slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-18 06:26:35 +00:00

Author	SHA1	Message	Date
Ramon Petgrave	3f37511042	chore: fix vuln: override autolinker ^4.0.0 (#785 ) fixes https://github.com/slsa-framework/slsa-verifier/security/code-scanning/11 markdown-toc's latest v1.2.0 is still vulnerable via a transitive dependency, but hasn't received updates in a long time. This PR overrides one of the other transitive dependencies to a non-vulnerable version. more info here https://github.com/jonschlinkert/markdown-toc/issues/156#issuecomment-2197630000 # Testing process - Manually invoked `make markdown-toc` and it did succeed, while also adding a missing header in the README. - Made a few typos in the headers and markdown-toc did fix them. - Cloned markdown-toc, added the override, and its unit tests passed --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-08-13 19:08:24 +00:00
Mend Renovate	4bab78a528	chore(deps): update npm dev (#650 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Change \| Age \| Adoption \| Passing \| Confidence \| Type \| Update \| \|---\|---\|---\|---\|---\|---\|---\|---\| \| [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) \| [`18.19.28` -> `18.19.33`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.28/18.19.33) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.19.33?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.19.33?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.19.28/18.19.33?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.19.28/18.19.33?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| patch \| \| [eslint](https://eslint.org) ([source](https://togithub.com/eslint/eslint)) \| [`^8.57.0` -> `8.57.0`](https://renovatebot.com/diffs/npm/eslint/8.57.0/8.57.0) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint/8.57.0/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/8.57.0/8.57.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| pin \| \| [eslint-plugin-prettier](https://togithub.com/prettier/eslint-plugin-prettier) \| [`^5.1.3` -> `5.1.3`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.1.3/5.1.3) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-prettier/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/eslint-plugin-prettier/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/eslint-plugin-prettier/5.1.3/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-prettier/5.1.3/5.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| pin \| \| [markdown-toc](https://togithub.com/jonschlinkert/markdown-toc) \| [`^1.2.0` -> `1.2.0`](https://renovatebot.com/diffs/npm/markdown-toc/1.2.0/1.2.0) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/markdown-toc/1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/markdown-toc/1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/markdown-toc/1.2.0/1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/markdown-toc/1.2.0/1.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| pin \| \| [renovate](https://renovatebot.com) ([source](https://togithub.com/renovatebot/renovate)) \| [`37.363.4` -> `37.374.1`](https://renovatebot.com/diffs/npm/renovate/37.363.4/37.374.1) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/renovate/37.374.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/renovate/37.374.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/renovate/37.363.4/37.374.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/renovate/37.363.4/37.374.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| minor \| \| [typescript](https://www.typescriptlang.org/) ([source](https://togithub.com/Microsoft/TypeScript)) \| [`^5.4.3` -> `5.4.3`](https://renovatebot.com/diffs/npm/typescript/5.4.3/5.4.3) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/typescript/5.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typescript/5.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typescript/5.4.3/5.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript/5.4.3/5.4.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| pin \| \| [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) \| [`^7.5.0` -> `7.5.0`](https://renovatebot.com/diffs/npm/typescript-eslint/7.5.0/7.5.0) \| [![age](https://developer.mend.io/api/mc/badges/age/npm/typescript-eslint/7.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typescript-eslint/7.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typescript-eslint/7.5.0/7.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript-eslint/7.5.0/7.5.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| devDependencies \| pin \| --- ### Release Notes <details> <summary>renovatebot/renovate (renovate)</summary> ### [`v37.374.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.374.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.374.0...37.374.1) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.6 ([#29212](https://togithub.com/renovatebot/renovate/issues/29212)) ([f4eeaaa](`f4eeaaaff6`)) ### [`v37.374.0`](https://togithub.com/renovatebot/renovate/compare/37.373.0...fe62e80aebe988dd9dcbe47d3e5eee225ec3904d) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.373.0...37.374.0) ### [`v37.373.0`](https://togithub.com/renovatebot/renovate/compare/37.372.1...25255596d63a03a312885aba1b25fdfd7b76c7a4) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.372.1...37.373.0) ### [`v37.372.