build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 #4003

dependabot · 2025-01-14T07:56:59Z

Bumps github/codeql-action from 3.27.0 to 3.28.1.

Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits

b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
bb999b4 Update changelog for v3.28.1
ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
a05a7eb Fix PR number in changenote
8d2753b Add public changelog blog post link
e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.28.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@6624720...b6a472f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) | action | patch | `v1.11.1` -> `v1.11.6` | | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | patch | `v4.1.8` -> `v4.1.9` | | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.2.0` -> `v5.3.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v4.1.0` -> `v4.2.0` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | patch | `v4.6.0` -> `v4.6.1` | | [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action) | action | minor | `v0.17.9` -> `v0.18.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.28.1` -> `v3.28.11` | | [goreleaser/goreleaser-action](https://redirect.github.com/goreleaser/goreleaser-action) | action | minor | `v6.1.0` -> `v6.2.1` | | [morphy/revive-action](https://redirect.github.com/morphy2k/revive-action) | docker | digest | `793c4e8` -> `28eca8b` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | patch | `v2.4.0` -> `v2.4.1` | | [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor | `v0.46.0` -> `v0.49.1` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v1.11.6`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.6) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6) ##### Bug Fixes - **deps:** bump the production-dependencies group with 2 updates ([#210](https://redirect.github.com/actions/create-github-app-token/issues/210)) ([1ff1dea](https://redirect.github.com/actions/create-github-app-token/commit/1ff1dea6a9d1de5b4795e5314291e04acc63c38b)) ### [`v1.11.5`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.5) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.4...v1.11.5) ##### Bug Fixes - **deps:** bump [@octokit/request](https://redirect.github.com/octokit/request) from 9.2.0 to 9.2.2 ([#209](https://redirect.github.com/actions/create-github-app-token/issues/209)) ([8cedd97](https://redirect.github.com/actions/create-github-app-token/commit/8cedd97af185a345311c6ff53158738940cfef67)), closes [#740](https://redirect.github.com/actions/create-github-app-token/issues/740) [#738](https://redirect.github.com/actions/create-github-app-token/issues/738) [#740](https://redirect.github.com/actions/create-github-app-token/issues/740) [#737](https://redirect.github.com/actions/create-github-app-token/issues/737) [#738](https://redirect.github.com/actions/create-github-app-token/issues/738) [#736](https://redirect.github.com/actions/create-github-app-token/issues/736) [#735](https://redirect.github.com/actions/create-github-app-token/issues/735) [#734](https://redirect.github.com/actions/create-github-app-token/issues/734) [#733](https://redirect.github.com/actions/create-github-app-token/issues/733) [#732](https://redirect.github.com/actions/create-github-app-token/issues/732) - **deps:** bump [@octokit/request-error](https://redirect.github.com/octokit/request-error) from 6.1.6 to 6.1.7 ([#208](https://redirect.github.com/actions/create-github-app-token/issues/208)) ([415f6a5](https://redirect.github.com/actions/create-github-app-token/commit/415f6a523daf7072d0ea81f3cdc20426287bd566)), closes [#494](https://redirect.github.com/actions/create-github-app-token/issues/494) [#491](https://redirect.github.com/actions/create-github-app-token/issues/491) [#490](https://redirect.github.com/actions/create-github-app-token/issues/490) [#488](https://redirect.github.com/actions/create-github-app-token/issues/488) [#486](https://redirect.github.com/actions/create-github-app-token/issues/486) [#487](https://redirect.github.com/actions/create-github-app-token/issues/487) [#485](https://redirect.github.com/actions/create-github-app-token/issues/485) [#484](https://redirect.github.com/actions/create-github-app-token/issues/484) ### [`v1.11.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.4) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.3...v1.11.4) ##### Bug Fixes - **deps:** bump [@octokit/endpoint](https://redirect.github.com/octokit/endpoint) from 10.1.1 to 10.1.3 ([#207](https://redirect.github.com/actions/create-github-app-token/issues/207)) ([d30def8](https://redirect.github.com/actions/create-github-app-token/commit/d30def842e4992ac18a35cd1108d776944ab7535)), closes [#507](https://redirect.github.com/actions/create-github-app-token/issues/507) [#514](https://redirect.github.com/actions/create-github-app-token/issues/514) [#512](https://redirect.github.com/actions/create-github-app-token/issues/512) [#511](https://redirect.github.com/actions/create-github-app-token/issues/511) [#509](https://redirect.github.com/actions/create-github-app-token/issues/509) [#508](https://redirect.github.com/actions/create-github-app-token/issues/508) [#507](https://redirect.github.com/actions/create-github-app-token/issues/507) [#506](https://redirect.github.com/actions/create-github-app-token/issues/506) [#505](https://redirect.github.com/actions/create-github-app-token/issues/505) [#504](https://redirect.github.com/actions/create-github-app-token/issues/504) ### [`v1.11.3`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.3) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.2...v1.11.3) ##### Bug Fixes - **deps:** bump the production-dependencies group with 3 updates ([#203](https://redirect.github.com/actions/create-github-app-token/issues/203)) ([8e85a3c](https://redirect.github.com/actions/create-github-app-token/commit/8e85a3cf1418b864b528ed9c756cd9c84932d442)), closes [#665](https://redirect.github.com/actions/create-github-app-token/issues/665) [#665](https://redirect.github.com/actions/create-github-app-token/issues/665) [#663](https://redirect.github.com/actions/create-github-app-token/issues/663) [#662](https://redirect.github.com/actions/create-github-app-token/issues/662) [#661](https://redirect.github.com/actions/create-github-app-token/issues/661) [#659](https://redirect.github.com/actions/create-github-app-token/issues/659) [#660](https://redirect.github.com/actions/create-github-app-token/issues/660) [#658](https://redirect.github.com/actions/create-github-app-token/issues/658) [#656](https://redirect.github.com/actions/create-github-app-token/issues/656) [#657](https://redirect.github.com/actions/create-github-app-token/issues/657) [#655](https://redirect.github.com/actions/create-github-app-token/issues/655) [#731](https://redirect.github.com/actions/create-github-app-token/issues/731) [nodejs/undici#4016](https://redirect.github.com/nodejs/undici/issues/4016) [nodejs/undici#4017](https://redirect.github.com/nodejs/undici/issues/4017) [nodejs/undici#4018](https://redirect.github.com/nodejs/undici/issues/4018) [nodejs/undici#4008](https://redirect.github.com/nodejs/undici/issues/4008) [nodejs/undici#3991](https://redirect.github.com/nodejs/undici/issues/3991) [nodejs/undici#4001](https://redirect.github.com/nodejs/undici/issues/4001) [nodejs/undici#3980](https://redirect.github.com/nodejs/undici/issues/3980) [nodejs/undici#4003](https://redirect.github.com/nodejs/undici/issues/4003) [nodejs/undici#3965](https://redirect.github.com/nodejs/undici/issues/3965) [nodejs/undici#4002](https://redirect.github.com/nodejs/undici/issues/4002) [nodejs/undici#4006](https://redirect.github.com/nodejs/undici/issues/4006) [nodejs/undici#3956](https://redirect.github.com/nodejs/undici/issues/3956) [nodejs/undici#3964](https://redirect.github.com/nodejs/undici/issues/3964) [nodejs/undici#3447](https://redirect.github.com/nodejs/undici/issues/3447) [#3966](https://redirect.github.com/actions/create-github-app-token/issues/3966) [nodejs/undici#3967](https://redirect.github.com/nodejs/undici/issues/3967) [nodejs/undici#3971](https://redirect.github.com/nodejs/undici/issues/3971) [nodejs/undici#3954](https://redirect.github.com/nodejs/undici/issues/3954) [nodejs/undici#3972](https://redirect.github.com/nodejs/undici/issues/3972) [nodejs/undici#3974](https://redirect.github.com/nodejs/undici/issues/3974) [nodejs/undici#3976](https://redirect.github.com/nodejs/undici/issues/3976) [#3975](https://redirect.github.com/actions/create-github-app-token/issues/3975) [nodejs/undici#3977](https://redirect.github.com/nodejs/undici/issues/3977) [nodejs/undici#3978](https://redirect.github.com/nodejs/undici/issues/3978) [nodejs/undici#3981](https://redirect.github.com/nodejs/undici/issues/3981) [nodejs/undici#3983](https://redirect.github.com/nodejs/undici/issues/3983) [nodejs/undici#3986](https://redirect.github.com/nodejs/undici/issues/3986) [#4021](https://redirect.github.com/actions/create-github-app-token/issues/4021) [#4018](https://redirect.github.com/actions/create-github-app-token/issues/4018) [#4017](https://redirect.github.com/actions/create-github-app-token/issues/4017) [#4016](https://redirect.github.com/actions/create-github-app-token/issues/4016) [#4008](https://redirect.github.com/actions/create-github-app-token/issues/4008) [#4007](https://redirect.github.com/actions/create-github-app-token/issues/4007) [#4006](https://redirect.github.com/actions/create-github-app-token/issues/4006) [#3965](https://redirect.github.com/actions/create-github-app-token/issues/3965) ### [`v1.11.2`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.2) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.1...v1.11.2) ##### Bug Fixes - **deps:** bump [@octokit/request](https://redirect.github.com/octokit/request) from 9.1.3 to 9.1.4 in the production-dependencies group ([#196](https://redirect.github.com/actions/create-github-app-token/issues/196)) ([b4192a5](https://redirect.github.com/actions/create-github-app-token/commit/b4192a5b3659c0e5875f868c44727ef4ecc5d579)), closes [#730](https://redirect.github.com/actions/create-github-app-token/issues/730) [#730](https://redirect.github.com/actions/create-github-app-token/issues/730) [#729](https://redirect.github.com/actions/create-github-app-token/issues/729) [#727](https://redirect.github.com/actions/create-github-app-token/issues/727) [#726](https://redirect.github.com/actions/create-github-app-token/issues/726) [#723](https://redirect.github.com/actions/create-github-app-token/issues/723) [#724](https://redirect.github.com/actions/create-github-app-token/issues/724) [#722](https://redirect.github.com/actions/create-github-app-token/issues/722) [#721](https://redirect.github.com/actions/create-github-app-token/issues/721) [#720](https://redirect.github.com/actions/create-github-app-token/issues/720) [#719](https://redirect.github.com/actions/create-github-app-token/issues/719) - **deps:** bump undici from 6.19.8 to 7.2.0 ([#198](https://redirect.github.com/actions/create-github-app-token/issues/198)) ([29aa051](https://redirect.github.com/actions/create-github-app-token/commit/29aa0514a79f3b4aa8b1547173a41455949e4bf6)), closes [nodejs/undici#3958](https://redirect.github.com/nodejs/undici/issues/3958) [nodejs/undici#3955](https://redirect.github.com/nodejs/undici/issues/3955) [nodejs/undici#3962](https://redirect.github.com/nodejs/undici/issues/3962) [nodejs/undici#3921](https://redirect.github.com/nodejs/undici/issues/3921) [nodejs/undici#3923](https://redirect.github.com/nodejs/undici/issues/3923) [nodejs/undici#3925](https://redirect.github.com/nodejs/undici/issues/3925) [nodejs/undici#3926](https://redirect.github.com/nodejs/undici/issues/3926) [nodejs/undici#3924](https://redirect.github.com/nodejs/undici/issues/3924) [nodejs/undici#3933](https://redirect.github.com/nodejs/undici/issues/3933) [nodejs/undici#3916](https://redirect.github.com/nodejs/undici/issues/3916) [nodejs/undici#3930](https://redirect.github.com/nodejs/undici/issues/3930) [nodejs/undici#3938](https://redirect.github.com/nodejs/undici/issues/3938) [#3937](https://redirect.github.com/actions/create-github-app-token/issues/3937) [nodejs/undici#3940](https://redirect.github.com/nodejs/undici/issues/3940) [nodejs/undici#3931](https://redirect.github.com/nodejs/undici/issues/3931) [nodejs/undici#3941](https://redirect.github.com/nodejs/undici/issues/3941) [nodejs/undici#3911](https://redirect.github.com/nodejs/undici/issues/3911) [nodejs/undici#3888](https://redirect.github.com/nodejs/undici/issues/3888) [nodejs/undici#3939](https://redirect