Ramon Petgrave
d96b977709
chore: v2.6.0: update docs ( #789 )
...
#label:release v2.6.0
# How to Verify
Clone the repo and run the script described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance .
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.6.0
```
This will download the release files and verify the binaries. Confirm
that the output hashes matches those in this PR's SHA256SUM.md
-
https://github.com/slsa-framework/slsa-verifier/pull/789/files#diff-7834ca792905514302a0630d1c57dc1d330569a18fc2fff4aac6129efb00f4ccR1-R8
---------
Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com >
2024-07-17 12:21:44 -04:00
Mend Renovate
4bab78a528
chore(deps): update npm dev ( #650 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node )
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ))
| [`18.19.28` ->
`18.19.33`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.28/18.19.33 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | patch |
| [eslint](https://eslint.org )
([source](https://togithub.com/eslint/eslint )) | [`^8.57.0` ->
`8.57.0`](https://renovatebot.com/diffs/npm/eslint/8.57.0/8.57.0 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
|
[eslint-plugin-prettier](https://togithub.com/prettier/eslint-plugin-prettier )
| [`^5.1.3` ->
`5.1.3`](https://renovatebot.com/diffs/npm/eslint-plugin-prettier/5.1.3/5.1.3 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
| [markdown-toc](https://togithub.com/jonschlinkert/markdown-toc ) |
[`^1.2.0` ->
`1.2.0`](https://renovatebot.com/diffs/npm/markdown-toc/1.2.0/1.2.0 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
| [renovate](https://renovatebot.com )
([source](https://togithub.com/renovatebot/renovate )) | [`37.363.4` ->
`37.374.1`](https://renovatebot.com/diffs/npm/renovate/37.363.4/37.374.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | minor |
| [typescript](https://www.typescriptlang.org/ )
([source](https://togithub.com/Microsoft/TypeScript )) | [`^5.4.3` ->
`5.4.3`](https://renovatebot.com/diffs/npm/typescript/5.4.3/5.4.3 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint )
([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint ))
| [`^7.5.0` ->
`7.5.0`](https://renovatebot.com/diffs/npm/typescript-eslint/7.5.0/7.5.0 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
| devDependencies | pin |
---
### Release Notes
<details>
<summary>renovatebot/renovate (renovate)</summary>
###
[`v37.374.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.374.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.374.0...37.374.1 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.6
([#​29212](https://togithub.com/renovatebot/renovate/issues/29212 ))
([f4eeaaa](f4eeaaaff6https://togithub.com/renovatebot/renovate/compare/37.373.0...fe62e80aebe988dd9dcbe47d3e5eee225ec3904d )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.373.0...37.374.0 )
###
[`v37.373.0`](https://togithub.com/renovatebot/renovate/compare/37.372.1...25255596d63a03a312885aba1b25fdfd7b76c7a4 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.372.1...37.373.0 )
###
[`v37.372.1`](https://togithub.com/renovatebot/renovate/releases/tag/37.372.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.372.0...37.372.1 )
##### Bug Fixes
- **packageRules:** prPriority should only be in packageRules
([#​29201](https://togithub.com/renovatebot/renovate/issues/29201 ))
([70f1f93](70f1f93823https://togithub.com/renovatebot/renovate/releases/tag/37.372.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.371.1...37.372.0 )
##### Features
- **util/package-rules:** allow glob pattens in match{Current,New}Value
([#​29168](https://togithub.com/renovatebot/renovate/issues/29168 ))
([56856d4](56856d4a46https://togithub.com/renovatebot/renovate/issues/29199 ))
([4edd63a](4edd63a297https://togithub.com/renovatebot/renovate/issues/29200 ))
([757574b](757574b931https://togithub.com/renovatebot/renovate/issues/29198 ))
([a8855d8](a8855d811chttps://togithub.com/renovatebot/renovate/releases/tag/37.371.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.371.0...37.371.1 )
##### Bug Fixes
- **pdm:** change pdm update strategy to eager
([#​29183](https://togithub.com/renovatebot/renovate/issues/29183 ))
([2f335b6](2f335b61f4https://togithub.com/swc/core ) to v1.5.7
([#​29192](https://togithub.com/renovatebot/renovate/issues/29192 ))
([436fa71](436fa71ce4https://togithub.com/renovatebot/renovate/issues/29196 ))
