-
-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: use corepack to install yarn #458
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #458 +/- ##
==========================================
+ Coverage 66.92% 70.50% +3.58%
==========================================
Files 3 3
Lines 130 139 +9
Branches 23 32 +9
==========================================
+ Hits 87 98 +11
- Misses 27 41 +14
+ Partials 16 0 -16 ☔ View full report in Codecov by Sentry. |
caarlos0
approved these changes
Apr 27, 2024
renovate bot
added a commit
to nobl9/terraform-provider-nobl9
that referenced
this pull request
May 10, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | --- ### Release Notes <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/nobl9/terraform-provider-nobl9). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnaXRodWItYWN0aW9ucyIsInJlbm92YXRlIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
codeboten
pushed a commit
to open-telemetry/opentelemetry-collector
that referenced
this pull request
May 14, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.5` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `4.3.1` -> `4.4.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.5` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1703 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1694 - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1696 - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1695 - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1707 **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159
pushed a commit
to defenseunicorns/maru-runner
that referenced
this pull request
May 22, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://togithub.com/actions/create-github-app-token) | action | minor | `v1.9.0` -> `v1.10.0` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [anchore/sbom-action](https://togithub.com/anchore/sbom-action) | action | minor | `v0.15.11` -> `v0.16.0` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.32.5` -> `v0.33.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0) ##### Features - **`private-key`:** escaped newlines will be replaced ([#​132](https://togithub.com/actions/create-github-app-token/issues/132)) ([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f)) ### [`v1.9.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.3) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3) ##### Bug Fixes - **deps:** bump undici from 6.10.2 to 6.11.1 ([#​125](https://togithub.com/actions/create-github-app-token/issues/125)) ([3c223c7](https://togithub.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)), closes [#​3024](https://togithub.com/actions/create-github-app-token/issues/3024) [nodejs/undici#3044](https://togithub.com/nodejs/undici/issues/3044) [#​3023](https://togithub.com/actions/create-github-app-token/issues/3023) [nodejs/undici#3025](https://togithub.com/nodejs/undici/issues/3025) [nodejs/undici#3024](https://togithub.com/nodejs/undici/issues/3024) [nodejs/undici#3034](https://togithub.com/nodejs/undici/issues/3034) [nodejs/undici#3038](https://togithub.com/nodejs/undici/issues/3038) [nodejs/undici#2947](https://togithub.com/nodejs/undici/issues/2947) [nodejs/undici#3040](https://togithub.com/nodejs/undici/issues/3040) [nodejs/undici#3036](https://togithub.com/nodejs/undici/issues/3036) [nodejs/undici#3041](https://togithub.com/nodejs/undici/issues/3041) [#​3024](https://togithub.com/actions/create-github-app-token/issues/3024) [#​3041](https://togithub.com/actions/create-github-app-token/issues/3041) [#​3036](https://togithub.com/actions/create-github-app-token/issues/3036) ### [`v1.9.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.2) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2) ##### Bug Fixes - **deps:** bump the production-dependencies group with 1 update ([#​123](https://togithub.com/actions/create-github-app-token/issues/123)) ([beea7b8](https://togithub.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)), closes [nodejs/undici#2978](https://togithub.com/nodejs/undici/issues/2978) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [#​2982](https://togithub.com/actions/create-github-app-token/issues/2982) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [#​2986](https://togithub.com/actions/create-github-app-token/issues/2986) [nodejs/undici#2992](https://togithub.com/nodejs/undici/issues/2992) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2993](https://togithub.com/nodejs/undici/issues/2993) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2998](https://togithub.com/nodejs/undici/issues/2998) [#​2863](https://togithub.com/actions/create-github-app-token/issues/2863) [nodejs/undici#2999](https://togithub.com/nodejs/undici/issues/2999) [nodejs/undici#3001](https://togithub.com/nodejs/undici/issues/3001) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2960](https://togithub.com/nodejs/undici/issues/2960) [nodejs/undici#2959](https://togithub.com/nodejs/undici/issues/2959) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2974](https://togithub.com/nodejs/undici/issues/2974) [nodejs/undici#2967](https://togithub.com/nodejs/undici/issues/2967) [nodejs/undici#2966](https://togithub.com/nodejs/undici/issues/2966) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2826](https://togithub.com/nodejs/undici/issues/2826) [nodejs/undici#2952](https://togithub.com/nodejs/undici/issues/2952) [#​3001](https://togithub.com/actions/create-github-app-token/issues/3001) [#​2863](https://togithub.com/actions/create-github-app-token/issues/2863) [#​2999](https://togithub.com/actions/create-github-app-token/issues/2999) [#​2998](https://togithub.com/actions/create-github-app-token/issues/2998) [#​2993](https://togithub.com/actions/create-github-app-token/issues/2993) [#​2986](https://togithub.com/actions/create-github-app-token/issues/2986) [#​2992](https://togithub.com/actions/create-github-app-token/issues/2992) [#​2991](https://togithub.com/actions/create-github-app-token/issues/2991) [#​2987](https://togithub.com/actions/create-github-app-token/issues/2987) ### [`v1.9.