From 6369bce3978b357f7127ec938c512469a0b9dfa3 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 22 May 2024 16:14:47 -0600
Subject: [PATCH] chore(deps): update maru support dependencies (#99)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | minor | `v1.9.0` -> `v1.10.0` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.0` -> `v5.0.1` |
| [anchore/sbom-action](https://togithub.com/anchore/sbom-action) |
action | minor | `v0.15.11` -> `v0.16.0` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.32.5` -> `v0.33.2` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.6` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |
---
### Release Notes
actions/create-github-app-token
(actions/create-github-app-token)
###
[`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0)
##### Features
- **`private-key`:** escaped newlines will be replaced
([#132](https://togithub.com/actions/create-github-app-token/issues/132))
([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f))
###
[`v1.9.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.3)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3)
##### Bug Fixes
- **deps:** bump undici from 6.10.2 to 6.11.1
([#125](https://togithub.com/actions/create-github-app-token/issues/125))
([3c223c7](https://togithub.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)),
closes
[#3024](https://togithub.com/actions/create-github-app-token/issues/3024)
[nodejs/undici#3044](https://togithub.com/nodejs/undici/issues/3044)
[#3023](https://togithub.com/actions/create-github-app-token/issues/3023)
[nodejs/undici#3025](https://togithub.com/nodejs/undici/issues/3025)
[nodejs/undici#3024](https://togithub.com/nodejs/undici/issues/3024)
[nodejs/undici#3034](https://togithub.com/nodejs/undici/issues/3034)
[nodejs/undici#3038](https://togithub.com/nodejs/undici/issues/3038)
[nodejs/undici#2947](https://togithub.com/nodejs/undici/issues/2947)
[nodejs/undici#3040](https://togithub.com/nodejs/undici/issues/3040)
[nodejs/undici#3036](https://togithub.com/nodejs/undici/issues/3036)
[nodejs/undici#3041](https://togithub.com/nodejs/undici/issues/3041)
[#3024](https://togithub.com/actions/create-github-app-token/issues/3024)
[#3041](https://togithub.com/actions/create-github-app-token/issues/3041)
[#3036](https://togithub.com/actions/create-github-app-token/issues/3036)
###
[`v1.9.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.2)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2)
##### Bug Fixes
- **deps:** bump the production-dependencies group with 1 update
([#123](https://togithub.com/actions/create-github-app-token/issues/123))
([beea7b8](https://togithub.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)),
closes
[nodejs/undici#2978](https://togithub.com/nodejs/undici/issues/2978)
[nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980)
[#2982](https://togithub.com/actions/create-github-app-token/issues/2982)
[nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991)
[#2986](https://togithub.com/actions/create-github-app-token/issues/2986)
[nodejs/undici#2992](https://togithub.com/nodejs/undici/issues/2992)
[nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985)
[nodejs/undici#2993](https://togithub.com/nodejs/undici/issues/2993)
[nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995)
[nodejs/undici#2998](https://togithub.com/nodejs/undici/issues/2998)
[#2863](https://togithub.com/actions/create-github-app-token/issues/2863)
[nodejs/undici#2999](https://togithub.com/nodejs/undici/issues/2999)
[nodejs/undici#3001](https://togithub.com/nodejs/undici/issues/3001)
[nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980)
[nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991)
[nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985)
[nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995)
[nodejs/undici#2960](https://togithub.com/nodejs/undici/issues/2960)
[nodejs/undici#2959](https://togithub.com/nodejs/undici/issues/2959)
[nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962)
[nodejs/undici#2974](https://togithub.com/nodejs/undici/issues/2974)
[nodejs/undici#2967](https://togithub.com/nodejs/undici/issues/2967)
[nodejs/undici#2966](https://togithub.com/nodejs/undici/issues/2966)
[nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962)
[nodejs/undici#2826](https://togithub.com/nodejs/undici/issues/2826)
[nodejs/undici#2952](https://togithub.com/nodejs/undici/issues/2952)
[#3001](https://togithub.com/actions/create-github-app-token/issues/3001)
[#2863](https://togithub.com/actions/create-github-app-token/issues/2863)
[#2999](https://togithub.com/actions/create-github-app-token/issues/2999)
[#2998](https://togithub.com/actions/create-github-app-token/issues/2998)
[#2993](https://togithub.com/actions/create-github-app-token/issues/2993)
[#2986](https://togithub.com/actions/create-github-app-token/issues/2986)
[#2992](https://togithub.com/actions/create-github-app-token/issues/2992)
[#2991](https://togithub.com/actions/create-github-app-token/issues/2991)
[#2987](https://togithub.com/actions/create-github-app-token/issues/2987)
###
[`v1.9.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.1)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1)
##### Bug Fixes
- clarify `owner` input description
([#118](https://togithub.com/actions/create-github-app-token/issues/118))
([d9bc169](https://togithub.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f))
actions/setup-go (actions/setup-go)
###
[`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1)
[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1)
#### What's Changed
- Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by
[@dependabot](https://togithub.com/dependabot) ,
[@HarithaVattikuti](https://togithub.com/HarithaVattikuti) in
[https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465)
- Update documentation with latest V5 release notes by
[@ab](https://togithub.com/ab) in
[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)
- Update version documentation by
[@178inaba](https://togithub.com/178inaba) in
[https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458)
- Documentation update of `actions/setup-go` to v5 by
[@chenrui333](https://togithub.com/chenrui333) in
[https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449)
#### New Contributors
- [@ab](https://togithub.com/ab) made their first contribution in
[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)
**Full Changelog**:
https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1
anchore/sbom-action (anchore/sbom-action)
###
[`v0.16.0`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.0):
v0.16
[Compare
Source](https://togithub.com/anchore/sbom-action/compare/v0.15.11...v0.16.0)
#### Changes in v0.16.0
- Update Syft to v1.4.1
([#465](https://togithub.com/anchore/sbom-action/issues/465))
- Update GitHub artifact client
([#463](https://togithub.com/anchore/sbom-action/issues/463))
\[[kzantow](https://togithub.com/kzantow)]
defenseunicorns/zarf (defenseunicorns/zarf)
###
[`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2)
[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2)
