chore(deps): update github-actions (major) (#3648) · slsa-framework/slsa-github-generator@2d17c08

Commit

chore(deps): update github-actions (major) (#3648)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| major | `v3.13.0` -> `v4.2.1` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| major | `v3.8.1` -> `v4.0.2` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| major | `v3` -> `v4` |
|
[bazelbuild/setup-bazelisk](https://togithub.com/bazelbuild/setup-bazelisk)
| action | major | `v2.0.0` -> `v3.0.0` |
|
[geekyeggo/delete-artifact](https://togithub.com/geekyeggo/delete-artifact)
| action | major | `v2.0.0` -> `v5.0.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | major | `v2.22.4` -> `v3.25.5` |
|
[google-github-actions/auth](https://togithub.com/google-github-actions/auth)
| action | major | `v1.1.1` -> `v2.1.3` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | major | `v2.9.0` -> `v3.3.2` |

---

### Release Notes

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v4.2.1`](https://togithub.com/actions/setup-java/releases/tag/v4.2.1)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v4.2.0...v4.2.1)

##### What's Changed

- Patch for java version file to accept it from any path by
[@&#8203;mahabaleshwars](https://togithub.com/mahabaleshwars) in
[https://github.com/actions/setup-java/pull/610](https://togithub.com/actions/setup-java/pull/610)

**Full Changelog**:
https://github.com/actions/setup-java/compare/v4...v4.2.1

###
[`v4.2.0`](https://togithub.com/actions/setup-java/releases/tag/v4.2.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v4.1.0...v4.2.0)

##### What's Changed

- Updated actions/httpclient version to 2.2.1 and other dependencies by
[@&#8203;HarithaVattikuti](https://togithub.com/HarithaVattikuti) in
[https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607)
- Added .tool-versions file support along with .java-version file by
[@&#8203;mahabaleshwars](https://togithub.com/mahabaleshwars) in
[https://github.com/actions/setup-java/pull/606](https://togithub.com/actions/setup-java/pull/606)

##### New Contributors

- [@&#8203;HarithaVattikuti](https://togithub.com/HarithaVattikuti) made
their first contribution in
[https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607)
**Full Changelog**:
https://github.com/actions/setup-java/compare/v4...v4.2.0

###
[`v4.1.0`](https://togithub.com/actions/setup-java/releases/tag/v4.1.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v4.0.0...v4.1.0)

#### What's Changed

- Added Windows Arm64 Support for Windows Arm64 Runners by
[@&#8203;mahabaleshwars](https://togithub.com/mahabaleshwars) in
[https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595)
- feat: bump actions/checkout and actions/setup-java to v4 by
[@&#8203;kbdharun](https://togithub.com/kbdharun) in
[https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533)
- Handle authorization when the token is undefined by
[@&#8203;peter-murray](https://togithub.com/peter-murray) in
[https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556)
- Documentation update of Java 21 by
[@&#8203;Okeanos](https://togithub.com/Okeanos) in
[https://github.com/actions/setup-java/pull/566](https://togithub.com/actions/setup-java/pull/566)
- Documentation update about maven-gpg-plugin version note by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/570](https://togithub.com/actions/setup-java/pull/570)
- Oracle JDK 21 support by
[@&#8203;jdubois](https://togithub.com/jdubois) in
[https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538)
- Fix typo in configuration example by
[@&#8203;Bananeweizen](https://togithub.com/Bananeweizen) in
[https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572)

#### New Contributors

- [@&#8203;kbdharun](https://togithub.com/kbdharun) made their first
contribution in
[https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533)
- [@&#8203;peter-murray](https://togithub.com/peter-murray) made their
first contribution in
[https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556)
- [@&#8203;jdubois](https://togithub.com/jdubois) made their first
contribution in
[https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538)
- [@&#8203;Bananeweizen](https://togithub.com/Bananeweizen) made their
first contribution in
[https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572)
- [@&#8203;mahabaleshwars](https://togithub.com/mahabaleshwars) made
their first contribution in
[https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595)

**Full Changelog**:
https://github.com/actions/setup-java/compare/v4...v4.1.0

###
[`v4.0.0`](https://togithub.com/actions/setup-java/releases/tag/v4.0.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v3.13.0...v4.0.0)

#### What's Changed

In the scope of this release, the version of the Node.js runtime was
updated to 20. The majority of dependencies were updated to the latest
versions. From now on, the code for the setup-java will run on Node.js
20 instead of Node.js 16.