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.1) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1) ##### Bug Fixes - clarify `owner` input description ([#​118](https://togithub.com/actions/create-github-app-token/issues/118)) ([d9bc169](https://togithub.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f)) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [actions/setup-go#465 - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [actions/setup-go#459 - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [actions/setup-go#458 - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [actions/setup-go#449 #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [actions/setup-go#459 **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>anchore/sbom-action (anchore/sbom-action)</summary> ### [`v0.16.0`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.0): v0.16 [Compare Source](https://togithub.com/anchore/sbom-action/compare/v0.15.11...v0.16.0) #### Changes in v0.16.0 - Update Syft to v1.4.1 ([#​465](https://togithub.com/anchore/sbom-action/issues/465)) - Update GitHub artifact client ([#​463](https://togithub.com/anchore/sbom-action/issues/463)) \[[kzantow](https://togithub.com/kzantow)] </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2463 - docs: add contributor covenant code of conduct by [@​salaxander](https://togithub.com/salaxander) in [defenseunicorns/zarf#2462 - docs: fix casing on code of conduct badge by [@​salaxander](https://togithub.com/salaxander) in [defenseunicorns/zarf#2466 - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@​renovate](https://togithub.com/renovate) in [defenseunicorns/zarf#2424 - fix: update docker media type in registry by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2476 - fix: adds GetVariableConfig function for packager by [@​decleaver](https://togithub.com/decleaver) in [defenseunicorns/zarf#2475 - test: add tests for remove copies from components to enable refactoring by [@​phillebaba](https://togithub.com/phillebaba) in [defenseunicorns/zarf#2473 - fix!: do not uninstall helm chart after failed install or upgrade by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2456 - feat: inspect --list-images by [@​Noxsios](https://togithub.com/Noxsios) in [defenseunicorns/zarf#2478 - refactor: remove copies from components to a filter by [@​phillebaba](https://togithub.com/phillebaba) in [defenseunicorns/zarf#2474 - chore: add support.md by [@​schristoff](https://togithub.com/schristoff) in [defenseunicorns/zarf#2480 - chore: add a check for go mod tidy by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2481 - fix: use correct sha256 checksum for arm64 injector binary by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2483 - fix: simplify go mod tidy check by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2482 ##### New Contributors - [@​salaxander](https://togithub.com/salaxander) made their first contribution in [defenseunicorns/zarf#2462 - [@​phillebaba](https://togithub.com/phillebaba) made their first contribution in [defenseunicorns/zarf#2473 - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [defenseunicorns/zarf#2480 **Full Changelog**: defenseunicorns/zarf@v0.33.1...v0.33.2 ### [`v0.33.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.1) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1) #### What's Changed - fix: add redirect so old zarf base link is compatiable by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2432 - ci: pin third-party gh actions by hash by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2433 - docs: add redirect for examples by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2438 - docs: update contributing and pre-commit by [@​Noxsios](https://togithub.com/Noxsios) in [defenseunicorns/zarf#2439 - ci: fix revive image ref in lint workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2436 - fix: filter on running pods when finding an image for injector pod by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2415 - fix: readme dead links by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2442 - fix: differential package create with non local sources by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2444 - refactor: move variables into separate package by [@​Racer159](https://togithub.com/Racer159) in [defenseunicorns/zarf#2414 - ci: add top level workflow permission to commitlint by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2449 - ci: remove unused env var from codeql workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2450 - chore: cleanup root level files and add SPDX check for Go files by [@​Noxsios](https://togithub.com/Noxsios) in [defenseunicorns/zarf#2431 - feat: config to enable resilient registry by [@​Michael-Kruggel](https://togithub.com/Michael-Kruggel) in [defenseunicorns/zarf#2440 - docs: init package clarity and cleanup by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2447 - ci: compare cves to main by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2448 - test: unpin version in bigbang extension test by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2459 - fix: broken schema from unexpanded embedded variables by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2458 - fix: error on create if an index sha is used by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2429 #### New Contributors - [@​Michael-Kruggel](https://togithub.com/Michael-Kruggel) made their first contribution in [defenseunicorns/zarf#2440 **Full Changelog**: defenseunicorns/zarf@v0.33.0...v0.33.1 ### [`v0.33.