Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include all added dependencies in scorecard entries #783

Merged
merged 2 commits into from
Jun 7, 2024
Merged

Include all added dependencies in scorecard entries #783

merged 2 commits into from
Jun 7, 2024

Conversation

elireisman
Copy link
Contributor

Instead of filtering which dependencies receive scorecard entries in DR Action outputs based on the Action configuration, we should include all added changes by default.

@elireisman elireisman self-assigned this Jun 7, 2024
@elireisman elireisman marked this pull request as ready for review June 7, 2024 17:09
@elireisman elireisman requested a review from a team as a code owner June 7, 2024 17:09
@elireisman
Copy link
Contributor Author

Tested this on one of my repos using the package.json example with devDependencies only, and looks like it works 🎉

Screenshot 2024-06-07 at 10 08 46 AM

@elireisman elireisman merged commit df5d74f into main Jun 7, 2024
6 checks passed
gsuquet referenced this pull request in gsuquet/workflows Jul 17, 2024
@renovate-gsuquet
fix(deps): update actions/dependency-review-action action to v4.3.4 (#…
0c62c2f 
…113)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| action | patch | `v4.3.3` -> `v4.3.4` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.4`](https://github.com/actions/dependency-review-action/releases/tag/v4.3.4)

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4)

#### What's Changed

- Include all added dependencies in scorecard entries by
[@&#8203;elireisman](https://github.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/783](https://github.com/actions/dependency-review-action/pull/783)
- Update SPDX Expression Parsing by
[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/719](https://github.com/actions/dependency-review-action/pull/719)
- This PR is a significant refactor of SPDX expression parsing that
*may* fix some bugs, but unfortunately there are several related known
issues that remain unresolved as of this version.

**Full Changelog**:
actions/dependency-review-action@v4.3.3...v4.3.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: renovate-gsuquet[bot] <173481049+renovate-gsuquet[bot]@users.noreply.github.com>
Racer159 referenced this pull request in defenseunicorns/uds-package-mattermost Jul 23, 2024
@renovate @Racer159
chore(deps): update mattermost support dependencies (#110)
67a5edd 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| action | patch | `v4.3.3` -> `v4.3.4` |
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| | minor | `v0.7.1` -> `v0.9.0` |
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| action | minor | `v0.7.1` -> `v0.9.0` |
| [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | |
minor | `v0.35.0` -> `v0.36.1` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | patch | `v3.25.11` -> `v3.25.13` |
|
[mattermost/mattermost-plugin-ai](https://github.com/mattermost/mattermost-plugin-ai)
| | patch | `0.8.2` -> `0.8.3` |
|
[renovatebot/pre-commit-hooks](https://github.com/renovatebot/pre-commit-hooks)
| repository | minor | `37.426.2` -> `37.440.4` |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://github.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.4`](https://github.com/actions/dependency-review-action/releases/tag/v4.3.4)

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4)

#### What's Changed

- Include all added dependencies in scorecard entries by
[@&#8203;elireisman](https://github.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/783](https://github.com/actions/dependency-review-action/pull/783)
- Update SPDX Expression Parsing by
[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/719](https://github.com/actions/dependency-review-action/pull/719)
- This PR is a significant refactor of SPDX expression parsing that
*may* fix some bugs, but unfortunately there are several related known
issues that remain unresolved as of this version.

**Full Changelog**:
actions/dependency-review-action@v4.3.3...v4.3.4

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.9.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.9.0)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.8.2...v0.9.0)

##### ⚠ BREAKING CHANGES

-   update doug ci credential for new identity config req

##### Bug Fixes

- update doug ci credential for new identity config req
([71340f7](https://github.com/defenseunicorns/uds-common/commit/71340f7d4fc0cd8fd6c44335b54e0b12769965d1))

###
[`v0.8.2`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.8.2)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.8.1...v0.8.2)