([ab36239](ab36239421https://togithub.com/renovatebot/renovate/issues/29191 ))
([e281931](e28193134ahttps://togithub.com/renovatebot/renovate/releases/tag/37.371.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.370.0...37.371.0 )
##### Features
- **asdf:** Add rebar3 to asdf manager
([#​29188](https://togithub.com/renovatebot/renovate/issues/29188 ))
([2e6c563](2e6c5636eahttps://togithub.com/renovatebot/renovate/issues/29193 ))
([f59c7f3](f59c7f3162https://togithub.com/renovatebot/renovate/releases/tag/37.370.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.369.1...37.370.0 )
##### Features
- **self-hosted:** `mergeConfidenceEndpoint` and
`mergeConfidenceDatasources`
([#​28880](https://togithub.com/renovatebot/renovate/issues/28880 ))
([044dc0f](044dc0fa28https://togithub.com/renovatebot/renovate/compare/37.369.0...ae15a51554828bb3891268c16f180124a90ade55 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.369.0...37.369.1 )
###
[`v37.369.0`](https://togithub.com/renovatebot/renovate/releases/tag/37.369.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.10...37.369.0 )
##### Features
- **datasource:** `sourceUrl` & `releaseTimestamp` support
([#​29122](https://togithub.com/renovatebot/renovate/issues/29122 ))
([d0b77e5](d0b77e584ahttps://togithub.com/renovatebot/renovate/compare/37.368.9...3c75e4bfb3e6786508f57ead837af102d468f4ab )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.9...37.368.10 )
###
[`v37.368.9`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.9 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.8...37.368.9 )
##### Bug Fixes
- **homebrew:** handle new github archive url format
([#​29138](https://togithub.com/renovatebot/renovate/issues/29138 ))
([e035f05](e035f0562dhttps://togithub.com/renovatebot/renovate/compare/37.368.7...5b88dd6a31c24880da2b2dc5915916a8f3e4f6e8 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.7...37.368.8 )
###
[`v37.368.7`](https://togithub.com/renovatebot/renovate/releases/tag/37.368.7 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.6...37.368.7 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.12
([#​29157](https://togithub.com/renovatebot/renovate/issues/29157 ))
([4a1e758](4a1e75889fhttps://togithub.com/renovatebot/renovate/issues/29022 ))
([f8f5184](f8f518493dhttps://togithub.com/renovatebot/renovate/issues/29149 ))
([92686aa](92686aa201https://togithub.com/renovatebot/renovate/releases/tag/37.368.6 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.5...37.368.6 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.3
([#​29143](https://togithub.com/renovatebot/renovate/issues/29143 ))
([7f6964c](7f6964cea9https://togithub.com/renovatebot/renovate/releases/tag/37.368.5 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.4...37.368.5 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.2
([#​29142](https://togithub.com/renovatebot/renovate/issues/29142 ))
([c23c70f](c23c70fc8bhttps://togithub.com/renovatebot/renovate/issues/29141 ))
([483bfc2](483bfc28f5https://togithub.com/renovatebot/renovate/releases/tag/37.368.4 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.3...37.368.4 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.1
([#​29140](https://togithub.com/renovatebot/renovate/issues/29140 ))
([947bf17](947bf17aeahttps://togithub.com/renovatebot/renovate/issues/29139 ))
([a2ba884](a2ba88412chttps://togithub.com/renovatebot/renovate/releases/tag/37.368.3 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.2...37.368.3 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.11
([#​29134](https://togithub.com/renovatebot/renovate/issues/29134 ))
([8216f20](8216f205dchttps://togithub.com/renovatebot/renovate/issues/29121 ))
([ebfb48d](ebfb48d416https://togithub.com/renovatebot/renovate/issues/29133 ))
([463226b](463226b1edhttps://togithub.com/renovatebot/renovate/releases/tag/37.368.2 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.1...37.368.2 )
##### Bug Fixes
- **gomod:** treat v0 pseudo version updates as digest updates
([#​29042](https://togithub.com/renovatebot/renovate/issues/29042 ))
([6f8cde4](6f8cde4e67https://togithub.com/renovatebot/renovate/releases/tag/37.368.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.368.0...37.368.1 )
##### Miscellaneous Chores
- **deps:** update actions/checkout action to v4.1.6
([#​29126](https://togithub.com/renovatebot/renovate/issues/29126 ))
([f951139](f951139409https://togithub.com/renovatebot/renovate/issues/29125 ))
