Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use corepack to install yarn #458

Merged
merged 1 commit into from Apr 27, 2024
Merged

chore: use corepack to install yarn #458

merged 1 commit into from Apr 27, 2024

Conversation

crazy-max
Copy link
Member

@crazy-max crazy-max requested a review from caarlos0 April 27, 2024 10:26
@codecov Codecov
Copy link

codecov bot commented Apr 27, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.50%. Comparing base (14707cd) to head (b4e4199).
Report is 7 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #458      +/-   ##
==========================================
+ Coverage   66.92%   70.50%   +3.58%     
==========================================
  Files           3        3              
  Lines         130      139       +9     
  Branches       23       32       +9     
==========================================
+ Hits           87       98      +11     
- Misses         27       41      +14     
+ Partials       16        0      -16

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@crazy-max crazy-max enabled auto-merge (squash) April 27, 2024 10:29
@crazy-max crazy-max merged commit 62d4b8a into goreleaser:master Apr 27, 2024
33 checks passed
@crazy-max crazy-max deleted the corepack branch April 27, 2024 15:55
renovate bot added a commit to nobl9/terraform-provider-nobl9 that referenced this pull request May 10, 2024
@renovate
chore: Update goreleaser/goreleaser-action action to v5.1.0 (#228)
4bc1d3f 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |

---

### Release Notes

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)

#### Important

This version changes the default behavior of `latest` to `~> v1`.

The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.

#### What's Changed

- docs: bump actions to latest major by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#435
- chore(deps): bump docker/bake-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#436
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#437
- chore(deps): bump actions/setup-go from 4 to 5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#443
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#444
- Delete .kodiak.toml by
[@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[goreleaser/goreleaser-action#446
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#448
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#450
- Upgrade setup-go action version in README by
[@&#8203;kishaningithub](https://togithub.com/kishaningithub) in
[goreleaser/goreleaser-action#455
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#456
- chore: use corepack to install yarn by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#458
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@&#8203;caarlos0](https://togithub.com/caarlos0) in
[goreleaser/goreleaser-action#461
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#462
- chore(deps): bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#451

#### New Contributors

- [@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[goreleaser/goreleaser-action#446

**Full Changelog**:
goreleaser/goreleaser-action@v5.0.0...v5.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am
every weekday,every weekend" (UTC), Automerge - At any time (no schedule
defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/nobl9/terraform-provider-nobl9).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnaXRodWItYWN0aW9ucyIsInJlbm92YXRlIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
codeboten pushed a commit to open-telemetry/opentelemetry-collector that referenced this pull request May 14, 2024
@renovate
Update github-actions deps (#10145)
59b1607 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.4` -> `v4.1.5` |
| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)
| action | minor | `4.3.1` -> `4.4.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.5` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update NPM dependencies by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1703
- Bump github/codeql-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1694
- Bump actions/setup-node from 1 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1696
- Bump actions/upload-artifact from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1695
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1707

**Full Changelog**:
actions/checkout@v4.1.4...v4.1.5

</details>

<details>
<summary>codecov/codecov-action (codecov/codecov-action)</summary>

###
[`v4.4.0`](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)

[Compare
Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)

#### Important

This version changes the default behavior of `latest` to `~> v1`.

The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.

#### What's Changed

- docs: bump actions to latest major by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#435
- chore(deps): bump docker/bake-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#436
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#437
- chore(deps): bump actions/setup-go from 4 to 5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#443
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#444
- Delete .kodiak.toml by
[@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[goreleaser/goreleaser-action#446
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#448
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#450
- Upgrade setup-go action version in README by
[@&#8203;kishaningithub](https://togithub.com/kishaningithub) in
[goreleaser/goreleaser-action#455
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#456
- chore: use corepack to install yarn by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#458
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@&#8203;caarlos0](https://togithub.com/caarlos0) in
[goreleaser/goreleaser-action#461
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#462
- chore(deps): bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#451

#### New Contributors

- [@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[goreleaser/goreleaser-action#446

**Full Changelog**:
goreleaser/goreleaser-action@v5.0.0...v5.1.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Racer159 pushed a commit to defenseunicorns/maru-runner that referenced this pull request May 22, 2024
@renovate
chore(deps): update maru support dependencies (#99)
6369bce 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | minor | `v1.9.0` -> `v1.10.0` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.0` -> `v5.0.1` |
| [anchore/sbom-action](https://togithub.com/anchore/sbom-action) |
action | minor | `v0.15.11` -> `v0.16.0` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.32.5` -> `v0.33.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.6` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0)

