-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow slashes in purl package names #765
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm kind of uncomfortable with this as it actually might take a stance on the ambiguity eg. is the namespace gopkg.in/DataDog
or just gopkg.in
?
However this appears to be an unresolved point of discussion in the PURL community: package-url/purl-spec#63
So I think increasing permissiveness on our end is fine.
@mrysav that's a good callout, and we may have to revisit that later if the purl-spec folks ever work this out. |
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/create-github-app-token](https://togithub.com/actions/create-github-app-token) | action | patch | `v1.10.0` -> `v1.10.1` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v4.3.2` -> `v4.3.3` | | [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | | minor | `v0.33.2` -> `v0.34.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.6` -> `v3.25.8` | --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v1.10.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.1) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.0...v1.10.1) ##### Bug Fixes - **deps:** bump the production-dependencies group with 2 updates ([#​138](https://togithub.com/actions/create-github-app-token/issues/138)) ([8d81a59](https://togithub.com/actions/create-github-app-token/commit/8d81a59103d6d17f5ecc243eb5fd53757607a1d2)), closes [#​606](https://togithub.com/actions/create-github-app-token/issues/606) [#​606](https://togithub.com/actions/create-github-app-token/issues/606) [#​605](https://togithub.com/actions/create-github-app-token/issues/605) [#​604](https://togithub.com/actions/create-github-app-token/issues/604) [nodejs/undici#3295](https://togithub.com/nodejs/undici/issues/3295) [nodejs/undici#3298](https://togithub.com/nodejs/undici/issues/3298) [nodejs/undici#3294](https://togithub.com/nodejs/undici/issues/3294) [nodejs/undici#3281](https://togithub.com/nodejs/undici/issues/3281) [nodejs/undici#3286](https://togithub.com/nodejs/undici/issues/3286) [nodejs/undici#3284](https://togithub.com/nodejs/undici/issues/3284) [nodejs/undici#3291](https://togithub.com/nodejs/undici/issues/3291) [nodejs/undici#3290](https://togithub.com/nodejs/undici/issues/3290) [nodejs/undici#3283](https://togithub.com/nodejs/undici/issues/3283) [nodejs/undici#3281](https://togithub.com/nodejs/undici/issues/3281) [nodejs/undici#3263](https://togithub.com/nodejs/undici/issues/3263) [nodejs/undici#3279](https://togithub.com/nodejs/undici/issues/3279) [nodejs/undici#3227](https://togithub.com/nodejs/undici/issues/3227) [nodejs/undici#3234](https://togithub.com/nodejs/undici/issues/3234) [nodejs/undici#3240](https://togithub.com/nodejs/undici/issues/3240) [nodejs/undici#3245](https://togithub.com/nodejs/undici/issues/3245) [nodejs/undici#3241](https://togithub.com/nodejs/undici/issues/3241) [nodejs/undici#3247](https://togithub.com/nodejs/undici/issues/3247) [nodejs/undici#3248](https://togithub.com/nodejs/undici/issues/3248) [nodejs/undici#3219](https://togithub.com/nodejs/undici/issues/3219) [nodejs/undici#3251](https://togithub.com/nodejs/undici/issues/3251) [nodejs/undici#3254](https://togithub.com/nodejs/undici/issues/3254) [nodejs/undici#3258](https://togithub.com/nodejs/undici/issues/3258) [nodejs/undici#3257](https://togithub.com/nodejs/undici/issues/3257) [nodejs/undici#3259](https://togithub.com/nodejs/undici/issues/3259) [nodejs/undici#3262](https://togithub.com/nodejs/undici/issues/3262) [nodejs/undici#3264](https://togithub.com/nodejs/undici/issues/3264) [nodejs/undici#3118](https://togithub.com/nodejs/undici/issues/3118) [nodejs/undici#3269](https://togithub.com/nodejs/undici/issues/3269) [#​3301](https://togithub.com/actions/create-github-app-token/issues/3301) [#​3294](https://togithub.com/actions/create-github-app-token/issues/3294) [#​3298](https://togithub.com/actions/create-github-app-token/issues/3298) [#​3295](https://togithub.com/actions/create-github-app-token/issues/3295) [#​3293](https://togithub.com/actions/create-github-app-token/issues/3293) [#​3283](https://togithub.com/actions/create-github-app-token/issues/3283) [#​3290](https://togithub.com/actions/create-github-app-token/issues/3290) [#​3291](https://togithub.com/actions/create-github-app-token/issues/3291) [#​3284](https://togithub.com/actions/create-github-app-token/issues/3284) [#​3286](https://togithub.com/actions/create-github-app-token/issues/3286) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 </details> <details> <summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary> ### [`v0.34.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.34.