Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 #1282

Merged
merged 1 commit into from Oct 23, 2023
Merged

🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 #1282

merged 1 commit into from Oct 23, 2023

Conversation

spencerschrock
Copy link
Contributor

This bumps scorecard to the newly release v4.13.1, in preparation for the next release of scorecard action v2.3.1.

The primary goal is the codeql fix from ossf/scorecard#3591

@spencerschrock
upgrade to scorecard v4.13.1
4eeaaf3 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@codecov
Copy link

codecov bot commented Oct 20, 2023

Codecov Report

Merging #1282 (4eeaaf3) into main (0ea411f) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1282   +/-   ##
=======================================
  Coverage   63.17%   63.17%           
=======================================
  Files           4        4           
  Lines         296      296           
=======================================
  Hits          187      187           
  Misses         94       94           
  Partials       15       15

@spencerschrock spencerschrock mentioned this pull request Oct 20, 2023
Merged
@spencerschrock spencerschrock merged commit 72df3bf into ossf:main Oct 23, 2023
11 checks passed
@spencerschrock spencerschrock deleted the dep/scorecard-v4.13.1 branch October 23, 2023 16:03
TylerJang27 pushed a commit to trunk-io/plugins that referenced this pull request Nov 6, 2023
@renovate
chore(deps): update all non-major dependencies (#527)
b4ee3db 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@types/caller](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/caller)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`1.0.0` ->
`1.0.1`](https://renovatebot.com/diffs/npm/@types%2fcaller/1.0.0/1.0.1)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/debug](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/debug)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`4.1.9` ->
`4.1.10`](https://renovatebot.com/diffs/npm/@types%2fdebug/4.1.9/4.1.10)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`29.5.5` ->
`29.5.7`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.5/29.5.7)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/jest-specific-snapshot](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest-specific-snapshot)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`0.5.7` ->
`0.5.8`](https://renovatebot.com/diffs/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`18.18.4` ->
`18.18.8`](https://renovatebot.com/diffs/npm/@types%2fnode/18.18.4/18.18.8)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [actions/setup-node](https://togithub.com/actions/setup-node) |
`v3.8.1` -> `v3.8.2` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [eslint](https://eslint.org)
([source](https://togithub.com/eslint/eslint)) | [`8.51.0` ->
`8.53.0`](https://renovatebot.com/diffs/npm/eslint/8.51.0/8.53.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-import](https://togithub.com/import-js/eslint-plugin-import)
| [`2.28.1` ->
`2.29.0`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.28.1/2.29.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-jest](https://togithub.com/jest-community/eslint-plugin-jest)
| [`27.4.2` ->
`27.6.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jest/27.4.2/27.6.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-prefer-arrow-functions](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions)
| [`3.1.4` ->
`3.2.4`](https://renovatebot.com/diffs/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v2.22.0` -> `v2.22.5` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
`v2.3.0` -> `v2.3.1` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [yaml](https://eemeli.org/yaml/)
([source](https://togithub.com/eemeli/yaml)) | [`2.3.2` ->
`2.3.4`](https://renovatebot.com/diffs/npm/yaml/2.3.2/2.3.4) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |

---

### Release Notes

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)

##### What's Changed

- Update semver by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[actions/setup-node#861
- Update temp directory creation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#859
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/setup-node#870
- Add notice about binaries not being updated yet by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#872
- Update toolkit cache and core by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@&#8203;seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[actions/setup-node#875

**Full Changelog**:
actions/setup-node@v3...v3.8.2

</details>

<details>
<summary>eslint/eslint (eslint)</summary>

### [`v8.53.0`](https://togithub.com/eslint/eslint/releases/tag/v8.53.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.52.0...v8.53.0)

#### Features

-
[`528e1c0`](https://togithub.com/eslint/eslint/commit/528e1c00dc2aa8636e5b706c4270dc655cfa17e3)
feat: Deprecate formatting rules
([#&#8203;17696](https://togithub.com/eslint/eslint/issues/17696))
(Nicholas C. Zakas)
-
[`c0b11dd`](https://togithub.com/eslint/eslint/commit/c0b11ddb9f8aacc64c3933b9f278939aa7bea481)
feat: Add suggestions for no-prototype-builtins
([#&#8203;17677](https://togithub.com/eslint/eslint/issues/17677))
(Yonathan Randolph)

#### Bug Fixes

-
[`1ad6257`](https://togithub.com/eslint/eslint/commit/1ad6257744d63281235fcc33288394b1d69b34ce)
fix: ensure that exit code for fatal errors is not overwritten
([#&#8203;17683](https://togithub.com/eslint/eslint/issues/17683))
(Milos Djermanovic)
-
[`b329ea7`](https://togithub.com/eslint/eslint/commit/b329ea748dff45f11c7e218208244dc24fcb5c8f)
fix: add `;` after JSX nodes in `no-object-constructor` autofix
([#&#8203;17672](https://togithub.com/eslint/eslint/issues/17672))
(Francesco Trotta)

#### Documentation

-
[`ab8c60d`](https://togithub.com/eslint/eslint/commit/ab8c60d4f859cec787b5a12f7271b40e666235f5)
docs: change position of return to top button
([#&#8203;17688](https://togithub.com/eslint/eslint/issues/17688))
(Tanuj Kanti)
-
[`4fc44c0`](https://togithub.com/eslint/eslint/commit/4fc44c0b8c5dca466bffdfe01dfd80794d7762b7)
docs: update twitter icon to new X icon
([#&#8203;17687](https://togithub.com/eslint/eslint/issues/17687))
(Tanuj Kanti)
-
[`4164b2c`](https://togithub.com/eslint/eslint/commit/4164b2ceec89726b18ea0b0e34fab05735d55a09)
docs: Update README (GitHub Actions Bot)
-
[`8651895`](https://togithub.com/eslint/eslint/commit/8651895ca7ae15e13d74c8be67d9eebd63a7ce1f)
docs: Fix tabs in rule examples
([#&#8203;17653](https://togithub.com/eslint/eslint/issues/17653))
(Francesco Trotta)
-
[`3aec1c5`](https://togithub.com/eslint/eslint/commit/3aec1c55ba2c6d2833e1c0afe0a58f0cc6bbc0a4)
docs: explained rule fixers and suggestions
([#&#8203;17657](https://togithub.com/eslint/eslint/issues/17657)) (Josh
Goldberg ✨)

#### Chores

-
[`ba4d4d5`](https://togithub.com/eslint/eslint/commit/ba4d4d567a82554250dd8c7933322824e6a73944)
chore: remove metascraper
([#&#8203;17707](https://togithub.com/eslint/eslint/issues/17707))
(Milos Djermanovic)
-
[`0d07338`](https://togithub.com/eslint/eslint/commit/0d0733882944b4849d71a40723c251213698cef9)
chore: Update dependencies
([#&#8203;17706](https://togithub.com/eslint/eslint/issues/17706))
(Milos Djermanovic)
-
[`93256a3`](https://togithub.com/eslint/eslint/commit/93256a32e312f3f4e5c532762df71bdc06bded20)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`485ec7d`](https://togithub.com/eslint/eslint/commit/485ec7d08ed2040c292f52bf9b9152f6c8ef4809)
test: fix ESLint tests for caching
([#&#8203;17699](https://togithub.com/eslint/eslint/issues/17699))
(Milos Djermanovic)
-
[`db06a7f`](https://togithub.com/eslint/eslint/commit/db06a7ff7992a74368f03d1f21beb00df0407021)
ci: bump actions/setup-node from 3 to 4
([#&#8203;17676](https://togithub.com/eslint/eslint/issues/17676))
(dependabot\[bot])
-
[`994596b`](https://togithub.com/eslint/eslint/commit/994596b07f5ff20a615a4be1ea03e5fd59cdb84b)
ci: run tests in Node.js 21
([#&#8203;17673](https://togithub.com/eslint/eslint/issues/17673))
(Francesco Trotta)