#### Breaking changes

- Update Node.js runtime to version 20 by
[@&#8203;aparnajyothi-y](https://togithub.com/aparnajyothi-y) in
[https://github.com/actions/setup-java/pull/558](https://togithub.com/actions/setup-java/pull/558)

#### Non-breaking changes

- Adding support for microsoft openjdk 21.0.0 by
[@&#8203;ralfstuckert](https://togithub.com/ralfstuckert) in
[https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546)
- Update [@&#8203;actions/cache](https://togithub.com/actions/cache)
dependency and documentation by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/549](https://togithub.com/actions/setup-java/pull/549)
- Implementation of the cache-dependency-path option to control caching
dependency by [@&#8203;itchyny](https://togithub.com/itchyny) in
[https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499)

#### New Contributors

- [@&#8203;ralfstuckert](https://togithub.com/ralfstuckert) made their
first contribution in
[https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546)
- [@&#8203;itchyny](https://togithub.com/itchyny) made their first
contribution in
[https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499)

**Full Changelog**:
https://github.com/actions/setup-java/compare/v3...v4.0.0

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.2`](https://togithub.com/actions/setup-node/releases/tag/v4.0.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.1...v4.0.2)

##### What's Changed

- Add support for `volta.extends` by
[@&#8203;ThisIsManta](https://togithub.com/ThisIsManta) in
[https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921)
- Add support for arm64 Windows by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/927](https://togithub.com/actions/setup-node/pull/927)

##### New Contributors

- [@&#8203;ThisIsManta](https://togithub.com/ThisIsManta) made their
first contribution in
[https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921)

**Full Changelog**:
https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2

###
[`v4.0.1`](https://togithub.com/actions/setup-node/releases/tag/v4.0.1)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.0...v4.0.1)

##### What's Changed

- Ignore engines in Yarn 1 e2e-cache tests by
[@&#8203;trivikr](https://togithub.com/trivikr) in
[https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882)
- Update setup-node references in the README.md file to setup-node@v4 by
[@&#8203;jwetzell](https://togithub.com/jwetzell) in
[https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884)
- Update reusable workflows to use Node.js v20 by
[@&#8203;MaksimZhukov](https://togithub.com/MaksimZhukov) in
[https://github.com/actions/setup-node/pull/889](https://togithub.com/actions/setup-node/pull/889)
- Add fix for cache to resolve slow post action step by
[@&#8203;aparnajyothi-y](https://togithub.com/aparnajyothi-y) in
[https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917)
- Fix README.md by [@&#8203;takayamaki](https://togithub.com/takayamaki)
in
[https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898)
- Add `package.json` to `node-version-file` list of examples. by
[@&#8203;TWiStErRob](https://togithub.com/TWiStErRob) in
[https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879)
- Fix node-version-file interprets entire package.json as a version by
[@&#8203;NullVoxPopuli](https://togithub.com/NullVoxPopuli) in
[https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865)

##### New Contributors

- [@&#8203;trivikr](https://togithub.com/trivikr) made their first
contribution in
[https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882)
- [@&#8203;jwetzell](https://togithub.com/jwetzell) made their first
contribution in
[https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884)
- [@&#8203;aparnajyothi-y](https://togithub.com/aparnajyothi-y) made
their first contribution in
[https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917)
- [@&#8203;takayamaki](https://togithub.com/takayamaki) made their first
contribution in
[https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898)
- [@&#8203;TWiStErRob](https://togithub.com/TWiStErRob) made their first
contribution in
[https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879)
- [@&#8203;NullVoxPopuli](https://togithub.com/NullVoxPopuli) made their
first contribution in
[https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865)

**Full Changelog**:
https://github.com/actions/setup-node/compare/v4...v4.0.1

###
[`v4.0.0`](https://togithub.com/actions/setup-node/releases/tag/v4.0.0)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.2...v4.0.0)

##### What's Changed

In scope of this release we changed version of node runtime for action
from node16 to node20 and updated dependencies in
[https://github.com/actions/setup-node/pull/866](https://togithub.com/actions/setup-node/pull/866)

Besides, release contains such changes as:

- Upgrade actions/checkout to v4 by
[@&#8203;gmembre-zenika](https://togithub.com/gmembre-zenika) in
[https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868)
- Update actions/checkout for documentation and yaml by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/876](https://togithub.com/actions/setup-node/pull/876)

##### New Contributors

- [@&#8203;gmembre-zenika](https://togithub.com/gmembre-zenika) made
their first contribution in
[https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868)

**Full Changelog**:
https://github.com/actions/setup-node/compare/v3...v4.0.0

###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)

##### What's Changed

- Update semver by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861)
- Update temp directory creation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859)
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870)
- Add notice about binaries not being updated yet by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872)
- Update toolkit cache and core by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@&#8203;seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875)

**Full Changelog**:
https://github.com/actions/setup-node/compare/v3...v3.8.2

</details>

<details>
<summary>bazelbuild/setup-bazelisk (bazelbuild/setup-bazelisk)</summary>

###
[`v3.0.0`](https://togithub.com/bazelbuild/setup-bazelisk/releases/tag/v3.0.0)

[Compare
Source](https://togithub.com/bazelbuild/setup-bazelisk/compare/v2.0.0...v3.0.0)