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.372.0...37.372.1) ##### Bug Fixes - packageRules: prPriority should only be in packageRules ([#29201](https://togithub.com/renovatebot/renovate/issues/29201)) ([70f1f93](`70f1f93823`)) ### [`v37.372.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.371.1...37.372.0) ##### Features - util/package-rules: allow glob pattens in match{Current,New}Value ([#29168](https://togithub.com/renovatebot/renovate/issues/29168)) ([56856d4](`56856d4a46`)) ##### Bug Fixes - deps: update ghcr.io/containerbase/sidecar docker tag to v10.6.14 ([#29199](https://togithub.com/renovatebot/renovate/issues/29199)) ([4edd63a](`4edd63a297`)) - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.5 ([#29200](https://togithub.com/renovatebot/renovate/issues/29200)) ([757574b](`757574b931`)) ##### Miscellaneous Chores - deps: update ghcr.io/containerbase/devcontainer docker tag to v10.6.14 ([#29198](https://togithub.com/renovatebot/renovate/issues/29198)) ([a8855d8](`a8855d811c`)) ### [`v37.371.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.371.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.371.0...37.371.1) ##### Bug Fixes - pdm: change pdm update strategy to eager ([#29183](https://togithub.com/renovatebot/renovate/issues/29183)) ([2f335b6](`2f335b61f4`)) ##### Miscellaneous Chores - deps: update dependency [@swc/core](https://togithub.com/swc/core) to v1.5.7 ([#29192](https://togithub.com/renovatebot/renovate/issues/29192)) ([436fa71](`436fa71ce4`)) - deps: update linters to v7.10.0 ([#29196](https://togithub.com/renovatebot/renovate/issues/29196)) ([ab36239](`ab36239421`)) - log when \_PROXY values detected ([#29191](https://togithub.com/renovatebot/renovate/issues/29191)) ([e281931](`e28193134a`)) ### [`v37.371.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.371.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.370.0...37.371.0) ##### Features - asdf: Add rebar3 to asdf manager ([#29188](https://togithub.com/renovatebot/renovate/issues/29188)) ([2e6c563](`2e6c5636ea`)) ##### Miscellaneous Chores - deps: update linters ([#29193](https://togithub.com/renovatebot/renovate/issues/29193)) ([f59c7f3](`f59c7f3162`)) ### [`v37.370.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.370.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.369.1...37.370.0) ##### Features - self-hosted: `mergeConfidenceEndpoint` and `mergeConfidenceDatasources` ([#28880](https://togithub.com/renovatebot/renovate/issues/28880)) ([044dc0f](`044dc0fa28`)) ### [`v37.369.1`](https://togithub.com/renovatebot/renovate/compare/37.369.0...ae15a51554828bb3891268c16f180124a90ade55) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.369.0...37.369.1) ### [`v37.369.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.369.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.10...37.369.0) ##### Features - datasource: `sourceUrl` & `releaseTimestamp` support ([#29122](https://togithub.com/renovatebot/renovate/issues/29122)) ([d0b77e5](`d0b77e584a`)) ### [`v37.368.10`](https://togithub.com/renovatebot/renovate/compare/37.368.9...3c75e4bfb3e6786508f57ead837af102d468f4ab) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.9...37.368.10) ### [`v37.368.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.9) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.8...37.368.9) ##### Bug Fixes - homebrew: handle new github archive url format ([#29138](https://togithub.com/renovatebot/renovate/issues/29138)) ([e035f05](`e035f0562d`)) ### [`v37.368.8`](https://togithub.com/renovatebot/renovate/compare/37.368.7...5b88dd6a31c24880da2b2dc5915916a8f3e4f6e8) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.7...37.368.8) ### [`v37.368.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.7) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.6...37.368.7) ##### Bug Fixes - deps: update ghcr.io/containerbase/sidecar docker tag to v10.6.12 ([#29157](https://togithub.com/renovatebot/renovate/issues/29157)) ([4a1e758](`4a1e75889f`)) ##### Documentation - readme: better alt text, add toggleable list of companies/projects that use Renovate ([#29022](https://togithub.com/renovatebot/renovate/issues/29022)) ([f8f5184](`f8f518493d`)) ##### Miscellaneous Chores - deps: update containerbase/internal-tools action to v3.0.88 ([#29149](https://togithub.com/renovatebot/renovate/issues/29149)) ([92686aa](`92686aa201`)) ### [`v37.368.6`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.6) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.5...37.368.6) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.3 ([#29143](https://togithub.com/renovatebot/renovate/issues/29143)) ([7f6964c](`7f6964cea9`)) ### [`v37.368.5`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.5) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.4...37.368.5) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.2 ([#29142](https://togithub.com/renovatebot/renovate/issues/29142)) ([c23c70f](`c23c70fc8b`)) ##### Miscellaneous Chores - deps: update dependency rimraf to v5.0.7 ([#29141](https://togithub.com/renovatebot/renovate/issues/29141)) ([483bfc2](`483bfc28f5`)) ### [`v37.368.4`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.4) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.3...37.368.4) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.1 ([#29140](https://togithub.com/renovatebot/renovate/issues/29140)) ([947bf17](`947bf17aea`)) ##### Miscellaneous Chores - deps: update dependency rimraf to v5.0.6 ([#29139](https://togithub.com/renovatebot/renovate/issues/29139)) ([a2ba884](`a2ba88412c`)) ### [`v37.368.3`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.3) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.2...37.368.3) ##### Bug Fixes - deps: update ghcr.io/containerbase/sidecar docker tag to v10.6.11 ([#29134](https://togithub.com/renovatebot/renovate/issues/29134)) ([8216f20](`8216f205dc`)) ##### Documentation - config: warn about spaces in `schedule` ([#29121](https://togithub.com/renovatebot/renovate/issues/29121)) ([ebfb48d](`ebfb48d416`)) ##### Miscellaneous Chores - deps: update ghcr.io/containerbase/devcontainer docker tag to v10.6.11 ([#29133](https://togithub.com/renovatebot/renovate/issues/29133)) ([463226b](`463226b1ed`)) ### [`v37.368.2`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.2) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.1...37.368.2) ##### Bug Fixes - gomod: treat v0 pseudo version updates as digest updates ([#29042](https://togithub.com/renovatebot/renovate/issues/29042)) ([6f8cde4](`6f8cde4e67`)) ### [`v37.368.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.368.0...37.368.1) ##### Miscellaneous Chores - deps: update actions/checkout action to v4.1.6 ([#29126](https://togithub.com/renovatebot/renovate/issues/29126)) ([f951139](`f951139409`)) ##### Build System - deps: update dependency glob to v10.3.15 ([#29125](https://togithub.com/renovatebot/renovate/issues/29125)) ([dc7d73f](`dc7d73f98f`)) ### [`v37.368.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.367.0...37.368.0) ##### Features - deps: update ghcr.io/renovatebot/base-image docker tag to v2.12.0 ([#29124](https://togithub.com/renovatebot/renovate/issues/29124)) ([676e1ef](`676e1ef47f`)) ##### Build System - deps: update dependency glob to v10.3.14 ([#29123](https://togithub.com/renovatebot/renovate/issues/29123)) ([40a6b4d](`40a6b4d290`)) ### [`v37.367.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.367.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.366.1...37.367.0) ##### Features - presets: add replacements for ZAP org moves ([#29117](https://togithub.com/renovatebot/renovate/issues/29117)) ([7df1dc7](`7df1dc77ae`)) ### [`v37.366.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.366.1) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.366.0...37.366.1) ##### Build System - deps: update dependency jsonata to v2.0.5 ([#29116](https://togithub.com/renovatebot/renovate/issues/29116)) ([8bbde23](`8bbde23579`)) ### [`v37.366.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.366.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.365.0...37.366.0) ##### Features - datasource: Add python-version datasource ([#27583](https://togithub.com/renovatebot/renovate/issues/27583)) ([c8aacc4](`c8aacc4c05`)) - Support custom artifact notice ([#28957](https://togithub.com/renovatebot/renovate/issues/28957)) ([1c8eb34](`1c8eb34876`)) ### [`v37.365.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.365.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.364.0...37.365.0) ##### Features - presets/workarounds: add bitnami docker versioning ([#29112](https://togithub.com/renovatebot/renovate/issues/29112)) ([66de046](`66de0465e9`)) ### [`v37.364.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.364.0) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.9...37.364.0) ##### Features - presets: add strum to monorepos ([#29109](https://togithub.com/renovatebot/renovate/issues/29109)) ([20716b0](`20716b0609`)) ##### Miscellaneous Chores - deps: update containerbase/internal-tools action to v3.0.87 ([#29108](https://togithub.com/renovatebot/renovate/issues/29108)) ([e03a5cf](`e03a5cf0cb`)) ##### Tests - osgi: Use "codeBlock" for tests ([#29110](https://togithub.com/renovatebot/renovate/issues/29110)) ([2429a07](`2429a07eef`)) ### [`v37.363.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.9) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.8...37.363.9) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.11.2 ([#29099](https://togithub.com/renovatebot/renovate/issues/29099)) ([99ba857](`99ba857374`)) ##### Documentation - config: add note about GnuPG v2.4 usage ([#29067](https://togithub.com/renovatebot/renovate/issues/29067)) ([88fd212](`88fd2124ff`)) ### [`v37.363.8`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.8) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.7...37.363.8) ##### Bug Fixes - deps: update ghcr.io/containerbase/sidecar docker tag to v10.6.10 ([#29096](https://togithub.com/renovatebot/renovate/issues/29096)) ([1254f6a](`1254f6a662`)) ##### Documentation - bot comparison: dependabot-core switched to MIT license ([#29095](https://togithub.com/renovatebot/renovate/issues/29095)) ([d9cd961](`d9cd9612ec`)) - Update Swissquote article with information on the scheduler and dashboards ([#29030](https://togithub.com/renovatebot/renovate/issues/29030)) ([01f9861](`01f9861069`)) ### [`v37.363.