build(deps): bump the minor-updates group across 1 directory with 9 updates #125

Open

dependabot[bot] wants to merge 1 commit from dependabot/github_actions/minor-updates-b108ac60ab into main

pull from: dependabot/github_actions/minor-updates-b108ac60ab

merge into: nwesterhausen:main

nwesterhausen:main

nwesterhausen:embedded-db

nwesterhausen:sqlite-db

nwesterhausen:some-changes

nwesterhausen:fixes

nwesterhausen:renovate/configure

nwesterhausen:token-revamp

nwesterhausen:v2

nwesterhausen:parsing-fixes

nwesterhausen:better-print-status

Conversation 0 Commits 1 Files changed 4 +19 -19

dependabot[bot] commented 2024-11-25 12:27:01 +00:00 (Migrated from github.com)

Copy link

Bumps the minor-updates group with 9 updates in the / directory:

Package	From	To
step-security/harden-runner	2.8.0	2.10.2
actions/checkout	4.1.6	4.2.2
mozilla-actions/sccache-action	0.0.4	0.0.6
actions/cache	4.0.2	4.1.2
dependabot/fetch-metadata	2.1.0	2.2.0
actions/dependency-review-action	4.3.2	4.5.0
ossf/scorecard-action	2.3.3	2.4.0
actions/upload-artifact	4.3.3	4.4.3
github/codeql-action	3.25.6	3.27.5

Updates step-security/harden-runner from 2.8.0 to 2.10.2

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.2

What's Changed

1. Fixes low-severity command injection weaknesses The advisory is here: https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc

2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.10.2

v2.10.1

What's Changed

Release v2.10.1 by @​varunsh-coder in step-security/harden-runner#463 Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.10.1

v2.10.0

What's Changed

Release v2.10.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.10.0

v2.9.1

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #440 This release includes two changes:

1. Updated markdown displayed in the job summary by the Harden-Runner Action.
2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.9.1

v2.9.0

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#435 This release includes:

• Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
• Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
• README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
• Dependency Update: Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.9.0

v2.8.1

What's Changed

... (truncated)

Commits

• 0080882 Merge pull request #476 from step-security/rc-16
• 4a3a88b Update dist
• 556aae6 Merge pull request #480 from h0x0er/jatin/cleanup
• 6c39b84 chore: clean the code
• 40401cf Update for isdocker
• 806ab1c Update check for isdocker
• 2846811 update dist
• df8a07c Merge pull request #475 from h0x0er/fix-execSync
• 30636fb bug fixes
• 91182cc Merge pull request #463 from step-security/rc-14
• Additional commits viewable in compare view

Updates actions/checkout from 4.1.6 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

v4.2.0

What's Changed

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

• @​yasonk made their first contribution in actions/checkout#1869
• @​lucacome made their first contribution in actions/checkout#1180

Full Changelog: https://github.com/actions/checkout/compare/v4.1.7...v4.2.0

v4.1.7

What's Changed

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

New Contributors

• @​orhantoy made their first contribution in actions/checkout#1774

Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
• d632683 Prepare 4.2.0 release (#1878)
• 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
• db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
• b684943 Add Ref and Commit outputs (#1180)
• Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 0.0.4 to 0.0.6

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.6

What's Changed

• fix: string interpolation by @​i10416 in Mozilla-Actions/sccache-action#122
• Keep GitHub Actions up to date with GitHub's Dependabot by @​cclauss in Mozilla-Actions/sccache-action#131
• fix: avoid downloading package when local cache exists by @​i10416 in Mozilla-Actions/sccache-action#123
• Set baseUrl for Octokit to make it work on GitHub Enterprise Server by @​palloberg in Mozilla-Actions/sccache-action#144

dependencies

• Bump eslint-plugin-jest from 28.5.0 to 28.6.0 by @​dependabot in Mozilla-Actions/sccache-action#130
• Bump ts-jest from 29.1.4 to 29.2.2 by @​dependabot in Mozilla-Actions/sccache-action#134
• Bump @​types/node from 20.13.0 to 20.14.11 by @​dependabot in Mozilla-Actions/sccache-action#133
• Bump @​typescript-eslint/eslint-plugin from 7.8.0 to 7.16.1 by @​dependabot in Mozilla-Actions/sccache-action#132
• Bump typescript from 5.4.5 to 5.5.3 by @​dependabot in Mozilla-Actions/sccache-action#128
• Bump ts-jest from 29.2.2 to 29.2.5 by @​dependabot in Mozilla-Actions/sccache-action#141
• Bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @​dependabot in Mozilla-Actions/sccache-action#140
• Bump prettier from 3.3.2 to 3.3.3 by @​dependabot in Mozilla-Actions/sccache-action#136
• Bump typescript from 5.5.3 to 5.6.2 by @​dependabot in Mozilla-Actions/sccache-action#145

New Contributors

• @​i10416 made their first contribution in Mozilla-Actions/sccache-action#122
• @​cclauss made their first contribution in Mozilla-Actions/sccache-action#131
• @​palloberg made their first contribution in Mozilla-Actions/sccache-action#144

Full Changelog: https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.5...v0.0.6

v0.0.5

What's Changed

• add missing quotes to configure example in readme by @​altendky in Mozilla-Actions/sccache-action#103
• chore: fix a typo in a comment by @​Alphare in Mozilla-Actions/sccache-action#109
• Bump outdated CI workflows and packages by @​orf in Mozilla-Actions/sccache-action#114
• Output sccache stats as a notice and a summary table by @​orf in Mozilla-Actions/sccache-action#113

