Mend Renovate
e0b3ab793c
fix(deps): update npm ( #843 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@actions/github](https://redirect.github.com/actions/toolkit/tree/main/packages/github )
([source](https://redirect.github.com/actions/toolkit/tree/HEAD/packages/github ))
| [`6.0.0` ->
`6.0.1`](https://renovatebot.com/diffs/npm/@actions%2fgithub/6.0.0/6.0.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
|
[@actions/tool-cache](https://redirect.github.com/actions/toolkit/tree/main/packages/tool-cache )
([source](https://redirect.github.com/actions/toolkit/tree/HEAD/packages/tool-cache ))
| [`2.0.1` ->
`2.0.2`](https://renovatebot.com/diffs/npm/@actions%2ftool-cache/2.0.1/2.0.2 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
### Release Notes
<details>
<summary>actions/toolkit (@​actions/github)</summary>
###
[`v6.0.1`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/github/RELEASES.md#601 )
- Dependency updates
[#​2043](https://redirect.github.com/actions/toolkit/pull/2043/ )
</details>
<details>
<summary>actions/toolkit (@​actions/tool-cache)</summary>
###
[`v2.0.2`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/tool-cache/RELEASES.md#202 )
- Update `@actions/core` to v1.11.1
[#​1872](https://redirect.github.com/actions/toolkit/pull/1872 )
- Remove dependency on `uuid` package
[#​1824](https://redirect.github.com/actions/toolkit/pull/1824 ),
[#​1842](https://redirect.github.com/actions/toolkit/pull/1842 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, on day
1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjQwLjcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: github-actions <github-actions@github.com >
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2025-06-18 02:56:19 -04:00
dependabot[bot]
0c4a78d615
chore(deps): bump @octokit/request-error from 5.0.1 to 5.1.1 in /actions/installer in the npm_and_yarn group across 1 directory ( #833 )
...
Bumps the npm_and_yarn group with 1 update in the /actions/installer
directory:
[@octokit/request-error](https://github.com/octokit/request-error.js ).
Updates `@octokit/request-error` from 5.0.1 to 5.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/request-error.js/releases "><code>@octokit/request-error</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v5.1.1</h2>
<h2><a
href="https://github.com/octokit/request-error.js/compare/v5.1.0...v5.1.1 ">5.1.1</a>
(2025-02-14)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>ReDos regex vulnerability, reported by <a
href="https://github.com/dayshift "><code>@dayshift</code></a> (<a
href="12a14f03dbhttps://github.com/octokit/request-error.js/compare/v5.0.1...v5.1.0 ">5.1.0</a>
(2024-04-05)</h1>
<h3>Bug Fixes</h3>
<ul>
<li>upgrade <code>@octokit/types</code> to v13 (<a
href="3af20bd58fhttps://redirect.github.com/octokit/request-error.js/issues/416 ">#416</a>)
(<a
href="94147e8843b51ed27668https://github.com/dayshift "><code>@dayshift</code></a></li>
<li><a
href="12a14f03dbhttps://github.com/dayshift "><code>@dayshift</code></a></li>
<li><a
href="3af20bd58f94147e8843https://redirect.github.com/octokit/request-error.js/issues/416 ">#416</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/request-error.js/compare/v5.0.1...v5.1.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
Co-authored-by: github-actions <github-actions@github.com >
2025-06-17 13:59:21 -04:00
Ramon Petgrave
9825851f50
chore: Update docs for v2.7.0 ( #829 )
...
#label:release v2.7.0
Updates docs to reference the new v2.7.0 release.
**How to verify**
Clone the repo and run the script described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance .
```
git clone git@github.com:slsa-framework/slsa-verifier.git
cd slsa-verifier
chmod +x verify-release.sh
GH_TOKEN=`gh auth token` bash verify-release.sh v2.7.0
```
Using the temp directory logged from the above command
```
cd <logged temp directory from running verify-release.sh>
sha256sum * | grep -v "intoto"
36694b43ab23be234add09272e5faf77349d7e267bf65c01dc9bcdf58c4f496e slsa-verifier-darwin-amd64
84d9122ce12e0c79080844285fd5c4976407ed3463e434a1b21b0979c46b1e55 slsa-verifier-darwin-arm64
499befb675efcca9001afe6e5156891b91e71f9c07ab120a8943979f85cc82e6 slsa-verifier-linux-amd64
dc3845d7605f666a0938389c1c5735230e50b32a547867ffd351fb14df928167 slsa-verifier-linux-arm64
61ff8b1cca6ac0012b0ba906367836f64a389444766be437df2a69f71285f43b slsa-verifier-windows-amd64.exe
ddf58798049599c44caf299b6a9cf8a41760daa94ee208bdae8aa78fc75dcb2b slsa-verifier-windows-arm64.exe
```
Confirm your output checksums matches those in this PR's changes for
SHA256SUM.md.
---------
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
2025-02-10 12:36:28 -05:00
dependabot[bot]
6657aada08
chore(deps): bump undici from 5.28.4 to 5.28.5 in /actions/installer in the npm_and_yarn group across 1 directory ( #827 )
...
Bumps the npm_and_yarn group with 1 update in the /actions/installer
directory: [undici](https://github.com/nodejs/undici ).
Updates `undici` from 5.28.4 to 5.28.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases ">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.5</h2>
<h1>⚠️ Security Release ⚠️ </h1>
<p>Fixes CVE CVE-2025-22150 <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 ">https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 </a>
(embargoed until 22-01-2025).</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5 ">https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6139ed2e0c711e207727https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com >
2025-01-28 19:21:01 +00:00
Mend Renovate
84e5c03318
fix(deps): update dependency @actions/core to v1.11.1 ( #819 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@actions/core](https://redirect.github.com/actions/toolkit/tree/main/packages/core )
([source](https://redirect.github.com/actions/toolkit/tree/HEAD/packages/core ))
| [`1.10.1` ->
`1.11.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.1/1.11.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
### Release Notes
<details>
<summary>actions/toolkit (@​actions/core)</summary>
###
[`v1.11.1`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1111 )
- Fix uses of `crypto.randomUUID` on Node 18 and earlier
[#​1842](https://redirect.github.com/actions/toolkit/pull/1842 )
###
[`v1.11.0`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110 )
- Add platform info utilities
[#​1551](https://redirect.github.com/actions/toolkit/pull/1551 )
- Remove dependency on `uuid` package
[#​1824](https://redirect.github.com/actions/toolkit/pull/1824 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At
any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: github-actions <github-actions@github.com >
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-12-05 12:27:39 -05:00
Kyle Colantonio
d758bd3718
feat(action): Updating to Node20 ( #811 )
...
This PR relates to the discussion from
https://github.com/slsa-framework/slsa-verifier/issues/806 regarding the
Node16 deprecation notice.
There are no changes to the `dist/` folder with the change to Node20
(used `v20.17.0`) - this is completely drop-in.
Signed-off-by: Kyle Colantonio <k@yle.sh >
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-10-10 15:30:23 -04:00
Ramon Petgrave
d96b977709
chore: v2.6.0: update docs ( #789 )
...
#label:release v2.6.0
# How to Verify
Clone the repo and run the script described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance .