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.2...v0.34.0) #### What's Changed - refactor: move validate to expose it as receivers by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2419](https://togithub.com/defenseunicorns/zarf/pull/2419) - docs: add additional detail to security policy by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2488](https://togithub.com/defenseunicorns/zarf/pull/2488) - chore: cleanup stale grype ignores and patch golang.org/x/net CVE by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2492](https://togithub.com/defenseunicorns/zarf/pull/2492) - docs: injector and init package reference material by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2468](https://togithub.com/defenseunicorns/zarf/pull/2468) - chore: patch CVE-2024-3817 by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2498](https://togithub.com/defenseunicorns/zarf/pull/2498) - refactor: cleaner image pulls by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2460](https://togithub.com/defenseunicorns/zarf/pull/2460) - chore: adding [@​dgershman](https://togithub.com/dgershman) by [@​dgershman](https://togithub.com/dgershman) in [https://github.com/defenseunicorns/zarf/pull/2506](https://togithub.com/defenseunicorns/zarf/pull/2506) - refactor: context usage in k8s code by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2405](https://togithub.com/defenseunicorns/zarf/pull/2405) - ci: run revive using golang-lint-ci by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2499](https://togithub.com/defenseunicorns/zarf/pull/2499) - feat: update injector away from rouille to axum by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2457](https://togithub.com/defenseunicorns/zarf/pull/2457) - refactor: enable testifylint linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2504](https://togithub.com/defenseunicorns/zarf/pull/2504) - chore: remove rouille CVE from grype ignore by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2515](https://togithub.com/defenseunicorns/zarf/pull/2515) - fix(agent): missing path for pod without labels by [@​brandtkeller](https://togithub.com/brandtkeller) in [https://github.com/defenseunicorns/zarf/pull/2518](https://togithub.com/defenseunicorns/zarf/pull/2518) - fix: adopt namespace metadata by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2494](https://togithub.com/defenseunicorns/zarf/pull/2494) - refactor: enable ineffassign linter by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2500](https://togithub.com/defenseunicorns/zarf/pull/2500) - test: cluster getDeployedPackages by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2523](https://togithub.com/defenseunicorns/zarf/pull/2523) - test: add unit tests for merge zarf state by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2522](https://togithub.com/defenseunicorns/zarf/pull/2522) - test: pod agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2526](https://togithub.com/defenseunicorns/zarf/pull/2526) - docs: add google analytics for docs pages by [@​salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2530](https://togithub.com/defenseunicorns/zarf/pull/2530) - test: add unit tests for detect distro by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2521](https://togithub.com/defenseunicorns/zarf/pull/2521) - test: add tests for injector by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2534](https://togithub.com/defenseunicorns/zarf/pull/2534) - chore: add codecov by [@​schristoff-du](https://togithub.com/schristoff-du) in [https://github.com/defenseunicorns/zarf/pull/2529](https://togithub.com/defenseunicorns/zarf/pull/2529) - chore: add unit tests for creator.LoadPackageDefinition by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2531](https://togithub.com/defenseunicorns/zarf/pull/2531) - test: refactor network test by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2533](https://togithub.com/defenseunicorns/zarf/pull/2533) - test: agent flux unit test by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2528](https://togithub.com/defenseunicorns/zarf/pull/2528) - chore: fix codecov by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2538](https://togithub.com/defenseunicorns/zarf/pull/2538) - test: creator.ComposeComponents by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2537](https://togithub.com/defenseunicorns/zarf/pull/2537) - refactor: remove use of k8s serivce account by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2544](https://togithub.com/defenseunicorns/zarf/pull/2544) - refactor: remove use of k8s service by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2543](https://togithub.com/defenseunicorns/zarf/pull/2543) - refactor: remove use of k8s configmap by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2541](https://togithub.com/defenseunicorns/zarf/pull/2541) - refactor: remove use of k8s hpa by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2542](https://togithub.com/defenseunicorns/zarf/pull/2542) - test: add secrets tests by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2540](https://togithub.com/defenseunicorns/zarf/pull/2540) - refactor: allow callers to directly set logfile location by [@​Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2545](https://togithub.com/defenseunicorns/zarf/pull/2545) - test: add test for packager source by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2525](https://togithub.com/defenseunicorns/zarf/pull/2525) - chore: add unit tests to variables pkg by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2519](https://togithub.com/defenseunicorns/zarf/pull/2519) - test: clean up tests for composer by [@​phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2532](https://togithub.com/defenseunicorns/zarf/pull/2532) - test: argo agent unit tests by [@​AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2536](https://togithub.com/defenseunicorns/zarf/pull/2536) - fix(release): do not delete testdata in release workflow by [@​lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2547](https://togithub.com/defenseunicorns/zarf/pull/2547) **Full Changelog**: zarf-dev/zarf@v0.33.2...v0.34.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/maru-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsic3VwcG9ydC1kZXBzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v4.3.2` -> `v4.3.3` | | [defenseunicorns/uds-cli](https://togithub.com/defenseunicorns/uds-cli) | | minor | `v0.10.4` -> `v0.11.0` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.4.4` -> `v0.4.5` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | patch | `v0.4.4` -> `v0.4.5` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v3.25.6` -> `v3.25.8` | --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 </details> <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.11.0`](https://togithub.com/defenseunicorns/uds-cli/releases/tag/v0.11.0) [Compare Source](https://togithub.com/defenseunicorns/uds-cli/compare/v0.10.4...v0.11.0) ##### What's Changed - chore(deps): update actions/upload-artifact action to v4.3.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/574](https://togithub.com/defenseunicorns/uds-cli/pull/574) - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/defenseunicorns/uds-cli/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/571](https://togithub.com/defenseunicorns/uds-cli/pull/571) - chore(deps): update github/codeql-action action to v3.25.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/570](https://togithub.com/defenseunicorns/uds-cli/pull/570) - fix(deps): update module github.com/defenseunicorns/pkg/oci to v0.0.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/576](https://togithub.com/defenseunicorns/uds-cli/pull/576) - fix: permit absolute paths for bundle create by [@​ZachGallagher](https://togithub.com/ZachGallagher) in [https://github.com/defenseunicorns/uds-cli/pull/554](https://togithub.com/defenseunicorns/uds-cli/pull/554) - fix: ensure we handle paths correctly in dev deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/582](https://togithub.com/defenseunicorns/uds-cli/pull/582) - chore(deps): update actions/download-artifact action to v4.1.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/573](https://togithub.com/defenseunicorns/uds-cli/pull/573) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/575](https://togithub.com/defenseunicorns/uds-cli/pull/575) - chore(deps): update actions/checkout action to v4.1.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/578](https://togithub.com/defenseunicorns/uds-cli/pull/578) - chore(deps): update actions/upload-artifact action to v4.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/579](https://togithub.com/defenseunicorns/uds-cli/pull/579) - chore(deps): update github/codeql-action action to v3.25.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/580](https://togithub.com/defenseunicorns/uds-cli/pull/580) - chore(deps): update anchore/sbom-action action to v0.15.11 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/587](https://togithub.com/defenseunicorns/uds-cli/pull/587) - chore: ensure vendored tools versions print out by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/586](https://togithub.com/defenseunicorns/uds-cli/pull/586) - chore(deps): update actions/checkout action to v4.1.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/597](https://togithub.com/defenseunicorns/uds-cli/pull/597) - chore(deps): update github/codeql-action action to v3.25.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/595](https://togithub.com/defenseunicorns/uds-cli/pull/595) - fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/593](https://togithub.com/defenseunicorns/uds-cli/pull/593) - chore(deps): update actions/setup-go action to v5.0.