Dependencies

• Bump @​types/node from 20.12.11 to 20.13.0 by @​dependabot in Mozilla-Actions/sccache-action#115
• Bump @​typescript-eslint/parser from 7.8.0 to 7.11.0 by @​dependabot in Mozilla-Actions/sccache-action#117
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in Mozilla-Actions/sccache-action#120
• Bump ts-jest from 29.1.2 to 29.1.4 by @​dependabot in Mozilla-Actions/sccache-action#118
• Bump prettier from 3.2.5 to 3.3.2 by @​dependabot in Mozilla-Actions/sccache-action#121
• Bump @​actions/core from 1.10.0 to 1.10.1 by @​dependabot in Mozilla-Actions/sccache-action#95
• Bump eslint-config-prettier from 9.0.0 to 9.1.0 by @​dependabot in Mozilla-Actions/sccache-action#96
• Bump @​actions/github from 5.1.1 to 6.0.0 by @​dependabot in Mozilla-Actions/sccache-action#97
• Bump @​types/node from 20.10.6 to 20.11.24 by @​dependabot in Mozilla-Actions/sccache-action#102
• Bump eslint-plugin-jest from 27.6.0 to 27.9.0 by @​dependabot in Mozilla-Actions/sccache-action#101
• Bump undici from 5.28.2 to 5.28.3 by @​dependabot in Mozilla-Actions/sccache-action#99

New Contributors

• @​altendky made their first contribution in Mozilla-Actions/sccache-action#103
• @​Alphare made their first contribution in Mozilla-Actions/sccache-action#109
• @​orf made their first contribution in Mozilla-Actions/sccache-action#114

... (truncated)

Commits

• 9e326eb prepare version 0.0.6
• 922a306 Merge pull request #145 from Mozilla-Actions/dependabot/npm_and_yarn/typescri...
• 2be7591 Merge pull request #136 from Mozilla-Actions/dependabot/npm_and_yarn/prettier...
• d707076 Bump prettier from 3.3.2 to 3.3.3
• afb5895 Bump typescript from 5.5.3 to 5.6.2
• f42f2ce Merge pull request #140 from Mozilla-Actions/dependabot/npm_and_yarn/eslint-p...
• ff4a61d Merge pull request #144 from palloberg/set-baseurl
• e073bd0 Update README with instructions on GHES usage.
• 4a60710 Set baseUrl for Octokit to make it work on GitHub Enterprise Server
• 1ff3075 Bump ts-jest from 29.2.2 to 29.2.5 (#141)
• Additional commits viewable in compare view

Updates actions/cache from 4.0.2 to 4.1.2

Release notes

Sourced from actions/cache's releases.

v4.1.2

What's Changed

• Add Bun example by @​idleberg in actions/cache#1456
• Revise isGhes logic by @​jww3 in actions/cache#1474
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in actions/cache#1475
• Add dependabot.yml to enable automatic dependency upgrades by @​Link- in actions/cache#1476
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/cache#1478
• Bump actions/stale from 3 to 9 by @​dependabot in actions/cache#1479
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/cache#1483
• Bump actions/setup-node from 3 to 4 by @​dependabot in actions/cache#1481
• Prepare 4.1.2 release by @​Link- in actions/cache#1477

New Contributors

• @​idleberg made their first contribution in actions/cache#1456
• @​jww3 made their first contribution in actions/cache#1474
• @​Link- made their first contribution in actions/cache#1476

Full Changelog: https://github.com/actions/cache/compare/v4...v4.1.2

v4.1.1

What's Changed

• Restore original behavior of cache-hit output by @​joshmgross in actions/cache#1467

Full Changelog: https://github.com/actions/cache/compare/v4.1.0...v4.1.1

v4.1.0

What's Changed

• Fix cache-hit output when cache missed by @​fchimpan in actions/cache#1404
• Deprecate save-always input by @​joshmgross in actions/cache#1452

New Contributors

• @​ottlinger made their first contribution in actions/cache#1437
• @​Olegt0rr made their first contribution in actions/cache#1377
• @​fchimpan made their first contribution in actions/cache#1404
• @​x612skm made their first contribution in actions/cache#1434
• @​todgru made their first contribution in actions/cache#1311
• @​Jcambass made their first contribution in actions/cache#1463
• @​mackey0225 made their first contribution in actions/cache#1462
• @​quatquatt made their first contribution in actions/cache#1445

Full Changelog: https://github.com/actions/cache/compare/v4.0.2...v4.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

... (truncated)

Commits

• 6849a64 Release 4.1.2 #1477
• 5a1720c Merge branch 'Link-/prep-4.1.2' of https://github.com/actions/cache into Link...
• d9fef48 Merge branch 'main' into Link-/prep-4.1.2
• a50e8d0 Merge branch 'main' into Link-/prep-4.1.2
• acc9ae5 Merge pull request #1481 from actions/dependabot/github_actions/actions/setup...
• 1ea5f18 Merge branch 'main' into Link-/prep-4.1.2
• cc679ff Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
• 366d43d Merge pull request #1483 from actions/dependabot/github_actions/github/codeql...
• 02bf319 Bump github/codeql-action from 2 to 3
• 6f6220b Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.1.0 to 2.2.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.2.0

What's Changed

• Bump actions/create-github-app-token from 1.9.0 to 1.10.0 by @​dependabot in dependabot/fetch-metadata#523
• Bump actions/create-github-app-token from 1.10.0 to 1.10.2 by @​dependabot in dependabot/fetch-metadata#534
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in dependabot/fetch-metadata#532
• v2.2.0 by @​fetch-metadata-action-automation in dependabot/fetch-metadata#520

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v2...v2.2.0

Commits

• dbb049a v2.2.0 (#520)
• 36bf1f9 Merge pull request #532 from dependabot/dependabot/npm_and_yarn/braces-3.0.3
• a3420b5 Bump braces from 3.0.2 to 3.0.3
• 006e43f Merge pull request #534 from dependabot/dependabot/github_actions/actions/cre...
• 9c55ebe Bump actions/create-github-app-token from 1.10.0 to 1.10.2
• 325b863 Merge pull request #523 from dependabot/dependabot/github_actions/actions/cre...
• aec2f3e Bump actions/create-github-app-token from 1.9.0 to 1.10.0
• See full diff in compare view

Updates actions/dependency-review-action from 4.3.2 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in actions/dependency-review-action#844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in actions/dependency-review-action#847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in actions/dependency-review-action#849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in actions/dependency-review-action#850
• fix: add summary comment on failure when warn-only: true by @​ebickle in actions/dependency-review-action#827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

