Commit 594b179
authored
chore(deps): update github-actions (#741)
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v3.1.0` -> `v3.1.5` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v3.8.1` -> `v3.8.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.22.1` -> `v2.24.8` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.0` -> `v2.3.1` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.9.0` -> `v1.10.0` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | patch | `v2.4.0` -> `v2.4.1` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>
###
[`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5):
3.1.5
[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5)
#### What's Changed
- Smaller `per_page` when requesting diff by
[@​hmaurer](https://togithub.com/hmaurer) in
[https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649)
- Update dependencies:
- Bump
[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.10.0 to 6.13.1 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630)
- Bump prettier from 3.0.3 to 3.1.0 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629)
- Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8
to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637)
- Bump nodemon from 3.0.1 to 3.0.2 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636)
- Replace pip -> pypi in PURL examples by
[@​febuiles](https://togithub.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638)
- Bump
[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.12.0 to 6.15.0 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644)
- Bump eslint from 8.53.0 to 8.56.0 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640)
- Bump
[@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.13.1 to 6.16.0 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645)
- Bump prettier from 3.1.0 to 3.1.1 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646)
**Full Changelog**:
actions/dependency-review-action@v3.1.4...v3.1.5
###
[`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4):
3.1.4
[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4)
#### What's Changed
- Fixed a
[bug](https://togithub.com/actions/dependency-review-action/issues/618)
with severity filtering when using the `allow_ghsas` option:
[https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623).
- Updates dependencies:
- Bump [@​types/node](https://togithub.com/types/node) from
16.18.61 to 16.18.62 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619)
action/pull/620
- Bump
[@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.11.0 to 6.12.0 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625)
- Bump typescript from 5.2.2 to 5.3.2 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624)
**Full Changelog**:
actions/dependency-review-action@v3...v3.1.4
###
[`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3):
3.1.3
[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3)
#### What's Changed
- Fixes purl "version must be percent-encoded" by
[@​theztefan](https://togithub.com/theztefan) in
[https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617)
**Full Changelog**:
actions/dependency-review-action@v3...v3.1.3
###
[`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2):
3.1.2
[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2)
#### What's Changed
- Fix a regression for setups using self-hosted runners behind HTTP
proxies:[@​febuiles](https://togithub.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611)
**Full Changelog**:
actions/dependency-review-action@v3...v3.1.2
###
[`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1):
3.1.1
[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1)
#### What's Changed
- Update a bunch of dependencies, including major version upgrades for
`octokit`, `@actions/github` and `typescript`.
**Full Changelog**:
actions/dependency-review-action@v3.1.0...v3.1.1
</details>
<details>
<summary>actions/setup-node (actions/setup-node)</summary>
###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)
[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)
##### What's Changed
- Update semver by
[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861)
- Update temp directory creation by
[@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859)
- Bump [@​babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870)
- Add notice about binaries not being updated yet by
[@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872)
- Update toolkit cache and core by
[@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@​seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875)
**Full Changelog**:
actions/setup-node@v3...v3.8.2
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
###
[`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)
###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)
###
[`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)
###
[`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)
###
[`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)
###
[`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)
###
[`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)
###
[`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)
###
[`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)
###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)
###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)
###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)
###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)
###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)
###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)
###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)
###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)
###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)
###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)
###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)
###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)
###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)
###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)
</details>
<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>
###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)
[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)
#### What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@​spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282)
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes
**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1
</details>
<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>
###
[`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100)
[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0)
Release \[v1.10.0] includes bug fixes and new features.
See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0).
##### v1.10.0: TUF fix
- The cosign TUF roots were fixed
([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)).
More details
[here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid).
##### v1.10.0: Gradle Builder
- The Gradle Builder was fixed when the project root is the same as the
repository root
([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727))
##### v1.10.0: Go Builder
- The `go-version-file` input was fixed so that it can find the `go.mod`
file
([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661))
##### v1.10.0: Container Generator
- A new `provenance-repository` input was added to allow reading
provenance from
a different container repository than the image itself
([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956))
###
[`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1)
[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1)
**This is an un-finalized release.**
See the [CHANGELOG](./CHANGELOG.md) for details.
</details>
<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>
###
[`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1)
[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1)
#### What's Changed
- Fix a verification issue when verifying npm's publish attestations -
Low severity
GHSA-r2xv-vpr2-42m9.
This part of the code remains *experimental*.
#### New Contributors
- [@​trishankatdatadog](https://togithub.com/trishankatdatadog)
made their first contribution in
[https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702)
**Full Changelog**:
v2.4.0...v2.4.1
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Signed-off-by: Mend Renovate <[email protected]>](https://renovatebot.com){kind=link}
1 parent dc7173b commit 594b179
File tree
5 files changed
+9
-9
lines changed- .github/workflows
5 files changed
+9
-9
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
55 | | - | |
| 55 | + | |
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
76 | 76 | | |
77 | 77 | | |
78 | 78 | | |
79 | | - | |
| 79 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
| 14 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
52 | | - | |
| 52 | + | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
60 | | - | |
| 60 | + | |
61 | 61 | | |
62 | 62 | | |
0 commit comments