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.6.0
```
This will download the release files and verify the binaries. Confirm
that the output hashes matches those in this PR's SHA256SUM.md
-
https://github.com/slsa-framework/slsa-verifier/pull/789/files#diff-7834ca792905514302a0630d1c57dc1d330569a18fc2fff4aac6129efb00f4ccR1-R8
---------
Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com >
2024-07-17 12:21:44 -04:00
Mend Renovate
4bab78a528
chore(deps): update npm dev ( #650 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node )
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ))
| [`18.19.28` ->
`18.19.33`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.28/18.19.33 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | patch |
| [eslint](https://eslint.org )
([source](https://togithub.com/eslint/eslint )) | [`^8.57.0` ->
`8.57.0`](https://renovatebot.com/diffs/npm/eslint/8.57.0/8.57.0 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
|
[eslint-plugin-prettier](https://togithub.com/prettier/eslint-plugin-prettier )
| [`^5.1.3` ->
`5.1.3`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.1.3/5.1.3 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
| [markdown-toc](https://togithub.com/jonschlinkert/markdown-toc ) |
[`^1.2.0` ->
`1.2.0`](https://renovatebot.com/diffs/npm/markdown-toc/1.2.0/1.2.0 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
| [renovate](https://renovatebot.com )
([source](https://togithub.com/renovatebot/renovate )) | [`37.363.4` ->
`37.374.1`](https://renovatebot.com/diffs/npm/renovate/37.363.4/37.374.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | minor |
| [typescript](https://www.typescriptlang.org/ )
([source](https://togithub.com/Microsoft/TypeScript )) | [`^5.4.3` ->
`5.4.3`](https://renovatebot.com/diffs/npm/typescript/5.4.3/5.4.3 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint )
([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint ))
| [`^7.5.0` ->
`7.5.0`](https://renovatebot.com/diffs/npm/typescript-eslint/7.5.0/7.5.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
---
### Release Notes
<details>
<summary>renovatebot/renovate (renovate)</summary>
###
[`v37.374.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.374.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.374.0...37.374.1 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.6
([#​29212](https://togithub.com/renovatebot/renovate/issues/29212 ))
([f4eeaaa](f4eeaaaff6https://togithub.com/renovatebot/renovate/compare/37.373.0...fe62e80aebe988dd9dcbe47d3e5eee225ec3904d )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.373.0...37.374.0 )
###
[`v37.373.0`](https://togithub.com/renovatebot/renovate/compare/37.372.1...25255596d63a03a312885aba1b25fdfd7b76c7a4 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.372.1...37.373.0 )
###
[`v37.372.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.372.0...37.372.1 )
##### Bug Fixes
- **packageRules:** prPriority should only be in packageRules
([#​29201](https://togithub.com/renovatebot/renovate/issues/29201 ))
([70f1f93](70f1f93823https://togithub.com/renovatebot/renovate/releases/tag/37.372.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.371.1...37.372.0 )
##### Features
- **util/package-rules:** allow glob pattens in match{Current,New}Value
([#​29168](https://togithub.com/renovatebot/renovate/issues/29168 ))
([56856d4](56856d4a46https://togithub.com/renovatebot/renovate/issues/29199 ))
([4edd63a](4edd63a297https://togithub.com/renovatebot/renovate/issues/29200 ))
([757574b](757574b931https://togithub.com/renovatebot/renovate/issues/29198 ))
([a8855d8](a8855d811chttps://togithub.com/renovatebot/renovate/releases/tag/37.371.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.371.0...37.371.1 )
##### Bug Fixes
- **pdm:** change pdm update strategy to eager
([#​29183](https://togithub.com/renovatebot/renovate/issues/29183 ))
([2f335b6](2f335b61f4https://togithub.com/swc/core ) to v1.5.7
([#​29192](https://togithub.com/renovatebot/renovate/issues/29192 ))
([436fa71](436fa71ce4https://togithub.com/renovatebot/renovate/issues/29196 ))
([ab36239](ab36239421https://togithub.com/renovatebot/renovate/issues/29191 ))
([e281931](e28193134ahttps://togithub.com/renovatebot/renovate/releases/tag/37.371.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.370.0...37.371.0 )
##### Features
- **asdf:** Add rebar3 to asdf manager
([#​29188](https://togithub.com/renovatebot/renovate/issues/29188 ))
([2e6c563](2e6c5636eahttps://togithub.com/renovatebot/renovate/issues/29193 ))
([f59c7f3](f59c7f3162https://togithub.com/renovatebot/renovate/releases/tag/37.370.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.369.1...37.370.0 )
##### Features
- **self-hosted:** `mergeConfidenceEndpoint` and
`mergeConfidenceDatasources`
([#​28880](https://togithub.com/renovatebot/renovate/issues/28880 ))
([044dc0f](044dc0fa28https://togithub.com/renovatebot/renovate/compare/37.369.0...ae15a51554828bb3891268c16f180124a90ade55 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.369.0...37.369.1 )
###
[`v37.369.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.369.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.10...37.369.0 )