([dc7d73f](dc7d73f98fhttps://togithub.com/renovatebot/renovate/releases/tag/37.368.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.367.0...37.368.0 )
##### Features
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.12.0
([#​29124](https://togithub.com/renovatebot/renovate/issues/29124 ))
([676e1ef](676e1ef47fhttps://togithub.com/renovatebot/renovate/issues/29123 ))
([40a6b4d](40a6b4d290https://togithub.com/renovatebot/renovate/releases/tag/37.367.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.366.1...37.367.0 )
##### Features
- **presets:** add replacements for ZAP org moves
([#​29117](https://togithub.com/renovatebot/renovate/issues/29117 ))
([7df1dc7](7df1dc77aehttps://togithub.com/renovatebot/renovate/releases/tag/37.366.1 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.366.0...37.366.1 )
##### Build System
- **deps:** update dependency jsonata to v2.0.5
([#​29116](https://togithub.com/renovatebot/renovate/issues/29116 ))
([8bbde23](8bbde23579https://togithub.com/renovatebot/renovate/releases/tag/37.366.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.365.0...37.366.0 )
##### Features
- **datasource:** Add python-version datasource
([#​27583](https://togithub.com/renovatebot/renovate/issues/27583 ))
([c8aacc4](c8aacc4c05https://togithub.com/renovatebot/renovate/issues/28957 ))
([1c8eb34](1c8eb34876https://togithub.com/renovatebot/renovate/releases/tag/37.365.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.364.0...37.365.0 )
##### Features
- **presets/workarounds:** add bitnami docker versioning
([#​29112](https://togithub.com/renovatebot/renovate/issues/29112 ))
([66de046](66de0465e9https://togithub.com/renovatebot/renovate/releases/tag/37.364.0 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.9...37.364.0 )
##### Features
- **presets:** add strum to monorepos
([#​29109](https://togithub.com/renovatebot/renovate/issues/29109 ))
([20716b0](20716b0609https://togithub.com/renovatebot/renovate/issues/29108 ))
([e03a5cf](e03a5cf0cbhttps://togithub.com/renovatebot/renovate/issues/29110 ))
([2429a07](2429a07eefhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.9 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.8...37.363.9 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.2
([#​29099](https://togithub.com/renovatebot/renovate/issues/29099 ))
([99ba857](99ba857374https://togithub.com/renovatebot/renovate/issues/29067 ))
([88fd212](88fd2124ffhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.8 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.7...37.363.8 )
##### Bug Fixes
- **deps:** update ghcr.io/containerbase/sidecar docker tag to v10.6.10
([#​29096](https://togithub.com/renovatebot/renovate/issues/29096 ))
([1254f6a](1254f6a662https://togithub.com/renovatebot/renovate/issues/29095 ))
([d9cd961](d9cd9612echttps://togithub.com/renovatebot/renovate/issues/29030 ))
([01f9861](01f9861069https://togithub.com/renovatebot/renovate/releases/tag/37.363.7 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.6...37.363.7 )
##### Miscellaneous Chores
- **deps:** update ghcr.io/containerbase/devcontainer docker tag to
v10.6.10
([#​29091](https://togithub.com/renovatebot/renovate/issues/29091 ))
([dba9ad3](dba9ad3353https://togithub.com/renovatebot/renovate/issues/29090 ))
([caedb6f](caedb6f452https://togithub.com/renovatebot/renovate/releases/tag/37.363.6 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.5...37.363.6 )
##### Bug Fixes
- **datasource/github-runners:** add Ubuntu 24.04 Noble Numbat as
unstable
([#​29088](https://togithub.com/renovatebot/renovate/issues/29088 ))
([e291ef0](e291ef0dbdhttps://togithub.com/renovatebot/renovate/releases/tag/37.363.5 )
[Compare
Source](https://togithub.com/renovatebot/renovate/compare/37.363.4...37.363.5 )
##### Bug Fixes
- **deps:** update ghcr.io/renovatebot/base-image docker tag to v2.11.1
([#​29079](https://togithub.com/renovatebot/renovate/issues/29079 ))
([945c4cf](945c4cf8bahttps://togithub.com/renovatebot/renovate/issues/29080 ))
([78edb5b](78edb5b0f8https://togithub.com/renovatebot/renovate/issues/29077 ))
([ead5d55](ead5d55a49📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNDQuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2OC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-06-27 18:54:52 +00:00
dependabot[bot]
9fb6f246f8
chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer ( #780 )
...