• @​ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.5.0

v4.4.0

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0

v4.3.5

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in actions/dependency-review-action#766
• Create pull_request_template.md by @​jonjanego in actions/dependency-review-action#794
• Update CONTRIBUTING.md by @​jonjanego in actions/dependency-review-action#793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in actions/dependency-review-action#815
• Upgrade transitive micromatch library by @​elireisman in actions/dependency-review-action#829
• Do not list changed dependencies in summary by @​hmaurer in actions/dependency-review-action#828
• Update stale.yaml by @​jonjanego in actions/dependency-review-action#832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in actions/dependency-review-action#822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

• @​louis-bompart made their first contribution in actions/dependency-review-action#766
• @​Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5

v4.3.4

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in actions/dependency-review-action#783
• Update SPDX Expression Parsing by @​febuiles in actions/dependency-review-action#719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

• Allow slashes in purl package names by @​juxtin in actions/dependency-review-action#765

... (truncated)

Commits

• 3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
• d6807b6 updating generated code
• c89b41f addressing lint issues
• eee97d8 incrementing project version
• 9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
• 9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
• 2fc8e23 Using cross-spawn safe version
• fb86db2 fix: resolve race conditions in async core.group calls
• 0a198ab fix: replace integer failureCount with boolean
• fc499fc Merge branch 'main' into fix/comment-warn-only
• Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.3 to 2.4.0

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in ossf/scorecard-action#1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in ossf/scorecard-action#1411

Documentation

• docs: dogfooding badge by @​jkowalleck in ossf/scorecard-action#1399

New Contributors

• @​jkowalleck made their first contribution in ossf/scorecard-action#1399

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

Commits

• 62b2cac bump docker tag to v2.4.0 for release (#1414)
• c09630c lower license score alert threshold to 9 (#1411)
• cf8594c 🌱 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
• de5fcb9 🌱 Bump the github-actions group with 2 updates (#1412)
• a46b90b bump scorecard to v5.0.0 release (#1410)
• 9fc518d 🌱 Bump golang in the docker-images group (#1407)
• a8eaa1b 🌱 Bump the github-actions group with 2 updates (#1408)
• 873d5fd 🌱 Bump the github-actions group across 1 directory with 2 updates (#...
• 54cc1fe 🌱 Bump the docker-images group with 2 updates (#1401)
• 82bcb91 🌱 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.3 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add a section about hidden files by @​joshmgross in actions/upload-artifact#607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/upload-artifact#621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in actions/upload-artifact#625

New Contributors

• @​Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

• Exclude hidden files by default by @​joshmgross in actions/upload-artifact#598

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0

v4.3.6

What's Changed

• Revert to @​actions/artifact 2.1.8 by @​robherley in actions/upload-artifact#594

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.3.6

v4.3.5

What's Changed

• Bump @​actions/artifact to v2.1.9 by @​robherley in actions/upload-artifact#588

... (truncated)

Commits

• b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
• 92b01eb Un...