### [`v8.52.0`](https://togithub.com/eslint/eslint/releases/tag/v8.52.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.51.0...v8.52.0)

#### Features

-
[`70648ee`](https://togithub.com/eslint/eslint/commit/70648ee49c07f7b533d09f6bf8a5291e5a5a8601)
feat: report-unused-disable-directive to report unused eslint-enable
([#&#8203;17611](https://togithub.com/eslint/eslint/issues/17611))
(Yosuke Ota)

#### Bug Fixes

-
[`5de9637`](https://togithub.com/eslint/eslint/commit/5de9637fc925729a83d5a5e9e868a41792a184e3)
fix: Ensure shared references in rule configs are separated
([#&#8203;17666](https://togithub.com/eslint/eslint/issues/17666))
(Nicholas C. Zakas)
-
[`dcfe573`](https://togithub.com/eslint/eslint/commit/dcfe5739c374c9d7ed21f14027870ec0fd453661)
fix: add preceding semicolon in suggestions of `no-object-constructor`
([#&#8203;17649](https://togithub.com/eslint/eslint/issues/17649))
(Francesco Trotta)

#### Documentation

-
[`476d58a`](https://togithub.com/eslint/eslint/commit/476d58a584d5d2db003c4c22ffee90e63566164d)
docs: Add note about invalid CLI flags when using flat config.
([#&#8203;17664](https://togithub.com/eslint/eslint/issues/17664))
(Nicholas C. Zakas)
-
[`660ed3a`](https://togithub.com/eslint/eslint/commit/660ed3afd128ad529234a855345629982caf1bc7)
docs: Plugin flat config migration guide
([#&#8203;17640](https://togithub.com/eslint/eslint/issues/17640))
(Nicholas C. Zakas)
-
[`a58aa20`](https://togithub.com/eslint/eslint/commit/a58aa200fccedae7e2e9b6129246f2cedab14f8d)
docs: fix examples for several rules
([#&#8203;17645](https://togithub.com/eslint/eslint/issues/17645))
(Milos Djermanovic)
-
[`179929b`](https://togithub.com/eslint/eslint/commit/179929bd46892f18f2aef0c159d5cc361cb69987)
docs: Remove trailing newline from the code of Playground links
([#&#8203;17641](https://togithub.com/eslint/eslint/issues/17641))
(Francesco Trotta)
-
[`f8e5c30`](https://togithub.com/eslint/eslint/commit/f8e5c30636450d4a8baf51f0e227685e6d77ac64)
docs: Update README (GitHub Actions Bot)
-
[`b7ef2f3`](https://togithub.com/eslint/eslint/commit/b7ef2f34fe12b68a366e1b4bf5f64d7332c6e72e)
docs: Enable pretty code formatter output
([#&#8203;17635](https://togithub.com/eslint/eslint/issues/17635))
(Nicholas C. Zakas)
-
[`0bcb9a8`](https://togithub.com/eslint/eslint/commit/0bcb9a8db608a3d0bd2645f99e0707b9a9bbaaf0)
docs: Fix syntax errors in rule examples
([#&#8203;17633](https://togithub.com/eslint/eslint/issues/17633))
(Francesco Trotta)
-
[`61b9083`](https://togithub.com/eslint/eslint/commit/61b90839633ef300ac7707a651f65f532e65f42d)
docs: Make no-continue example code work
([#&#8203;17643](https://togithub.com/eslint/eslint/issues/17643))
(Zhongyuan Zhou)
-
[`9fafe45`](https://togithub.com/eslint/eslint/commit/9fafe450c31ed9b6bdd9dcd6c115255943b8c1c2)
docs: upgrade to 11ty 2.0
([#&#8203;17632](https://togithub.com/eslint/eslint/issues/17632))
(Percy Ma)
-
[`ff8e4bf`](https://togithub.com/eslint/eslint/commit/ff8e4bf327b5c92b0623b0fc5f8f101954f785db)
docs: Update README (GitHub Actions Bot)
-
[`fab249a`](https://togithub.com/eslint/eslint/commit/fab249ae6addac2ee18cd81cee80916010bb469e)
docs: Update README (GitHub Actions Bot)
-
[`392305b`](https://togithub.com/eslint/eslint/commit/392305bf4797e3ebc696dfca48bd874741fca845)
docs: Update `no-irregular-whitespace` and fix examples
([#&#8203;17626](https://togithub.com/eslint/eslint/issues/17626))
(Francesco Trotta)
-
[`6b8acfb`](https://togithub.com/eslint/eslint/commit/6b8acfb770589f3941df41c3910d3b8ffc3e1e45)
docs: Add real whitespace to `no-trailing-spaces` examples
([#&#8203;17630](https://togithub.com/eslint/eslint/issues/17630))
(Francesco Trotta)
-
[`1000187`](https://togithub.com/eslint/eslint/commit/1000187e00949332babcee4d37d46c96a6a554a8)
docs: Fix examples in `unicode-bom`
([#&#8203;17631](https://togithub.com/eslint/eslint/issues/17631))
(Francesco Trotta)
-
[`000290c`](https://togithub.com/eslint/eslint/commit/000290c4c923cc1473e21b4bdbdc0c42765ef7dd)
docs: Update README (GitHub Actions Bot)

#### Chores

-
[`6d1f0c2`](https://togithub.com/eslint/eslint/commit/6d1f0c2da0309c06c21149b8d71a8f439a70d7e8)
chore: upgrade
[@&#8203;eslint/js](https://togithub.com/eslint/js)[@&#8203;8](https://togithub.com/8).52.0
([#&#8203;17671](https://togithub.com/eslint/eslint/issues/17671))
(Milos Djermanovic)
-
[`d63d4fe`](https://togithub.com/eslint/eslint/commit/d63d4fe0942e6747ab60e758aa36076f43041a30)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`f30cefe`](https://togithub.com/eslint/eslint/commit/f30cefee6bda2789ede18e1664b84c2638ea1bb5)
test: fix FlatESLint tests for caching
([#&#8203;17658](https://togithub.com/eslint/eslint/issues/17658))
(Milos Djermanovic)
-
[`ef650cb`](https://togithub.com/eslint/eslint/commit/ef650cb612510bcfa1379c1f0af56dd563b3a705)
test: update tests for no-promise-executor-return
([#&#8203;17661](https://togithub.com/eslint/eslint/issues/17661))
(Milos Djermanovic)

</details>

<details>
<summary>import-js/eslint-plugin-import (eslint-plugin-import)</summary>

###
[`v2.29.0`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#2290---2023-10-22)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.28.1...v2.29.0)