Bumps [braces](https://github.com/micromatch/braces ) from 3.0.2 to
3.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db293888f1429a0f415d660c30https://redirect.github.com/micromatch/braces/issues/40 ">#40</a>)</li>
<li><a
href="190510f79d716eb9f12da5851e57f4https://redirect.github.com/micromatch/braces/issues/37 ">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1https://github.com/micromatch/braces/issues/ ">https://github.com/micromatch/braces/issues/ </a>...</li>
<li><a
href="9f5b4cf473https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727 ">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727 </a>)</li>
<li><a
href="98414f9f1f665ab5d561https://redirect.github.com/micromatch/braces/issues/27 ">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 15:37:36 +00:00
dependabot[bot]
96619e48c2
chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer ( #779 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.3 to 5.28.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases ">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.4</h2>
<h2>⚠️ Security Release ⚠️ </h2>
<ul>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 ">https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 </a>
CVE-2024-30260</li>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 ">https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 </a>
CVE-2024-30261</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 ">https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb983069072b39440bd964e3402da4723c4e7280https://redirect.github.com/nodejs/undici/issues/2389 ">#2389</a>)"</li>
<li><a
href="0e9d54b2c2https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/slsa-framework/slsa-verifier/network/alerts ).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com >
Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
2024-06-27 14:28:25 +00:00
Mend Renovate
e7a8f74b9c
fix(deps): update dependency @actions/core to v1.10.1 ( #717 )
...
[](https://renovatebot.com )
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@actions/core](https://togithub.com/actions/toolkit/tree/main/packages/core )
([source](https://togithub.com/actions/toolkit/tree/HEAD/packages/core ))
| [`1.10.0` ->
`1.10.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.10.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/toolkit (@​actions/core)</summary>
###
[`v1.10.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101 )
- Fix error message reference in oidc utils
[#​1511](https://togithub.com/actions/toolkit/pull/1511 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on the first day of the
month" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/ ). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->
---------
Signed-off-by: Mend Renovate <bot@renovateapp.com >
Signed-off-by: github-actions <github-actions@github.com >
Co-authored-by: github-actions <github-actions@github.com >
2024-05-07 14:09:48 -04:00
Ramon Petgrave
bcc39bf21a
chore(deps): update npm dev (major) ( #753 )
...
Redo of https://github.com/slsa-framework/slsa-verifier/pull/654
- Fix dev-dependencies related to es-lint that the renovate-bot couldn't
auto-fix
- a few commas automatically added by the new linter
- use node20 for tests to avoid caompatibility warnings
```
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@typescript-eslint/parser@7.5.0',
npm WARN EBADENGINE required: { node: '^18.18.0 || >=20.0.0' },
npm WARN EBADENGINE current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
```
---------
Signed-off-by: Mend Renovate <bot@renovateapp.com >
Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com >
Co-authored-by: Mend Renovate <bot@renovateapp.com >
2024-04-02 17:44:08 -07:00
laurentsimon
b1f986788d
chore: Update @actions/github v6 ( #749 )
...
Need to re-compile
https://github.com/slsa-framework/slsa-verifier/pull/720/files
Signed-off-by: laurentsimon <laurentsimon@google.com >
2024-03-26 22:03:42 +00:00
laurentsimon
f315652a8c
chore: Update doc and digests for v2.5.1 ( #748 )
...
This sets the expected sha256 of the v2.5.1 slsa-verifier released
binary.
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112 ):
1. Download the binary and provenance from
https://github.com/slsa-framework/slsa-verifier/releases/tag/v0.0.1
2. Clone the slsa-verifier repo, compile and verify the provenance using
the steps described in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#verify-provenance
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.5.1
```
The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2024-03-26 08:11:24 -07:00
laurentsimon
eb7007070b
feat: Update verifier version in GHA installer ( #747 )
...
This is part of the release tests in
https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md#dry-run
to verify that the Action installer works.
A follow up PR will be sent prior to release to update to `v2.5.0`
---------
Signed-off-by: laurentsimon <laurentsimon@google.com >
2024-03-25 14:54:53 +00:00
laurentsimon
e986dfc0ff
feat: Digest for new release ( #722 )
...