#### What's Changed

- Update README.md for v2 by
[@&#8203;mishas](https://togithub.com/mishas) in
[https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20)
- Bump prettier from 2.6.1 to 2.6.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/21](https://togithub.com/bazelbuild/setup-bazelisk/pull/21)
- Bump [@&#8203;actions/github](https://togithub.com/actions/github)
from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/22](https://togithub.com/bazelbuild/setup-bazelisk/pull/22)
- Bump
[@&#8203;actions/tool-cache](https://togithub.com/actions/tool-cache)
from 1.6.1 to 1.7.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/23](https://togithub.com/bazelbuild/setup-bazelisk/pull/23)
- Bump semver from 7.3.5 to 7.3.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/25](https://togithub.com/bazelbuild/setup-bazelisk/pull/25)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
2.0.0 to 2.0.2 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/24](https://togithub.com/bazelbuild/setup-bazelisk/pull/24)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.3
to 0.33.4 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/26](https://togithub.com/bazelbuild/setup-bazelisk/pull/26)
- Bump semver from 7.3.6 to 7.3.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/27](https://togithub.com/bazelbuild/setup-bazelisk/pull/27)
- Bump typescript from 4.6.3 to 4.6.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/30](https://togithub.com/bazelbuild/setup-bazelisk/pull/30)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.6.0 to 1.7.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/29](https://togithub.com/bazelbuild/setup-bazelisk/pull/29)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.7.0 to 1.8.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/31](https://togithub.com/bazelbuild/setup-bazelisk/pull/31)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
2.0.2 to 2.0.4 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/32](https://togithub.com/bazelbuild/setup-bazelisk/pull/32)
- Bump
[@&#8203;actions/tool-cache](https://togithub.com/actions/tool-cache)
from 1.7.2 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/34](https://togithub.com/bazelbuild/setup-bazelisk/pull/34)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.8.0 to 1.8.2 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/33](https://togithub.com/bazelbuild/setup-bazelisk/pull/33)
- Bump [@&#8203;actions/github](https://togithub.com/actions/github)
from 5.0.1 to 5.0.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/35](https://togithub.com/bazelbuild/setup-bazelisk/pull/35)
- Bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 1.0.11 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/36](https://togithub.com/bazelbuild/setup-bazelisk/pull/36)
- Bump typescript from 4.6.4 to 4.7.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/37](https://togithub.com/bazelbuild/setup-bazelisk/pull/37)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.4
to 0.34.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/38](https://togithub.com/bazelbuild/setup-bazelisk/pull/38)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
2.0.4 to 2.0.5 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/39](https://togithub.com/bazelbuild/setup-bazelisk/pull/39)
- Bump typescript from 4.7.2 to 4.7.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/40](https://togithub.com/bazelbuild/setup-bazelisk/pull/40)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
2.0.5 to 2.0.6 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/41](https://togithub.com/bazelbuild/setup-bazelisk/pull/41)
- Bump typescript from 4.7.3 to 4.7.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/42](https://togithub.com/bazelbuild/setup-bazelisk/pull/42)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.8.2 to 1.9.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/43](https://togithub.com/bazelbuild/setup-bazelisk/pull/43)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.3.9 to 7.3.10 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/44](https://togithub.com/bazelbuild/setup-bazelisk/pull/44)
- Bump prettier from 2.6.2 to 2.7.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/45](https://togithub.com/bazelbuild/setup-bazelisk/pull/45)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
2.0.6 to 3.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/46](https://togithub.com/bazelbuild/setup-bazelisk/pull/46)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.0 to 3.0.1 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/47](https://togithub.com/bazelbuild/setup-bazelisk/pull/47)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.1 to 3.0.3 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/48](https://togithub.com/bazelbuild/setup-bazelisk/pull/48)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.3.10 to 7.3.12 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/50](https://togithub.com/bazelbuild/setup-bazelisk/pull/50)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.9.0 to 1.9.1 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/49](https://togithub.com/bazelbuild/setup-bazelisk/pull/49)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.3 to 3.0.4 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/51](https://togithub.com/bazelbuild/setup-bazelisk/pull/51)
- Bump typescript from 4.7.4 to 4.8.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/52](https://togithub.com/bazelbuild/setup-bazelisk/pull/52)
- Bump typescript from 4.8.2 to 4.8.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/53](https://togithub.com/bazelbuild/setup-bazelisk/pull/53)