.github.com/nodejs/undici/issues/3939) [nodejs/undici#3947](https://redirect.github.com/nodejs/undici/issues/3947) [nodejs/undici#3945](https://redirect.github.com/nodejs/undici/issues/3945) [nodejs/undici#3916](https://redirect.github.com/nodejs/undici/issues/3916) [nodejs/undici#3893](https://redirect.github.com/nodejs/undici/issues/3893) [nodejs/undici#3902](https://redirect.github.com/nodejs/undici/issues/3902) [#3901](https://redirect.github.com/actions/create-github-app-token/issues/3901) [nodejs/undici#3903](https://redirect.github.com/nodejs/undici/issues/3903) [nodejs/undici#3905](https://redirect.github.com/nodejs/undici/issues/3905) [nodejs/undici#3900](https://redirect.github.com/nodejs/undici/issues/3900) [nodejs/undici#3913](https://redirect.github.com/nodejs/undici/issues/3913) [nodejs/undici#3910](https://redirect.github.com/nodejs/undici/issues/3910) [nodejs/undici#3909](https://redirect.github.com/nodejs/undici/issues/3909) [nodejs/undici#3906](https://redirect.github.com/nodejs/undici/issues/3906) [nodejs/undici#3922](https://redirect.github.com/nodejs/undici/issues/3922) [#3962](https://redirect.github.com/actions/create-github-app-token/issues/3962) [#3955](https://redirect.github.com/actions/create-github-app-token/issues/3955) [#3958](https://redirect.github.com/actions/create-github-app-token/issues/3958) [#3945](https://redirect.github.com/actions/create-github-app-token/issues/3945) [#3947](https://redirect.github.com/actions/create-github-app-token/issues/3947) [#3939](https://redirect.github.com/actions/create-github-app-token/issues/3939) [#3888](https://redirect.github.com/actions/create-github-app-token/issues/3888) [#3911](https://redirect.github.com/actions/create-github-app-token/issues/3911) [#3941](https://redirect.github.com/actions/create-github-app-token/issues/3941) </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.9`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.9) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.8...v4.1.9) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/download-artifact/pull/354](https://redirect.github.com/actions/download-artifact/pull/354) - docs: small migration fix by [@froblesmartin](https://redirect.github.com/froblesmartin) in [https://github.com/actions/download-artifact/pull/370](https://redirect.github.com/actions/download-artifact/pull/370) - Update MIGRATION.md by [@andyfeller](https://redirect.github.com/andyfeller) in [https://github.com/actions/download-artifact/pull/372](https://redirect.github.com/actions/download-artifact/pull/372) - Update artifact package to 2.2.2 by [@yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/download-artifact/pull/380](https://redirect.github.com/actions/download-artifact/pull/380) #### New Contributors - [@Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/download-artifact/pull/354](https://redirect.github.com/actions/download-artifact/pull/354) - [@froblesmartin](https://redirect.github.com/froblesmartin) made their first contribution in [https://github.com/actions/download-artifact/pull/370](https://redirect.github.com/actions/download-artifact/pull/370) - [@andyfeller](https://redirect.github.com/andyfeller) made their first contribution in [https://github.com/actions/download-artifact/pull/372](https://redirect.github.com/actions/download-artifact/pull/372) - [@yacaovsnc](https://redirect.github.com/yacaovsnc) made their first contribution in [https://github.com/actions/download-artifact/pull/380](https://redirect.github.com/actions/download-artifact/pull/380) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.9 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0) ##### What's Changed - Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by [@Link-](https://redirect.github.com/Link-) in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) - Configure Dependabot settings by [@HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530) - Document update - permission section by [@HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534) ##### New Contributors - [@Link-](https://redirect.github.com/Link-) made their first contribution in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) **Full Changelog**: https://github.com/actions/setup-go/compare/v5...v5.3.0 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.2.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.2.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-node/pull/1174](https://redirect.github.com/actions/setup-node/pull/1174) - Add recommended permissions section to readme by [@benwells](https://redirect.github.com/benwells) in [https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193) - Configure Dependabot settings by [@HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-node/pull/1192](https://redirect.github.com/actions/setup-node/pull/1192) - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-node/pull/1191](https://redirect.github.com/actions/setup-node/pull/1191) - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1194](https://redirect.github.com/actions/setup-node/pull/1194) - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1195](https://redirect.github.com/actions/setup-node/pull/1195) - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1196](https://redirect.github.com/actions/setup-node/pull/1196) - Upgrade [@types/jest](https://redirect.github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1201](https://redirect.github.com/actions/setup-node/pull/1201) - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1205](https://redirect.github.com/actions/setup-node/pull/1205) #### New Contributors - [@benwells](https://redirect.github.com/benwells) made their first contribution in [https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.2.0 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1) #### What's Changed - Update to use artifact 2.2.2 package by [@yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/673](https://redirect.github.com/actions/upload-artifact/pull/673) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.1 </details> <details> <summary>anchore/sbom-action (anchore/sbom-action)</summary> ### [`v0.18.