#label:release v2.4.1
How to LGTM this PR:
Ensure you have installed the GitHub client from https://cli.github.com .
If it is not installed in your `PATH`, set `export GH=/path/to/your/gh`
Set your `export GH_TOKEN=...`
Use [verify-release.sh](./verify-release.sh) script in this repository:
```
bash verify-release v2.4.1
```
Once it completes, you will see the last line `Verifying artifact
/tmp/tmp.SomeRanDOm/` and do:
```bash
sha256sum /tmp/tmp.SomeRanDOm/* | grep -v intoto
```
This will print out the hashes. Compare them to the changes in this PR
---------
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-11-07 17:23:25 -08:00
laurentsimon
2184d9d604
chore: bump versions ( #715 )
...
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-10-10 00:27:33 +00:00
laurentsimon
d23c97947e
chore: Update doc for v2.4.0 ( #699 )
...
How to LGTM this PR (I'll work on a proper doc for this in
https://github.com/slsa-framework/slsa-github-generator/issues/112 ):
1. Clone repo
```
$ git clone git@github.com:slsa-framework/slsa-verifier.git
$ cd slsa-verifier
$ bash verify-release.sh v2.4.0 # NOTE: use the file in _this_ PR.
# Note down the path to the temporary dir use. The bash script will print its first line as "INFO: using dir: /tmp/tmp.VaYi6HfbmL"
```
2. Run command below and compare to SHA256SUM.md in this PR
```
$sha256sum /tmp/tmp.VaYi6HfbmL/*
```
The output hash should be the hash I'm updating to in this PR. If they
match, LGTM. If they don't, someone tampered with the released binary
and don't LGTM
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-25 12:09:40 -07:00
Mend Renovate
658d91aa82
chore(deps): update npm dev ( #608 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-06-12 13:47:38 +09:00
Mend Renovate
a86957c6a5
chore(deps): update dependency jasmine to v5 ( #598 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-15 04:14:31 +00:00
Mend Renovate
ab4b6b4cc7
chore(deps): update dependency @types/node to v18.16.9 ( #596 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-15 03:55:18 +00:00
Ian Lewis
f59b55ef21
chore: Update SHA256SUM.md for v2.3.0 ( #592 )
...
Signed-off-by: Ian Lewis <ianlewis@google.com >
2023-05-12 08:23:56 +09:00
Mend Renovate
c9abffe4d2
chore(deps): update npm dev ( #586 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-05-10 00:48:36 +00:00
sunnyyip
030c40080b
docs(gh-action): update actions installer path ( #581 )
...
Signed-off-by: Sunny Yip <sunny@kusari.dev >
2023-05-03 09:20:04 -07:00
Mend Renovate
5c0baa4f3e
chore(deps): update npm dev ( #568 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-05-01 11:03:55 +09:00
Ian Lewis
62c0dfdde9
docs: Update docs for 2.2.0 release. ( #556 )
...
* Update SHA256SUM.md
Signed-off-by: Ian Lewis <ianlewis@google.com >
* Update version in docs
Signed-off-by: Ian Lewis <ianlewis@google.com >
---------
Signed-off-by: Ian Lewis <ianlewis@google.com >
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
2023-04-13 19:15:15 +00:00
Mend Renovate
623cf20a23
fix(deps): update npm ( #535 )
...
* fix(deps): update npm
---------
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Signed-off-by: Ian Lewis <ianlewis@google.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 13:41:24 +09:00
Mend Renovate
84c3bbdd84
chore(deps): update npm dev ( #534 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 10:57:38 +09:00
Mend Renovate
3c5abb613f
chore(deps): update dependency typescript to v5 ( #545 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2023-04-11 00:08:54 +00:00
asraa
e8ce5c0204
chore: update docs for release v2.1.0 ( #530 )
...