  Description has been truncated

Bumps the minor-updates group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.8.0` | `2.10.2` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.6` | `4.2.2` | | [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `0.0.4` | `0.0.6` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.1.0` | `2.2.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.6` | `3.27.5` | Updates `step-security/harden-runner` from 2.8.0 to 2.10.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.10.2</h2> <h2>What's Changed</h2> <ol> <li> <p>Fixes low-severity command injection weaknesses The advisory is here: <a href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc">https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc</a></p> </li> <li> <p>Bug fix to improve detection of whether Harden-Runner is running in a container</p> </li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.10.2">https://github.com/step-security/harden-runner/compare/v2...v2.10.2</a></p> <h2>v2.10.1</h2> <h2>What's Changed</h2> <p>Release v2.10.1 by <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/463">step-security/harden-runner#463</a> Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.10.1">https://github.com/step-security/harden-runner/compare/v2...v2.10.1</a></p> <h2>v2.10.0</h2> <h2>What's Changed</h2> <p>Release v2.10.0 by <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/455">step-security/harden-runner#455</a></p> <p><strong>ARM Support</strong>: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.10.0">https://github.com/step-security/harden-runner/compare/v2...v2.10.0</a></p> <h2>v2.9.1</h2> <h2>What's Changed</h2> <p>Release v2.9.1 by <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/issues/440">#440</a> This release includes two changes:</p> <ol> <li>Updated markdown displayed in the job summary by the Harden-Runner Action.</li> <li>Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.</li> </ol> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.9.1">https://github.com/step-security/harden-runner/compare/v2...v2.9.1</a></p> <h2>v2.9.0</h2> <h2>What's Changed</h2> <p>Release v2.9.0 by <a href="https://github.com/h0x0er"><code>@​h0x0er</code></a> and <a href="https://github.com/varunsh-coder"><code>@​varunsh-coder</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/435">step-security/harden-runner#435</a> This release includes:</p> <ul> <li>Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.</li> <li>Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.</li> <li>README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.</li> <li>Dependency Update: Updated the <code>braces</code> npm package dependency to a non-vulnerable version. The vulnerability in <code>braces</code> did not affect the Harden Runner Action</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.9.0">https://github.com/step-security/harden-runner/compare/v2...v2.9.0</a></p> <h2>v2.8.1</h2> <h2>What's Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f"><code>0080882</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/476">#476</a> from step-security/rc-16</li> <li><a href="https://github.com/step-security/harden-runner/commit/4a3a88bbf8f2e304f84e1042472c02dce37eba82"><code>4a3a88b</code></a> Update dist</li> <li><a href="https://github.com/step-security/harden-runner/commit/556aae632a6c1f630efa52e90d706218618e5f2f"><code>556aae6</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/480">#480</a> from h0x0er/jatin/cleanup</li> <li><a href="https://github.com/step-security/harden-runner/commit/6c39b8466160e86ad8606033d399fe7f4052aee1"><code>6c39b84</code></a> chore: clean the code</li> <li><a href="https://github.com/step-security/harden-runner/commit/40401cf6183a0ab2dae5c7e485c1d073fe911e91"><code>40401cf</code></a> Update for isdocker</li> <li><a href="https://github.com/step-security/harden-runner/commit/806ab1cccb47a439a89d5f8f85d3ea41a7fb1e4c"><code>806ab1c</code></a> Update check for isdocker</li> <li><a href="https://github.com/step-security/harden-runner/commit/28468118cdb665b2214b64175253b83fcb4b25f6"><code>2846811</code></a> update dist</li> <li><a href="https://github.com/step-security/harden-runner/commit/df8a07c1712fac199e8d6e78d64a46092afffa44"><code>df8a07c</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/475">#475</a> from h0x0er/fix-execSync</li> <li><a href="https://github.com/step-security/harden-runner/commit/30636fb583e59a926da2f17677e5cd3b63cf1be1"><code>30636fb</code></a> bug fixes</li> <li><a href="https://github.com/step-security/harden-runner/commit/91182cccc01eb5e619899d80e4e971d6181294a7"><code>91182cc</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/463">#463</a> from step-security/rc-14</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/f086349bfa2bd1361f7909c78558e816508cdc10...0080882f6c36860b6ba35c610c98ce87d4e2f26f">compare view</a></li> </ul> </details> <br /> Updates `actions/checkout` from 4.1.6 to 4.2.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <h2>v4.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependabot updates in <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a> &amp; <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yasonk"><code>@​yasonk</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li> <li><a href="https://github.com/lucacome"><code>@​lucacome</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p> <h2>v4.1.7</h2> <h2>What's Changed</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.6...v4.1.7">https://github.com/actions/checkout/compare/v4.1.6...v4.1.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <ul> <li>Check git version before attempting to disable <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li> <li>Add SSH user parameter by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li> <li>Update <code>actions/checkout</code> version in <code>update-main-version.yml</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li> </ul> <h2>v4.1.2</h2> <ul> <li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code> option is not present <a href="https://github.com/dscho"><code>@​dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li> </ul> <h2>v4.1.1</h2> <ul> <li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li> <li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li> </ul> <h2>v4.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/11bd71901bbe5b1630ceea73d27597364c9af683"><code>11bd719</code></a> Prepare 4.2.2 Release (<a href="https://redirect.github.com/actions/checkout/issues/1953">#1953</a>)</li> <li><a href="https://github.com/actions/checkout/commit/e3d2460bbb42d7710191569f88069044cfb9d8cf"><code>e3d2460</code></a> Expand unit test coverage (<a href="https://redirect.github.com/actions/checkout/issues/1946">#1946</a>)</li> <li><a href="https://github.com/actions/checkout/commit/163217dfcd28294438ea1c1c149cfaf66eec283e"><code>163217d</code></a> <code>url-helper.ts</code> now leverages well-known environment variables. (<a href="https://redirect.github.com/actions/checkout/issues/1941">#1941</a>)</li> <li><a href="https://github.com/actions/checkout/commit/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871"><code>eef6144</code></a> Prepare 4.2.1 release (<a href="https://redirect.github.com/actions/checkout/issues/1925">#1925</a>)</li> <li><a href="https://github.com/actions/checkout/commit/6b42224f41ee5dfe5395e27c8b2746f1f9955030"><code>6b42224</code></a> Add workflow file for publishing releases to immutable action package (<a href="https://redirect.github.com/actions/checkout/issues/1919">#1919</a>)</li> <li><a href="https://github.com/actions/checkout/commit/de5a000abf73b6f4965bd1bcdf8f8d94a56ea815"><code>de5a000</code></a> Check out other refs/* by commit if provided, fall back to ref (<a href="https://redirect.github.com/actions/checkout/issues/1924">#1924</a>)</li> <li><a href="https://github.com/actions/checkout/commit/d632683dd7b4114ad314bca15554477dd762a938"><code>d632683</code></a> Prepare 4.2.0 release (<a href="https://redirect.github.com/actions/checkout/issues/1878">#1878</a>)</li> <li><a href="https://github.com/actions/checkout/commit/6d193bf28034eafb982f37bd894289fe649468fc"><code>6d193bf</code></a> Bump braces from 3.0.2 to 3.