- Bump [@&#8203;actions/github](https://togithub.com/actions/github)
from 5.0.3 to 5.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/54](https://togithub.com/bazelbuild/setup-bazelisk/pull/54)
- Bump [@&#8203;actions/github](https://togithub.com/actions/github)
from 5.1.0 to 5.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/55](https://togithub.com/bazelbuild/setup-bazelisk/pull/55)
- Bump typescript from 4.8.3 to 4.8.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/56](https://togithub.com/bazelbuild/setup-bazelisk/pull/56)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.9.1 to 1.10.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/57](https://togithub.com/bazelbuild/setup-bazelisk/pull/57)
- Bump semver from 7.3.7 to 7.3.8 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/58](https://togithub.com/bazelbuild/setup-bazelisk/pull/58)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.4 to 3.0.5 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/59](https://togithub.com/bazelbuild/setup-bazelisk/pull/59)
- Add support for ARM64. by
[@&#8203;junyer](https://togithub.com/junyer) in
[https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.5 to 3.0.6 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/62](https://togithub.com/bazelbuild/setup-bazelisk/pull/62)
- Get `npm run build` working again. by
[@&#8203;junyer](https://togithub.com/junyer) in
[https://github.com/bazelbuild/setup-bazelisk/pull/63](https://togithub.com/bazelbuild/setup-bazelisk/pull/63)
- Bump typescript from 4.8.4 to 4.9.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/64](https://togithub.com/bazelbuild/setup-bazelisk/pull/64)
- Bump prettier from 2.7.1 to 2.8.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/65](https://togithub.com/bazelbuild/setup-bazelisk/pull/65)
- Bump prettier from 2.8.0 to 2.8.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/67](https://togithub.com/bazelbuild/setup-bazelisk/pull/67)
- Bump typescript from 4.9.3 to 4.9.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/69](https://togithub.com/bazelbuild/setup-bazelisk/pull/69)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.34.0
to 0.36.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/68](https://togithub.com/bazelbuild/setup-bazelisk/pull/68)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.0.6 to 3.1.0 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/72](https://togithub.com/bazelbuild/setup-bazelisk/pull/72)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.1.0 to 3.1.1 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/73](https://togithub.com/bazelbuild/setup-bazelisk/pull/73)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.1.1 to 3.1.2 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/74](https://togithub.com/bazelbuild/setup-bazelisk/pull/74)
- Bump prettier from 2.8.1 to 2.8.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/75](https://togithub.com/bazelbuild/setup-bazelisk/pull/75)
- Bump prettier from 2.8.2 to 2.8.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/76](https://togithub.com/bazelbuild/setup-bazelisk/pull/76)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.0
to 0.36.1 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/77](https://togithub.com/bazelbuild/setup-bazelisk/pull/77)
- Bump typescript from 4.9.4 to 4.9.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/78](https://togithub.com/bazelbuild/setup-bazelisk/pull/78)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.1.2 to 3.1.3 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/79](https://togithub.com/bazelbuild/setup-bazelisk/pull/79)
- Bump prettier from 2.8.3 to 2.8.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/80](https://togithub.com/bazelbuild/setup-bazelisk/pull/80)
- Bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.0.1 to 2.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/82](https://togithub.com/bazelbuild/setup-bazelisk/pull/82)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.1.3 to 3.2.1 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/83](https://togithub.com/bazelbuild/setup-bazelisk/pull/83)
- Bump typescript from 4.9.5 to 5.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/84](https://togithub.com/bazelbuild/setup-bazelisk/pull/84)
- Bump prettier from 2.8.4 to 2.8.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/85](https://togithub.com/bazelbuild/setup-bazelisk/pull/85)
- Bump typescript from 5.0.2 to 5.0.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/86](https://togithub.com/bazelbuild/setup-bazelisk/pull/86)
- Bump typescript from 5.0.3 to 5.0.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/87](https://togithub.com/bazelbuild/setup-bazelisk/pull/87)
- Bump semver from 7.3.8 to 7.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/88](https://togithub.com/bazelbuild/setup-bazelisk/pull/88)
- Bump prettier from 2.8.7 to 2.8.8 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/89](https://togithub.com/bazelbuild/setup-bazelisk/pull/89)
- Bump semver from 7.4.0 to 7.5.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/90](https://togithub.com/bazelbuild/setup-bazelisk/pull/90)
- Bump typescript from 5.0.4 to 5.1.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/93](https://togithub.com/bazelbuild/setup-bazelisk/pull/93)
- Bump semver and
[@&#8203;types/semver](https://togithub.com/types/semver) by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/92](https://togithub.com/bazelbuild/setup-bazelisk/pull/92)
- Bump semver from 7.5.1 to 7.5.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/94](https://togithub.com/bazelbuild/setup-bazelisk/pull/94)