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/590](https://togithub.com/defenseunicorns/uds-cli/pull/590) - chore: update contributing doc by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/598](https://togithub.com/defenseunicorns/uds-cli/pull/598) - chore: swap Makefile for Maru by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/602](https://togithub.com/defenseunicorns/uds-cli/pull/602) - chore(deps): update github/codeql-action action to v3.25.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/606](https://togithub.com/defenseunicorns/uds-cli/pull/606) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1.1.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/605](https://togithub.com/defenseunicorns/uds-cli/pull/605) - chore(deps): update ossf/scorecard-action action to v2.3.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/601](https://togithub.com/defenseunicorns/uds-cli/pull/601) - chore(deps): update goreleaser/goreleaser-action action to v5.1.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/604](https://togithub.com/defenseunicorns/uds-cli/pull/604) - chore: bump Go version to 1.21.10 by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/609](https://togithub.com/defenseunicorns/uds-cli/pull/609) - feat: remove q for canceling deploy by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/603](https://togithub.com/defenseunicorns/uds-cli/pull/603) - chore: remove dead end code by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/611](https://togithub.com/defenseunicorns/uds-cli/pull/611) - chore: test getArch by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/621](https://togithub.com/defenseunicorns/uds-cli/pull/621) - chore(deps): update actions/checkout action to v4.1.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/619](https://togithub.com/defenseunicorns/uds-cli/pull/619) - chore(deps): update homebrew/actions digest to [`677db44`](https://togithub.com/defenseunicorns/uds-cli/commit/677db44) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/620](https://togithub.com/defenseunicorns/uds-cli/pull/620) - chore(deps): update github/codeql-action action to v3.25.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/625](https://togithub.com/defenseunicorns/uds-cli/pull/625) - chore(deps): update anchore/sbom-action action to v0.16.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/623](https://togithub.com/defenseunicorns/uds-cli/pull/623) - feat: allow helm overrides from valuesfile by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/594](https://togithub.com/defenseunicorns/uds-cli/pull/594) - chore: removes bubbletea tui by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/626](https://togithub.com/defenseunicorns/uds-cli/pull/626) - chore: update linting configuration by [@​TristanHoladay](https://togithub.com/TristanHoladay) in [https://github.com/defenseunicorns/uds-cli/pull/627](https://togithub.com/defenseunicorns/uds-cli/pull/627) - docs: dev deploy ADR by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/560](https://togithub.com/defenseunicorns/uds-cli/pull/560) - fix(deps): update module helm.sh/helm/v3 to v3.15.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/612](https://togithub.com/defenseunicorns/uds-cli/pull/612) - feat: strict bundle yaml validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/596](https://togithub.com/defenseunicorns/uds-cli/pull/596) - feat: dev deploy remote bundles by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/629](https://togithub.com/defenseunicorns/uds-cli/pull/629) - chore: update to de-zarfed Maru by [@​Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/uds-cli/pull/636](https://togithub.com/defenseunicorns/uds-cli/pull/636) - fix(deps): update module helm.sh/helm/v3 to v3.15.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/634](https://togithub.com/defenseunicorns/uds-cli/pull/634) - chore(deps): update docker/login-action action to v3.2.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/640](https://togithub.com/defenseunicorns/uds-cli/pull/640) - chore(deps): update homebrew/actions digest to [`a618804`](https://togithub.com/defenseunicorns/uds-cli/commit/a618804) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/632](https://togithub.com/defenseunicorns/uds-cli/pull/632) - fix(deps): update golang.org/x/exp digest to [`4c93da0`](https://togithub.com/defenseunicorns/uds-cli/commit/4c93da0) by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/639](https://togithub.com/defenseunicorns/uds-cli/pull/639) - chore(deps): update podinfo to v6.6.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/633](https://togithub.com/defenseunicorns/uds-cli/pull/633) - chore(deps): update zarf to v0.33.