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.18.0) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.9...v0.18.0) #### Changes in v0.18.0 - chore(deps): update Syft to v1.19.0 ([#513](https://redirect.github.com/anchore/sbom-action/issues/513)) - [See Syft changelog for latest changes](https://redirect.github.com/anchore/syft/releases/tag/v1.19.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.11`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.11) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.10...v3.28.11) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.11 - 07 Mar 2025 - Update default CodeQL bundle version to 2.20.6. [#2793](https://redirect.github.com/github/codeql-action/pull/2793) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.11/CHANGELOG.md) for more information. ### [`v3.28.10`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.10) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.9...v3.28.10) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [#2772](https://redirect.github.com/github/codeql-action/pull/2772) - Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. [#2768](https://redirect.github.com/github/codeql-action/pull/2768) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md) for more information. ### [`v3.28.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.8...v3.28.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [#2753](https://redirect.github.com/github/codeql-action/pull/2753) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.9/CHANGELOG.md) for more information. ### [`v3.28.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.7...v3.28.8) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.28.8 - 29 Jan 2025 - Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. [#2744](https://redirect.github.com/github/codeql-action/pull/2744) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.8/CHANGELOG.md) for more information. ### [`v3.28.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.6...v3.28.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.7 - 29 Jan 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.7/CHANGELOG.md) for more information. ### [`v3.28.6`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.6 - 27 Jan 2025 - Re-enable debug artifact upload for CLI versions 2.20.3 or greater. [#2726](https://redirect.github.com/github/codeql-action/pull/2726) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.6/CHANGELOG.md) for more information. ### [`v3.28.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.4...v3.28.5) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [#2717](https://redirect.github.com/github/codeql-action/pull/2717) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md) for more information. ### [`v3.28.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.3...v3.28.4) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.4 - 23 Jan 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md) for more information. ### [`v3.28.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.2...v3.28.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [#2707](https://redirect.github.com/github/codeql-action/pull/2707) - Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the [CodeQL Action sync tool](https://redirect.github.com/github/codeql-action-sync-tool) and the Actions runner did not have Zstandard installed. [#2710](https://redirect.github.com/github/codeql-action/pull/2710) - Uploading debug artifacts for CodeQL analysis is temporarily disabled. [#2712](https://redirect.github.com/github/codeql-action/pull/2712) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md) for more information. ### [`v3.28.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.1...v3.28.2) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.2 - 21 Jan 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md) for more information. </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v6.2.1`](https://redirect.github.com/goreleaser/goreleaser-action/releases/tag/v6.2.1) [Compare Source](https://redirect.github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1) #### What's Changed This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the `-pro` suffix). Older versions should work fine. > \[!WARNING] > This version is **required** for GoReleaser Pro v2.7.0+. > Read more [here](https://goreleaser.com/blog/goreleaser-v2.7/). **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1 ### [`v6.2.0`](https://redirect.github.com/goreleaser/goreleaser-action/releases/tag/v6.2.0) [Compare Source](https://redirect.github.com/goreleaser/goreleaser-action/compare/v6.1.0...v6.2.0) ##### What's Changed This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the `-pro` suffix). Older versions should work fine. > \[!WARNING] > This version is **required** for GoReleaser Pro v2.7.0+. > Read more [here](https://goreleaser.com/blog/goreleaser-v2.7/). **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v6.1.0...v6.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.1`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.1) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1) #### What's Changed - This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the [v5.1.0](https://redirect.github.com/ossf/scorecard/releases/tag/v5.1.0) and [v5.1.1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.1.1) release notes. - Publishing results now uses half the API quota as before. The exact savings depends on the repository in question. - use Scorecard library entrypoint instead of Cobra hooking by [@spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1423](https://redirect.github.com/ossf/scorecard-action/pull/1423) - Some errors were made into annotations to make them more visible - Make default branch error more prominent by [@jsoref](https://redirect.github.com/jsoref) in [https://github.com/ossf/scorecard-action/pull/1459](https://redirect.github.com/ossf/scorecard-action/pull/1459) - There is now an optional `file_mode` input which controls how repository files are fetched from GitHub. The default is `archive`, but `git` produces the most accurate results for repositories with `.gitattributes` files at the cost of analysis speed. - add input for specifying `--file-mode` by [@spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1509](https://redirect.github.com/ossf/scorecard-action/pull/1509) - The underlying container for the