* chore: update docs for release v2.1.0
Signed-off-by: Asra Ali <asraa@google.com >
---------
Signed-off-by: Asra Ali <asraa@google.com >
2023-03-17 15:07:25 +00:00
Mend Renovate
1ed3847709
chore(deps): update npm dev ( #517 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-03-14 11:58:36 +09:00
laurentsimon
20b06426ff
docs: update installation to cover the Action and to receive updates ( #523 )
...
docs: update installation to cover the Action and to receive updates (#523 )
Signed-off-by: laurentsimon <laurentsimon@google.com >
2023-03-10 15:46:04 -06:00
Mend Renovate
66931c71be
chore(deps): update npm dev ( #501 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-27 17:46:32 +09:00
Mend Renovate
f2b8ee8fff
chore(deps): update npm dev ( #497 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-22 10:52:04 +09:00
Mend Renovate
878947f5e8
chore(deps): update npm dev ( #482 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-02-13 09:46:28 +00:00
Mend Renovate
53ca117e3c
chore(deps): update npm dev ( #466 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Co-authored-by: asraa <asraa@google.com >
2023-02-06 15:01:12 +00:00
Mend Renovate
3c012d278e
chore(deps): update npm dev ( #459 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-30 05:23:26 -08:00
Mend Renovate
fb8ab2af45
chore(deps): update npm dev ( #445 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-16 05:51:13 +00:00
Mend Renovate
257c370894
chore(deps): update dependency prettier to v2.8.2 ( #437 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-09 09:19:17 -06:00
Mend Renovate
71a4b4d2bb
chore(deps): update npm dev ( #428 )
...
Signed-off-by: Renovate Bot <bot@renovateapp.com >
2023-01-05 02:25:41 +00:00
Mend Renovate
82cb42fb20
chore(deps): update dependency @types/node to v18.11.17 ( #416 )
2022-12-18 09:56:35 +09:00
Mend Renovate
a88e26b866
chore(deps): update npm dev ( #415 )
2022-12-17 16:04:09 +09:00
Mend Renovate
b1aad15c35
chore(deps): update npm dev ( #383 )
...
Co-authored-by: Ian Lewis <ianlewis@google.com >
2022-12-16 00:41:58 +00:00
Ian Lewis
8510abc10f
Add codeowners ( #401 )
...
Signed-off-by: Ian Lewis <ianlewis@google.com >
2022-12-14 03:05:04 +00:00
laurentsimon
53b3aebdb9
feat: scheduled tests for installer Action ( #398 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* Update .github/workflows/schedule.installer.yml
Co-authored-by: Ian Lewis <ianlewis@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
Co-authored-by: Ian Lewis <ianlewis@google.com >
2022-12-14 01:37:23 +00:00
laurentsimon
a43888265e
fix: command in installer Action ( #396 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-08 22:32:57 +00:00
laurentsimon
901c5f7901
update ( #394 )
...
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 15:16:10 -06:00
laurentsimon
4cba39a15a
feat: Add env variable to facilitate CI tests of Action installer ( #393 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 20:25:47 +00:00
laurentsimon
477ac0d88e
fix: show version in version command ( #392 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com >
2022-12-06 20:13:35 +00:00
WhiteSource Renovate
12d81454a0
chore(deps): update dependency @types/node to v18.11.8 ( #341 )
...
Co-authored-by: asraa <asraa@google.com >
2022-10-31 16:38:18 +00:00
WhiteSource Renovate
f0d1b30dca
chore(deps): update dependency jasmine to v4.5.0 ( #345 )
2022-10-31 09:24:08 -05:00
WhiteSource Renovate
585539ab5f
chore(deps): update dependency typescript to v4.8.4 ( #270 )
...
Co-authored-by: Ian Lewis <ianlewis@google.com >
2022-10-28 04:58:23 +00:00
WhiteSource Renovate
429634c0e6
chore(deps): update dependency eslint to v8.26.0 ( #323 )
...
Co-authored-by: asraa <asraa@google.com >
2022-10-25 14:55:53 +00:00
laurentsimon
e9e3ab2e33
Make GitHub token optional ( #324 )
...
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com >
2022-10-25 11:04:34 +00:00
kpk47
37cf8fd48d
Fix installer: Add arguments to actions/checkout so that it checks ou… ( #319 )
...
* Fix installer: Add arguments to actions/checkout so that it checks out slsa-framework/slsa-verifier instead of the repo using the Action.
Signed-off-by: kpk47 <kkris@google.com >
* Switch to JS action
* rebuild TS
Signed-off-by: kpk47 <kkris@google.com >
2022-10-25 10:42:00 +00:00
WhiteSource Renovate
4ec69efd87
chore(deps): update dependency eslint to v8.25.0 ( #273 )
2022-10-17 13:25:37 -05:00