##### Features
- **datasource:** `sourceUrl` & `releaseTimestamp` support
([#​29122](https://togithub.com/renovatebot/renovate/issues/29122 ))
([d0b77e5](d0b77e584ahttps://togithub.com/renovatebot/renovate/compare/37.368.9...3c75e4bfb3e6786508f57ead837af102d468f4ab )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.9...37.368.10 )
###
[`v37.368.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.9 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.8...37.368.9 )
##### Bug Fixes
- **homebrew:** handle new github archive url format
([#​29138](https://togithub.com/renovatebot/renovate/issues/29138 ))
([e035f05](e035f0562dhttps://togithub.com/renovatebot/renovate/compare/37.368.7...5b88dd6a31c24880da2b2dc5915916a8f3e4f6e8 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.7...37.368.8 )
###
[`v37.368.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.7 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.6...37.368.7 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.12
([#​29157](https://togithub.com/renovatebot/renovate/issues/29157 ))
([4a1e758](4a1e75889fhttps://togithub.com/renovatebot/renovate/issues/29022 ))
([f8f5184](f8f518493dhttps://togithub.com/renovatebot/renovate/issues/29149 ))
([92686aa](92686aa201https://togithub.com/renovatebot/renovate/releases/tag/37.368.6 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.5...37.368.6 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.3
([#​29143](https://togithub.com/renovatebot/renovate/issues/29143 ))
([7f6964c](7f6964cea9https://togithub.com/renovatebot/renovate/releases/tag/37.368.5 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.4...37.368.5 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.2
([#​29142](https://togithub.com/renovatebot/renovate/issues/29142 ))
([c23c70f](c23c70fc8bhttps://togithub.com/renovatebot/renovate/issues/29141 ))
([483bfc2](483bfc28f5https://togithub.com/renovatebot/renovate/releases/tag/37.368.4 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.3...37.368.4 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.1
([#​29140](https://togithub.com/renovatebot/renovate/issues/29140 ))
([947bf17](947bf17aeahttps://togithub.com/renovatebot/renovate/issues/29139 ))
([a2ba884](a2ba88412chttps://togithub.com/renovatebot/renovate/releases/tag/37.368.3 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.2...37.368.3 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.11
([#​29134](https://togithub.com/renovatebot/renovate/issues/29134 ))
([8216f20](8216f205dchttps://togithub.com/renovatebot/renovate/issues/29121 ))
([ebfb48d](ebfb48d416https://togithub.com/renovatebot/renovate/issues/29133 ))
([463226b](463226b1edhttps://togithub.com/renovatebot/renovate/releases/tag/37.368.2 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.1...37.368.2 )
##### Bug Fixes
- **gomod:** treat v0 pseudo version updates as digest updates
([#​29042](https://togithub.com/renovatebot/renovate/issues/29042 ))
([6f8cde4](6f8cde4e67https://togithub.com/renovatebot/renovate/releases/tag/37.368.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.0...37.368.1 )
##### Miscellaneous Chores
- **deps:** update actions/checkout action to v4.1.6
([#​29126](https://togithub.com/renovatebot/renovate/issues/29126 ))
([f951139](f951139409https://togithub.com/renovatebot/renovate/issues/29125 ))
([dc7d73f](dc7d73f98fhttps://togithub.com/renovatebot/renovate/releases/tag/37.368.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.367.0...37.368.0 )
##### Features
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.0
([#​29124](https://togithub.com/renovatebot/renovate/issues/29124 ))
([676e1ef](676e1ef47fhttps://togithub.com/renovatebot/renovate/issues/29123 ))
([40a6b4d](40a6b4d290https://togithub.com/renovatebot/renovate/releases/tag/37.367.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.366.1...37.367.0 )
##### Features
- **presets:** add replacements for ZAP org moves
([#​29117](https://togithub.com/renovatebot/renovate/issues/29117 ))
([7df1dc7](7df1dc77aehttps://togithub.com/renovatebot/renovate/releases/tag/37.366.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.366.0...37.366.1 )
##### Build System
- **deps:** update dependency jsonata to v2.0.5
([#​29116](https://togithub.com/renovatebot/renovate/issues/29116 ))
([8bbde23](8bbde23579https://togithub.com/renovatebot/renovate/releases/tag/37.366.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.365.0...37.366.0 )
##### Features
- **datasource:** Add python-version datasource
([#​27583](https://togithub.com/renovatebot/renovate/issues/27583 ))
([c8aacc4](c8aacc4c05https://togithub.com/renovatebot/renovate/issues/28957 ))
([1c8eb34](1c8eb34876https://togithub.com/renovatebot/renovate/releases/tag/37.365.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.364.0...37.365.0 )
##### Features
- **presets/workarounds:** add bitnami docker versioning
([#​29112](https://togithub.com/renovatebot/renovate/issues/29112 ))
([66de046](66de0465e9https://togithub.com/renovatebot/renovate/releases/tag/37.364.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.9...37.364.0 )