- Bump semver from 7.5.2 to 7.5.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/95](https://togithub.com/bazelbuild/setup-bazelisk/pull/95)
- Bump typescript from 5.1.3 to 5.1.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/96](https://togithub.com/bazelbuild/setup-bazelisk/pull/96)
- Bump semver from 7.5.3 to 7.5.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/98](https://togithub.com/bazelbuild/setup-bazelisk/pull/98)
- Bump prettier from 2.8.8 to 3.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/97](https://togithub.com/bazelbuild/setup-bazelisk/pull/97)
- Bump cachedir from 2.3.0 to 2.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/99](https://togithub.com/bazelbuild/setup-bazelisk/pull/99)
- Bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.1.0 to 2.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/100](https://togithub.com/bazelbuild/setup-bazelisk/pull/100)
- Bump prettier from 3.0.0 to 3.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/101](https://togithub.com/bazelbuild/setup-bazelisk/pull/101)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.2.1 to 3.2.2 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/102](https://togithub.com/bazelbuild/setup-bazelisk/pull/102)
- Bump tough-cookie and
[@&#8203;azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/103](https://togithub.com/bazelbuild/setup-bazelisk/pull/103)
- Bump xml2js and
[@&#8203;azure/core-http](https://togithub.com/azure/core-http) by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/105](https://togithub.com/bazelbuild/setup-bazelisk/pull/105)
- Bump prettier from 3.0.1 to 3.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/106](https://togithub.com/bazelbuild/setup-bazelisk/pull/106)
- Bump typescript from 5.1.6 to 5.2.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/107](https://togithub.com/bazelbuild/setup-bazelisk/pull/107)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.0 to 7.5.1 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/108](https://togithub.com/bazelbuild/setup-bazelisk/pull/108)
- Bump prettier from 3.0.2 to 3.0.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/109](https://togithub.com/bazelbuild/setup-bazelisk/pull/109)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/110](https://togithub.com/bazelbuild/setup-bazelisk/pull/110)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1
to 0.38.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/111](https://togithub.com/bazelbuild/setup-bazelisk/pull/111)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.1 to 7.5.2 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/113](https://togithub.com/bazelbuild/setup-bazelisk/pull/113)
- Bump [@&#8203;actions/core](https://togithub.com/actions/core) from
1.10.0 to 1.10.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/112](https://togithub.com/bazelbuild/setup-bazelisk/pull/112)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.2 to 7.5.3 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/114](https://togithub.com/bazelbuild/setup-bazelisk/pull/114)
- Bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.1.1 to 2.2.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/115](https://togithub.com/bazelbuild/setup-bazelisk/pull/115)
- Bump [@&#8203;actions/github](https://togithub.com/actions/github)
from 5.1.1 to 6.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/116](https://togithub.com/bazelbuild/setup-bazelisk/pull/116)
- Bump undici from 5.25.4 to 5.26.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/117](https://togithub.com/bazelbuild/setup-bazelisk/pull/117)
- Bump [@&#8203;vercel/ncc](https://togithub.com/vercel/ncc) from 0.38.0
to 0.38.1 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/118](https://togithub.com/bazelbuild/setup-bazelisk/pull/118)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.3 to 7.5.4 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/119](https://togithub.com/bazelbuild/setup-bazelisk/pull/119)
- Bump prettier from 3.0.3 to 3.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/123](https://togithub.com/bazelbuild/setup-bazelisk/pull/123)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.4 to 7.5.5 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/122](https://togithub.com/bazelbuild/setup-bazelisk/pull/122)
- Bump typescript from 5.2.2 to 5.3.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/124](https://togithub.com/bazelbuild/setup-bazelisk/pull/124)
- Bump [@&#8203;types/semver](https://togithub.com/types/semver) from
7.5.5 to 7.5.6 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/125](https://togithub.com/bazelbuild/setup-bazelisk/pull/125)
- Bump typescript from 5.3.2 to 5.3.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/126](https://togithub.com/bazelbuild/setup-bazelisk/pull/126)
- Bump prettier from 3.1.0 to 3.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/127](https://togithub.com/bazelbuild/setup-bazelisk/pull/127)
- Bump prettier from 3.1.1 to 3.2.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/128](https://togithub.com/bazelbuild/setup-bazelisk/pull/128)
- Bump [@&#8203;actions/cache](https://togithub.com/actions/cache) from
3.2.2 to 3.2.3 by [@&#8203;dependabot](https://togithub.com/dependabot)
in
[https://github.com/bazelbuild/setup-bazelisk/pull/129](https://togithub.com/bazelbuild/setup-bazelisk/pull/129)
- Bump prettier from 3.2.2 to 3.2.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bazelbuild/setup-bazelisk/pull/130](https://togithub.com/bazelbuild/setup-bazelisk/pull/130)
- Update from Node 16 to Node 20. by
[@&#8203;junyer](https://togithub.com/junyer) in
[https://github.com/bazelbuild/setup-bazelisk/pull/132](https://togithub.com/bazelbuild/setup-bazelisk/pull/132)

