4 Commits

Author	SHA1	Message	Date
Ramon Petgrave	3f37511042	chore: fix vuln: override autolinker ^4.0.0 (#785) ... fixes https://github.com/slsa-framework/slsa-verifier/security/code-scanning/11 markdown-toc's latest v1.2.0 is still vulnerable via a transitive dependency, but hasn't received updates in a long time. This PR overrides one of the other transitive dependencies to a non-vulnerable version. more info here https://github.com/jonschlinkert/markdown-toc/issues/156#issuecomment-2197630000 # Testing process - Manually invoked `make markdown-toc` and it did succeed, while also adding a missing header in the README. - Made a few typos in the headers and markdown-toc did fix them. - Cloned markdown-toc, added the override, and its unit tests passed --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-08-13 19:08:24 +00:00
Mend Renovate	4bab78a528	chore(deps): update npm dev (#650) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`18.19.28` -> `18.19.33`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.28/18.19.33) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [eslint](https://eslint.org) ([source](https://togithub.com/eslint/eslint)) | [`^8.57.0` -> `8.57.0`](https://renovatebot.com/diffs/npm/eslint/8.57.0/8.57.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | pin | | [eslint-plugin-prettier](https://togithub.com/prettier/eslint-plugin-prettier) | [`^5.1.3` -> `5.1.3`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.1.3/5.1.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | pin | | [markdown-toc](https://togithub.com/jonschlinkert/markdown-toc) | [`^1.2.0` -> `1.2.0`](https://renovatebot.com/diffs/npm/markdown-toc/1.2.0/1.2.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | pin | | [renovate](https://renovatebot.com) ([source](https://togithub.com/renovatebot/renovate)) | [`37.363.4` -> `37.374.1`](https://renovatebot.com/diffs/npm/renovate/37.363.4/37.374.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [typescript](https://www.typescriptlang.org/) ([source](https://togithub.com/Microsoft/TypeScript)) | [`^5.4.3` -> `5.4.3`](https://renovatebot.com/diffs/npm/typescript/5.4.3/5.4.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | pin | | [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) | [`^7.5.0` -> `7.5.0`](https://renovatebot.com/diffs/npm/typescript-eslint/7.5.0/7.5.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | pin | --- ### Release Notes <details> <summary>renovatebot/renovate (renovate)</summary> ### [`v37.374.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.374.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.374.0...37.374.1) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.6 ([#&#8203;29212](https://togithub.com/renovatebot/renovate/issues/29212)) ([f4eeaaa](f4eeaaaff6)) ### [`v37.374.0`](https://togithub.com/renovatebot/renovate/compare/37.373.0...fe62e80aebe988dd9dcbe47d3e5eee225ec3904d) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.373.0...37.374.0) ### [`v37.373.0`](https://togithub.com/renovatebot/renovate/compare/37.372.1...25255596d63a03a312885aba1b25fdfd7b76c7a4) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.372.1...37.373.0) ### [`v37.372.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.372.0...37.372.1) ##### Bug Fixes - **packageRules:** prPriority should only be in packageRules ([#&#8203;29201](https://togithub.com/renovatebot/renovate/issues/29201)) ([70f1f93](70f1f93823)) ### [`v37.372.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.371.1...37.372.0) ##### Features - **util/package-rules:** allow glob pattens in match{Current,New}Value ([#&#8203;29168](https://togithub.com/renovatebot/renovate/issues/29168)) ([56856d4](56856d4a46)) ##### Bug Fixes - **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.14 ([#&#8203;29199](https://togithub.com/renovatebot/renovate/issues/29199)) ([4edd63a](4edd63a297)) - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.5 ([#&#8203;29200](https://togithub.com/renovatebot/renovate/issues/29200)) ([757574b](757574b931)) ##### Miscellaneous Chores - **deps:** update ghcr.io/containerbase/devcontainer docker tag to v10.6.14 ([#&#8203;29198](https://togithub.com/renovatebot/renovate/issues/29198)) ([a8855d8](a8855d811c)) ### [`v37.371.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.371.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.371.0...37.371.1) ##### Bug Fixes - **pdm:** change pdm update strategy to eager ([#&#8203;29183](https://togithub.com/renovatebot/renovate/issues/29183)) ([2f335b6](2f335b61f4)) ##### Miscellaneous Chores - **deps:** update dependency [@&#8203;swc/core](https://togithub.com/swc/core) to v1.5.7 ([#&#8203;29192](https://togithub.com/renovatebot/renovate/issues/29192)) ([436fa71](436fa71ce4)) - **deps:** update linters to v7.10.0 ([#&#8203;29196](https://togithub.com/renovatebot/renovate/issues/29196)) ([ab36239](ab36239421)) - log when \_PROXY values detected ([#&#8203;29191](https://togithub.com/renovatebot/renovate/issues/29191)) ([e281931](e28193134a)) ### [`v37.371.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.371.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.370.0...37.371.0) ##### Features - **asdf:** Add rebar3 to asdf manager ([#&#8203;29188](https://togithub.com/renovatebot/renovate/issues/29188)) ([2e6c563](2e6c5636ea)) ##### Miscellaneous Chores - **deps:** update linters ([#&#8203;29193](https://togithub.com/renovatebot/renovate/issues/29193)) ([f59c7f3](f59c7f3162)) ### [`v37.370.