action is now [hosted on GitHub Container Registry](https://redirect.github.com/ossf/scorecard-action/pkgs/container/scorecard-action). There should be no functional changes. - :seedling: publish docker images to GitHub Container Registry by [@spencerschrock](https://redirect.github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1453](https://redirect.github.com/ossf/scorecard-action/pull/1453) ##### Docs - Installation docs update by [@JeremiahAHoward](https://redirect.github.com/JeremiahAHoward) in [https://github.com/ossf/scorecard-action/pull/1416](https://redirect.github.com/ossf/scorecard-action/pull/1416) #### New Contributors - [@JeremiahAHoward](https://redirect.github.com/JeremiahAHoward) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1416](https://redirect.github.com/ossf/scorecard-action/pull/1416) - [@jsoref](https://redirect.github.com/jsoref) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1459](https://redirect.github.com/ossf/scorecard-action/pull/1459) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1 </details> <details> <summary>zarf-dev/zarf (zarf-dev/zarf)</summary> ### [`v0.49.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.49.1) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.49.0...v0.49.1)  #### What's Changed ##### 🚀 Updates - fix: allow absolute file paths on create by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3518](https://redirect.github.com/zarf-dev/zarf/pull/3518) - fix: do not create SBOM for packages without SBOMable material by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3540](https://redirect.github.com/zarf-dev/zarf/pull/3540) - 2335 docs best practices by [@brandtkeller](https://redirect.github.com/brandtkeller) in [https://github.com/zarf-dev/zarf/pull/3551](https://redirect.github.com/zarf-dev/zarf/pull/3551) - feat: add more logging to packager2.Pull by [@mkcp](https://redirect.github.com/mkcp) in [https://github.com/zarf-dev/zarf/pull/3557](https://redirect.github.com/zarf-dev/zarf/pull/3557) ##### 📦 Dependencies - chore(deps): bump the cosign-providers group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3519](https://redirect.github.com/zarf-dev/zarf/pull/3519) - chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.1 to 5.21.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3522](https://redirect.github.com/zarf-dev/zarf/pull/3522) - chore(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3521](https://redirect.github.com/zarf-dev/zarf/pull/3521) - chore(deps): bump github.com/derailed/k9s from 0.40.3 to 0.40.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3520](https://redirect.github.com/zarf-dev/zarf/pull/3520) - chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3537](https://redirect.github.com/zarf-dev/zarf/pull/3537) - chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3538](https://redirect.github.com/zarf-dev/zarf/pull/3538) - chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3539](https://redirect.github.com/zarf-dev/zarf/pull/3539) - chore(deps): bump golang.org/x/crypto from 0.33.0 to 0.34.0 in the golang group across 1 directory by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3534](https://redirect.github.com/zarf-dev/zarf/pull/3534) - chore(deps): bump golang.org/x/crypto from 0.34.0 to 0.35.0 in the golang group across 1 directory by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3542](https://redirect.github.com/zarf-dev/zarf/pull/3542) - chore(deps): bump github.com/avast/retry-go/v4 from 4.6.0 to 4.6.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3543](https://redirect.github.com/zarf-dev/zarf/pull/3543) - chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3550](https://redirect.github.com/zarf-dev/zarf/pull/3550) - chore(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3547](https://redirect.github.com/zarf-dev/zarf/pull/3547) - chore(deps): bump actions/create-github-app-token from 1.11.5 to 1.11.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3555](https://redirect.github.com/zarf-dev/zarf/pull/3555) - chore(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3545](https://redirect.github.com/zarf-dev/zarf/pull/3545) **Full Changelog**: https://github.com/zarf-dev/zarf/compare/v0.49.0...v0.49.1 ### [`v0.49.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.49.0) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.48.1...v0.49.0)  This release includes a number of project adjustments as well as fixes. Breaking Changes - Configuration file formats other than `yaml` and `toml` are being deprecated - See Proposed [ZEP-0015](https://redirect.github.com/zarf-dev/proposals/pull/16) for background on limitations driving this decision - `zarf connect` default execution has a UX change - The `--cli-only` flag has been removed - this behavior is now the default - Browsers can be automatically opened with the command using the `--open` flag The update to `zarf connect` is with consideration of zarf behaviors defaulting to fully-encapsulated execution. As a general principle we want zarf to have minimal dependency on external/system tooling by default. #### What's Changed ##### 🚀 Updates - fix: pass insecure flag option to FindChartInAuthAndTLSRepoURL by [@willswire](https://redirect.github.com/willswire) in [https://github.com/zarf-dev/zarf/pull/3477](https://redirect.github.com/zarf-dev/zarf/pull/3477) - feat: improve skeleton package messaging by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3482](https://redirect.github.com/zarf-dev/zarf/pull/3482) - fix: injector build process by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3479](https://redirect.github.com/zarf-dev/zarf/pull/3479) - feat(connect): update default behavior to be cli-only by [@brandtkeller](https://redirect.github.com/brandtkeller) in [https://github.com/zarf-dev/zarf/pull/3487](https://redirect.github.com/zarf-dev/zarf/pull/3487) - chore(release): install cross before injector build by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3493](https://redirect.github.com/zarf-dev/zarf/pull/3493) - fix: pulling not respecting "uncompressed" setting in metadata by [@a1994sc](https://redirect.github.com/a1994sc) in [https://github.com/zarf-dev/zarf/pull/3472](https://redirect.github.com/zarf-dev/zarf/pull/3472) - chore(docs): update meetups issue