#### New Contributors

- [@&#8203;mishas](https://togithub.com/mishas) made their first
contribution in
[https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20)
- [@&#8203;junyer](https://togithub.com/junyer) made their first
contribution in
[https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61)

**Full Changelog**:
https://github.com/bazelbuild/setup-bazelisk/compare/v2...v3.0.0

</details>

<details>
<summary>geekyeggo/delete-artifact (geekyeggo/delete-artifact)</summary>

###
[`v5.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v5.0.0)

[Compare
Source](https://togithub.com/geekyeggo/delete-artifact/compare/v4.1.0...v5.0.0)

- Switch to
[@&#8203;actions/artifact](https://www.npmjs.com/package/@&#8203;actions/artifact),
removing the need for a `token` parameter (Sebastian Weigand)
[#&#8203;24](https://togithub.com/GeekyEggo/delete-artifact/pull/24)

###
[`v4.1.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.1.0)

[Compare
Source](https://togithub.com/geekyeggo/delete-artifact/compare/v4.0.0...v4.1.0)

-   Add default token.
- Fix over-arching `catch` output; errors now correctly result in a
failed run
([@&#8203;TheMrMilchmann](https://togithub.com/TheMrMilchmann)).

###
[`v4.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.0.0):
Support for actions/upload-artifact@v4

[Compare
Source](https://togithub.com/geekyeggo/delete-artifact/compare/v2.0.0...v4.0.0)

- Add support for artifacts uploaded with `actions/upload-artifact@v4`.
-   Add requirement of `token` with read and write access to actions.
-   Update requests to use GitHub REST API.
- Deprecate support for `actions/upload-artifact@v1`,
`actions/upload-artifact@v2`, and `actions/upload-artifact@v3` (please
use `geekyeggo/delete-artifact@v2`).

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

###
[`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

###
[`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

###
[`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

###
[`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0)

###
[`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11)

###
[`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)

###
[`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9)

###
[`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8)

###
[`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7)

###
[`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6)

###
[`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5)

###
[`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4)

###
[`v3.24.3`](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3)

###
[`v3.24.2`](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2)

###
[`v3.24.1`](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1)

###
[`v3.24.0`](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0)

###
[`v3.23.2`](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2)

###
[`v3.23.1`](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1)

###
[`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0)

###
[`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12)

###
[`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.5...v3.22.11)

###
[`v2.25.5`](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5)

###
[`v2.25.4`](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4)

###
[`v2.25.3`](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3)

###
[`v2.25.2`](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2)

###
[`v2.25.1`](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1)

###
[`v2.25.0`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.25.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.11...v2.25.0)

###
[`v2.24.11`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11)

###
[`v2.24.10`](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10)

###
[`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9)

###
[`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

###
[`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

###
[`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

###
[`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

###
[`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

###
[`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

###
[`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

###
[`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

</details>

<details>
<summary>google-github-actions/auth
(google-github-actions/auth)</summary>

###
[`v2.1.3`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v2.1.2...v2.1.3)

##### What's Changed

- Security considerations: ids are strings, not integers by
[@&#8203;ewjoachim](https://togithub.com/ewjoachim) in
[https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400)
- security: bump undici from 5.28.3 to 5.28.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/google-github-actions/auth/pull/405](https://togithub.com/google-github-actions/auth/pull/405)
- Fix typo by [@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/408](https://togithub.com/google-github-actions/auth/pull/408)
- Switch to using universe helpers by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/410](https://togithub.com/google-github-actions/auth/pull/410)
- Add request_reason for plumbing though user-supplied audit information
by [@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/413](https://togithub.com/google-github-actions/auth/pull/413)
- Release: v2.1.3 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/414](https://togithub.com/google-github-actions/auth/pull/414)

##### New Contributors

- [@&#8203;ewjoachim](https://togithub.com/ewjoachim) made their first
contribution in
[https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v2.1.2...v2.1.3

###
[`v2.1.2`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.2)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v2.1.1...v2.1.2)

##### What's Changed

- Remove documentation on retries (deprecated) by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/392](https://togithub.com/google-github-actions/auth/pull/392)
- Add security considerations for Attribute Conditions by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/393](https://togithub.com/google-github-actions/auth/pull/393)
- security: bump undici from 5.28.2 to 5.28.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394)
- Reduce warnings to info level with a warning icon by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/397](https://togithub.com/google-github-actions/auth/pull/397)
- Release: v2.1.2 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/399](https://togithub.com/google-github-actions/auth/pull/399)

##### New Contributors

- [@&#8203;dependabot](https://togithub.com/dependabot) made their first
contribution in
[https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v2...v2.1.2

###
[`v2.1.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v2.1.0...v2.1.1)

##### What's Changed

- Remove retry logic by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/389](https://togithub.com/google-github-actions/auth/pull/389)
- Use an OAuth 2.0 access token for Domain-Wide Delegation by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/388](https://togithub.com/google-github-actions/auth/pull/388)
- Release: v2.1.1 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/390](https://togithub.com/google-github-actions/auth/pull/390)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v2...v2.1.1