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0) #### What's Changed - fix: update deprecated syft packages command to syft scan by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2399 - chore: move helpers to defenseunicorns/pkg by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2402 - fix(deps): update github.com/anchore/clio digest to [`fb5fc4c`](https://togithub.com/defenseunicorns/zarf/commit/fb5fc4c) by [@​renovate](https://togithub.com/renovate) in [defenseunicorns/zarf#2366 - feat(tools): add yq by [@​zachariahmiller](https://togithub.com/zachariahmiller) in [defenseunicorns/zarf#2406 - chore: switch to use oci lib in defenseunicorns/pkg by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [defenseunicorns/zarf#2404 - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1 by [@​renovate](https://togithub.com/renovate) in [defenseunicorns/zarf#2411 - fix: use env var for PR title in commitlint workflow to prevent untrusted script injection by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2418 - fix: use default GITHUB_TOKEN for ossf/scorecard-action by [@​bburky](https://togithub.com/bburky) in [defenseunicorns/zarf#2416 - fix: remove duplicate logic for writing image layers to disk concurrently by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2409 - feat: add option to skip cosign lookup during find images by [@​Racer159](https://togithub.com/Racer159) in [defenseunicorns/zarf#2427 - feat: allow chart deploy overrides ALPHA by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [defenseunicorns/zarf#2403 - chore: update pull_request_template.md by [@​Noxsios](https://togithub.com/Noxsios) in [defenseunicorns/zarf#2428 - ci: pin k3s image version in k3d github action by [@​lucasrod16](https://togithub.com/lucasrod16) in [defenseunicorns/zarf#2430 - feat(docs): port docs to starlight by [@​Noxsios](https://togithub.com/Noxsios) in [defenseunicorns/zarf#2315 #### New Contributors - [@​zachariahmiller](https://togithub.com/zachariahmiller) made their first contribution in [defenseunicorns/zarf#2406 - [@​bburky](https://togithub.com/bburky) made their first contribution in [defenseunicorns/zarf#2416 **Full Changelog**: defenseunicorns/zarf@v0.32.6...v0.33.0 ### [`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6) #### \[0.32.6] - 2024-03-22 > trying out some different release note generators, formatting may vary for a few releases while we figure out what works best ~[@​Noxsios](https://togithub.com/Noxsios) ##### 🚀 Features - \[**ALPHA**] feat: package generation ALPHA by [@​andrewg-xyz](https://togithub.com/andrewg-xyz) in [#​2269](https://togithub.com/defenseunicorns/zarf/pull/2269) - *(lib)* feat(lib): configurable log file location by [@​Noxsios](https://togithub.com/Noxsios) in [#​2380](https://togithub.com/defenseunicorns/zarf/pull/2380) - \[**BREAKING**] feat!: filter package components with strategy interface by [@​Noxsios](https://togithub.com/Noxsios) in [#​2321](https://togithub.com/defenseunicorns/zarf/pull/2321) ##### 🐛 Bug Fixes - fix: refactor create stages into separate lib by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2223](https://togithub.com/defenseunicorns/zarf/pull/2223) - fix: handle registry caBundle as a multiline string by [@​AbrohamLincoln](https://togithub.com/AbrohamLincoln) in [#​2381](https://togithub.com/defenseunicorns/zarf/pull/2381) - *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and `mirror` by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2386](https://togithub.com/defenseunicorns/zarf/pull/2386) - fix: allow absolute paths for differential packages by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [#​2397](https://togithub.com/defenseunicorns/zarf/pull/2397) - fix: hotfix skeleton publish by [@​Noxsios](https://togithub.com/Noxsios) in [#​2398](https://togithub.com/defenseunicorns/zarf/pull/2398) ##### 🚜 Refactor - refactor: split helpers/exec libs by [@​Racer159](https://togithub.com/Racer159) in [#​2379](https://togithub.com/defenseunicorns/zarf/pull/2379) ##### 🧪 Testing - test: data injection flake by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2361](https://togithub.com/defenseunicorns/zarf/pull/2361) ##### ⚙️ Miscellaneous Tasks - ci: add commitlint workflow and update contributing guide by [@​lucasrod16](https://togithub.com/lucasrod16) in [#​2391](https://togithub.com/defenseunicorns/zarf/pull/2391) ##### 🛡️ Security - *(release)* build: create PRs on `homebrew-tap` by [@​Noxsios](https://togithub.com/Noxsios) in [#​2385](https://togithub.com/defenseunicorns/zarf/pull/2385) **Full Changelog**: defenseunicorns/zarf@v0.32.5...v0.32.6 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1366 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1374 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1377 For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1279 - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1352 - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1376 **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/maru-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cuixq
added a commit
to google/osv-scanner
that referenced
this pull request
May 23, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `v4.3.1` -> `v4.4.1` | | gaurav-nelson/github-action-markdown-link-check | action | digest | `25b2c43` -> `7d83e59` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1732 ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1703 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1694 - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1696 - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1695 - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1707 **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) #### What's Changed - chore: Clarify isPullRequestFromFork by [@​jsoref](https://togithub.com/jsoref) in [codecov/codecov-action#1411 - build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1423 - build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1421 - build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1420 - feat: remove GPG and run on spawn by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [codecov/codecov-action#1426 - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.8.0 to 7.9.0 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1428 - chore(release): 4.4.0 by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [codecov/codecov-action#1430 **Full Changelog**: codecov/codecov-action@v4.3.1...v4.4.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1366 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1374 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1377 For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1279 - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1352 - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1376 **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