reference by [@brandtkeller](https://redirect.github.com/brandtkeller) in [https://github.com/zarf-dev/zarf/pull/3502](https://redirect.github.com/zarf-dev/zarf/pull/3502) - test: remove dependency on `make build-examples` in e2e tests by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3494](https://redirect.github.com/zarf-dev/zarf/pull/3494) - fix: add check during image discovery to make sure images are valid by [@a1994sc](https://redirect.github.com/a1994sc) in [https://github.com/zarf-dev/zarf/pull/3234](https://redirect.github.com/zarf-dev/zarf/pull/3234) - Update TSC in CONTRIBUTING.md by [@mkcp](https://redirect.github.com/mkcp) in [https://github.com/zarf-dev/zarf/pull/3496](https://redirect.github.com/zarf-dev/zarf/pull/3496) - feat: deprecate config file types other than yaml and toml by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3517](https://redirect.github.com/zarf-dev/zarf/pull/3517) ##### 📦 Dependencies - chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3458](https://redirect.github.com/zarf-dev/zarf/pull/3458) - chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3484](https://redirect.github.com/zarf-dev/zarf/pull/3484) - chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 in the golang group across 1 directory by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3485](https://redirect.github.com/zarf-dev/zarf/pull/3485) - chore(deps): bump golangci/golangci-lint-action from 6.3.0 to 6.3.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3483](https://redirect.github.com/zarf-dev/zarf/pull/3483) - chore(deps): bump github.com/goccy/go-yaml from 1.15.17 to 1.15.19 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3486](https://redirect.github.com/zarf-dev/zarf/pull/3486) - chore(deps): bump aws-actions/configure-aws-credentials from 4.0.3 to 4.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3488](https://redirect.github.com/zarf-dev/zarf/pull/3488) - chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.3.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3489](https://redirect.github.com/zarf-dev/zarf/pull/3489) - chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3490](https://redirect.github.com/zarf-dev/zarf/pull/3490) - chore(deps): bump github.com/goccy/go-yaml from 1.15.19 to 1.15.20 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3492](https://redirect.github.com/zarf-dev/zarf/pull/3492) - chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3491](https://redirect.github.com/zarf-dev/zarf/pull/3491) - chore(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3498](https://redirect.github.com/zarf-dev/zarf/pull/3498) - chore(deps): bump the k8s group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3503](https://redirect.github.com/zarf-dev/zarf/pull/3503) - chore(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3506](https://redirect.github.com/zarf-dev/zarf/pull/3506) - chore(deps): bump github.com/goccy/go-yaml from 1.15.20 to 1.15.22 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3497](https://redirect.github.com/zarf-dev/zarf/pull/3497) - chore(deps): bump github.com/fluxcd/source-controller/api from 1.4.1 to 1.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3505](https://redirect.github.com/zarf-dev/zarf/pull/3505) - chore(deps): bump the cosign-providers group across 1 directory with 3 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3504](https://redirect.github.com/zarf-dev/zarf/pull/3504) - chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3512](https://redirect.github.com/zarf-dev/zarf/pull/3512) - chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3509](https://redirect.github.com/zarf-dev/zarf/pull/3509) - chore(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3510](https://redirect.github.com/zarf-dev/zarf/pull/3510) - chore(deps): bump github.com/derailed/k9s from 0.32.7 to 0.40.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3513](https://redirect.github.com/zarf-dev/zarf/pull/3513) - chore(deps): bump actions/create-github-app-token from 1.11.3 to 1.11.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3507](https://redirect.github.com/zarf-dev/zarf/pull/3507) - chore(deps): bump golangci/golangci-lint-action from 6.4.0 to 6.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3508](https://redirect.github.com/zarf-dev/zarf/pull/3508) **Full Changelog**: https://github.com/zarf-dev/zarf/compare/v0.48.1...v0.49.0 ### [`v0.48.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.48.1) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.48.0...v0.48.1)  #### What's Changed ##### 🚀 Updates - feat: error when building a package with zero components by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3403](https://redirect.github.com/zarf-dev/zarf/pull/3403) - chore(deps): group golang dependencies in dependabot by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3471](https://redirect.github.com/zarf-dev/zarf/pull/3471) - test: delete e2e test for examples/package-flavors by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3463](https://redirect.github.com/zarf-dev/zarf/pull/3463) - fix: avoid error when building package importing skeleton with remote components by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3470](https://redirect.github.com/zarf-dev/zarf/pull/3470) - fix: avoid incorrect cyclic error when two packages import each other on separate component chains by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3460](https://redirect.github.com/zarf-dev/zarf/pull/3460) ##### 📦 Dependencies - chore(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3450](https://redirect.github.com/zarf-dev/zarf/pull/3450) - chore(deps): bump github/codeql-action from 3.28.6 to 3.28.8 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3451](https://redirect.github.com/zarf-dev/zarf/pull/3451) - chore(deps): bump actions/create-github-app-token from 1.11.1 to 1.11.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3456](https://redirect.github.com/zarf-dev/zarf/pull/3456) - chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3465](https://redirect.github.com/zarf-dev/zarf/pull/3465) - chore(deps): bump actions/create-github-app-token from 1.11.2 to 1.11.