##### Features

- **`private-key`:** escaped newlines will be replaced
([#&#8203;132](https://togithub.com/actions/create-github-app-token/issues/132))
([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f))

###
[`v1.9.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.3)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3)

##### Bug Fixes

- **deps:** bump undici from 6.10.2 to 6.11.1
([#&#8203;125](https://togithub.com/actions/create-github-app-token/issues/125))
([3c223c7](https://togithub.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)),
closes
[#&#8203;3024](https://togithub.com/actions/create-github-app-token/issues/3024)
[nodejs/undici#3044](https://togithub.com/nodejs/undici/issues/3044)
[#&#8203;3023](https://togithub.com/actions/create-github-app-token/issues/3023)
[nodejs/undici#3025](https://togithub.com/nodejs/undici/issues/3025)
[nodejs/undici#3024](https://togithub.com/nodejs/undici/issues/3024)
[nodejs/undici#3034](https://togithub.com/nodejs/undici/issues/3034)
[nodejs/undici#3038](https://togithub.com/nodejs/undici/issues/3038)
[nodejs/undici#2947](https://togithub.com/nodejs/undici/issues/2947)
[nodejs/undici#3040](https://togithub.com/nodejs/undici/issues/3040)
[nodejs/undici#3036](https://togithub.com/nodejs/undici/issues/3036)
[nodejs/undici#3041](https://togithub.com/nodejs/undici/issues/3041)
[#&#8203;3024](https://togithub.com/actions/create-github-app-token/issues/3024)
[#&#8203;3041](https://togithub.com/actions/create-github-app-token/issues/3041)
[#&#8203;3036](https://togithub.com/actions/create-github-app-token/issues/3036)

###
[`v1.9.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.2)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2)

##### Bug Fixes

- **deps:** bump the production-dependencies group with 1 update
([#&#8203;123](https://togithub.com/actions/create-github-app-token/issues/123))
([beea7b8](https://togithub.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)),
closes
[nodejs/undici#2978](https://togithub.com/nodejs/undici/issues/2978)
[nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980)
[#&#8203;2982](https://togithub.com/actions/create-github-app-token/issues/2982)
[nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991)
[#&#8203;2986](https://togithub.com/actions/create-github-app-token/issues/2986)
[nodejs/undici#2992](https://togithub.com/nodejs/undici/issues/2992)
[nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985)
[nodejs/undici#2993](https://togithub.com/nodejs/undici/issues/2993)
[nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995)
[nodejs/undici#2998](https://togithub.com/nodejs/undici/issues/2998)
[#&#8203;2863](https://togithub.com/actions/create-github-app-token/issues/2863)
[nodejs/undici#2999](https://togithub.com/nodejs/undici/issues/2999)
[nodejs/undici#3001](https://togithub.com/nodejs/undici/issues/3001)
[nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980)
[nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991)
[nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985)
[nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995)
[nodejs/undici#2960](https://togithub.com/nodejs/undici/issues/2960)
[nodejs/undici#2959](https://togithub.com/nodejs/undici/issues/2959)
[nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962)
[nodejs/undici#2974](https://togithub.com/nodejs/undici/issues/2974)
[nodejs/undici#2967](https://togithub.com/nodejs/undici/issues/2967)
[nodejs/undici#2966](https://togithub.com/nodejs/undici/issues/2966)
[nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962)
[nodejs/undici#2826](https://togithub.com/nodejs/undici/issues/2826)
[nodejs/undici#2952](https://togithub.com/nodejs/undici/issues/2952)
[#&#8203;3001](https://togithub.com/actions/create-github-app-token/issues/3001)
[#&#8203;2863](https://togithub.com/actions/create-github-app-token/issues/2863)
[#&#8203;2999](https://togithub.com/actions/create-github-app-token/issues/2999)
[#&#8203;2998](https://togithub.com/actions/create-github-app-token/issues/2998)
[#&#8203;2993](https://togithub.com/actions/create-github-app-token/issues/2993)
[#&#8203;2986](https://togithub.com/actions/create-github-app-token/issues/2986)
[#&#8203;2992](https://togithub.com/actions/create-github-app-token/issues/2992)
[#&#8203;2991](https://togithub.com/actions/create-github-app-token/issues/2991)
[#&#8203;2987](https://togithub.com/actions/create-github-app-token/issues/2987)