andrzej-stencel
pushed a commit
to andrzej-stencel/opentelemetry-collector
that referenced
this pull request
May 27, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.5` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `4.3.1` -> `4.4.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.5` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@&open-telemetry#8203;cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1703 - Bump github/codeql-action from 2 to 3 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [actions/checkout#1694 - Bump actions/setup-node from 1 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [actions/checkout#1696 - Bump actions/upload-artifact from 2 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [actions/checkout#1695 - README: Suggest `user.email` to be `41898282+github-actions[bot]@&open-telemetry#8203;users.noreply.github.com` by [@&open-telemetry#8203;cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1707 **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@&open-telemetry#8203;crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@&open-telemetry#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@&open-telemetry#8203;kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@&open-telemetry#8203;crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@&open-telemetry#8203;caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@&open-telemetry#8203;actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@&open-telemetry#8203;dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@&open-telemetry#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
josieang
pushed a commit
to josieang/osv-scanner
that referenced
this pull request
Jun 6, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.4` -> `v4.1.6` | | [codecov/codecov-action](https://togithub.com/codecov/codecov-action) | action | minor | `v4.3.1` -> `v4.4.1` | | gaurav-nelson/github-action-markdown-link-check | action | digest | `25b2c43` -> `7d83e59` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.3` -> `v3.25.6` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v5.0.0` -> `v5.1.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1732 ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1703 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1694 - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1696 - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [actions/checkout#1695 - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1707 **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1) ### [`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0) [Compare Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0) #### What's Changed - chore: Clarify isPullRequestFromFork by [@​jsoref](https://togithub.com/jsoref) in [codecov/codecov-action#1411 - build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1423 - build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1421 - build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1420 - feat: remove GPG and run on spawn by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [codecov/codecov-action#1426 - build(deps-dev): bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 7.8.0 to 7.9.0 by [@​dependabot](https://togithub.com/dependabot) in [codecov/codecov-action#1428 - chore(release): 4.4.0 by [@​thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov) in [codecov/codecov-action#1430 **Full Changelog**: codecov/codecov-action@v4.3.1...v4.4.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#435 - chore(deps): bump docker/bake-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#436 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#437 - chore(deps): bump actions/setup-go from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#443 - chore(deps): bump actions/upload-artifact from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#444 - Delete .kodiak.toml by [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [goreleaser/goreleaser-action#446 - chore(deps): bump codecov/codecov-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#448 - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#450 - Upgrade setup-go action version in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [goreleaser/goreleaser-action#455 - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#456 - chore: use corepack to install yarn by [@​crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#458 - feat: lock this major version of the action to use '~> v1' as 'latest' by [@​caarlos0](https://togithub.com/caarlos0) in [goreleaser/goreleaser-action#461 - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#462 - chore(deps): bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [goreleaser/goreleaser-action#451 #### New Contributors - [@​vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [goreleaser/goreleaser-action#446 **Full Changelog**: goreleaser/goreleaser-action@v5.0.0...v5.1.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1366 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1374 - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1377 For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1279 - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1352 - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1376 **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
similar to docker/actions-toolkit#323