##### Miscellaneous

- add additional install step to playwright install
([#&#8203;183](https://github.com/defenseunicorns/uds-common/issues/183))
([41855e4](https://github.com/defenseunicorns/uds-common/commit/41855e42bd73c67109ed42935f1e67ab7305ddda))
- **deps:** update uds common support dependencies
([#&#8203;179](https://github.com/defenseunicorns/uds-common/issues/179))
([e1a0d5a](https://github.com/defenseunicorns/uds-common/commit/e1a0d5acba2c0cc083af6ac2823d9cf068008453))
- fix the Zarf package renovate regex to the correct versionTemplate
([#&#8203;181](https://github.com/defenseunicorns/uds-common/issues/181))
([272b502](https://github.com/defenseunicorns/uds-common/commit/272b502fa2f36b3703f9cdcbdbfb579ce437a0d7))

###
[`v0.8.1`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.8.1)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.8.0...v0.8.1)

##### Miscellaneous

- add cgr identity assume to setup action
([#&#8203;180](https://github.com/defenseunicorns/uds-common/issues/180))
([2ec74fb](https://github.com/defenseunicorns/uds-common/commit/2ec74fbe496c5cdcc88cd3f424951f11271fe5d6))
- fix version matching for UDS packages
([#&#8203;176](https://github.com/defenseunicorns/uds-common/issues/176))
([e068b6a](https://github.com/defenseunicorns/uds-common/commit/e068b6a255cc856e313485826a2140a3977c6b03))

###
[`v0.8.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.8.0)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.7.1...v0.8.0)

##### Features

- **compliance:** add support for extra options on compliance validate
([#&#8203;170](https://github.com/defenseunicorns/uds-common/issues/170))
([d191505](https://github.com/defenseunicorns/uds-common/commit/d19150566784e51f7c8d31b7d37b6915cdacc410))

##### Bug Fixes

- chainguard creds/renovate match
([#&#8203;173](https://github.com/defenseunicorns/uds-common/issues/173))
([49401cc](https://github.com/defenseunicorns/uds-common/commit/49401cc5c8000a661c6e1bc9e10e42fa6f6e2389))

##### Miscellaneous

- add cgr.dev renovate rule
([#&#8203;171](https://github.com/defenseunicorns/uds-common/issues/171))
([68497f9](https://github.com/defenseunicorns/uds-common/commit/68497f95ffdccf5802da81f2f0c9a8f7f8fe912c))
- **deps:** update uds common support dependencies
([#&#8203;164](https://github.com/defenseunicorns/uds-common/issues/164))
([6c50f47](https://github.com/defenseunicorns/uds-common/commit/6c50f47ecd9c75483ab70953d5c31682362377c2))
- **deps:** update uds common support dependencies
([#&#8203;169](https://github.com/defenseunicorns/uds-common/issues/169))
([b6a4232](https://github.com/defenseunicorns/uds-common/commit/b6a4232cb030f3ea7e66041306b5cfcd9a488a98))
- update CODEOWNERS with more specific permissions
([#&#8203;175](https://github.com/defenseunicorns/uds-common/issues/175))
([f2b7220](https://github.com/defenseunicorns/uds-common/commit/f2b722051014d64d350bd34ea087e6ffb3daf428))

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

### [`v0.36.1`](https://github.com/zarf-dev/zarf/releases/tag/v0.36.1)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.36.0...v0.36.1)

🚨 Important 🚨: Zarf will be moving from github.com/defenseunicorns/zarf
to github.com/zarf-dev/zarf

##### What's Changed

- test: simplifying e2e test checks by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2721](https://github.com/defenseunicorns/zarf/pull/2721)
- fix: fix link to CONTRIBUTING.md in PR template by
[@&#8203;daveworth](https://github.com/daveworth) in
[https://github.com/defenseunicorns/zarf/pull/2726](https://github.com/defenseunicorns/zarf/pull/2726)
- refactor: compile local cluster service format regexp just once by
[@&#8203;matiasinsaurralde](https://github.com/matiasinsaurralde) in
[https://github.com/defenseunicorns/zarf/pull/2727](https://github.com/defenseunicorns/zarf/pull/2727)

##### New Contributors

- [@&#8203;daveworth](https://github.com/daveworth) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2726](https://github.com/defenseunicorns/zarf/pull/2726)
- [@&#8203;matiasinsaurralde](https://github.com/matiasinsaurralde)
made their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2727](https://github.com/defenseunicorns/zarf/pull/2727)