###
[`v1.9.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.1)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1)

##### Bug Fixes

- clarify `owner` input description
([#&#8203;118](https://togithub.com/actions/create-github-app-token/issues/118))
([d9bc169](https://togithub.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f))

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1)

#### What's Changed

- Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by
[@&#8203;dependabot](https://togithub.com/dependabot) ,
[@&#8203;HarithaVattikuti](https://togithub.com/HarithaVattikuti) in
[actions/setup-go#465
- Update documentation with latest V5 release notes by
[@&#8203;ab](https://togithub.com/ab) in
[actions/setup-go#459
- Update version documentation by
[@&#8203;178inaba](https://togithub.com/178inaba) in
[actions/setup-go#458
- Documentation update of `actions/setup-go` to v5 by
[@&#8203;chenrui333](https://togithub.com/chenrui333) in
[actions/setup-go#449

#### New Contributors

- [@&#8203;ab](https://togithub.com/ab) made their first contribution in
[actions/setup-go#459

**Full Changelog**:
actions/setup-go@v5.0.0...v5.0.1

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.16.0`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.0):
v0.16

[Compare
Source](https://togithub.com/anchore/sbom-action/compare/v0.15.11...v0.16.0)

#### Changes in v0.16.0

- Update Syft to v1.4.1
([#&#8203;465](https://togithub.com/anchore/sbom-action/issues/465))
- Update GitHub artifact client
([#&#8203;463](https://togithub.com/anchore/sbom-action/issues/463))
\[[kzantow](https://togithub.com/kzantow)]

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2)

##### What's Changed

- fix: schema integration by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2463
- docs: add contributor covenant code of conduct by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[defenseunicorns/zarf#2462
- docs: fix casing on code of conduct badge by
[@&#8203;salaxander](https://togithub.com/salaxander) in
[defenseunicorns/zarf#2466
- fix(deps): update github.com/anchore/clio digest to
[`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by
[@&#8203;renovate](https://togithub.com/renovate) in
[defenseunicorns/zarf#2424
- fix: update docker media type in registry by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2476
- fix: adds GetVariableConfig function for packager by
[@&#8203;decleaver](https://togithub.com/decleaver) in
[defenseunicorns/zarf#2475
- test: add tests for remove copies from components to enable
refactoring by [@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2473
- fix!: do not uninstall helm chart after failed install or upgrade by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2456
- feat: inspect --list-images by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[defenseunicorns/zarf#2478
- refactor: remove copies from components to a filter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2474
- chore: add support.md by
[@&#8203;schristoff](https://togithub.com/schristoff) in
[defenseunicorns/zarf#2480
- chore: add a check for go mod tidy by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2481
- fix: use correct sha256 checksum for arm64 injector binary by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2483
- fix: simplify go mod tidy check by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2482

##### New Contributors

- [@&#8203;salaxander](https://togithub.com/salaxander) made their first
contribution in
[defenseunicorns/zarf#2462
- [@&#8203;phillebaba](https://togithub.com/phillebaba) made their first
contribution in
[defenseunicorns/zarf#2473
- [@&#8203;schristoff](https://togithub.com/schristoff) made their first
contribution in
[defenseunicorns/zarf#2480

**Full Changelog**:
defenseunicorns/zarf@v0.33.1...v0.33.2

###
[`v0.33.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.1)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1)

#### What's Changed

- fix: add redirect so old zarf base link is compatiable by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2432
- ci: pin third-party gh actions by hash by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2433
- docs: add redirect for examples by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2438
- docs: update contributing and pre-commit by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[defenseunicorns/zarf#2439
- ci: fix revive image ref in lint workflow by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2436
- fix: filter on running pods when finding an image for injector pod by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2415
- fix: readme dead links by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2442
- fix: differential package create with non local sources by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2444
- refactor: move variables into separate package by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[defenseunicorns/zarf#2414
- ci: add top level workflow permission to commitlint by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2449
- ci: remove unused env var from codeql workflow by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2450
- chore: cleanup root level files and add SPDX check for Go files by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[defenseunicorns/zarf#2431
- feat: config to enable resilient registry by
[@&#8203;Michael-Kruggel](https://togithub.com/Michael-Kruggel) in
[defenseunicorns/zarf#2440
- docs: init package clarity and cleanup by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2447
- ci: compare cves to main by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2448
- test: unpin version in bigbang extension test by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2459
- fix: broken schema from unexpanded embedded variables by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2458
- fix: error on create if an index sha is used by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2429