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/uds-cli/pull/585](https://togithub.com/defenseunicorns/uds-cli/pull/585) - feat: remove unnecessary bundle layers and refactor verification by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/622](https://togithub.com/defenseunicorns/uds-cli/pull/622) - feat: uds config validation by [@​decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/uds-cli/pull/618](https://togithub.com/defenseunicorns/uds-cli/pull/618) - fix: ensures partial pkgs are correct and adds smoke test to workflows by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/643](https://togithub.com/defenseunicorns/uds-cli/pull/643) - fix: typo in Zarf pkg name and refactor smoke test workflow by [@​UncleGedd](https://togithub.com/UncleGedd) in [https://github.com/defenseunicorns/uds-cli/pull/644](https://togithub.com/defenseunicorns/uds-cli/pull/644) **Full Changelog**: defenseunicorns/uds-cli@v0.10.4...v0.11.0 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.4.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.4...v0.4.5) ##### Miscellaneous - **deps:** update support-deps to v0.11.0 ([#​137](https://togithub.com/defenseunicorns/uds-common/issues/137)) ([985dfd7](https://togithub.com/defenseunicorns/uds-common/commit/985dfd7f9d745d07daa528e7dfdc982c61b2da4b)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <[email protected]> Co-authored-by: Wayne Starr <[email protected]>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v4.3.2` -> `v4.3.3` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | minor | `v0.4.5` -> `v0.5.0` | | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | action | minor | `v0.4.5` -> `v0.5.0` | | [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint) | repository | patch | `v1.59.0` -> `v1.59.1` | | [python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema) | repository | patch | `0.28.4` -> `0.28.5` | | [renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks) | repository | minor | `37.391.0` -> `37.399.9` | | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | patch | `v2.8.0` -> `v2.8.1` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://togithub.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.5.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.5.0) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.6...v0.5.0) ##### ⚠ BREAKING CHANGES - update publish to take architecture as an input ([#​143](https://togithub.com/defenseunicorns/uds-common/issues/143)) ##### Miscellaneous - update publish to take architecture as an input ([#​143](https://togithub.com/defenseunicorns/uds-common/issues/143)) ([62620f5](https://togithub.com/defenseunicorns/uds-common/commit/62620f59c14c773e5f6f07aaafc70ae34cff36bd)) ### [`v0.4.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.6) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.5...v0.4.6) ##### Bug Fixes - renovate incorrectly matching oci helm charts for helm datasources ([#​141](https://togithub.com/defenseunicorns/uds-common/issues/141)) ([2761f2a](https://togithub.com/defenseunicorns/uds-common/commit/2761f2a5f69bae3967bb8a9ff6d392007f90a21b)) ##### Miscellaneous - allow debug logs to continue through failure ([#​146](https://togithub.com/defenseunicorns/uds-common/issues/146)) ([bec4fc3](https://togithub.com/defenseunicorns/uds-common/commit/bec4fc330d720673f645bda7e56006218ec96aad)) - **deps:** update uds common support dependencies to v0.22.1 ([#​144](https://togithub.com/defenseunicorns/uds-common/issues/144)) ([d618bd2](https://togithub.com/defenseunicorns/uds-common/commit/d618bd2be3f75d62346594cb8d6d8c339b074f93)) </details> <details> <summary>golangci/golangci-lint (golangci/golangci-lint)</summary> ### [`v1.59.1`](https://togithub.com/golangci/golangci-lint/releases/tag/v1.59.1) [Compare Source](https://togithub.com/golangci/golangci-lint/compare/v1.59.0...v1.59.1) `golangci-lint` is a free and open-source project built by volunteers. If you value it, consider supporting us, the [maintainers](https://opencollective.com/golangci-lint) and [linter authors](https://golangci-lint.run/product/thanks/). We appreciate it! ❤️ For key updates, see the [changelog](https://golangci-lint.run/product/changelog/#​1591). #### Changelog - [`f738736`](https://togithub.com/golangci/golangci-lint/commit/f7387361) build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1 ([#​4759](https://togithub.com/golangci/golangci-lint/issues/4759)) - [`44b3cdd`](https://togithub.com/golangci/golangci-lint/commit/44b3cdd1) build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.0.0 ([#​4788](https://togithub.com/golangci/golangci-lint/issues/4788)) - [`1a55854`](https://togithub.com/golangci/golangci-lint/commit/1a55854a) build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 ([#​4804](https://togithub.com/golangci/golangci-lint/issues/4804)) - [`9a7a1ad`](https://togithub.com/golangci/golangci-lint/commit/9a7a1ad4) build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2 ([#​4785](https://togithub.com/golangci/golangci-lint/issues/4785)) - [`aaff918`](https://togithub.com/golangci/golangci-lint/commit/aaff9184) build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26.0 ([#​4801](https://togithub.com/golangci/golangci-lint/issues/4801)) - [`a0d2c83`](https://togithub.com/golangci/golangci-lint/commit/a0d2c830) build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5 ([#​4782](https://togithub.com/golangci/golangci-lint/issues/4782)) - [`2042b1f`](https://togithub.com/golangci/golangci-lint/commit/2042b1f1) build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1 ([#​4784](https://togithub.com/golangci/golangci-lint/issues/4784)) - [`327a78a`](https://togithub.com/golangci/golangci-lint/commit/327a78a8) build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 ([#​4802](https://togithub.com/golangci/golangci-lint/issues/4802)) - [`e1a8055`](https://togithub.com/golangci/golangci-lint/commit/e1a80557) fix: SARIF format require issue column >= 1 ([#​4775](https://togithub.com/golangci/golangci-lint/issues/4775)) - [`88f60c8`](https://togithub.com/golangci/golangci-lint/commit/88f60c8c) fix: gomnd deprecated configuration compatibility ([#​4768](https://togithub.com/golangci/golangci-lint/issues/4768)) - [`8173166`](https://togithub.com/golangci/golangci-lint/commit/81731668) fix: init empty result slice for SARIF printer ([#​4758](https://togithub.com/golangci/golangci-lint/issues/4758)) - [`02740ea`](https://togithub.com/golangci/golangci-lint/commit/02740ea1) intrange: add style preset ([#​4797](https://togithub.com/golangci/golangci-lint/issues/4797)) - [`615b873`](https://togithub.com/golangci/golangci-lint/commit/615b873d) unparam: bump to HEAD ([#​4786](https://togithub.com/golangci/golangci-lint/issues/4786)) </details> <details> <summary>python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)</summary> ### [`v0.28.5`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0285) [Compare Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.4...0.28.5) - Update vendored schemas: bitbucket-pipelines, dependabot, github-actions, github-workflows, gitlab-ci, readthedocs, renovate (2024-06-10) - Update bitbucket schema to use the option from the intellij-bitbucket-references-plugin . For more details on this decision, see :issue:`440` . Thanks [@​blade2005](https://togithub.com/blade2005) for the PR! (:pr:`442`) </details> <details> <summary>renovatebot/pre-commit-hooks (renovatebot/pre-commit-hooks)</summary> ### [`v37.399.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.9) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.8...37.399.9) See https://github.com/renovatebot/renovate/releases/tag/37.399.9 for more changes ### [`v37.399.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.8) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.6...37.399.8) See https://github.com/renovatebot/renovate/releases/tag/37.399.8 for more changes ### [`v37.399.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.6) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.5...37.399.6) See https://github.com/renovatebot/renovate/releases/tag/37.399.6 for more changes ### [`v37.399.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.5) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.3...37.399.5) See https://github.com/renovatebot/renovate/releases/tag/37.399.5 for more changes ### [`v37.399.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.0...37.399.3) See https://github.com/renovatebot/renovate/releases/tag/37.399.3 for more changes ### [`v37.399.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.2...37.399.0) See https://github.com/renovatebot/renovate/releases/tag/37.399.0 for more changes ### [`v37.398.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.1...37.398.2) See https://github.com/renovatebot/renovate/releases/tag/37.398.2 for more changes ### [`v37.398.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.1) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.0...37.398.1) See https://github.com/renovatebot/renovate/releases/tag/37.398.1 for more changes ### [`v37.398.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.397.0...37.398.0) See https://github.com/renovatebot/renovate/releases/tag/37.398.0 for more changes ### [`v37.397.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.397.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.396.0...37.397.0) See https://github.com/renovatebot/renovate/releases/tag/37.397.0 for more changes ### [`v37.396.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.396.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.395.0...37.396.0) See https://github.com/renovatebot/renovate/releases/tag/37.396.0 for more changes ### [`v37.395.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.395.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.393.0...37.395.0) See https://github.com/renovatebot/renovate/releases/tag/37.395.0 for more changes ### [`v37.393.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.393.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.392.0...37.393.0) See https://github.com/renovatebot/renovate/releases/tag/37.393.0 for more changes ### [`v37.392.