##### Features
- **presets:** add strum to monorepos
([#​29109](https://togithub.com/renovatebot/renovate/issues/29109 ))
([20716b0](20716b0609https://togithub.com/renovatebot/renovate/issues/29108 ))
([e03a5cf](e03a5cf0cbhttps://togithub.com/renovatebot/renovate/issues/29110 ))
([2429a07](2429a07eefhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.9 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.8...37.363.9 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.2
([#​29099](https://togithub.com/renovatebot/renovate/issues/29099 ))
([99ba857](99ba857374https://togithub.com/renovatebot/renovate/issues/29067 ))
([88fd212](88fd2124ffhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.8 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.7...37.363.8 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.10
([#​29096](https://togithub.com/renovatebot/renovate/issues/29096 ))
([1254f6a](1254f6a662https://togithub.com/renovatebot/renovate/issues/29095 ))
([d9cd961](d9cd9612echttps://togithub.com/renovatebot/renovate/issues/29030 ))
([01f9861](01f9861069https://togithub.com/renovatebot/renovate/releases/tag/37.363.7 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.6...37.363.7 )
##### Miscellaneous Chores
- **deps:** update ghcr.io/containerbase/devcontainer docker tag to
v10.6.10
([#​29091](https://togithub.com/renovatebot/renovate/issues/29091 ))
([dba9ad3](dba9ad3353https://togithub.com/renovatebot/renovate/issues/29090 ))
([caedb6f](caedb6f452https://togithub.com/renovatebot/renovate/releases/tag/37.363.6 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.5...37.363.6 )
##### Bug Fixes
- **datasource/github-runners:** add Ubuntu 24.04 Noble Numbat as
unstable
([#​29088](https://togithub.com/renovatebot/renovate/issues/29088 ))
([e291ef0](e291ef0dbdhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.5 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.4...37.363.5 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.1
([#​29079](https://togithub.com/renovatebot/renovate/issues/29079 ))
([945c4cf](945c4cf8bahttps://togithub.com/renovatebot/renovate/issues/29080 ))
([78edb5b](78edb5b0f8https://togithub.com/renovatebot/renovate/issues/29077 ))
([ead5d55](ead5d55a49📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2OC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-06-27 18:54:52 +00:00
dependabot[bot]
9fb6f246f8
chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer ( #780 )
...
Bumps [braces](https://github.com/micromatch/braces ) from 3.0.2 to
3.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db293888f1429a0f415d660c30https://redirect.github.com/micromatch/braces/issues/40 ">#40</a>)</li>
<li><a
href="190510f79d716eb9f12da5851e57f4https://redirect.github.com/micromatch/braces/issues/37 ">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1https://github.com/micromatch/braces/issues/ ">https://github.com/micromatch/braces/issues/ </a>...</li>
<li><a
href="9f5b4cf473https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727 ">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727 </a>)</li>
<li><a
href="98414f9f1f665ab5d561https://redirect.github.com/micromatch/braces/issues/27 ">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 15:37:36 +00:00
dependabot[bot]
96619e48c2
chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer ( #779 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.3 to 5.28.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases ">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.4</h2>
<h2>⚠️ Security Release ⚠️ </h2>
<ul>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 ">https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 </a>
CVE-2024-30260</li>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 ">https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 </a>
CVE-2024-30261</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 ">https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb983069072b39440bd964e3402da4723c4e7280https://redirect.github.com/nodejs/undici/issues/2389 ">#2389</a>)"</li>
<li><a
href="0e9d54b2c2https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com >
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-06-27 14:28:25 +00:00
Mend Renovate
e7a8f74b9c
fix(deps): update dependency @actions/core to v1.10.1 ( #717 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@actions/core](https://togithub.com/actions/toolkit/tree/main/packages/core )
([source](https://togithub.com/actions/toolkit/tree/HEAD/packages/core ))
| [`1.10.0` ->
`1.10.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.10.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/toolkit (@​actions/core)</summary>
###
[`v1.10.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101 )
- Fix error message reference in oidc utils
[#​1511](https://togithub.com/actions/toolkit/pull/1511 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->
---------
Signed-off-by: Mend Renovate <bot@renovateapp.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: github-actions <github-actions@github.com >
2024-05-07 14:09:48 -04:00
Ramon Petgrave
bcc39bf21a
chore(deps): update npm dev (major) ( #753 )
...