**Full Changelog**:
zarf-dev/zarf@v0.36.0...v0.36.1

###
[`v0.36.0`](https://github.com/defenseunicorns/zarf/releases/tag/v0.36.0)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.35.0...v0.36.0)

#### What's Changed

- refactor: remove unused constants and variables by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2633](https://github.com/defenseunicorns/zarf/pull/2633)
- docs: fixed wrong link in zarf site nerd notes page by
[@&#8203;joelmccoy](https://github.com/joelmccoy) in
[https://github.com/defenseunicorns/zarf/pull/2639](https://github.com/defenseunicorns/zarf/pull/2639)
- chore: s3 cleanup by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2632](https://github.com/defenseunicorns/zarf/pull/2632)
- refactor: change UpdateZarfAgentValues to rolling restart by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2644](https://github.com/defenseunicorns/zarf/pull/2644)
- chore: make less by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2648](https://github.com/defenseunicorns/zarf/pull/2648)
- fix: docs links by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2650](https://github.com/defenseunicorns/zarf/pull/2650)
- refactor: remove use of reflections by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2634](https://github.com/defenseunicorns/zarf/pull/2634)
- refactor: remove use of message.Fatal in tools by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2602](https://github.com/defenseunicorns/zarf/pull/2602)
- refactor: remove k8s package by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2627](https://github.com/defenseunicorns/zarf/pull/2627)
- feat: add context to pull and data injections by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2654](https://github.com/defenseunicorns/zarf/pull/2654)
- test: move creator tests into one file by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2658](https://github.com/defenseunicorns/zarf/pull/2658)
- test: site and links by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2656](https://github.com/defenseunicorns/zarf/pull/2656)
- chore: run unit tests on main by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2653](https://github.com/defenseunicorns/zarf/pull/2653)
- fix(docs): update help docs for zarf connect to add clarity by
[@&#8203;chaospuppy](https://github.com/chaospuppy) in
[https://github.com/defenseunicorns/zarf/pull/2662](https://github.com/defenseunicorns/zarf/pull/2662)
- chore!: remove logging from init package by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2625](https://github.com/defenseunicorns/zarf/pull/2625)
- chore: patch CVE-2024-6104 by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2669](https://github.com/defenseunicorns/zarf/pull/2669)
- chore: patch CVE-2024-35255 by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2670](https://github.com/defenseunicorns/zarf/pull/2670)
- chore: patch CVE-2024-6257 by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2671](https://github.com/defenseunicorns/zarf/pull/2671)
- docs: data injection by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2668](https://github.com/defenseunicorns/zarf/pull/2668)
- feat: flux HelmRepo & OCIRepo support in Zarf Agent by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[https://github.com/defenseunicorns/zarf/pull/2005](https://github.com/defenseunicorns/zarf/pull/2005)
- refactor: make lint use more accessible data type by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2660](https://github.com/defenseunicorns/zarf/pull/2660)
- fix: remove helpers v1 by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2679](https://github.com/defenseunicorns/zarf/pull/2679)
- refactor: test and cleanup injector by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2629](https://github.com/defenseunicorns/zarf/pull/2629)
- refactor: remove use message.Fatal in cmd package by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2664](https://github.com/defenseunicorns/zarf/pull/2664)
- ci: cleanup windows github action by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2673](https://github.com/defenseunicorns/zarf/pull/2673)
- refactor: remove message.Fatal and spinner.Fatal by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2676](https://github.com/defenseunicorns/zarf/pull/2676)
- ci: add merge groups by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2680](https://github.com/defenseunicorns/zarf/pull/2680)
- ci: remove dependency review merge queue and add label merge queue by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2688](https://github.com/defenseunicorns/zarf/pull/2688)
- refactor: remove warnings property from packager by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2687](https://github.com/defenseunicorns/zarf/pull/2687)
- refactor: remove sbom view files property from packager by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2695](https://github.com/defenseunicorns/zarf/pull/2695)
- fix: remove ignore label when adopting resource by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2699](https://github.com/defenseunicorns/zarf/pull/2699)
- fix: revert fix: remove ignore label when adopting resource by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2711](https://github.com/defenseunicorns/zarf/pull/2711)
- ci: run e2e tests by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2710](https://github.com/defenseunicorns/zarf/pull/2710)
- refactor: test and refactor split file by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2708](https://github.com/defenseunicorns/zarf/pull/2708)
- refactor: remove unused message functions and verbose logging by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2712](https://github.com/defenseunicorns/zarf/pull/2712)
- refactor: connect command list printing by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2703](https://github.com/defenseunicorns/zarf/pull/2703)
- docs: add contributing doc to root and add tsc by
[@&#8203;salaxander](https://github.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2706](https://github.com/defenseunicorns/zarf/pull/2706)
- fix: remove unpinned image warning in lint for cosign signatures by
[@&#8203;jasonwashburn](https://github.com/jasonwashburn) in
[https://github.com/defenseunicorns/zarf/pull/2681](https://github.com/defenseunicorns/zarf/pull/2681)