#### New Contributors

- [@&#8203;Michael-Kruggel](https://togithub.com/Michael-Kruggel) made
their first contribution in
[defenseunicorns/zarf#2440

**Full Changelog**:
defenseunicorns/zarf@v0.33.0...v0.33.1

###
[`v0.33.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0)

#### What's Changed

- fix: update deprecated syft packages command to syft scan by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2399
- chore: move helpers to defenseunicorns/pkg by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2402
- fix(deps): update github.com/anchore/clio digest to
[`fb5fc4c`](https://togithub.com/defenseunicorns/zarf/commit/fb5fc4c) by
[@&#8203;renovate](https://togithub.com/renovate) in
[defenseunicorns/zarf#2366
- feat(tools): add yq by
[@&#8203;zachariahmiller](https://togithub.com/zachariahmiller) in
[defenseunicorns/zarf#2406
- chore: switch to use oci lib in defenseunicorns/pkg by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2404
- fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1
by [@&#8203;renovate](https://togithub.com/renovate) in
[defenseunicorns/zarf#2411
- fix: use env var for PR title in commitlint workflow to prevent
untrusted script injection by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2418
- fix: use default GITHUB_TOKEN for ossf/scorecard-action by
[@&#8203;bburky](https://togithub.com/bburky) in
[defenseunicorns/zarf#2416
- fix: remove duplicate logic for writing image layers to disk
concurrently by [@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2409
- feat: add option to skip cosign lookup during find images by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[defenseunicorns/zarf#2427
- feat: allow chart deploy overrides ALPHA by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[defenseunicorns/zarf#2403
- chore: update pull_request_template.md by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[defenseunicorns/zarf#2428
- ci: pin k3s image version in k3d github action by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2430
- feat(docs): port docs to starlight by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[defenseunicorns/zarf#2315

#### New Contributors

- [@&#8203;zachariahmiller](https://togithub.com/zachariahmiller) made
their first contribution in
[defenseunicorns/zarf#2406
- [@&#8203;bburky](https://togithub.com/bburky) made their first
contribution in
[defenseunicorns/zarf#2416

**Full Changelog**:
defenseunicorns/zarf@v0.32.6...v0.33.0

###
[`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6)

#### \[0.32.6] - 2024-03-22

> trying out some different release note generators, formatting may vary
for a few releases while we figure out what works best
~[@&#8203;Noxsios](https://togithub.com/Noxsios)

##### 🚀 Features

- \[**ALPHA**] feat: package generation ALPHA by
[@&#8203;andrewg-xyz](https://togithub.com/andrewg-xyz) in
[#&#8203;2269](https://togithub.com/defenseunicorns/zarf/pull/2269)
- *(lib)* feat(lib): configurable log file location by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[#&#8203;2380](https://togithub.com/defenseunicorns/zarf/pull/2380)
- \[**BREAKING**] feat!: filter package components with strategy
interface by [@&#8203;Noxsios](https://togithub.com/Noxsios) in
[#&#8203;2321](https://togithub.com/defenseunicorns/zarf/pull/2321)

##### 🐛 Bug Fixes

- fix: refactor create stages into separate lib by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[#&#8203;2223](https://togithub.com/defenseunicorns/zarf/pull/2223)
- fix: handle registry caBundle as a multiline string by
[@&#8203;AbrohamLincoln](https://togithub.com/AbrohamLincoln) in
[#&#8203;2381](https://togithub.com/defenseunicorns/zarf/pull/2381)
- *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and
`mirror` by [@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[#&#8203;2386](https://togithub.com/defenseunicorns/zarf/pull/2386)
- fix: allow absolute paths for differential packages by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[#&#8203;2397](https://togithub.com/defenseunicorns/zarf/pull/2397)
- fix: hotfix skeleton publish by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[#&#8203;2398](https://togithub.com/defenseunicorns/zarf/pull/2398)

##### 🚜 Refactor

- refactor: split helpers/exec libs by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[#&#8203;2379](https://togithub.com/defenseunicorns/zarf/pull/2379)

##### 🧪 Testing

- test: data injection flake by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[#&#8203;2361](https://togithub.com/defenseunicorns/zarf/pull/2361)

##### ⚙️ Miscellaneous Tasks

- ci: add commitlint workflow and update contributing guide by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[#&#8203;2391](https://togithub.com/defenseunicorns/zarf/pull/2391)

##### 🛡️ Security

- *(release)* build: create PRs on `homebrew-tap` by
[@&#8203;Noxsios](https://togithub.com/Noxsios) in
[#&#8203;2385](https://togithub.com/defenseunicorns/zarf/pull/2385)

**Full Changelog**:
defenseunicorns/zarf@v0.32.5...v0.32.6

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)

#### Important

This version changes the default behavior of `latest` to `~> v1`.