Redo of https://github.com/slsa-framework/slsa-verifier/pull/654
- Fix dev-dependencies related to es-lint that the renovate-bot couldn't
auto-fix
- a few commas automatically added by the new linter
- use node20 for tests to avoid caompatibility warnings
```
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@typescript-eslint/parser@7.5.0',
npm WARN EBADENGINE required: { node: '^18.18.0 || >=20.0.0' },
npm WARN EBADENGINE current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
```
---------
Signed-off-by: Mend Renovate <bot@renovateapp.com >
Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
Co-authored-by: Mend Renovate <bot@renovateapp.com >
2024-04-02 17:44:08 -07:00
laurentsimon
b1f986788d
chore: Update @actions/github v6 ( #749 )
...
Need to re-compile
https://github.com/slsa-framework/slsa-verifier/pull/720/files
Signed-off-by: laurentsimon <laurentsimon@google.com >
2024-03-26 22:03:42 +00:00
laurentsimon
f315652a8c
chore: Update doc and digests for v2.5.1 ( #748 )
...
This sets the expected sha256 of the v2.5.1 slsa-verifier released
binary.
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112 ):
1. Download the binary and provenance from
https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1
2. Clone the slsa-verifier repo, compile and verify the provenance using
the steps described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.5.1
```
The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2024-03-26 08:11:24 -07:00
laurentsimon
eb7007070b
feat: Update verifier version in GHA installer ( #747 )
...
This is part of the release tests in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run
to verify that the Action installer works.
A follow up PR will be sent prior to release to update to `v2.5.0`
---------
Signed-off-by: laurentsimon <laurentsimon@google.com >
2024-03-25 14:54:53 +00:00
laurentsimon
e986dfc0ff
feat: Digest for new release ( #722 )
...
#label:release v2.4.1
How to LGTM this PR:
Ensure you have installed the GitHub client from https://cli.github.com .
If it is not installed in your `PATH`, set `export GH=/path/to/your/gh`
Set your `export GH_TOKEN=...`
Use [verify-release.sh](./verify-release.sh) script in this repository:
```
bash verify-release v2.4.1
```
Once it completes, you will see the last line `Verifying artifact
/tmp/tmp.SomeRanDOm/` and do:
```bash
sha256sum /tmp/tmp.SomeRanDOm/* | grep -v intoto
```
This will print out the hashes. Compare them to the changes in this PR
---------
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-11-07 17:23:25 -08:00
laurentsimon
2184d9d604
chore: bump versions ( #715 )
...
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-10-10 00:27:33 +00:00
laurentsimon
d23c97947e
chore: Update doc for v2.4.0 ( #699 )
...
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112 ):
1. Clone repo
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR.
# Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL"
```
2. Run command below and compare to SHA256SUM.md in this PR
```
$sha256sum /tmp/tmp.VaYi6HfbmL/*
```
The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-25 12:09:40 -07:00
Mend Renovate
658d91aa82
chore(deps): update npm dev ( #608 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-06-12 13:47:38 +09:00
Mend Renovate
a86957c6a5
chore(deps): update dependency jasmine to v5 ( #598 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-15 04:14:31 +00:00
Mend Renovate
ab4b6b4cc7
chore(deps): update dependency @types/node to v18.16.9 ( #596 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-15 03:55:18 +00:00
Ian Lewis
f59b55ef21
chore: Update SHA256SUM.md for v2.3.0 ( #592 )
...
Signed-off-by: Ian Lewis <ianlewis@google.com >
2023-05-12 08:23:56 +09:00
Mend Renovate
c9abffe4d2
chore(deps): update npm dev ( #586 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-05-10 00:48:36 +00:00
sunnyyip
030c40080b
docs(gh-action): update actions installer path ( #581 )
...