###
[`v2.1.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.0)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v2.0.1...v2.1.0)

##### What's Changed

- Update deps by [@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/384](https://togithub.com/google-github-actions/auth/pull/384)
- Release: v2.1.0 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/385](https://togithub.com/google-github-actions/auth/pull/385)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v2...v2.1.0

###
[`v2.0.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.1)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v2.0.0...v2.0.1)

##### What's Changed

- Trigger release on pushes to release branches by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/358](https://togithub.com/google-github-actions/auth/pull/358)
- Fix a small docs issue by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/359](https://togithub.com/google-github-actions/auth/pull/359)
- Remove broken markdown links by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/362](https://togithub.com/google-github-actions/auth/pull/362)
- Document that project_id might be required by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/367](https://togithub.com/google-github-actions/auth/pull/367)
- Update README and CI to use latest version by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/365](https://togithub.com/google-github-actions/auth/pull/365)
- Add service_account to WIF through SA example by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/369](https://togithub.com/google-github-actions/auth/pull/369)
- Use new markdown syntax for alerts by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/371](https://togithub.com/google-github-actions/auth/pull/371)
- Note .dockerignore in the exclusion for credentials by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/376](https://togithub.com/google-github-actions/auth/pull/376)
- Support newline-separated inputs for delegates and access_token_scopes
by [@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/381](https://togithub.com/google-github-actions/auth/pull/381)
- Release: v2.0.1 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/382](https://togithub.com/google-github-actions/auth/pull/382)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v2...v2.0.1

###
[`v2.0.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.0)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v1.3.0...v2.0.0)

**⚠️ This version requires Node 20 or later on the runner!** If you are
using GitHub-managed runners, no action is needed. If you are using
self-hosted runners, make sure the system version of Node is version 20
or higher.

##### What's Changed

- Add support for Direct Workload Identity auth by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/348](https://togithub.com/google-github-actions/auth/pull/348)
- Add protection for release branches by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/351](https://togithub.com/google-github-actions/auth/pull/351)
- Make auth universe-aware by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/352](https://togithub.com/google-github-actions/auth/pull/352)
- Fix some examples to include project_id by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/353](https://togithub.com/google-github-actions/auth/pull/353)
- Release: v2.0.0 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/355](https://togithub.com/google-github-actions/auth/pull/355)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v1...v2.0.0

###
[`v1.3.0`](https://togithub.com/google-github-actions/auth/releases/tag/v1.3.0)

[Compare
Source](https://togithub.com/google-github-actions/auth/compare/v1.2.0...v1.3.0)

#### What's Changed

- Revert back to Node 16 for v1 series by
[@&#8203;sethvargo](https://togithub.com/sethvargo) in
[https://github.com/google-github-actions/auth/pull/356](https://togithub.com/google-github-actions/auth/pull/356)
- Release: v1.3.0 by
[@&#8203;google-github-actions-bot](https://togithub.com/google-github-actions-bot)
in
[https://github.com/google-github-actions/auth/pull/357](https://togithub.com/google-github-actions/auth/pull/357)

**Full Changelog**:
https://github.com/google-github-actions/auth/compare/v1...v1.3.0

###

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>

Loading branch information

renovate-bot committed May 16, 2024

1 parent 225f0f9 commit 2d17c08

.github/actions/secure-project-checkout-node/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -41,6 +41,6 @@ runs:
  
            path: ${{ inputs.path }}

        - name: Set up Node environment

          uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

          with:

            node-version: ${{ inputs.node-version }}

.github/workflows/builder_container-based_slsa3.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -306,7 +306,7 @@ jobs:
  
          - id: auth

            name: Authenticate to Google Cloud

            if: inputs.gcp-workload-identity-provider != ''

            uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1

            uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3

            with:

              token_format: "access_token"

              workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }}

    @@ -633,13 +633,13 @@ jobs:
  
          SLSA_OUTPUTS_NAME: ${{ needs.build.outputs.slsa-outputs-name }}

          RNG: ${{ needs.rng.outputs.value }}

        steps:

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.BUILD_DEFINITION_NAME }}-${{ env.RNG }}"

              useGlob: true

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.SLSA_OUTPUTS_NAME }}-${{ env.RNG }}"

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.BUILDER_BINARY }}-${{ env.RNG }}"

.github/workflows/codeql-analysis.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -59,7 +59,7 @@ jobs:
  
          # Initializes the CodeQL tools for scanning.

          - name: Initialize CodeQL

            uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4

            uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

            with:

              languages: ${{ matrix.language }}

              # If you wish to specify custom queries, you can do so here or in a config file.

    @@ -72,7 +72,7 @@ jobs:
  
          # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).