The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.

#### What's Changed

- docs: bump actions to latest major by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#435
- chore(deps): bump docker/bake-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#436
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#437
- chore(deps): bump actions/setup-go from 4 to 5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#443
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#444
- Delete .kodiak.toml by
[@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[goreleaser/goreleaser-action#446
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#448
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#450
- Upgrade setup-go action version in README by
[@&#8203;kishaningithub](https://togithub.com/kishaningithub) in
[goreleaser/goreleaser-action#455
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#456
- chore: use corepack to install yarn by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#458
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@&#8203;caarlos0](https://togithub.com/caarlos0) in
[goreleaser/goreleaser-action#461
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#462
- chore(deps): bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#451

#### New Contributors

- [@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[goreleaser/goreleaser-action#446

**Full Changelog**:
goreleaser/goreleaser-action@v5.0.0...v5.1.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1366
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1374
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1377

For a full changelist of what these include, see the
[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1279
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by [@&#8203;spencerschrock](https://togithub.com/spencerschrock)
in
[ossf/scorecard-action#1352
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1376

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cuixq added a commit to google/osv-scanner that referenced this pull request May 23, 2024
@renovate-bot @cuixq
chore(deps): update workflows (#977)
ffdda1e 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.4` -> `v4.1.6` |
| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)
| action | minor | `v4.3.1` -> `v4.4.1` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`25b2c43` -> `7d83e59` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.6` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6)

- Check platform to set archive extension appropriately by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1732

###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update NPM dependencies by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1703
- Bump github/codeql-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1694
- Bump actions/setup-node from 1 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1696
- Bump actions/upload-artifact from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1695
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1707

**Full Changelog**:
actions/checkout@v4.1.4...v4.1.5

</details>

<details>
<summary>codecov/codecov-action (codecov/codecov-action)</summary>

###
[`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1)

[Compare
Source](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1)

###
[`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0)

[Compare
Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)

#### What's Changed

- chore: Clarify isPullRequestFromFork by
[@&#8203;jsoref](https://togithub.com/jsoref) in
[codecov/codecov-action#1411
- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[codecov/codecov-action#1423
- build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[codecov/codecov-action#1421
- build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[codecov/codecov-action#1420
- feat: remove GPG and run on spawn by
[@&#8203;thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov)
in
[codecov/codecov-action#1426
- build(deps-dev): bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 7.8.0 to 7.9.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[codecov/codecov-action#1428
- chore(release): 4.4.0 by
[@&#8203;thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov)
in
[codecov/codecov-action#1430

**Full Changelog**:
codecov/codecov-action@v4.3.1...v4.4.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)

###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)

#### Important

This version changes the default behavior of `latest` to `~> v1`.

The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.

#### What's Changed

- docs: bump actions to latest major by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#435
- chore(deps): bump docker/bake-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#436
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#437
- chore(deps): bump actions/setup-go from 4 to 5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#443
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#444
- Delete .kodiak.toml by
[@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[goreleaser/goreleaser-action#446
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#448
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#450
- Upgrade setup-go action version in README by
[@&#8203;kishaningithub](https://togithub.com/kishaningithub) in
[goreleaser/goreleaser-action#455
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#456
- chore: use corepack to install yarn by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[goreleaser/goreleaser-action#458
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@&#8203;caarlos0](https://togithub.com/caarlos0) in
[goreleaser/goreleaser-action#461
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#462
- chore(deps): bump
[@&#8203;actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[goreleaser/goreleaser-action#451

#### New Contributors

- [@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[goreleaser/goreleaser-action#446

**Full Changelog**:
goreleaser/goreleaser-action@v5.0.0...v5.1.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1366
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1374
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1377

For a full changelist of what these include, see the
[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1279
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by [@&#8203;spencerschrock](https://togithub.com/spencerschrock)
in
[ossf/scorecard-action#1352
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1376

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caarlos0 caarlos0 caarlos0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@crazy-max @caarlos0