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.370.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.369.1...37.370.0) ##### Features - **self-hosted:** `mergeConfidenceEndpoint` and `mergeConfidenceDatasources` ([#&#8203;28880](https://togithub.com/renovatebot/renovate/issues/28880)) ([044dc0f](044dc0fa28)) ### [`v37.369.1`](https://togithub.com/renovatebot/renovate/compare/37.369.0...ae15a51554828bb3891268c16f180124a90ade55) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.369.0...37.369.1) ### [`v37.369.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.369.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.10...37.369.0) ##### Features - **datasource:** `sourceUrl` & `releaseTimestamp` support ([#&#8203;29122](https://togithub.com/renovatebot/renovate/issues/29122)) ([d0b77e5](d0b77e584a)) ### [`v37.368.10`](https://togithub.com/renovatebot/renovate/compare/37.368.9...3c75e4bfb3e6786508f57ead837af102d468f4ab) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.9...37.368.10) ### [`v37.368.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.9) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.8...37.368.9) ##### Bug Fixes - **homebrew:** handle new github archive url format ([#&#8203;29138](https://togithub.com/renovatebot/renovate/issues/29138)) ([e035f05](e035f0562d)) ### [`v37.368.8`](https://togithub.com/renovatebot/renovate/compare/37.368.7...5b88dd6a31c24880da2b2dc5915916a8f3e4f6e8) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.7...37.368.8) ### [`v37.368.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.7) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.6...37.368.7) ##### Bug Fixes - **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.12 ([#&#8203;29157](https://togithub.com/renovatebot/renovate/issues/29157)) ([4a1e758](4a1e75889f)) ##### Documentation - **readme:** better alt text, add toggleable list of companies/projects that use Renovate ([#&#8203;29022](https://togithub.com/renovatebot/renovate/issues/29022)) ([f8f5184](f8f518493d)) ##### Miscellaneous Chores - **deps:** update containerbase/internal-tools action to v3.0.88 ([#&#8203;29149](https://togithub.com/renovatebot/renovate/issues/29149)) ([92686aa](92686aa201)) ### [`v37.368.6`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.6) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.5...37.368.6) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.3 ([#&#8203;29143](https://togithub.com/renovatebot/renovate/issues/29143)) ([7f6964c](7f6964cea9)) ### [`v37.368.5`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.5) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.4...37.368.5) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.2 ([#&#8203;29142](https://togithub.com/renovatebot/renovate/issues/29142)) ([c23c70f](c23c70fc8b)) ##### Miscellaneous Chores - **deps:** update dependency rimraf to v5.0.7 ([#&#8203;29141](https://togithub.com/renovatebot/renovate/issues/29141)) ([483bfc2](483bfc28f5)) ### [`v37.368.4`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.4) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.3...37.368.4) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.1 ([#&#8203;29140](https://togithub.com/renovatebot/renovate/issues/29140)) ([947bf17](947bf17aea)) ##### Miscellaneous Chores - **deps:** update dependency rimraf to v5.0.6 ([#&#8203;29139](https://togithub.com/renovatebot/renovate/issues/29139)) ([a2ba884](a2ba88412c)) ### [`v37.368.3`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.3) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.2...37.368.3) ##### Bug Fixes - **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.11 ([#&#8203;29134](https://togithub.com/renovatebot/renovate/issues/29134)) ([8216f20](8216f205dc)) ##### Documentation - **config:** warn about spaces in `schedule` ([#&#8203;29121](https://togithub.com/renovatebot/renovate/issues/29121)) ([ebfb48d](ebfb48d416)) ##### Miscellaneous Chores - **deps:** update ghcr.io/containerbase/devcontainer docker tag to v10.6.11 ([#&#8203;29133](https://togithub.com/renovatebot/renovate/issues/29133)) ([463226b](463226b1ed)) ### [`v37.368.2`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.2) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.1...37.368.2) ##### Bug Fixes - **gomod:** treat v0 pseudo version updates as digest updates ([#&#8203;29042](https://togithub.com/renovatebot/renovate/issues/29042)) ([6f8cde4](6f8cde4e67)) ### [`v37.368.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.0...37.368.1) ##### Miscellaneous Chores - **deps:** update actions/checkout action to v4.1.6 ([#&#8203;29126](https://togithub.com/renovatebot/renovate/issues/29126)) ([f951139](f951139409)) ##### Build System - **deps:** update dependency glob to v10.3.15 ([#&#8203;29125](https://togithub.com/renovatebot/renovate/issues/29125)) ([dc7d73f](dc7d73f98f)) ### [`v37.368.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.367.0...37.368.0) ##### Features - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.0 ([#&#8203;29124](https://togithub.com/renovatebot/renovate/issues/29124)) ([676e1ef](676e1ef47f)) ##### Build System - **deps:** update dependency glob to v10.3.14 ([#&#8203;29123](https://togithub.com/renovatebot/renovate/issues/29123)) ([40a6b4d](40a6b4d290)) ### [`v37.367.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.367.