##### Added

- TypeScript config: add .cts and .mts extensions
(\[[#&#8203;2851](https://togithub.com/import-js/eslint-plugin-import/issues/2851)],
thanks \[[@&#8203;Zamiell](https://togithub.com/Zamiell)])
- \[`newline-after-import`]: new option `exactCount` and docs update
(\[[#&#8203;1933](https://togithub.com/import-js/eslint-plugin-import/issues/1933)],
thanks \[[@&#8203;anikethsaha](https://togithub.com/anikethsaha)] and
\[[@&#8203;reosarevok](https://togithub.com/reosarevok)])
- \[`newline-after-import`]: fix `exactCount` with `considerComments`
false positive, when there is a leading comment
(\[[#&#8203;2884](https://togithub.com/import-js/eslint-plugin-import/issues/2884)],
thanks \[[@&#8203;kinland](https://togithub.com/kinland)])

</details>

<details>
<summary>jest-community/eslint-plugin-jest
(eslint-plugin-jest)</summary>

###
[`v27.6.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2760-2023-10-26)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.5.0...v27.6.0)

##### Features

- include plugin `meta` information for ESLint v9
([#&#8203;1454](https://togithub.com/jest-community/eslint-plugin-jest/issues/1454))
([4d57146](https://togithub.com/jest-community/eslint-plugin-jest/commit/4d571467631a407a038d5b4d61bc45f4622954f1))

###
[`v27.5.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2750-2023-10-26)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.3...v27.5.0)

##### Features

- **valid-title:** allow ignoring tests with non-string titles
([#&#8203;1460](https://togithub.com/jest-community/eslint-plugin-jest/issues/1460))
([ea89da9](https://togithub.com/jest-community/eslint-plugin-jest/commit/ea89da9b4e726980d80f97b69d31a4c4f81ff562))

####
[27.4.3](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3)
(2023-10-20)

##### Bug Fixes

- **expect-expert:** change reporting node
([#&#8203;1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452))
([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4))

####
[27.4.2](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.1...v27.4.2)
(2023-09-29)

##### Bug Fixes

- make rule message punctuation consistent
([#&#8203;1444](https://togithub.com/jest-community/eslint-plugin-jest/issues/1444))
([84121ee](https://togithub.com/jest-community/eslint-plugin-jest/commit/84121eee018cc8cc32e6c7a267fc27efd3a4a0a0))

####
[27.4.1](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.0...v27.4.1)
(2023-09-29)

##### Bug Fixes

- **no-focused-tests:** make reporting location consistent
([#&#8203;1443](https://togithub.com/jest-community/eslint-plugin-jest/issues/1443))
([a871775](https://togithub.com/jest-community/eslint-plugin-jest/commit/a87177504430d1c469af70d6fc3b674a388291d8))

###
[`v27.4.3`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2743-2023-10-20)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3)

##### Bug Fixes

- **expect-expert:** change reporting node
([#&#8203;1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452))
([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4))

</details>

<details>
<summary>JamieMason/eslint-plugin-prefer-arrow-functions
(eslint-plugin-prefer-arrow-functions)</summary>

###
[`v3.2.4`](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/blob/HEAD/CHANGELOG.md#324-2023-10-23)

[Compare
Source](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/compare/3.1.4...3.2.4)

##### Features

- **config:** add support for allowNamedFunctions
([50fb3b6](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/commit/50fb3b68d9b2eaf48617404bec8f9ed1b4e6a511))

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

</details>

<details>
<summary>eemeli/yaml (yaml)</summary>

### [`v2.3.4`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.4)

[Compare
Source](https://togithub.com/eemeli/yaml/compare/v2.3.3...v2.3.4)

- Do not throw for carriage return in tag shorthand
([#&#8203;501](https://togithub.com/eemeli/yaml/issues/501))

### [`v2.3.3`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/eemeli/yaml/compare/v2.3.2...v2.3.3)

- Do not throw error on malformed URI escape in tag
([#&#8203;498](https://togithub.com/eemeli/yaml/issues/498))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/trunk-io/plugins).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
michaelkedar pushed a commit to google/osv.dev that referenced this pull request Jan 9, 2024
@renovate-bot
chore(deps): update workflows (#1882)
b139601 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`a996638` -> `0f074c8` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.21.9` -> `v2.23.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.2.0` -> `v2.3.1` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.10` -> `v1.8.11` |

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1270
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1169
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1225

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1229
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1221
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[ossf/scorecard-action#1250
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[ossf/scorecard-action#1258

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[ossf/scorecard-action#1250
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[ossf/scorecard-action#1258

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.11`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.11)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.10...v1.8.11)

#### 💅 Cosmetic output improvements

[@&#8203;woodruffw](https://togithub.com/woodruffw) added a nudge
suggesting the users storing passwords in a GitHub Actions repository
secrets to switch to using secretless publishing in
[pypa/gh-action-pypi-publish#190.
This also reminds people that PyPI will start mandating two-factor
authentication to perform uploads in 2024.

#### 📝 What's Documented

[@&#8203;di](https://togithub.com/di) linked the configuration docs for
Trusted Publishing in README via
[pypa/gh-action-pypi-publish#179.

#### 🛠️ Internal dependencies

- Cryptography was bumped from 41.0.3 to 41.0.6
@&#[pypa/gh-action-pypi-publish#194
- Pip was bumped from 22.3.1 to 23.3
@&#[pypa/gh-action-pypi-publish#189
- pre-commit linters got autoupdated
@&#[pypa/gh-action-pypi-publish#184
- Urllib3 was bumped from 2.0.3 to 2.0.7
@&#[pypa/gh-action-pypi-publish#183

#### 💪 New Contributors

- [@&#8203;di](https://togithub.com/di) made their first contribution in
[pypa/gh-action-pypi-publish#179

**:mirror: Full Diff**:
pypa/gh-action-pypi-publish@v1.8.10...v1.8.11

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
anakinxc pushed a commit to secretflow/spu that referenced this pull request Jan 12, 2024
@renovate
Update ossf/scorecard-action action to v2.3.1 (#488)
b8457a5 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.1.2` -> `v2.3.1` |

---

### Release Notes

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1270
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1169
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1225

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1229
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1221
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[ossf/scorecard-action#1250
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[ossf/scorecard-action#1258

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[ossf/scorecard-action#1250
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[ossf/scorecard-action#1258

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

###
[`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1192

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://togithub.com/cynthia-sg) and
[@&#8203;tegioz](https://togithub.com/tegioz) at
[CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[ossf/scorecard-webapp#406
-
[ossf/scorecard-webapp#422

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([ossf/scorecard-action#1156,
resolved
[ossf/scorecard-action#1150)
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([ossf/scorecard-action#1191)

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://togithub.com/pnacht) in
[ossf/scorecard-action#1175
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://togithub.com/joycebrum) in
[ossf/scorecard-action#1153
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://togithub.com/bobcallaway) made their
first contribution in
[ossf/scorecard-action#1140
- [@&#8203;pnacht](https://togithub.com/pnacht) made their first
contribution in
[ossf/scorecard-action#1175