          # If this step fails, then you should remove it and run the build manually (see below)

          - name: Autobuild

            uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4

            uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

          # Command-line programs to run using the OS shell.

          # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

    @@ -85,7 +85,7 @@ jobs:
  
          #   ./location_of_script_within_repo/buildscript.sh

          - name: Perform CodeQL Analysis

            uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4

            uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

      # NOTE: Checks that the matrix job above completes successfully.

      # This is necessary because the matrix strategy generates new jobs with

.github/workflows/delegator_generic_slsa3.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -294,9 +294,9 @@ jobs:
  
        env:

          RNG: ${{ needs.rng.outputs.value }}

        steps:

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}"

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}"

.github/workflows/delegator_lowperms-generic_slsa3.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -297,9 +297,9 @@ jobs:
  
        env:

          RNG: ${{ needs.rng.outputs.value }}

        steps:

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}"

          - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0

          - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0

            with:

              name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}"

.github/workflows/e2e.sign-attestations.schedule.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -40,7 +40,7 @@ jobs:
  
              attestations: .github/actions/sign-attestations/testdata/attestations

              output-folder: outputs

          - name: Setup node

            uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3

            uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4

            with:

              node-version: 20

          - name: install sigstore-js

.github/workflows/generator_container_slsa3.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -158,7 +158,7 @@ jobs:
  
          - id: auth

            name: Authenticate to Google Cloud

            if: inputs.gcp-workload-identity-provider != ''

            uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1

            uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3

            with:

              token_format: "access_token"

              workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }}

.github/workflows/pre-submit.actions.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -78,7 +78,7 @@ jobs:
  
          - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

          - name: Set Node.js 18

            uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

            uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 18

.github/workflows/pre-submit.lint.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -32,7 +32,7 @@ jobs:
  
        runs-on: ubuntu-latest

        steps:

          - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

          - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 20

          - run: make markdownlint

    @@ -41,7 +41,7 @@ jobs:
  
        name: markdown-toc

        runs-on: ubuntu-latest

        steps:

          - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 20

          - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

    @@ -130,7 +130,7 @@ jobs:
  
        runs-on: ubuntu-latest

        steps:

          - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

          - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 20

          - run: make eslint

    @@ -139,7 +139,7 @@ jobs:
  
        runs-on: ubuntu-latest

        steps:

          - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

          - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 20

          - run: make renovate-config-validator

.github/workflows/pre-submit.units.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -43,7 +43,7 @@ jobs:
  
              go-version-file: "go.mod"

          - name: Set Node.js 16

            uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

            uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

            with:

              node-version: 16

.github/workflows/scorecards.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -71,6 +71,6 @@ jobs:
  
          # Upload the results to GitHub's code scanning dashboard.

          - name: "Upload to code-scanning"

            uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4

            uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

            with:

              sarif_file: results.sarif

actions/gradle/publish/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -52,7 +52,7 @@ runs:
  
      steps:

        - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

        - name: Set up JDK

          uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0

          uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

          env:

            MAVEN_USERNAME: ${{ inputs.maven-username }}

            MAVEN_PASSWORD: ${{ inputs.maven-password }}

actions/maven/publish/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -47,7 +47,7 @@ runs:
  
        - name: Checkout the project repository

          uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main # needed because we run javadoc and sources.

        - name: Set up Java for publishing to Maven Central Repository

          uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0

          uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

          env:

            MAVEN_USERNAME: ${{ inputs.maven-username }}

            MAVEN_PASSWORD: ${{ inputs.maven-password }}

internal/builders/bazel/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -49,11 +49,11 @@ runs:
  
        - name: Setup Bazelisk

          id: bazelisk

          uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0

          uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3.0.0

        - name: Setup Java

          id: java

          uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0

          uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

          with:

            distribution: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-distribution }}"

            java-version: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-version }}"

internal/builders/gradle/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -58,12 +58,12 @@ runs:
  
      steps:

        - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

        - name: Set up JDK

          uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0

          uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

          with:

            distribution: temurin

            java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }}

        - name: Setup Gradle

          uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0

          uses: gradle/gradle-build-action@4c39dd82cd5e1ec7c6fa0173bb41b4b6bb3b86ff # v3.3.2

        - name: Run gradle builder

          id: run_gradle_builder

          shell: bash

internal/builders/maven/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -58,7 +58,7 @@ runs:
  
      steps:

        - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v 3.5.2

        - name: Set up JDK

          uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0

          uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

          with:

            distribution: temurin

            java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }}

internal/builders/nodejs/action.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -65,7 +65,7 @@ runs:
  
        # checkout ourselves.

        - name: Setup Node

          uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1

          uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

          with:

            node-version: ${{ fromJson(inputs.slsa-workflow-inputs).node-version }}

            node-version-file: ${{ fromJson(inputs.slsa-workflow-inputs).node-version-file }}

0 comments on commit `2d17c08`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `2d17c08`

Commit

There are no files selected for viewing

0 comments on commit 2d17c08

0 comments on commit `2d17c08`