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.366.1...37.367.0) ##### Features - **presets:** add replacements for ZAP org moves ([#&#8203;29117](https://togithub.com/renovatebot/renovate/issues/29117)) ([7df1dc7](7df1dc77ae)) ### [`v37.366.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.366.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.366.0...37.366.1) ##### Build System - **deps:** update dependency jsonata to v2.0.5 ([#&#8203;29116](https://togithub.com/renovatebot/renovate/issues/29116)) ([8bbde23](8bbde23579)) ### [`v37.366.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.366.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.365.0...37.366.0) ##### Features - **datasource:** Add python-version datasource ([#&#8203;27583](https://togithub.com/renovatebot/renovate/issues/27583)) ([c8aacc4](c8aacc4c05)) - Support custom artifact notice ([#&#8203;28957](https://togithub.com/renovatebot/renovate/issues/28957)) ([1c8eb34](1c8eb34876)) ### [`v37.365.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.365.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.364.0...37.365.0) ##### Features - **presets/workarounds:** add bitnami docker versioning ([#&#8203;29112](https://togithub.com/renovatebot/renovate/issues/29112)) ([66de046](66de0465e9)) ### [`v37.364.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.364.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.9...37.364.0) ##### Features - **presets:** add strum to monorepos ([#&#8203;29109](https://togithub.com/renovatebot/renovate/issues/29109)) ([20716b0](20716b0609)) ##### Miscellaneous Chores - **deps:** update containerbase/internal-tools action to v3.0.87 ([#&#8203;29108](https://togithub.com/renovatebot/renovate/issues/29108)) ([e03a5cf](e03a5cf0cb)) ##### Tests - **osgi:** Use "codeBlock" for tests ([#&#8203;29110](https://togithub.com/renovatebot/renovate/issues/29110)) ([2429a07](2429a07eef)) ### [`v37.363.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.9) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.8...37.363.9) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.2 ([#&#8203;29099](https://togithub.com/renovatebot/renovate/issues/29099)) ([99ba857](99ba857374)) ##### Documentation - **config:** add note about GnuPG v2.4 usage ([#&#8203;29067](https://togithub.com/renovatebot/renovate/issues/29067)) ([88fd212](88fd2124ff)) ### [`v37.363.8`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.8) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.7...37.363.8) ##### Bug Fixes - **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.10 ([#&#8203;29096](https://togithub.com/renovatebot/renovate/issues/29096)) ([1254f6a](1254f6a662)) ##### Documentation - **bot comparison:** dependabot-core switched to MIT license ([#&#8203;29095](https://togithub.com/renovatebot/renovate/issues/29095)) ([d9cd961](d9cd9612ec)) - Update Swissquote article with information on the scheduler and dashboards ([#&#8203;29030](https://togithub.com/renovatebot/renovate/issues/29030)) ([01f9861](01f9861069)) ### [`v37.363.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.7) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.6...37.363.7) ##### Miscellaneous Chores - **deps:** update ghcr.io/containerbase/devcontainer docker tag to v10.6.10 ([#&#8203;29091](https://togithub.com/renovatebot/renovate/issues/29091)) ([dba9ad3](dba9ad3353)) ##### Build System - **deps:** update dependency zod to v3.23.8 ([#&#8203;29090](https://togithub.com/renovatebot/renovate/issues/29090)) ([caedb6f](caedb6f452)) ### [`v37.363.6`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.6) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.5...37.363.6) ##### Bug Fixes - **datasource/github-runners:** add Ubuntu 24.04 Noble Numbat as unstable ([#&#8203;29088](https://togithub.com/renovatebot/renovate/issues/29088)) ([e291ef0](e291ef0dbd)) ### [`v37.363.5`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.5) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.4...37.363.5) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.1 ([#&#8203;29079](https://togithub.com/renovatebot/renovate/issues/29079)) ([945c4cf](945c4cf8ba)) ##### Miscellaneous Chores - **deps:** update codecov/codecov-action action to v4.4.0 ([#&#8203;29080](https://togithub.com/renovatebot/renovate/issues/29080)) ([78edb5b](78edb5b0f8)) ##### Build System - **deps:** update dependency zod to v3.23.7 ([#&#8203;29077](https://togithub.com/renovatebot/renovate/issues/29077)) ([ead5d55](ead5d55a49)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2OC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-06-27 18:54:52 +00:00
Ian Lewis	87b5bae6d4	chore: Update Renovate config (#769) ... # Summary Updates renovate config to use the [`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices) preset rather than the `config:base` preset since `config:base` seems to be deprecated. Also updates the `schedule` config to use the [`schedule:monthly`](https://docs.renovatebot.com/presets-schedule/#schedulemonthly) preset. Also adds a pre-submit to run the [`renovate-config-validator`](https://docs.renovatebot.com/config-validation/) to ensure that renovate config is valid. This pre-submit will need to be made required in the repository branch protection rule for `main` in the repository settings after this PR is merged. --------- Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-05-16 07:13:09 +09:00
Ian Lewis	95e6555274	docs: Add docs for npm package verification (#587) ... Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-05-10 00:33:29 +00:00