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1111

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://togithub.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://togithub.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://togithub.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://togithub.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/secretflow/spu).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjcuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
pat-trunk-io pushed a commit to trunk-io/plugins that referenced this pull request Jan 22, 2024
@renovate @pat-trunk-io
chore(deps): update all non-major dependencies (#527)
86dd0c2 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@types/caller](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/caller)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`1.0.0` ->
`1.0.1`](https://renovatebot.com/diffs/npm/@types%2fcaller/1.0.0/1.0.1)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fcaller/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fcaller/1.0.0/1.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/debug](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/debug)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`4.1.9` ->
`4.1.10`](https://renovatebot.com/diffs/npm/@types%2fdebug/4.1.9/4.1.10)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fdebug/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fdebug/4.1.9/4.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/jest](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`29.5.5` ->
`29.5.7`](https://renovatebot.com/diffs/npm/@types%2fjest/29.5.5/29.5.7)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest/29.5.5/29.5.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/jest-specific-snapshot](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest-specific-snapshot)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`0.5.7` ->
`0.5.8`](https://renovatebot.com/diffs/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fjest-specific-snapshot/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fjest-specific-snapshot/0.5.7/0.5.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`18.18.4` ->
`18.18.8`](https://renovatebot.com/diffs/npm/@types%2fnode/18.18.4/18.18.8)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.18.4/18.18.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [actions/setup-node](https://togithub.com/actions/setup-node) |
`v3.8.1` -> `v3.8.2` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/actions%2fsetup-node/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/actions%2fsetup-node/v3.8.1/v3.8.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [eslint](https://eslint.org)
([source](https://togithub.com/eslint/eslint)) | [`8.51.0` ->
`8.53.0`](https://renovatebot.com/diffs/npm/eslint/8.51.0/8.53.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.51.0/8.53.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-import](https://togithub.com/import-js/eslint-plugin-import)
| [`2.28.1` ->
`2.29.0`](https://renovatebot.com/diffs/npm/eslint-plugin-import/2.28.1/2.29.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-import/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-import/2.28.1/2.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-jest](https://togithub.com/jest-community/eslint-plugin-jest)
| [`27.4.2` ->
`27.6.0`](https://renovatebot.com/diffs/npm/eslint-plugin-jest/27.4.2/27.6.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-jest/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-jest/27.4.2/27.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-plugin-prefer-arrow-functions](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions)
| [`3.1.4` ->
`3.2.4`](https://renovatebot.com/diffs/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prefer-arrow-functions/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prefer-arrow-functions/3.1.4/3.2.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v2.22.0` -> `v2.22.5` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.22.0/v2.22.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
`v2.3.0` -> `v2.3.1` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.3.0/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [yaml](https://eemeli.org/yaml/)
([source](https://togithub.com/eemeli/yaml)) | [`2.3.2` ->
`2.3.4`](https://renovatebot.com/diffs/npm/yaml/2.3.2/2.3.4) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yaml/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yaml/2.3.2/2.3.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |

---

### Release Notes

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)

##### What's Changed

- Update semver by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[actions/setup-node#861
- Update temp directory creation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#859
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/setup-node#870
- Add notice about binaries not being updated yet by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#872
- Update toolkit cache and core by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@&#8203;seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[actions/setup-node#875

**Full Changelog**:
actions/setup-node@v3...v3.8.2

</details>

<details>
<summary>eslint/eslint (eslint)</summary>

### [`v8.53.0`](https://togithub.com/eslint/eslint/releases/tag/v8.53.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.52.0...v8.53.0)

#### Features

-
[`528e1c0`](https://togithub.com/eslint/eslint/commit/528e1c00dc2aa8636e5b706c4270dc655cfa17e3)
feat: Deprecate formatting rules
([#&#8203;17696](https://togithub.com/eslint/eslint/issues/17696))
(Nicholas C. Zakas)
-
[`c0b11dd`](https://togithub.com/eslint/eslint/commit/c0b11ddb9f8aacc64c3933b9f278939aa7bea481)
feat: Add suggestions for no-prototype-builtins
([#&#8203;17677](https://togithub.com/eslint/eslint/issues/17677))
(Yonathan Randolph)

#### Bug Fixes

-
[`1ad6257`](https://togithub.com/eslint/eslint/commit/1ad6257744d63281235fcc33288394b1d69b34ce)
fix: ensure that exit code for fatal errors is not overwritten
([#&#8203;17683](https://togithub.com/eslint/eslint/issues/17683))
(Milos Djermanovic)
-
[`b329ea7`](https://togithub.com/eslint/eslint/commit/b329ea748dff45f11c7e218208244dc24fcb5c8f)
fix: add `;` after JSX nodes in `no-object-constructor` autofix
([#&#8203;17672](https://togithub.com/eslint/eslint/issues/17672))
(Francesco Trotta)

#### Documentation

-
[`ab8c60d`](https://togithub.com/eslint/eslint/commit/ab8c60d4f859cec787b5a12f7271b40e666235f5)
docs: change position of return to top button
([#&#8203;17688](https://togithub.com/eslint/eslint/issues/17688))
(Tanuj Kanti)
-
[`4fc44c0`](https://togithub.com/eslint/eslint/commit/4fc44c0b8c5dca466bffdfe01dfd80794d7762b7)
docs: update twitter icon to new X icon
([#&#8203;17687](https://togithub.com/eslint/eslint/issues/17687))
(Tanuj Kanti)
-
[`4164b2c`](https://togithub.com/eslint/eslint/commit/4164b2ceec89726b18ea0b0e34fab05735d55a09)
docs: Update README (GitHub Actions Bot)
-
[`8651895`](https://togithub.com/eslint/eslint/commit/8651895ca7ae15e13d74c8be67d9eebd63a7ce1f)
docs: Fix tabs in rule examples
([#&#8203;17653](https://togithub.com/eslint/eslint/issues/17653))
(Francesco Trotta)
-
[`3aec1c5`](https://togithub.com/eslint/eslint/commit/3aec1c55ba2c6d2833e1c0afe0a58f0cc6bbc0a4)
docs: explained rule fixers and suggestions
([#&#8203;17657](https://togithub.com/eslint/eslint/issues/17657)) (Josh
Goldberg ✨)

#### Chores

-
[`ba4d4d5`](https://togithub.com/eslint/eslint/commit/ba4d4d567a82554250dd8c7933322824e6a73944)
chore: remove metascraper
([#&#8203;17707](https://togithub.com/eslint/eslint/issues/17707))
(Milos Djermanovic)
-
[`0d07338`](https://togithub.com/eslint/eslint/commit/0d0733882944b4849d71a40723c251213698cef9)
chore: Update dependencies
([#&#8203;17706](https://togithub.com/eslint/eslint/issues/17706))
(Milos Djermanovic)
-
[`93256a3`](https://togithub.com/eslint/eslint/commit/93256a32e312f3f4e5c532762df71bdc06bded20)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`485ec7d`](https://togithub.com/eslint/eslint/commit/485ec7d08ed2040c292f52bf9b9152f6c8ef4809)
test: fix ESLint tests for caching
([#&#8203;17699](https://togithub.com/eslint/eslint/issues/17699))
(Milos Djermanovic)
-
[`db06a7f`](https://togithub.com/eslint/eslint/commit/db06a7ff7992a74368f03d1f21beb00df0407021)
ci: bump actions/setup-node from 3 to 4
([#&#8203;17676](https://togithub.com/eslint/eslint/issues/17676))
(dependabot\[bot])
-
[`994596b`](https://togithub.com/eslint/eslint/commit/994596b07f5ff20a615a4be1ea03e5fd59cdb84b)
ci: run tests in Node.js 21
([#&#8203;17673](https://togithub.com/eslint/eslint/issues/17673))
(Francesco Trotta)

### [`v8.52.0`](https://togithub.com/eslint/eslint/releases/tag/v8.52.0)

[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.51.0...v8.52.0)

#### Features

-
[`70648ee`](https://togithub.com/eslint/eslint/commit/70648ee49c07f7b533d09f6bf8a5291e5a5a8601)
feat: report-unused-disable-directive to report unused eslint-enable
([#&#8203;17611](https://togithub.com/eslint/eslint/issues/17611))
(Yosuke Ota)