Signed-off-by: Sunny Yip <sunny@kusari.dev >
2023-05-03 09:20:04 -07:00
Mend Renovate
5c0baa4f3e
chore(deps): update npm dev ( #568 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-01 11:03:55 +09:00
Ian Lewis
62c0dfdde9
docs: Update docs for 2.2.0 release. ( #556 )
...
* Update SHA256SUM.md
Signed-off-by: Ian Lewis <ianlewis@google.com >
* Update version in docs
Signed-off-by: Ian Lewis <ianlewis@google.com >
---------
Signed-off-by: Ian Lewis <ianlewis@google.com >
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
2023-04-13 19:15:15 +00:00
Mend Renovate
623cf20a23
fix(deps): update npm ( #535 )
...
* fix(deps): update npm
---------
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Signed-off-by: Ian Lewis <ianlewis@google.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 13:41:24 +09:00
Mend Renovate
84c3bbdd84
chore(deps): update npm dev ( #534 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 10:57:38 +09:00
Mend Renovate
3c5abb613f
chore(deps): update dependency typescript to v5 ( #545 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 00:08:54 +00:00
asraa
e8ce5c0204
chore: update docs for release v2.1.0 ( #530 )
...
* chore: update docs for release v2.1.0
Signed-off-by: Asra Ali <asraa@google.com >
---------
Signed-off-by: Asra Ali <asraa@google.com >
2023-03-17 15:07:25 +00:00
Mend Renovate
1ed3847709
chore(deps): update npm dev ( #517 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-03-14 11:58:36 +09:00
laurentsimon
20b06426ff
docs: update installation to cover the Action and to receive updates ( #523 )
...
docs: update installation to cover the Action and to receive updates (#523 )
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-03-10 15:46:04 -06:00
Mend Renovate
66931c71be
chore(deps): update npm dev ( #501 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-27 17:46:32 +09:00
Mend Renovate
f2b8ee8fff
chore(deps): update npm dev ( #497 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-22 10:52:04 +09:00
Mend Renovate
878947f5e8
chore(deps): update npm dev ( #482 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-13 09:46:28 +00:00
Mend Renovate
53ca117e3c
chore(deps): update npm dev ( #466 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: asraa <asraa@google.com >
2023-02-06 15:01:12 +00:00
Mend Renovate
3c012d278e
chore(deps): update npm dev ( #459 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-30 05:23:26 -08:00
Mend Renovate
fb8ab2af45
chore(deps): update npm dev ( #445 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-16 05:51:13 +00:00
Mend Renovate
257c370894
chore(deps): update dependency prettier to v2.8.2 ( #437 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-09 09:19:17 -06:00
Mend Renovate
71a4b4d2bb
chore(deps): update npm dev ( #428 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-05 02:25:41 +00:00
Mend Renovate
82cb42fb20
chore(deps): update dependency @types/node to v18.11.17 ( #416 )
2022-12-18 09:56:35 +09:00
Mend Renovate
a88e26b866
chore(deps): update npm dev ( #415 )
2022-12-17 16:04:09 +09:00
Mend Renovate
b1aad15c35
chore(deps): update npm dev ( #383 )
...
Co-authored-by: Ian Lewis <ianlewis@google.com >
2022-12-16 00:41:58 +00:00
Ian Lewis
8510abc10f
Add codeowners ( #401 )
...
Signed-off-by: Ian Lewis <ianlewis@google.com >
2022-12-14 03:05:04 +00:00
laurentsimon
53b3aebdb9
feat: scheduled tests for installer Action ( #398 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2022-12-14 01:37:23 +00:00
laurentsimon
a43888265e
fix: command in installer Action ( #396 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-08 22:32:57 +00:00
laurentsimon
901c5f7901
update ( #394 )
...
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 15:16:10 -06:00
laurentsimon
4cba39a15a
feat: Add env variable to facilitate CI tests of Action installer ( #393 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 20:25:47 +00:00
laurentsimon
477ac0d88e
fix: show version in version command ( #392 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 20:13:35 +00:00
WhiteSource Renovate
12d81454a0
chore(deps): update dependency @types/node to v18.11.8 ( #341 )
...
Co-authored-by: asraa <asraa@google.com >
2022-10-31 16:38:18 +00:00