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/1777">#1777</a>)</li> <li><a href="https://github.com/actions/checkout/commit/db0cee9a514becbbd4a101a5fbbbf47865ee316c"><code>db0cee9</code></a> Bump the minor-npm-dependencies group across 1 directory with 4 updates (<a href="https://redirect.github.com/actions/checkout/issues/1872">#1872</a>)</li> <li><a href="https://github.com/actions/checkout/commit/b6849436894e144dbce29d7d7fda2ae3bf9d8365"><code>b684943</code></a> Add Ref and Commit outputs (<a href="https://redirect.github.com/actions/checkout/issues/1180">#1180</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...11bd71901bbe5b1630ceea73d27597364c9af683">compare view</a></li> </ul> </details> <br /> Updates `mozilla-actions/sccache-action` from 0.0.4 to 0.0.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mozilla-actions/sccache-action/releases">mozilla-actions/sccache-action's releases</a>.</em></p> <blockquote> <h2>v0.0.6</h2> <h2>What's Changed</h2> <ul> <li>fix: string interpolation by <a href="https://github.com/i10416"><code>@​i10416</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/122">Mozilla-Actions/sccache-action#122</a></li> <li>Keep GitHub Actions up to date with GitHub's Dependabot by <a href="https://github.com/cclauss"><code>@​cclauss</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/131">Mozilla-Actions/sccache-action#131</a></li> <li>fix: avoid downloading package when local cache exists by <a href="https://github.com/i10416"><code>@​i10416</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/123">Mozilla-Actions/sccache-action#123</a></li> <li>Set baseUrl for Octokit to make it work on GitHub Enterprise Server by <a href="https://github.com/palloberg"><code>@​palloberg</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/144">Mozilla-Actions/sccache-action#144</a></li> </ul> <h2>dependencies</h2> <ul> <li>Bump eslint-plugin-jest from 28.5.0 to 28.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/130">Mozilla-Actions/sccache-action#130</a></li> <li>Bump ts-jest from 29.1.4 to 29.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/134">Mozilla-Actions/sccache-action#134</a></li> <li>Bump <code>@​types/node</code> from 20.13.0 to 20.14.11 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/133">Mozilla-Actions/sccache-action#133</a></li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 7.8.0 to 7.16.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/132">Mozilla-Actions/sccache-action#132</a></li> <li>Bump typescript from 5.4.5 to 5.5.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/128">Mozilla-Actions/sccache-action#128</a></li> <li>Bump ts-jest from 29.2.2 to 29.2.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/141">Mozilla-Actions/sccache-action#141</a></li> <li>Bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/140">Mozilla-Actions/sccache-action#140</a></li> <li>Bump prettier from 3.3.2 to 3.3.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/136">Mozilla-Actions/sccache-action#136</a></li> <li>Bump typescript from 5.5.3 to 5.6.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/145">Mozilla-Actions/sccache-action#145</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/i10416"><code>@​i10416</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/122">Mozilla-Actions/sccache-action#122</a></li> <li><a href="https://github.com/cclauss"><code>@​cclauss</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/131">Mozilla-Actions/sccache-action#131</a></li> <li><a href="https://github.com/palloberg"><code>@​palloberg</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/144">Mozilla-Actions/sccache-action#144</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.5...v0.0.6">https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.5...v0.0.6</a></p> <h2>v0.0.5</h2> <h2>What's Changed</h2> <ul> <li>add missing quotes to <code>configure</code> example in readme by <a href="https://github.com/altendky"><code>@​altendky</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/103">Mozilla-Actions/sccache-action#103</a></li> <li>chore: fix a typo in a comment by <a href="https://github.com/Alphare"><code>@​Alphare</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/109">Mozilla-Actions/sccache-action#109</a></li> <li>Bump outdated CI workflows and packages by <a href="https://github.com/orf"><code>@​orf</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/114">Mozilla-Actions/sccache-action#114</a></li> <li>Output sccache stats as a notice and a summary table by <a href="https://github.com/orf"><code>@​orf</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/113">Mozilla-Actions/sccache-action#113</a></li> </ul> <h2>Dependencies</h2> <ul> <li>Bump <code>@​types/node</code> from 20.12.11 to 20.13.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/115">Mozilla-Actions/sccache-action#115</a></li> <li>Bump <code>@​typescript-eslint/parser</code> from 7.8.0 to 7.11.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/117">Mozilla-Actions/sccache-action#117</a></li> <li>Bump braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/120">Mozilla-Actions/sccache-action#120</a></li> <li>Bump ts-jest from 29.1.2 to 29.1.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/118">Mozilla-Actions/sccache-action#118</a></li> <li>Bump prettier from 3.2.5 to 3.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/121">Mozilla-Actions/sccache-action#121</a></li> <li>Bump <code>@​actions/core</code> from 1.10.0 to 1.10.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/95">Mozilla-Actions/sccache-action#95</a></li> <li>Bump eslint-config-prettier from 9.0.0 to 9.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/96">Mozilla-Actions/sccache-action#96</a></li> <li>Bump <code>@​actions/github</code> from 5.1.1 to 6.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/97">Mozilla-Actions/sccache-action#97</a></li> <li>Bump <code>@​types/node</code> from 20.10.6 to 20.11.24 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/102">Mozilla-Actions/sccache-action#102</a></li> <li>Bump eslint-plugin-jest from 27.6.0 to 27.9.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/101">Mozilla-Actions/sccache-action#101</a></li> <li>Bump undici from 5.28.2 to 5.28.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/99">Mozilla-Actions/sccache-action#99</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/altendky"><code>@​altendky</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/103">Mozilla-Actions/sccache-action#103</a></li> <li><a href="https://github.com/Alphare"><code>@​Alphare</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/109">Mozilla-Actions/sccache-action#109</a></li> <li><a href="https://github.com/orf"><code>@​orf</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/114">Mozilla-Actions/sccache-action#114</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/9e326ebed976843c9932b3aa0e021c6f50310eb4"><code>9e326eb</code></a> prepare version 0.0.6</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/922a306e477207a637defe7f052d22883f0521d0"><code>922a306</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/145">#145</a> from Mozilla-Actions/dependabot/npm_and_yarn/typescri...</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/2be75915275437bf5de79b87f98872a4f2f8c827"><code>2be7591</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/136">#136</a> from Mozilla-Actions/dependabot/npm_and_yarn/prettier...</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/d707076e63cf36f9ad5b2c698f70fa41064cd1c5"><code>d707076</code></a> Bump prettier from 3.3.2 to 3.3.3</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/afb5895f805bd94d7c9879fdf5e616b6d5b7001d"><code>afb5895</code></a> Bump typescript from 5.5.3 to 5.6.2</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/f42f2ce8fa7c63696e83e23aae0f1d29af697dcb"><code>f42f2ce</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/140">#140</a> from Mozilla-Actions/dependabot/npm_and_yarn/eslint-p...