#### Bug Fixes

-
[`5de9637`](https://togithub.com/eslint/eslint/commit/5de9637fc925729a83d5a5e9e868a41792a184e3)
fix: Ensure shared references in rule configs are separated
([#&#8203;17666](https://togithub.com/eslint/eslint/issues/17666))
(Nicholas C. Zakas)
-
[`dcfe573`](https://togithub.com/eslint/eslint/commit/dcfe5739c374c9d7ed21f14027870ec0fd453661)
fix: add preceding semicolon in suggestions of `no-object-constructor`
([#&#8203;17649](https://togithub.com/eslint/eslint/issues/17649))
(Francesco Trotta)

#### Documentation

-
[`476d58a`](https://togithub.com/eslint/eslint/commit/476d58a584d5d2db003c4c22ffee90e63566164d)
docs: Add note about invalid CLI flags when using flat config.
([#&#8203;17664](https://togithub.com/eslint/eslint/issues/17664))
(Nicholas C. Zakas)
-
[`660ed3a`](https://togithub.com/eslint/eslint/commit/660ed3afd128ad529234a855345629982caf1bc7)
docs: Plugin flat config migration guide
([#&#8203;17640](https://togithub.com/eslint/eslint/issues/17640))
(Nicholas C. Zakas)
-
[`a58aa20`](https://togithub.com/eslint/eslint/commit/a58aa200fccedae7e2e9b6129246f2cedab14f8d)
docs: fix examples for several rules
([#&#8203;17645](https://togithub.com/eslint/eslint/issues/17645))
(Milos Djermanovic)
-
[`179929b`](https://togithub.com/eslint/eslint/commit/179929bd46892f18f2aef0c159d5cc361cb69987)
docs: Remove trailing newline from the code of Playground links
([#&#8203;17641](https://togithub.com/eslint/eslint/issues/17641))
(Francesco Trotta)
-
[`f8e5c30`](https://togithub.com/eslint/eslint/commit/f8e5c30636450d4a8baf51f0e227685e6d77ac64)
docs: Update README (GitHub Actions Bot)
-
[`b7ef2f3`](https://togithub.com/eslint/eslint/commit/b7ef2f34fe12b68a366e1b4bf5f64d7332c6e72e)
docs: Enable pretty code formatter output
([#&#8203;17635](https://togithub.com/eslint/eslint/issues/17635))
(Nicholas C. Zakas)
-
[`0bcb9a8`](https://togithub.com/eslint/eslint/commit/0bcb9a8db608a3d0bd2645f99e0707b9a9bbaaf0)
docs: Fix syntax errors in rule examples
([#&#8203;17633](https://togithub.com/eslint/eslint/issues/17633))
(Francesco Trotta)
-
[`61b9083`](https://togithub.com/eslint/eslint/commit/61b90839633ef300ac7707a651f65f532e65f42d)
docs: Make no-continue example code work
([#&#8203;17643](https://togithub.com/eslint/eslint/issues/17643))
(Zhongyuan Zhou)
-
[`9fafe45`](https://togithub.com/eslint/eslint/commit/9fafe450c31ed9b6bdd9dcd6c115255943b8c1c2)
docs: upgrade to 11ty 2.0
([#&#8203;17632](https://togithub.com/eslint/eslint/issues/17632))
(Percy Ma)
-
[`ff8e4bf`](https://togithub.com/eslint/eslint/commit/ff8e4bf327b5c92b0623b0fc5f8f101954f785db)
docs: Update README (GitHub Actions Bot)
-
[`fab249a`](https://togithub.com/eslint/eslint/commit/fab249ae6addac2ee18cd81cee80916010bb469e)
docs: Update README (GitHub Actions Bot)
-
[`392305b`](https://togithub.com/eslint/eslint/commit/392305bf4797e3ebc696dfca48bd874741fca845)
docs: Update `no-irregular-whitespace` and fix examples
([#&#8203;17626](https://togithub.com/eslint/eslint/issues/17626))
(Francesco Trotta)
-
[`6b8acfb`](https://togithub.com/eslint/eslint/commit/6b8acfb770589f3941df41c3910d3b8ffc3e1e45)
docs: Add real whitespace to `no-trailing-spaces` examples
([#&#8203;17630](https://togithub.com/eslint/eslint/issues/17630))
(Francesco Trotta)
-
[`1000187`](https://togithub.com/eslint/eslint/commit/1000187e00949332babcee4d37d46c96a6a554a8)
docs: Fix examples in `unicode-bom`
([#&#8203;17631](https://togithub.com/eslint/eslint/issues/17631))
(Francesco Trotta)
-
[`000290c`](https://togithub.com/eslint/eslint/commit/000290c4c923cc1473e21b4bdbdc0c42765ef7dd)
docs: Update README (GitHub Actions Bot)

#### Chores

-
[`6d1f0c2`](https://togithub.com/eslint/eslint/commit/6d1f0c2da0309c06c21149b8d71a8f439a70d7e8)
chore: upgrade
[@&#8203;eslint/js](https://togithub.com/eslint/js)[@&#8203;8](https://togithub.com/8).52.0
([#&#8203;17671](https://togithub.com/eslint/eslint/issues/17671))
(Milos Djermanovic)
-
[`d63d4fe`](https://togithub.com/eslint/eslint/commit/d63d4fe0942e6747ab60e758aa36076f43041a30)
chore: package.json update for
[@&#8203;eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`f30cefe`](https://togithub.com/eslint/eslint/commit/f30cefee6bda2789ede18e1664b84c2638ea1bb5)
test: fix FlatESLint tests for caching
([#&#8203;17658](https://togithub.com/eslint/eslint/issues/17658))
(Milos Djermanovic)
-
[`ef650cb`](https://togithub.com/eslint/eslint/commit/ef650cb612510bcfa1379c1f0af56dd563b3a705)
test: update tests for no-promise-executor-return
([#&#8203;17661](https://togithub.com/eslint/eslint/issues/17661))
(Milos Djermanovic)

</details>

<details>
<summary>import-js/eslint-plugin-import (eslint-plugin-import)</summary>

###
[`v2.29.0`](https://togithub.com/import-js/eslint-plugin-import/blob/HEAD/CHANGELOG.md#2290---2023-10-22)

[Compare
Source](https://togithub.com/import-js/eslint-plugin-import/compare/v2.28.1...v2.29.0)

##### Added

- TypeScript config: add .cts and .mts extensions
(\[[#&#8203;2851](https://togithub.com/import-js/eslint-plugin-import/issues/2851)],
thanks \[[@&#8203;Zamiell](https://togithub.com/Zamiell)])
- \[`newline-after-import`]: new option `exactCount` and docs update
(\[[#&#8203;1933](https://togithub.com/import-js/eslint-plugin-import/issues/1933)],
thanks \[[@&#8203;anikethsaha](https://togithub.com/anikethsaha)] and
\[[@&#8203;reosarevok](https://togithub.com/reosarevok)])
- \[`newline-after-import`]: fix `exactCount` with `considerComments`
false positive, when there is a leading comment
(\[[#&#8203;2884](https://togithub.com/import-js/eslint-plugin-import/issues/2884)],
thanks \[[@&#8203;kinland](https://togithub.com/kinland)])