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.7) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.6...37.363.7) ##### Miscellaneous Chores - deps: update ghcr.io/containerbase/devcontainer docker tag to v10.6.10 ([#29091](https://togithub.com/renovatebot/renovate/issues/29091)) ([dba9ad3](`dba9ad3353`)) ##### Build System - deps: update dependency zod to v3.23.8 ([#29090](https://togithub.com/renovatebot/renovate/issues/29090)) ([caedb6f](`caedb6f452`)) ### [`v37.363.6`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.6) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.5...37.363.6) ##### Bug Fixes - datasource/github-runners: add Ubuntu 24.04 Noble Numbat as unstable ([#29088](https://togithub.com/renovatebot/renovate/issues/29088)) ([e291ef0](`e291ef0dbd`)) ### [`v37.363.5`](https://togithub.com/renovatebot/renovate/releases/tag/37.363.5) [Compare Source](https://togithub.com/renovatebot/renovate/compare/37.363.4...37.363.5) ##### Bug Fixes - deps: update ghcr.io/renovatebot/base-image docker tag to v2.11.1 ([#29079](https://togithub.com/renovatebot/renovate/issues/29079)) ([945c4cf](`945c4cf8ba`)) ##### Miscellaneous Chores - deps: update codecov/codecov-action action to v4.4.0 ([#29080](https://togithub.com/renovatebot/renovate/issues/29080)) ([78edb5b](`78edb5b0f8`)) ##### Build System - deps: update dependency zod to v3.23.7 ([#29077](https://togithub.com/renovatebot/renovate/issues/29077)) ([ead5d55](`ead5d55a49`)) </details> --- ### Configuration 📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2OC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-06-27 18:54:52 +00:00
dependabot[bot]	34ab203678	chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates (#784 ) Bumps the npm_and_yarn group with 1 update in the / directory: [braces](https://github.com/micromatch/braces). Bumps the npm_and_yarn group with 2 updates in the /actions/installer directory: [braces](https://github.com/micromatch/braces) and [undici](https://github.com/nodejs/undici). Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href="`74b2db2938`"><code>74b2db2</code></a> 3.0.3</li> <li><a href="`88f1429a0f`"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="`415d660c30`"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="`190510f79d`"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="`716eb9f12d`"><code>716eb9f</code></a> readme bump</li> <li><a href="`a5851e57f4`"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="`2092bd1fb1`"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="`9f5b4cf473`"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="`98414f9f1f`"><code>98414f9</code></a> remove funding file</li> <li><a href="`665ab5d561`"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href="`74b2db2938`"><code>74b2db2</code></a> 3.0.3</li> <li><a href="`88f1429a0f`"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="`415d660c30`"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="`190510f79d`"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="`716eb9f12d`"><code>716eb9f</code></a> readme bump</li> <li><a href="`a5851e57f4`"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="`2092bd1fb1`"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="`9f5b4cf473`"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="`98414f9f1f`"><code>98414f9</code></a> remove funding file</li> <li><a href="`665ab5d561`"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> Updates `undici` from 5.28.3 to 5.28.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v5.28.4</h2> <h2>⚠️ Security Release ⚠️</h2> <ul> <li>Fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7</a> CVE-2024-30260</li> <li>Fixes <a href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672</a> CVE-2024-30261</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4">https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fb98306907`"><code>fb98306</code></a> Bumped v5.28.4</li> <li><a href="`2b39440bd9`"><code>2b39440</code></a> Merge pull request from GHSA-9qxr-qj54-h672</li> <li><a href="`64e3402da4`"><code>64e3402</code></a> Merge pull request from GHSA-m4v8-wqvr-p9f7</li> <li><a href="`723c4e7280`"><code>723c4e7</code></a> Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (<a href="https://redirect.github.com/nodejs/undici/issues/2389">#2389</a>)"</li> <li><a href="`0e9d54b2c2`"><code>0e9d54b</code></a> skip failing test due to Node.js changes</li> <li>See full diff in <a href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/slsa-framework/slsa-verifier/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: github-actions <github-actions@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-06-27 12:03:26 -04:00
Ian Lewis	87b5bae6d4	chore: Update Renovate config (#769 ) # Summary Updates renovate config to use the [`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices) preset rather than the `config:base` preset since `config:base` seems to be deprecated. Also updates the `schedule` config to use the [`schedule:monthly`](https://docs.renovatebot.com/presets-schedule/#schedulemonthly) preset. Also adds a pre-submit to run the [`renovate-config-validator`](https://docs.renovatebot.com/config-validation/) to ensure that renovate config is valid. This pre-submit will need to be made required in the repository branch protection rule for `main` in the repository settings after this PR is merged. --------- Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-05-16 07:13:09 +09:00
Ian Lewis	95e6555274	docs: Add docs for npm package verification (#587 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-05-10 00:33:29 +00:00

5 Commits