</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/ff4a61d6e6d18f1dbc1ada2764f6a53469f12ac3"><code>ff4a61d</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/144">#144</a> from palloberg/set-baseurl</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/e073bd0f5c2a1b383ffaee047ebfe0d6369abca2"><code>e073bd0</code></a> Update README with instructions on GHES usage.</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/4a60710ed8ed21c21c93b7aa3509f4d0a145aaa7"><code>4a60710</code></a> Set baseUrl for Octokit to make it work on GitHub Enterprise Server</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/1ff3075b6095ae29758d1a19a53d0580fd89ad3a"><code>1ff3075</code></a> Bump ts-jest from 29.2.2 to 29.2.5 (<a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/141">#141</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mozilla-actions/sccache-action/compare/2e7f9ec7921547d4b46598398ca573513895d0bd...9e326ebed976843c9932b3aa0e021c6f50310eb4">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 4.0.2 to 4.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.1.2</h2> <h2>What's Changed</h2> <ul> <li>Add Bun example by <a href="https://github.com/idleberg"><code>@​idleberg</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1456">actions/cache#1456</a></li> <li>Revise <code>isGhes</code> logic by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1474">actions/cache#1474</a></li> <li>Bump braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1475">actions/cache#1475</a></li> <li>Add dependabot.yml to enable automatic dependency upgrades by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1476">actions/cache#1476</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1478">actions/cache#1478</a></li> <li>Bump actions/stale from 3 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1479">actions/cache#1479</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1483">actions/cache#1483</a></li> <li>Bump actions/setup-node from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1481">actions/cache#1481</a></li> <li>Prepare <code>4.1.2</code> release by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1477">actions/cache#1477</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/idleberg"><code>@​idleberg</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1456">actions/cache#1456</a></li> <li><a href="https://github.com/jww3"><code>@​jww3</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1474">actions/cache#1474</a></li> <li><a href="https://github.com/Link"><code>@​Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1476">actions/cache#1476</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4...v4.1.2">https://github.com/actions/cache/compare/v4...v4.1.2</a></p> <h2>v4.1.1</h2> <h2>What's Changed</h2> <ul> <li>Restore original behavior of <code>cache-hit</code> output by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1467">actions/cache#1467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.1.0...v4.1.1">https://github.com/actions/cache/compare/v4.1.0...v4.1.1</a></p> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Fix cache-hit output when cache missed by <a href="https://github.com/fchimpan"><code>@​fchimpan</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li> <li>Deprecate <code>save-always</code> input by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1452">actions/cache#1452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ottlinger"><code>@​ottlinger</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1437">actions/cache#1437</a></li> <li><a href="https://github.com/Olegt0rr"><code>@​Olegt0rr</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1377">actions/cache#1377</a></li> <li><a href="https://github.com/fchimpan"><code>@​fchimpan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1404">actions/cache#1404</a></li> <li><a href="https://github.com/x612skm"><code>@​x612skm</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1434">actions/cache#1434</a></li> <li><a href="https://github.com/todgru"><code>@​todgru</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1311">actions/cache#1311</a></li> <li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1463">actions/cache#1463</a></li> <li><a href="https://github.com/mackey0225"><code>@​mackey0225</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1462">actions/cache#1462</a></li> <li><a href="https://github.com/quatquatt"><code>@​quatquatt</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1445">actions/cache#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.0.2...v4.1.0">https://github.com/actions/cache/compare/v4.0.2...v4.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.1.2</h3> <ul> <li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li> <li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li> </ul> <h3>4.1.1</h3> <ul> <li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li> </ul> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> <h3>4.0.2</h3> <ul> <li>Fixed restore <code>fail-on-cache-miss</code> not working.</li> </ul> <h3>4.0.1</h3> <ul> <li>Updated <code>isGhes</code> check</li> </ul> <h3>4.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -&gt; node 20</li> </ul> <h3>3.3.3</h3> <ul> <li>Updates <code>@​actions/cache</code> to v3.2.3 to fix accidental mutated path arguments to <code>getCacheVersion</code> <a href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li> <li>Additional audit fixes of npm package(s)</li> </ul> <h3>3.3.2</h3> <ul> <li>Fixes bug with Azure SDK causing blob downloads to get stuck.</li> </ul> <h3>3.3.1</h3> <ul> <li>Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.</li> </ul> <h3>3.3.0</h3> <ul> <li>Added option to lookup cache without downloading it.</li> </ul> <h3>3.2.6</h3> <ul> <li>Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.</li> </ul> <h3>3.2.5</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/6849a6489940f00c2f30c0fb92c6274307ccb58a"><code>6849a64</code></a> Release 4.1.2 <a href="https://redirect.github.com/actions/cache/issues/1477">#1477</a></li> <li><a href="https://github.com/actions/cache/commit/5a1720c49e91718f5d0ce7f154997c93e0f6159a"><code>5a1720c</code></a> Merge branch 'Link-/prep-4.1.2' of <a href="https://github.com/actions/cache">https://github.com/actions/cache</a> into Link...</li> <li><a href="https://github.com/actions/cache/commit/d9fef48d24d529bac46adcc1e42f49649de07ca9"><code>d9fef48</code></a> Merge branch 'main' into Link-/prep-4.1.2</li> <li><a href="https://github.com/actions/cache/commit/a50e8d027b022a55ef85ffa721ebd97d2b22bcda"><code>a50e8d0</code></a> Merge branch 'main' into Link-/prep-4.1.2</li> <li><a href="https://github.com/actions/cache/commit/acc9ae5c1401b6c072a7c89ff4c48ea7e30f4dbf"><code>acc9ae5</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1481">#1481</a> from actions/dependabot/github_actions/actions/setup...</li> <li><a href="https://github.com/actions/cache/commit/1ea5f18c31265ef251b3eb51ce8b857be5e7b044"><code>1ea5f18</code></a> Merge branch 'main' into Link-/prep-4.1.2</li> <li><a href="https://github.com/actions/cache/commit/cc679ff3baee71867c711040a5c21af61b262806"><code>cc679ff</code></a> Merge branch 'main' into dependabot/github_actions/actions/setup-node-4</li> <li><a href="https://github.com/actions/cache/commit/366d43d6f8aa1f3e5d28b2c98959d557d78ffa3f"><code>366d43d</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1483">#1483</a> from actions/dependabot/github_actions/github/codeql...</li> <li><a href="https://github.com/actions/cache/commit/02bf31969bcc471fd5f91b5896ae17beb0973413"><code>02bf319</code></a> Bump github/codeql-action from 2 to 3</li> <li><a href="https://github.com/actions/cache/commit/6f6220be5af96ba6940aca960265218cae17e8fd"><code>6f6220b</code></a> Merge branch 'main' into dependabot/github_actions/actions/setup-node-4</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...6849a6489940f00c2f30c0fb92c6274307ccb58a">compare view</a></li> </ul> </details> <br /> Updates `dependabot/fetch-metadata` from 2.1.0 to 2.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/create-github-app-token from 1.9.0 to 1.10.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/523">dependabot/fetch-metadata#523</a></li> <li>Bump actions/create-github-app-token from 1.10.0 to 1.10.