</details>

<details>
<summary>jest-community/eslint-plugin-jest
(eslint-plugin-jest)</summary>

###
[`v27.6.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2760-2023-10-26)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.5.0...v27.6.0)

##### Features

- include plugin `meta` information for ESLint v9
([#&#8203;1454](https://togithub.com/jest-community/eslint-plugin-jest/issues/1454))
([4d57146](https://togithub.com/jest-community/eslint-plugin-jest/commit/4d571467631a407a038d5b4d61bc45f4622954f1))

###
[`v27.5.0`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2750-2023-10-26)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.3...v27.5.0)

##### Features

- **valid-title:** allow ignoring tests with non-string titles
([#&#8203;1460](https://togithub.com/jest-community/eslint-plugin-jest/issues/1460))
([ea89da9](https://togithub.com/jest-community/eslint-plugin-jest/commit/ea89da9b4e726980d80f97b69d31a4c4f81ff562))

####
[27.4.3](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3)
(2023-10-20)

##### Bug Fixes

- **expect-expert:** change reporting node
([#&#8203;1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452))
([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4))

####
[27.4.2](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.1...v27.4.2)
(2023-09-29)

##### Bug Fixes

- make rule message punctuation consistent
([#&#8203;1444](https://togithub.com/jest-community/eslint-plugin-jest/issues/1444))
([84121ee](https://togithub.com/jest-community/eslint-plugin-jest/commit/84121eee018cc8cc32e6c7a267fc27efd3a4a0a0))

####
[27.4.1](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.0...v27.4.1)
(2023-09-29)

##### Bug Fixes

- **no-focused-tests:** make reporting location consistent
([#&#8203;1443](https://togithub.com/jest-community/eslint-plugin-jest/issues/1443))
([a871775](https://togithub.com/jest-community/eslint-plugin-jest/commit/a87177504430d1c469af70d6fc3b674a388291d8))

###
[`v27.4.3`](https://togithub.com/jest-community/eslint-plugin-jest/blob/HEAD/CHANGELOG.md#2743-2023-10-20)

[Compare
Source](https://togithub.com/jest-community/eslint-plugin-jest/compare/v27.4.2...v27.4.3)

##### Bug Fixes

- **expect-expert:** change reporting node
([#&#8203;1452](https://togithub.com/jest-community/eslint-plugin-jest/issues/1452))
([64d5cda](https://togithub.com/jest-community/eslint-plugin-jest/commit/64d5cda7e64df7c73cde03ca057dfb71e87f50c4))

</details>

<details>
<summary>JamieMason/eslint-plugin-prefer-arrow-functions
(eslint-plugin-prefer-arrow-functions)</summary>

###
[`v3.2.4`](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/blob/HEAD/CHANGELOG.md#324-2023-10-23)

[Compare
Source](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/compare/3.1.4...3.2.4)

##### Features

- **config:** add support for allowNamedFunctions
([50fb3b6](https://togithub.com/JamieMason/eslint-plugin-prefer-arrow-functions/commit/50fb3b68d9b2eaf48617404bec8f9ed1b4e6a511))

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

</details>

<details>
<summary>eemeli/yaml (yaml)</summary>

### [`v2.3.4`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.4)

[Compare
Source](https://togithub.com/eemeli/yaml/compare/v2.3.3...v2.3.4)

- Do not throw for carriage return in tag shorthand
([#&#8203;501](https://togithub.com/eemeli/yaml/issues/501))

### [`v2.3.3`](https://togithub.com/eemeli/yaml/releases/tag/v2.3.3)

[Compare
Source](https://togithub.com/eemeli/yaml/compare/v2.3.2...v2.3.3)

- Do not throw error on malformed URI escape in tag
([#&#8203;498](https://togithub.com/eemeli/yaml/issues/498))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/trunk-io/plugins).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
codeboten pushed a commit to open-telemetry/opentelemetry-collector that referenced this pull request Jan 30, 2024
@renovate
Update github-actions deps (#9420)
7a43345 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.1.0` -> `v3.6.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.0` -> `v3.1.3` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.2.4` -> `v2.23.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.23.1` -> `v3.23.2` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.1.2` -> `v2.3.1` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

###
[`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3)

- [Fix: Checkout fail in self-hosted runners when faulty submodule are
checked-in](https://togithub.com/actions/checkout/pull/1196)
- [Fix typos found by
codespell](https://togithub.com/actions/checkout/pull/1287)
- [Add support for sparse
checkouts](https://togithub.com/actions/checkout/pull/1369)

###
[`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2)

- [Fix api endpoint for
GHES](https://togithub.com/actions/checkout/pull/1289)

###
[`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1)

- [Fix slow checkout on
Windows](https://togithub.com/actions/checkout/pull/1246)

###
[`v3.5.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0)

- [Add new public key for
known_hosts](https://togithub.com/actions/checkout/pull/1237)

###
[`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0)

- [Upgrade codeql actions to
v2](https://togithub.com/actions/checkout/pull/1209)
- [Upgrade
dependencies](https://togithub.com/actions/checkout/pull/1210)
- [Upgrade
@&#8203;actions/io](https://togithub.com/actions/checkout/pull/1225)

###
[`v3.3.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0)

- [Implement branch list using callbacks from exec
function](https://togithub.com/actions/checkout/pull/1045)
- [Add in explicit reference to private checkout
options](https://togithub.com/actions/checkout/pull/1050)
- [Fix comment typos (that got added in
#&#8203;770)](https://togithub.com/actions/checkout/pull/1057)

###
[`v3.2.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v320)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0)

- [Add GitHub Action to perform
release](https://togithub.com/actions/checkout/pull/942)
-   [Fix status badge](https://togithub.com/actions/checkout/pull/967)
- [Replace datadog/squid with ubuntu/squid Docker
image](https://togithub.com/actions/checkout/pull/1002)
- [Wrap pipeline commands for submoduleForeach in
quotes](https://togithub.com/actions/checkout/pull/964)
- [Update @&#8203;actions/io to
1.1.2](https://togithub.com/actions/checkout/pull/1029)
- [Upgrading version to
3.2.0](https://togithub.com/actions/checkout/pull/1039)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[actions/upload-artifact#313
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[actions/upload-artifact#436

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2)

- Update all `@actions/*` NPM packages to their latest versions-
[#&#8203;374](https://togithub.com/actions/upload-artifact/issues/374)
- Update all dev dependencies to their most recent versions -
[#&#8203;375](https://togithub.com/actions/upload-artifact/issues/375)

###
[`v3.1.1`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.0...v3.1.1)

- Update actions/core package to latest version to remove `set-output`
deprecation warning
[#&#8203;351](https://togithub.com/actions/upload-artifact/issues/351)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

###
[`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1)

###
[`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0)

###
[`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9)

###
[`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8)

###
[`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7)

###
[`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6)

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

###
[`v2.20.1`](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.0...v2.20.1)

###
[`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0)

###
[`v2.3.6`](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.5...v2.3.6)

###
[`v2.3.5`](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.4...v2.3.5)

###
[`v2.3.4`](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.3...v2.3.4)

###
[`v2.3.3`](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3)

###
[`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2)

###
[`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1)

###
[`v2.3.0`](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0)

###
[`v2.2.12`](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12)

###
[`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

###
[`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

###
[`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9)

###
[`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8)

###
[`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7)

###
[`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6)

###
[`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1270
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1169
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1225

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1229
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1221
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[ossf/scorecard-action#1250
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[ossf/scorecard-action#1258