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3467](https://redirect.github.com/zarf-dev/zarf/pull/3467) - chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3466](https://redirect.github.com/zarf-dev/zarf/pull/3466) - chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3468](https://redirect.github.com/zarf-dev/zarf/pull/3468) - chore(deps): bump github.com/goccy/go-yaml from 1.15.15 to 1.15.17 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3462](https://redirect.github.com/zarf-dev/zarf/pull/3462) **Full Changelog**: https://github.com/zarf-dev/zarf/compare/v0.48.0...v0.48.1 ### [`v0.48.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.48.0) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.47.0...v0.48.0)  #### What's Changed ##### 🚀 Updates - test: avoid flake in test external by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3432](https://redirect.github.com/zarf-dev/zarf/pull/3432) - fix: avoid errors when `--max-package-size` differs between create runs by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3398](https://redirect.github.com/zarf-dev/zarf/pull/3398) - fix: log correct size with units during image pull by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3440](https://redirect.github.com/zarf-dev/zarf/pull/3440) - feat: introduce output format flag for `zarf tools get-creds` and `zarf package list` by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3415](https://redirect.github.com/zarf-dev/zarf/pull/3415) - feat: deprecate and replace `zarf package inspect` with child commands `zarf package inspect definition|sbom|images` by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3416](https://redirect.github.com/zarf-dev/zarf/pull/3416) - chore: separate code changes from dependency updates in release notes by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3445](https://redirect.github.com/zarf-dev/zarf/pull/3445) - fix: avoid false positives in import cycle detection by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3449](https://redirect.github.com/zarf-dev/zarf/pull/3449) ##### 📦 Dependencies - chore(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3431](https://redirect.github.com/zarf-dev/zarf/pull/3431) - chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.0 to 0.20.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3429](https://redirect.github.com/zarf-dev/zarf/pull/3429) - chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3430](https://redirect.github.com/zarf-dev/zarf/pull/3430) - chore(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3437](https://redirect.github.com/zarf-dev/zarf/pull/3437) - chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3438](https://redirect.github.com/zarf-dev/zarf/pull/3438) - chore(deps): bump actions/setup-node from 4.1.0 to 4.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3441](https://redirect.github.com/zarf-dev/zarf/pull/3441) - chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3442](https://redirect.github.com/zarf-dev/zarf/pull/3442) - chore(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.0.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3443](https://redirect.github.com/zarf-dev/zarf/pull/3443) - chore(deps): bump github.com/agnivade/levenshtein from 1.2.0 to 1.2.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3447](https://redirect.github.com/zarf-dev/zarf/pull/3447) **Full Changelog**: https://github.com/zarf-dev/zarf/compare/v0.47.0...v0.48.0 ### [`v0.47.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.47.0) [Compare Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.46.0...v0.47.0) #### Highlights: ##### Breaking - Zarf's Commands have been unexported in favor of cmd.NewZarfCommand() for users embedding Zarf in their CLI applications. ##### UX - The logging overhaul is out of beta and now fully released. --log-format="legacy" will be available for at least the next two minor releases for a smooth upgrade path. - zarf package create's build scroll has been simplified and Yaml inspection has been migrated to a first class command zarf dev inspect {definition} ([dev inspect](https://redirect.github.com/zarf-dev/proposals/blob/main/0008-rework-inspect/README.md) feature requests welcome!). #### What's Changed - chore(deps): bump the cosign-providers group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3390](https://redirect.github.com/zarf-dev/zarf/pull/3390) - chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3391](https://redirect.github.com/zarf-dev/zarf/pull/3391) - chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3395](https://redirect.github.com/zarf-dev/zarf/pull/3395) - chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3394](https://redirect.github.com/zarf-dev/zarf/pull/3394) - chore(deps): bump github.com/mikefarah/yq/v4 from 4.44.6 to 4.45.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3393](https://redirect.github.com/zarf-dev/zarf/pull/3393) - refactor: normal creator by [@phillebaba](https://redirect.github.com/phillebaba) in [https://github.com/zarf-dev/zarf/pull/3114](https://redirect.github.com/zarf-dev/zarf/pull/3114) - fix: remove empty directory in package tars by [@AustinAbro321](https://redirect.github.com/AustinAbro321) in [https://github.com/zarf-dev/zarf/pull/3396](https://redirect.github.com/zarf-dev/zarf/pull/3396) - chore(deps): bump sigs.k8s.io/kustomize/api from 0.18.0 to 0.19.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3405](https://redirect.github.com/zarf-dev/zarf/pull/3405) - chore(deps): bump helm.sh/helm/v3 from 3.16.4 to 3.17.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3407](https://redirect.github.com/zarf-dev/zarf/pull/3407) - chore(deps): bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3406](https://redirect.github.com/zarf-dev/zarf/pull/3406) - chore(deps): bump the k8s group across 1 directory with 5 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3409](https://redirect.github.com/zarf-dev/zarf/pull/3409) - chore(deps): bump github.com/goccy/go-yaml from 1.15.13 to 1.15.14 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3410](https://redirect.github.com/zarf-dev/zarf/pull/3410) - chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/zarf-dev/zarf/pull/3412](https://redirect.github.com/zarf </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/maru-runner).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