#### New Contributors

- [@&#8203;joelmccoy](https://github.com/joelmccoy) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2639](https://github.com/defenseunicorns/zarf/pull/2639)
- [@&#8203;chaospuppy](https://github.com/chaospuppy) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2662](https://github.com/defenseunicorns/zarf/pull/2662)
- [@&#8203;jasonwashburn](https://github.com/jasonwashburn) made their
first contribution in
[https://github.com/defenseunicorns/zarf/pull/2681](https://github.com/defenseunicorns/zarf/pull/2681)

**Full Changelog**:
zarf-dev/zarf@v0.35.0...v0.36.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.13`](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.25.12...v3.25.13)

###
[`v3.25.12`](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.12)

</details>

<details>
<summary>mattermost/mattermost-plugin-ai
(mattermost/mattermost-plugin-ai)</summary>

###
[`v0.8.3`](https://github.com/mattermost/mattermost-plugin-ai/releases/tag/v0.8.3)

[Compare
Source](https://github.com/mattermost/mattermost-plugin-ai/compare/v0.8.2...v0.8.3)

Fixes build system producing incorrect packages. No functional changes
from v0.8.2

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v37.440.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.440.4)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.440.0...37.440.4)

See https://github.com/renovatebot/renovate/releases/tag/37.440.4 for
more changes

###
[`v37.440.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.440.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.439.0...37.440.0)

See https://github.com/renovatebot/renovate/releases/tag/37.440.0 for
more changes

###
[`v37.439.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.439.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.438.4...37.439.0)

See https://github.com/renovatebot/renovate/releases/tag/37.439.0 for
more changes

###
[`v37.438.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.438.4)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.438.2...37.438.4)

See https://github.com/renovatebot/renovate/releases/tag/37.438.4 for
more changes

###
[`v37.438.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.438.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.438.0...37.438.2)

See https://github.com/renovatebot/renovate/releases/tag/37.438.2 for
more changes

###
[`v37.438.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.438.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.437.3...37.438.0)

See https://github.com/renovatebot/renovate/releases/tag/37.438.0 for
more changes

###
[`v37.437.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.437.3)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.437.2...37.437.3)

See https://github.com/renovatebot/renovate/releases/tag/37.437.3 for
more changes

###
[`v37.437.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.437.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.437.0...37.437.2)

See https://github.com/renovatebot/renovate/releases/tag/37.437.2 for
more changes

###
[`v37.437.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.437.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.434.3...37.437.0)

See https://github.com/renovatebot/renovate/releases/tag/37.437.0 for
more changes

###
[`v37.434.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.434.3)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.434.2...37.434.3)

See https://github.com/renovatebot/renovate/releases/tag/37.434.3 for
more changes

###
[`v37.434.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.434.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.434.0...37.434.2)

See https://github.com/renovatebot/renovate/releases/tag/37.434.2 for
more changes

###
[`v37.434.0`](https://github.com/renovatebot/pre-commit-hooks/compare/37.433.2...37.434.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.433.2...37.434.0)

###
[`v37.433.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.433.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.433.1...37.433.2)

See https://github.com/renovatebot/renovate/releases/tag/37.433.2 for
more changes

###
[`v37.433.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.433.1)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.433.0...37.433.1)

See https://github.com/renovatebot/renovate/releases/tag/37.433.1 for
more changes

###
[`v37.433.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.433.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.432.0...37.433.0)