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[ossf/scorecard-action#1250
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[ossf/scorecard-action#1258

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

###
[`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1192

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://togithub.com/cynthia-sg) and
[@&#8203;tegioz](https://togithub.com/tegioz) at
[CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[ossf/scorecard-webapp#406
-
[ossf/scorecard-webapp#422

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([ossf/scorecard-action#1156,
resolved
[ossf/scorecard-action#1150)
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([ossf/scorecard-action#1191)

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://togithub.com/pnacht) in
[ossf/scorecard-action#1175
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://togithub.com/joycebrum) in
[ossf/scorecard-action#1153
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://togithub.com/bobcallaway) made their
first contribution in
[ossf/scorecard-action#1140
- [@&#8203;pnacht](https://togithub.com/pnacht) made their first
contribution in
[ossf/scorecard-action#1175

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1111

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://togithub.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://togithub.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://togithub.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://togithub.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Boten <aboten@lightstep.com>
github-merge-queue bot pushed a commit to AmadeusITGroup/otter that referenced this pull request Mar 13, 2024
@kpanot
chore(deps): update all non-major dependencies (#1482)
180236d 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| peerDependencies | minor |
|
[@openapitools/openapi-generator-cli](https://togithub.com/OpenAPITools/openapi-generator-cli)
| [`~2.11.0` ->
`~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| dependencies | minor |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v2.24.6` -> `v2.24.7` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
`v3.24.6` -> `v3.24.7` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | patch |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
`v2.0.6` -> `v2.3.1` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
| action | minor |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>OpenAPITools/openapi-generator-cli
(@&#8203;openapitools/openapi-generator-cli)</summary>

###
[`v2.12.0`](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...ad97182dac3fc2fec59c70fa96e7213d0a475dd3)

[Compare
Source](https://togithub.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...v2.12.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

###
[`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1270
- For a full changelist of what this includes, see the
[v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and
[v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0)
release notes
- ✨ Send rekor tlog index to webapp when publishing results by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1169
- 🐛 Prevent url clipping for GHES instances by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1225

##### Documentation

- 📖 Update access rights needed to see the results in code scanning
by [@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1229
- 📖 Add package comments. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1221
- 📖 Add SECURITY.md file by
[@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) in
[ossf/scorecard-action#1250
- 📖 Fix typo in token input docs by
[@&#8203;aabouzaid](https://togithub.com/aabouzaid) in
[ossf/scorecard-action#1258

#### New Contributors

- [@&#8203;david-a-wheeler](https://togithub.com/david-a-wheeler) made
their first contribution in
[ossf/scorecard-action#1250
- [@&#8203;aabouzaid](https://togithub.com/aabouzaid) made their first
contribution in
[ossf/scorecard-action#1258

**Full Changelog**:
ossf/scorecard-action@v2.2.0...v2.3.0

###
[`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1192

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://togithub.com/cynthia-sg) and
[@&#8203;tegioz](https://togithub.com/tegioz) at
[CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[ossf/scorecard-webapp#406
-
[ossf/scorecard-webapp#422

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([ossf/scorecard-action#1156,
resolved
[ossf/scorecard-action#1150)
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([ossf/scorecard-action#1191)

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://togithub.com/pnacht) in
[ossf/scorecard-action#1175
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://togithub.com/joycebrum) in
[ossf/scorecard-action#1153
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://togithub.com/bobcallaway) made their
first contribution in
[ossf/scorecard-action#1140
- [@&#8203;pnacht](https://togithub.com/pnacht) made their first
contribution in
[ossf/scorecard-action#1175

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1111

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://togithub.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://togithub.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://togithub.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://togithub.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

###
[`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2)

#### What's Changed

##### Fixes

- 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1054

**Full Changelog**:
ossf/scorecard-action@v2.1.1...v2.1.2

###
[`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1)

#### Scorecard version

This release use [Scorecard's
v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1)

**Full Changelog**:
ossf/scorecard-action@v2.1.0...v2.1.1

###
[`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0)

#### What's Changed

##### Scorecard version

This release uses [scorecard
v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0).

##### Improvements

- Docker build workflow by
[@&#8203;naveensrinivasan](https://togithub.com/naveensrinivasan) in
[ossf/scorecard-action#981
- Use root user in distroless to support GitHub Actions by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#994
- Disable pull_request_target by
[@&#8203;laurentsimon](https://togithub.com/laurentsimon) in
[ossf/scorecard-action#1031

##### Documentation

- Add PAT section explaining risks by
[@&#8203;olivekl](https://togithub.com/olivekl) in
[ossf/scorecard-action#1024
- Make the badge text easier to copy by
[@&#8203;rajbos](https://togithub.com/rajbos) in
[ossf/scorecard-action#1026

#### New Contributors

- [@&#8203;joycebrum](https://togithub.com/joycebrum) made their first
contribution in
[ossf/scorecard-action#984
- [@&#8203;rajbos](https://togithub.com/rajbos) made their first
contribution in
[ossf/scorecard-action#1026

**Full Changelog**:
ossf/scorecard-action@v2.0.6...v2.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am
every weekday,every weekend" in timezone Europe/Paris, Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/AmadeusITGroup/otter).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
laurentsimon pushed a commit to slsa-framework/slsa-verifier that referenced this pull request Mar 22, 2024
@renovate-bot
chore(deps): update github-actions (#741)
594b179 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v3.1.0` -> `v3.1.5` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v3.8.1` -> `v3.8.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.22.1` -> `v2.24.8` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.0` -> `v2.3.1` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.9.0` -> `v1.10.0` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | patch | `v2.4.0` -> `v2.4.1` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5):
3.1.5

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5)

#### What's Changed

- Smaller `per_page` when requesting diff by
[@&#8203;hmaurer](https://togithub.com/hmaurer) in
[actions/dependency-review-action#649
-   Update dependencies:
- Bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.10.0 to 6.13.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#630
- Bump prettier from 3.0.3 to 3.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#629
- Bump [@&#8203;types/jest](https://togithub.com/types/jest) from 29.5.8
to 29.5.11 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#637
- Bump nodemon from 3.0.1 to 3.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#636
- Replace pip -> pypi in PURL examples by
[@&#8203;febuiles](https://togithub.com/febuiles) in
[actions/dependency-review-action#638
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.12.0 to 6.15.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#644
- Bump eslint from 8.53.0 to 8.56.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#640
- Bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.13.1 to 6.16.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#645
- Bump prettier from 3.1.0 to 3.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#646

**Full Changelog**:
actions/dependency-review-action@v3.1.4...v3.1.5

###
[`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4):
3.1.4

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4)

#### What's Changed

- Fixed a
[bug](https://togithub.com/actions/dependency-review-action/issues/618)
with severity filtering when using the `allow_ghsas` option:
[actions/dependency-review-action#623.

-   Updates dependencies:
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
16.18.61 to 16.18.62 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#619
        action/pull/620
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.11.0 to 6.12.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#625
- Bump typescript from 5.2.2 to 5.3.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#624

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.4

###
[`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3):
3.1.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3)

#### What's Changed

- Fixes purl "version must be percent-encoded" by
[@&#8203;theztefan](https://togithub.com/theztefan) in
[actions/dependency-review-action#617

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2):
3.1.2

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2)

#### What's Changed

- Fix a regression for setups using self-hosted runners behind HTTP
proxies:[@&#8203;febuiles](https://togithub.com/febuiles) in
[actions/dependency-review-action#611

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.2

###
[`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1):
3.1.1

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1)

#### What's Changed

- Update a bunch of dependencies, including major version upgrades for
`octokit`, `@actions/github` and `typescript`.