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.392.0) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.3...37.392.0) See https://github.com/renovatebot/renovate/releases/tag/37.392.0 for more changes ### [`v37.391.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.3) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.2...37.391.3) See https://github.com/renovatebot/renovate/releases/tag/37.391.3 for more changes ### [`v37.391.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.2) [Compare Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.0...37.391.2) See https://github.com/renovatebot/renovate/releases/tag/37.391.2 for more changes </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1) ##### What's Changed - Bug fix: Update isGitHubHosted implementation by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425) The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners. **Full Changelog**: step-security/harden-runner@v2...v2.8.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODguMSIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v4.3.2` -> `v4.3.3` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | digest | `64ed1c7` -> `60edb5d` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/jaegertracing/jaeger). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQxMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJjaGFuZ2Vsb2c6ZGVwZW5kZW5jaWVzIl19--> Signed-off-by: Mend Renovate <[email protected]>
…#680) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v4.3.2` -> `v4.3.3` | --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/xmldom/xmldom). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.7` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | minor | `v4.2.5` -> `v4.3.3` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | patch | `v4.1.4` -> `v4.1.7` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | patch | `v5.0.0` -> `v5.0.1` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v4.3.1` -> `v4.3.3` | | [actionsdesk/lfs-warning](https://togithub.com/actionsdesk/lfs-warning) | action | minor | `v3.2` -> `v3.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v3.24.9` -> `v3.25.11` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | pinDigest | -> `d6238b0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.1` -> `v2.3.3` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | pinDigest | -> `c747fe7` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | minor | `v2.4.1` -> `v2.5.1` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: actions/checkout@v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: actions/checkout@v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@​josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@​am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@​ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@​jhutchings1](https://togithub.com/jhutchings1) and [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@​josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@​am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@​ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: actions/dependency-review-action@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761) **Full Changelog**: actions/dependency-review-action@v4.3.1...v4.3.2 ### [`v4.3.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://togithub.com/actions/dependency-review-action/pull/753). **Full Changelog**: actions/dependency-review-action@V4.3.0...v4.3.1 ### [`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@​lukehinds](https://togithub.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@​febuiles](https://togithub.com/febuiles) and [@​bteng22](https://togithub.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) #### New Contributors - [@​bteng22](https://togithub.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) - [@​lukehinds](https://togithub.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) **Full Changelog**: actions/dependency-review-action@v4.2.5...V4.3.0 </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) dependency by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: actions/download-artifact@v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: actions/download-artifact@v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: actions/download-artifact@v4.1.4...v4.1.5 </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@​dependabot](https://togithub.com/dependabot) , [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@​ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@​178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@​chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@​ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: actions/setup-go@v5.0.0...v5.0.1 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: actions/upload-artifact@v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@​andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@​eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@​andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: actions/upload-artifact@v4.3.1...v4.3.2 </details> <details> <summary>actionsdesk/lfs-warning (actionsdesk/lfs-warning)</summary> ### [`v3.3`](https://togithub.com/ppremk/lfs-warning/releases/tag/v3.3) [Compare Source](https://togithub.com/actionsdesk/lfs-warning/compare/v3.2...v3.3) #### What's Changed - update node js to 16 by [@​GlazerMann](https://togithub.com/GlazerMann) in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - Fixing README to match repo move by [@​samthebest](https://togithub.com/samthebest) in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - Update CODEOWNERS by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) - Bump http-cache-semantics from 4.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/151](https://togithub.com/ppremk/lfs-warning/pull/151) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/159](https://togithub.com/ppremk/lfs-warning/pull/159) - Bump tough-cookie from 4.0.0 to 4.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/160](https://togithub.com/ppremk/lfs-warning/pull/160) - Bump cacheable-request and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/152](https://togithub.com/ppremk/lfs-warning/pull/152) - Update emoji and convert file list to markdown list by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/161](https://togithub.com/ppremk/lfs-warning/pull/161) - Bump got and gts by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/155](https://togithub.com/ppremk/lfs-warning/pull/155) - Exclude files without blob_url when getting PR blobs by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/162](https://togithub.com/ppremk/lfs-warning/pull/162) - Support pull_request_target by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/164](https://togithub.com/ppremk/lfs-warning/pull/164) - Update-node by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/163](https://togithub.com/ppremk/lfs-warning/pull/163) - Fix text setup for the issue comment by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/166](https://togithub.com/ppremk/lfs-warning/pull/166) - Validate PR changes to make sure there are no changes missing by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/165](https://togithub.com/ppremk/lfs-warning/pull/165) - Fix emoji by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/167](https://togithub.com/ppremk/lfs-warning/pull/167) - Bump undici from 5.28.2 to 5.28.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/171](https://togithub.com/ppremk/lfs-warning/pull/171) #### New Contributors - [@​GlazerMann](https://togithub.com/GlazerMann) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - [@​samthebest](https://togithub.com/samthebest) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) **Full Changelog**: ppremk/lfs-warning@v3.2...v3.3 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) ### [`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - 📖 Move token discussion out of main README. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - 📖 link to `ossf/scorecard` workflow instead of maintaining an example by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - 📖 update api links to new scorecard.dev site by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: ossf/scorecard-action@v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.5.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1) #### What's Changed - feat: Add cosign registry opts for provenance registry by [@​saisatishkarra](https://togithub.com/saisatishkarra) in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) and [https://github.com/slsa-framework/slsa-verifier/pull/736](https://togithub.com/slsa-framework/slsa-verifier/pull/736) - feat: Add support for DSSE Rekor type by [@​haydentherapper](https://togithub.com/haydentherapper) in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) #### New Contributors - [@​saisatishkarra](https://togithub.com/saisatishkarra) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) - [@​ramonpetgrave64](https://togithub.com/ramonpetgrave64) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/737](https://togithub.com/slsa-framework/slsa-verifier/pull/737) - [@​haydentherapper](https://togithub.com/haydentherapper) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) **Full Changelog**: v2.4.1...v2.5.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Ramon Petgrave <[email protected]>
See #764.
You are not supposed to have
/
characters in a package name, but people intuitively want to put them in there anyway and it's still fully possible to parse them. Since the goal of our purl handling here is maximum permissiveness within reason, I made a little tweak to the parser so that we can handle this case.