See https://github.com/renovatebot/renovate/releases/tag/37.433.0 for
more changes

###
[`v37.432.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.432.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.7...37.432.0)

See https://github.com/renovatebot/renovate/releases/tag/37.432.0 for
more changes

###
[`v37.431.7`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.7)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.6...37.431.7)

See https://github.com/renovatebot/renovate/releases/tag/37.431.7 for
more changes

###
[`v37.431.6`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.6)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.5...37.431.6)

See https://github.com/renovatebot/renovate/releases/tag/37.431.6 for
more changes

###
[`v37.431.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.5)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.4...37.431.5)

See https://github.com/renovatebot/renovate/releases/tag/37.431.5 for
more changes

###
[`v37.431.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.4)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.2...37.431.4)

See https://github.com/renovatebot/renovate/releases/tag/37.431.4 for
more changes

###
[`v37.431.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.431.0...37.431.2)

See https://github.com/renovatebot/renovate/releases/tag/37.431.2 for
more changes

###
[`v37.431.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.431.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.430.0...37.431.0)

See https://github.com/renovatebot/renovate/releases/tag/37.431.0 for
more changes

###
[`v37.430.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.430.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.429.1...37.430.0)

See https://github.com/renovatebot/renovate/releases/tag/37.430.0 for
more changes

###
[`v37.429.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.429.1)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.429.0...37.429.1)

See https://github.com/renovatebot/renovate/releases/tag/37.429.1 for
more changes

###
[`v37.429.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.429.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.428.3...37.429.0)

See https://github.com/renovatebot/renovate/releases/tag/37.429.0 for
more changes

###
[`v37.428.3`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.428.3)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.428.2...37.428.3)

See https://github.com/renovatebot/renovate/releases/tag/37.428.3 for
more changes

###
[`v37.428.2`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.428.2)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.428.1...37.428.2)

See https://github.com/renovatebot/renovate/releases/tag/37.428.2 for
more changes

###
[`v37.428.1`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.428.1)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.428.0...37.428.1)

See https://github.com/renovatebot/renovate/releases/tag/37.428.1 for
more changes

###
[`v37.428.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.428.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.427.0...37.428.0)

See https://github.com/renovatebot/renovate/releases/tag/37.428.0 for
more changes

###
[`v37.427.0`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.427.0)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.426.5...37.427.0)

See https://github.com/renovatebot/renovate/releases/tag/37.427.0 for
more changes

###
[`v37.426.5`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.426.5)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.426.4...37.426.5)

See https://github.com/renovatebot/renovate/releases/tag/37.426.5 for
more changes

###
[`v37.426.4`](https://github.com/renovatebot/pre-commit-hooks/releases/tag/37.426.4)

[Compare
Source](https://github.com/renovatebot/pre-commit-hooks/compare/37.426.2...37.426.4)

See https://github.com/renovatebot/renovate/releases/tag/37.426.4 for
more changes

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://github.com/h0x0er) and
[@&#8203;varunsh-coder](https://github.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://github.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <me@racer159.com>
Release-As: v9.10.1-uds.0
karfau referenced this pull request in xmldom/xmldom Jul 28, 2024
@renovate
chore(deps): update actions/dependency-review-action action to v4.3.4 (
01d4051 
…#688)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| action | patch | `v4.3.3` -> `v4.3.4` |

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.4`](https://github.com/actions/dependency-review-action/releases/tag/v4.3.4)

[Compare
Source](https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4)

#### What's Changed

- Include all added dependencies in scorecard entries by
[@&#8203;elireisman](https://github.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/783](https://github.com/actions/dependency-review-action/pull/783)
- Update SPDX Expression Parsing by
[@&#8203;febuiles](https://github.com/febuiles) in
[https://github.com/actions/dependency-review-action/pull/719](https://github.com/actions/dependency-review-action/pull/719)
- This PR is a significant refactor of SPDX expression parsing that
*may* fix some bugs, but unfortunately there are several related known
issues that remain unresolved as of this version.

**Full Changelog**:
actions/dependency-review-action@v4.3.3...v4.3.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/xmldom/xmldom).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrysav mrysav mrysav approved these changes

Assignees

@elireisman elireisman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elireisman @mrysav