**Full Changelog**:
actions/dependency-review-action@v3.1.0...v3.1.1

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)

##### What's Changed

- Update semver by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[actions/setup-node#861
- Update temp directory creation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#859
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/setup-node#870
- Add notice about binaries not being updated yet by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#872
- Update toolkit cache and core by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@&#8203;seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[actions/setup-node#875

**Full Changelog**:
actions/setup-node@v3...v3.8.2

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

###
[`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

###
[`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

###
[`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

###
[`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

###
[`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

###
[`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

###
[`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0)

Release \[v1.10.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0).

##### v1.10.0: TUF fix

- The cosign TUF roots were fixed
([#&#8203;3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)).
More details
[here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid).

##### v1.10.0: Gradle Builder

- The Gradle Builder was fixed when the project root is the same as the
repository root
([#&#8203;2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727))

##### v1.10.0: Go Builder

- The `go-version-file` input was fixed so that it can find the `go.mod`
file

([#&#8203;2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661))

##### v1.10.0: Container Generator

- A new `provenance-repository` input was added to allow reading
provenance from
a different container repository than the image itself
([#&#8203;2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956))

###
[`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1)

**This is an un-finalized release.**

See the [CHANGELOG](./CHANGELOG.md) for details.

</details>

<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>

###
[`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1)

[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1)

#### What's Changed

- Fix a verification issue when verifying npm's publish attestations -
Low severity
GHSA-r2xv-vpr2-42m9.
This part of the code remains *experimental*.

#### New Contributors

- [@&#8203;trishankatdatadog](https://togithub.com/trishankatdatadog)
made their first contribution in
[#702

**Full Changelog**:
v2.4.0...v2.4.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
ramonpetgrave64 pushed a commit to ramonpetgrave64/slsa-verifier that referenced this pull request Apr 10, 2024
@renovate-bot @ramonpetgrave64
chore(deps): update github-actions (slsa-framework#741)
7c079f4 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v3.1.0` -> `v3.1.5` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v3.8.1` -> `v3.8.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.22.1` -> `v2.24.8` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.0` -> `v2.3.1` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.9.0` -> `v1.10.0` |
|
[slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier)
| action | patch | `v2.4.0` -> `v2.4.1` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5):
3.1.5

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5)

#### What's Changed

- Smaller `per_page` when requesting diff by
[@&#8203;hmaurer](https://togithub.com/hmaurer) in
[actions/dependency-review-action#649
-   Update dependencies:
- Bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.10.0 to 6.13.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#630
- Bump prettier from 3.0.3 to 3.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#629
- Bump [@&#8203;types/jest](https://togithub.com/types/jest) from 29.5.8
to 29.5.11 by [@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#637
- Bump nodemon from 3.0.1 to 3.0.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#636
- Replace pip -> pypi in PURL examples by
[@&#8203;febuiles](https://togithub.com/febuiles) in
[actions/dependency-review-action#638
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.12.0 to 6.15.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#644
- Bump eslint from 8.53.0 to 8.56.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#640
- Bump
[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)
from 6.13.1 to 6.16.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#645
- Bump prettier from 3.1.0 to 3.1.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#646

**Full Changelog**:
actions/dependency-review-action@v3.1.4...v3.1.5

###
[`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4):
3.1.4

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4)

#### What's Changed

- Fixed a
[bug](https://togithub.com/actions/dependency-review-action/issues/618)
with severity filtering when using the `allow_ghsas` option:
[actions/dependency-review-action#623.

-   Updates dependencies:
- Bump [@&#8203;types/node](https://togithub.com/types/node) from
16.18.61 to 16.18.62 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#619
        action/pull/620
- Bump
[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)
from 6.11.0 to 6.12.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#625
- Bump typescript from 5.2.2 to 5.3.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/dependency-review-action#624

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.4

###
[`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3):
3.1.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3)

#### What's Changed

- Fixes purl "version must be percent-encoded" by
[@&#8203;theztefan](https://togithub.com/theztefan) in
[actions/dependency-review-action#617

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.3

###
[`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2):
3.1.2

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2)

#### What's Changed

- Fix a regression for setups using self-hosted runners behind HTTP
proxies:[@&#8203;febuiles](https://togithub.com/febuiles) in
[actions/dependency-review-action#611

**Full Changelog**:
actions/dependency-review-action@v3...v3.1.2

###
[`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1):
3.1.1

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1)

#### What's Changed

- Update a bunch of dependencies, including major version upgrades for
`octokit`, `@actions/github` and `typescript`.

**Full Changelog**:
actions/dependency-review-action@v3.1.0...v3.1.1

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2)

##### What's Changed

- Update semver by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[actions/setup-node#861
- Update temp directory creation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#859
- Bump [@&#8203;babel/traverse](https://togithub.com/babel/traverse)
from 7.15.4 to 7.23.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/setup-node#870
- Add notice about binaries not being updated yet by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-node#872
- Update toolkit cache and core by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) and
[@&#8203;seongwon-privatenote](https://togithub.com/seongwon-privatenote)
in
[actions/setup-node#875

**Full Changelog**:
actions/setup-node@v3...v3.8.2

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8)

###
[`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7)

###
[`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6)

###
[`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5)

###
[`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4)

###
[`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3)

###
[`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2)

###
[`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1)

###
[`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0)

###
[`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2)

###
[`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1)

###
[`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0)

###
[`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12)

###
[`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11)

###
[`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10)

###
[`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9)

###
[`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8)

###
[`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7)

###
[`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6)

###
[`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)

###
[`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4)

###
[`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3)

###
[`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[ossf/scorecard-action#1282
- Adds additional Fuzzing detection and fixes a SAST bug related to
detecting CodeQL. For a full changelist of what this includes, see the
[v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1)
release notes

**Full Changelog**:
ossf/scorecard-action@v2.3.0...v2.3.1

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0)

Release \[v1.10.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0).

##### v1.10.0: TUF fix

- The cosign TUF roots were fixed
([#&#8203;3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)).
More details
[here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid).

##### v1.10.0: Gradle Builder

- The Gradle Builder was fixed when the project root is the same as the
repository root
([#&#8203;2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727))

##### v1.10.0: Go Builder

- The `go-version-file` input was fixed so that it can find the `go.mod`
file

([#&#8203;2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661))

##### v1.10.0: Container Generator

- A new `provenance-repository` input was added to allow reading
provenance from
a different container repository than the image itself
([#&#8203;2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956))

###
[`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1)

**This is an un-finalized release.**

See the [CHANGELOG](./CHANGELOG.md) for details.

</details>

<details>
<summary>slsa-framework/slsa-verifier
(slsa-framework/slsa-verifier)</summary>

###
[`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1)

[Compare
Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1)

#### What's Changed

- Fix a verification issue when verifying npm's publish attestations -
Low severity
GHSA-r2xv-vpr2-42m9.
This part of the code remains *experimental*.

#### New Contributors

- [@&#8203;trishankatdatadog](https://togithub.com/trishankatdatadog)
made their first contribution in
[slsa-framework#702

**Full Changelog**:
slsa-framework/slsa-verifier@v2.4.0...v2.4.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inferno-chromium inferno-chromium inferno-chromium approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@spencerschrock @inferno-chromium