml

@@ -12,3 +12,6 @@ ignore:
 
   # From semver - This comes through nodemon which is only used for development
   - vulnerability: GHSA-c2qf-rxjj-qqgw
+
+  # From k8s.io/apiserver - This is a false positive due to the difference in versioning between the library / binary k8s versioning
+  - vulnerability: GHSA-82hx-w2r5-c2wq

docs-website/package.json

@@ -19,7 +19,7 @@
     "@docusaurus/core": "2.4.1",
     "@docusaurus/preset-classic": "2.4.1",
     "@docusaurus/theme-mermaid": "2.4.1",
-    "@easyops-cn/docusaurus-search-local": "^0.35.0",
+    "@easyops-cn/docusaurus-search-local": "^0.36.0",
     "prism-react-renderer": "2.0.6",
     "custom-loaders": "file:plugins/custom-loaders"
   },

examples/argocd/zarf.yaml

@@ -8,20 +8,20 @@ components:
     required: true
     charts:
       - name: argo-cd
-        version: 5.38.1
+        version: 5.46.5
         namespace: argocd
         url: https://argoproj.github.io/argo-helm
         releaseName: argocd-baseline
         valuesFiles:
           - baseline/values.yaml
     images:
-      - quay.io/argoproj/argocd:v2.7.7
       - public.ecr.aws/docker/library/redis:7.0.11-alpine
+      - quay.io/argoproj/argocd:v2.8.4
   - name: argocd-apps
     required: true
     charts:
       - name: argocd-apps
-        version: 1.3.0
+        version: 1.4.1
         namespace: podinfo
         url: https://argoproj.github.io/argo-helm
         releaseName: argocd-apps

examples/big-bang/yolo/zarf.yaml

@@ -4,7 +4,7 @@ metadata:
   name: yolo-big-bang
   description: Deploy Big Bang Core in YOLO mode
   # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/
-  version: 2.5.0
+  version: 2.10.0
   url: https://p1.dso.mil/products/big-bang
   architecture: amd64
   yolo: true
@@ -33,7 +33,7 @@ components:
     extensions:
       bigbang:
         # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/
-        version: 2.5.0
+        version: 2.10.0
         valuesFiles:
           - credentials.yaml
           - ../config/ingress.yaml

examples/big-bang/zarf.yaml

@@ -3,7 +3,7 @@ metadata:
   name: big-bang-example
   description: Deploy Big Bang Core
   # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/
-  version: 2.5.0
+  version: 2.10.0
   url: https://p1.dso.mil/products/big-bang
   # Big Bang / Iron Bank are only amd64
   architecture: amd64
@@ -44,7 +44,7 @@ components:
     extensions:
       bigbang:
         # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/
-        version: 2.5.0
+        version: 2.10.0
         valuesFiles:
           # Istio configs
           - config/ingress.yaml

examples/variables/simple-terraform.tf

@@ -8,7 +8,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.6.0"
+      version = "~> 5.17.0"
     }
   }
 }