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/534">dependabot/fetch-metadata#534</a></li> <li>Bump braces from 3.0.2 to 3.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/532">dependabot/fetch-metadata#532</a></li> <li>v2.2.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/520">dependabot/fetch-metadata#520</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.2.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/dbb049abf0d677abbd7f7eee0375145b417fdd34"><code>dbb049a</code></a> v2.2.0 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/520">#520</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/36bf1f955e6ca1b125f734a093d453a10bf77434"><code>36bf1f9</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/532">#532</a> from dependabot/dependabot/npm_and_yarn/braces-3.0.3</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/a3420b5aac6fe1398d8bf065c2416c1007d5b667"><code>a3420b5</code></a> Bump braces from 3.0.2 to 3.0.3</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/006e43f8a3b59da50984cd5692bef3e63db55ccf"><code>006e43f</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/534">#534</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/9c55ebe61886a60890ad325cf03a66d98d1388e8"><code>9c55ebe</code></a> Bump actions/create-github-app-token from 1.10.0 to 1.10.2</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/325b863556700e5e4d4ec23381993ef460dd8379"><code>325b863</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/523">#523</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/aec2f3e196ff263f661851160fef094015755e03"><code>aec2f3e</code></a> Bump actions/create-github-app-token from 1.9.0 to 1.10.0</li> <li>See full diff in <a href="https://github.com/dependabot/fetch-metadata/compare/5e5f99653a5b510e8555840e80cbf1514ad4af38...dbb049abf0d677abbd7f7eee0375145b417fdd34">compare view</a></li> </ul> </details> <br /> Updates `actions/dependency-review-action` from 4.3.2 to 4.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>Bump got from 14.4.2 to 14.4.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/844">actions/dependency-review-action#844</a></li> <li>Bump nodemon from 3.1.0 to 3.1.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/847">actions/dependency-review-action#847</a></li> <li>Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/849">actions/dependency-review-action#849</a></li> <li>Overriding the cross-spawn dependency to use a safe version by <a href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/850">actions/dependency-review-action#850</a></li> <li>fix: add summary comment on failure when warn-only: true by <a href="https://github.com/ebickle"><code>@​ebickle</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/827">actions/dependency-review-action#827</a></li> <li>Prepare for 4.5.0 release by <a href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/851">actions/dependency-review-action#851</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ebickle"><code>@​ebickle</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/827">actions/dependency-review-action#827</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4...v4.5.0">https://github.com/actions/dependency-review-action/compare/v4...v4.5.0</a></p> <h2>v4.4.0</h2> <h2>What's Changed</h2> <ul> <li>Fix for merge_group event bug by <a href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/846">actions/dependency-review-action#846</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0">https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0</a></p> <h2>v4.3.5</h2> <h2>What's Changed</h2> <ul> <li>fix: getRefs function to handle merge_group events by <a href="https://github.com/louis-bompart"><code>@​louis-bompart</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/766">actions/dependency-review-action#766</a></li> <li>Create pull_request_template.md by <a href="https://github.com/jonjanego"><code>@​jonjanego</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/794">actions/dependency-review-action#794</a></li> <li>Update CONTRIBUTING.md by <a href="https://github.com/jonjanego"><code>@​jonjanego</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/793">actions/dependency-review-action#793</a></li> <li>Bump <code>@​types/node</code> from 20.11.28 to 20.16.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/815">actions/dependency-review-action#815</a></li> <li>Upgrade transitive micromatch library by <a href="https://github.com/elireisman"><code>@​elireisman</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/829">actions/dependency-review-action#829</a></li> <li>Do not list changed dependencies in summary by <a href="https://github.com/hmaurer"><code>@​hmaurer</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/828">actions/dependency-review-action#828</a></li> <li>Update stale.yaml by <a href="https://github.com/jonjanego"><code>@​jonjanego</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/832">actions/dependency-review-action#832</a></li> <li>Bump got from 14.4.1 to 14.4.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/822">actions/dependency-review-action#822</a></li> <li>Bump eslint-plugin-jest and ts-jest by <a href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/840">actions/dependency-review-action#840</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/louis-bompart"><code>@​louis-bompart</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/766">actions/dependency-review-action#766</a></li> <li><a href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a> made their first contribution in <a href="https://redirect.github.com/actions/dependency-review-action/pull/840">actions/dependency-review-action#840</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5">https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5</a></p> <h2>v4.3.4</h2> <h2>What's Changed</h2> <ul> <li>Include all added dependencies in scorecard entries by <a href="https://github.com/elireisman"><code>@​elireisman</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/783">actions/dependency-review-action#783</a></li> <li>Update SPDX Expression Parsing by <a href="https://github.com/febuiles"><code>@​febuiles</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/719">actions/dependency-review-action#719</a> <ul> <li>This PR is a significant refactor of SPDX expression parsing that <em>may</em> fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4">https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4</a></p> <h2>Notes for v4.3.3</h2> <h2>What's Changed</h2> <ul> <li>Allow slashes in purl package names by <a href="https://github.com/juxtin"><code>@​juxtin</code></a> in <a href="https://redirect.github.com/actions/dependency-review-action/pull/765">actions/dependency-review-action#765</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/dependency-review-action/commit/3b139cfc5fae8b618d3eae3675e383bb1769c019"><code>3b139cf</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/851">#851</a> from actions/ahmed3lmallah/prepare-for-4.5.0-release</li> <li><a href="https://github.com/actions/dependency-review-action/commit/d6807b6643179f05418e138a25fff841c8646a2a"><code>d6807b6</code></a> updating generated code</li> <li><a href="https://github.com/actions/dependency-review-action/commit/c89b41fdc6d9794d60f1090afe0dca3a28344f01"><code>c89b41f</code></a> addressing lint issues</li> <li><a href="https://github.com/actions/dependency-review-action/commit/eee97d8b03930b9729cc733c2064b81da03229ec"><code>eee97d8</code></a> incrementing project version</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9d101822a37e3a155f1fbce62bf70039ae01e834"><code>9d10182</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/827">#827</a> from ebickle/fix/comment-warn-only</li> <li><a href="https://github.com/actions/dependency-review-action/commit/9192be9c722c974bdd08907626f2da15cccc50d6"><code>9192be9</code></a> Merge pull request <a href="https://redirect.github.com/actions/dependency-review-action/issues/850">#850</a> from actions/ahmed3lmallah/adressing-CVE-2024-21538</li> <li><a href="https://github.com/actions/dependency-review-action/commit/2fc8e23b125c76dce6fd50617e881d942f205855"><code>2fc8e23</code></a> Using cross-spawn safe version</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fb86db204331e3278a86fde515f9a3856cdd2e61"><code>fb86db2</code></a> fix: resolve race conditions in async core.group calls</li> <li><a href="https://github.com/actions/dependency-review-action/commit/0a198ab3ed7324295cb94cee2d50a07dbe3fbe20"><code>0a198ab</code></a> fix: replace integer failureCount with boolean</li> <li><a href="https://github.com/actions/dependency-review-action/commit/fc499fc13affcdbaad5544148db6cef2cfd5a377"><code>fc499fc</code></a> Merge branch 'main' into fix/comment-warn-only</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/0c155c5e8556a497adf53f2c18edabf945ed8e70...3b139cfc5fae8b618d3eae3675e383bb1769c019">compare view</a></li> </ul> </details> <br /> Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0">v5.0.0 release notes</a>. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.</p> <ul> <li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1410">ossf/scorecard-action#1410</a></li> <li>:bug: lower license sarif alert threshold to 9 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1411">ossf/scorecard-action#1411</a></li> </ul> <h3>Documentation</h3> <ul> <li>docs: dogfooding badge by <a href="https://github.com/jkowalleck"><code>@​jkowalleck</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1399">ossf/scorecard-action#1399</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jkowalleck"><code>@​jkowalleck</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1399">ossf/scorecard-action#1399</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0">https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/62b2cac7ed8198b15735ed49ab1e5cf35480ba46"><code>62b2cac</code></a> bump docker tag to v2.4.0 for release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1414">#1414</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c09630c42e97d04c7cd8f69735ddf0ec53f0e189"><code>c09630c</code></a> lower license score alert threshold to 9 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1411">#1411</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/cf8594c5485256008de4ec57c936bd4a1a381a0b"><code>cf8594c</code></a> :seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1413">#1413</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/de5fcb95b9d8f899bc5dc11b4e202eb6a2fd67e9"><code>de5fcb9</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1412">#1412</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/a46b90b4caca61e2298cc4a9bd4c90d3dfe7f09d"><code>a46b90b</code></a> bump scorecard to v5.0.0 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1410">#1410</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/9fc518d5249b2564cbeb11d029b87d7d1ba55396"><code>9fc518d</code></a> :seedling: Bump golang in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1407">#1407</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/a8eaa1b46e3fd7e003f79fd39dff99ca53bbe732"><code>a8eaa1b</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1408">#1408</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/873d5fdf63bc863d140f57ed481e6a297324030b"><code>873d5fd</code></a> :seedling: Bump the github-actions group across 1 directory with 2 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/54cc1fe4e2c7bc69051a267c8e183497ca7d8da7"><code>54cc1fe</code></a> :seedling: Bump the docker-images group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1401">#1401</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/82bcb91c5d3f72aaf692a0d3e399c425a29ac512"><code>82bcb91</code></a> :seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1400">#1400</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 4.3.3 to 4.4.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.4.3</h2> <h2>What's Changed</h2> <ul> <li>Undo indirect dependency updates from <a href="https://redirect.github.com/actions/upload-artifact/issues/627">#627</a> by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/632">actions/upload-artifact#632</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3">https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3</a></p> <h2>v4.4.2</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/artifact</code> to 2.1.11 by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/627">actions/upload-artifact#627</a> <ul> <li>Includes fix for relative symlinks not resolving properly</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2">https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2</a></p> <h2>v4.4.1</h2> <h2>What's Changed</h2> <ul> <li>Add a section about hidden files by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/607">actions/upload-artifact#607</a></li> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/621">actions/upload-artifact#621</a></li> <li>Update <code>@​actions/artifact</code> to latest version, includes symlink and timeout fixes by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/625">actions/upload-artifact#625</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/621">actions/upload-artifact#621</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1">https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1</a></p> <h2>v4.4.0</h2> <h2>Notice: Breaking Changes :warning:</h2> <p>We will no longer include hidden files and folders by default in the <code>upload-artifact</code> action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, <code>include-hidden-files</code>, to continue to do so.</p> <p>See <a href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">&quot;Notice of upcoming deprecations and breaking changes in GitHub Actions runners&quot;</a> changelog and <a href="https://redirect.github.com/actions/upload-artifact/issues/602">this issue</a> for more details.</p> <h2>What's Changed</h2> <ul> <li>Exclude hidden files by default by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/598">actions/upload-artifact#598</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0">https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0</a></p> <h2>v4.3.6</h2> <h2>What's Changed</h2> <ul> <li>Revert to <code>@​actions/artifact</code> 2.1.8 by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/594">actions/upload-artifact#594</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.3.6">https://github.com/actions/upload-artifact/compare/v4...v4.3.6</a></p> <h2>v4.3.5</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@​actions/artifact</code> to v2.1.9 by <a href="https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/588">actions/upload-artifact#588</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882"><code>b4b15b8</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/632">#632</a> from actions/joshmgross/undo-dependency-changes</li> <li><a href="https://github.com/actions/upload-artifact/commit/92b01ebffaf2e2520c64ab2845d3f9bd5c06941a"><code>92b01eb</code></a> Un... _Description has been truncated_

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/github_actions/minor-updates-b108ac60ab:dependabot/github_actions/minor-updates-b108ac60ab

git switch dependabot/github_actions/minor-updates-b108ac60ab

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff dependabot/github_actions/minor-updates-b108ac60ab

git switch dependabot/github_actions/minor-updates-b108ac60ab

git rebase main

git switch main

git merge --ff-only dependabot/github_actions/minor-updates-b108ac60ab

git switch dependabot/github_actions/minor-updates-b108ac60ab

git rebase main

git switch main

git merge --no-ff dependabot/github_actions/minor-updates-b108ac60ab

git switch main

git merge --squash dependabot/github_actions/minor-updates-b108ac60ab

git switch main

git merge --ff-only dependabot/github_actions/minor-updates-b108ac60ab

git switch main

git merge dependabot/github_actions/minor-updates-b108ac60ab

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

github_actions

Pull requests that update GitHub Actions code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

github_actions

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: nwesterhausen/dfraw_parser#125

No description provided.