Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update all non-major dependencies (#1482)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | peerDependencies | minor | | [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) | [`~2.11.0` -> `~2.12.0`](https://renovatebot.com/diffs/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@openapitools%2fopenapi-generator-cli/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@openapitools%2fopenapi-generator-cli/2.11.0/2.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | dependencies | minor | | [github/codeql-action](https://github.com/github/codeql-action) | `v2.24.6` -> `v2.24.7` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v2.24.6/v2.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [github/codeql-action](https://github.com/github/codeql-action) | `v3.24.6` -> `v3.24.7` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/github%2fcodeql-action/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.24.6/v3.24.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | patch | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `v2.0.6` -> `v2.3.1` | [![age](https://developer.mend.io/api/mc/badges/age/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/ossf%2fscorecard-action/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/ossf%2fscorecard-action/v2.0.6/v2.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | action | minor | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>OpenAPITools/openapi-generator-cli (@​openapitools/openapi-generator-cli)</summary> ### [`v2.12.0`](https://github.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...ad97182dac3fc2fec59c70fa96e7213d0a475dd3) [Compare Source](https://github.com/OpenAPITools/openapi-generator-cli/compare/v2.11.0...v2.12.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.7`](https://github.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://github.com/github/codeql-action/compare/v2.24.6...v2.24.7) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://github.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://github.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://github.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 ### [`v2.3.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1270](https://github.com/ossf/scorecard-action/pull/1270) - For a full changelist of what this includes, see the [v4.12.0](https://github.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://github.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1169](https://github.com/ossf/scorecard-action/pull/1169) - 🐛 Prevent url clipping for GHES instances by [@​rajbos](https://github.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1225](https://github.com/ossf/scorecard-action/pull/1225) ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@​rajbos](https://github.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1229](https://github.com/ossf/scorecard-action/pull/1229) - 📖 Add package comments. by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1221](https://github.com/ossf/scorecard-action/pull/1221) - 📖 Add SECURITY.md file by [@​david-a-wheeler](https://github.com/david-a-wheeler) in [https://github.com/ossf/scorecard-action/pull/1250](https://github.com/ossf/scorecard-action/pull/1250) - 📖 Fix typo in token input docs by [@​aabouzaid](https://github.com/aabouzaid) in [https://github.com/ossf/scorecard-action/pull/1258](https://github.com/ossf/scorecard-action/pull/1258) #### New Contributors - [@​david-a-wheeler](https://github.com/david-a-wheeler) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1250](https://github.com/ossf/scorecard-action/pull/1250) - [@​aabouzaid](https://github.com/aabouzaid) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1258](https://github.com/ossf/scorecard-action/pull/1258) **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 ### [`v2.2.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://github.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://github.com/cynthia-sg) and [@​tegioz](https://github.com/tegioz) at [CLOMonitor](https://github.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://github.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://github.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://github.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://github.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://github.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://github.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://github.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://github.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://github.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://github.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://github.com/ossf/scorecard-action/pull/1140) - [@​pnacht](https://github.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175) **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 ### [`v2.1.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://github.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://github.com/ossf/scorecard-action/issues/1076), [#​1094](https://github.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://github.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://github.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: ossf/scorecard@v4.10.2...v4.10.5 **Full Changelog**: ossf/scorecard-action@v2.1.2...v2.1.3 ### [`v2.1.2`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.2) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2) #### What's Changed ##### Fixes - 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1054](https://github.com/ossf/scorecard-action/pull/1054) **Full Changelog**: ossf/scorecard-action@v2.1.1...v2.1.2 ### [`v2.1.1`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.1) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1) #### Scorecard version This release use [Scorecard's v4.10.1](https://github.com/ossf/scorecard/releases/tag/v4.10.1) **Full Changelog**: ossf/scorecard-action@v2.1.0...v2.1.1 ### [`v2.1.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0) #### What's Changed ##### Scorecard version This release uses [scorecard v4.10.0](https://github.com/ossf/scorecard/releases/tag/v4.10.0). ##### Improvements - Docker build workflow by [@​naveensrinivasan](https://github.com/naveensrinivasan) in [https://github.com/ossf/scorecard-action/pull/981](https://github.com/ossf/scorecard-action/pull/981) - Use root user in distroless to support GitHub Actions by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/994](https://github.com/ossf/scorecard-action/pull/994) - Disable pull_request_target by [@​laurentsimon](https://github.com/laurentsimon) in [https://github.com/ossf/scorecard-action/pull/1031](https://github.com/ossf/scorecard-action/pull/1031) ##### Documentation - Add PAT section explaining risks by [@​olivekl](https://github.com/olivekl) in [https://github.com/ossf/scorecard-action/pull/1024](https://github.com/ossf/scorecard-action/pull/1024) - Make the badge text easier to copy by [@​rajbos](https://github.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1026](https://github.com/ossf/scorecard-action/pull/1026) #### New Contributors - [@​joycebrum](https://github.com/joycebrum) made their first contribution in [https://github.com/ossf/scorecard-action/pull/984](https://github.com/ossf/scorecard-action/pull/984) - [@​rajbos](https://github.com/rajbos) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1026](https://github.com/ossf/scorecard-action/pull/1026) **Full Changelog**: ossf/scorecard-action@v2.0.6...v2.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/AmadeusITGroup/otter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzguMSIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
- Loading branch information