dependabot bot added dependencies github_actions labels Jan 14, 2025

dependabot bot mentioned this pull request Jan 14, 2025

build(deps): bump github/codeql-action from 3.27.0 to 3.28.0 #3982

Closed

github-actions bot approved these changes Jan 14, 2025

View reviewed changes

github-actions bot merged commit e3928ed into main Jan 14, 2025
41 checks passed

dependabot bot deleted the dependabot/github_actions/github/codeql-action-3.28.1 branch January 14, 2025 08:03

github-actions bot mentioned this pull request Jan 15, 2025

[Release] v7.2.2 #4007

Merged

github-actions bot mentioned this pull request Mar 12, 2025

[Release] v6.21.2 #4092

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 #4003

build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 #4003

dependabot bot commented on behalf of github Jan 14, 2025

build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 #4003

build(deps): bump github/codeql-action from 3.27.0 to 3.28.1 #4003

Conversation

dependabot bot commented on behalf of github Jan 14, 2025

v3.28.1

CodeQL Action Changelog

3.28.1 - 10 Jan 2025

v3.28.0

CodeQL Action Changelog

3.28.0 - 20 Dec 2024

v3.27.9

CodeQL Action Changelog

3.27.9 - 12 Dec 2024

v3.27.7

CodeQL Action Changelog

3.27.7 - 10 Dec 2024

CodeQL Action Changelog

[UNRELEASED]

3.28.1 - 10 Jan 2025

3.28.0 - 20 Dec 2024

3.27.9 - 12 Dec 2024

3.27.8 - 12 Dec 2024

3.27.7 - 10 Dec 2024

3.27.6 - 03 Dec 2024

3.27.5 - 19 Nov 2024

3.27.4 - 14 Nov 2024

3.27.3 - 12 Nov 2024

3.27.2 - 12 Nov 2024