##### What's Changed
- fix: schema integration by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463)
- docs: add contributor covenant code of conduct by
[@salaxander](https://togithub.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462)
- docs: fix casing on code of conduct badge by
[@salaxander](https://togithub.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466)
- fix(deps): update github.com/anchore/clio digest to
[`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by
[@renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424)
- fix: update docker media type in registry by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476)
- fix: adds GetVariableConfig function for packager by
[@decleaver](https://togithub.com/decleaver) in
[https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475)
- test: add tests for remove copies from components to enable
refactoring by [@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473)
- fix!: do not uninstall helm chart after failed install or upgrade by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456)
- feat: inspect --list-images by
[@Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478)
- refactor: remove copies from components to a filter by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474)
- chore: add support.md by
[@schristoff](https://togithub.com/schristoff) in
[https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480)
- chore: add a check for go mod tidy by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481)
- fix: use correct sha256 checksum for arm64 injector binary by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483)
- fix: simplify go mod tidy check by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482)
##### New Contributors
- [@salaxander](https://togithub.com/salaxander) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462)
- [@phillebaba](https://togithub.com/phillebaba) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473)
- [@schristoff](https://togithub.com/schristoff) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480)
**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2
###
[`v0.33.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.1)
[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1)
#### What's Changed
- fix: add redirect so old zarf base link is compatiable by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2432](https://togithub.com/defenseunicorns/zarf/pull/2432)
- ci: pin third-party gh actions by hash by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2433](https://togithub.com/defenseunicorns/zarf/pull/2433)
- docs: add redirect for examples by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2438](https://togithub.com/defenseunicorns/zarf/pull/2438)
- docs: update contributing and pre-commit by
[@Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2439](https://togithub.com/defenseunicorns/zarf/pull/2439)
- ci: fix revive image ref in lint workflow by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2436](https://togithub.com/defenseunicorns/zarf/pull/2436)
- fix: filter on running pods when finding an image for injector pod by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2415](https://togithub.com/defenseunicorns/zarf/pull/2415)
- fix: readme dead links by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2442](https://togithub.com/defenseunicorns/zarf/pull/2442)
- fix: differential package create with non local sources by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2444](https://togithub.com/defenseunicorns/zarf/pull/2444)
- refactor: move variables into separate package by
[@Racer159](https://togithub.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2414](https://togithub.com/defenseunicorns/zarf/pull/2414)
- ci: add top level workflow permission to commitlint by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2449](https://togithub.com/defenseunicorns/zarf/pull/2449)
- ci: remove unused env var from codeql workflow by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2450](https://togithub.com/defenseunicorns/zarf/pull/2450)
- chore: cleanup root level files and add SPDX check for Go files by
[@Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2431](https://togithub.com/defenseunicorns/zarf/pull/2431)
- feat: config to enable resilient registry by
[@Michael-Kruggel](https://togithub.com/Michael-Kruggel) in
[https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440)
- docs: init package clarity and cleanup by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2447](https://togithub.com/defenseunicorns/zarf/pull/2447)
- ci: compare cves to main by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2448](https://togithub.com/defenseunicorns/zarf/pull/2448)
- test: unpin version in bigbang extension test by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2459](https://togithub.com/defenseunicorns/zarf/pull/2459)
- fix: broken schema from unexpanded embedded variables by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2458](https://togithub.com/defenseunicorns/zarf/pull/2458)
- fix: error on create if an index sha is used by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2429](https://togithub.com/defenseunicorns/zarf/pull/2429)
#### New Contributors
- [@Michael-Kruggel](https://togithub.com/Michael-Kruggel) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440)
**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1
###
[`v0.33.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.0)
[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0)
#### What's Changed
- fix: update deprecated syft packages command to syft scan by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2399](https://togithub.com/defenseunicorns/zarf/pull/2399)
- chore: move helpers to defenseunicorns/pkg by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2402](https://togithub.com/defenseunicorns/zarf/pull/2402)
- fix(deps): update github.com/anchore/clio digest to
[`fb5fc4c`](https://togithub.com/defenseunicorns/zarf/commit/fb5fc4c) by
[@renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2366](https://togithub.com/defenseunicorns/zarf/pull/2366)
- feat(tools): add yq by
[@zachariahmiller](https://togithub.com/zachariahmiller) in
[https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406)
- chore: switch to use oci lib in defenseunicorns/pkg by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2404](https://togithub.com/defenseunicorns/zarf/pull/2404)
- fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1
by [@renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2411](https://togithub.com/defenseunicorns/zarf/pull/2411)
- fix: use env var for PR title in commitlint workflow to prevent
untrusted script injection by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2418](https://togithub.com/defenseunicorns/zarf/pull/2418)
- fix: use default GITHUB_TOKEN for ossf/scorecard-action by
[@bburky](https://togithub.com/bburky) in
[https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416)
- fix: remove duplicate logic for writing image layers to disk
concurrently by [@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2409](https://togithub.com/defenseunicorns/zarf/pull/2409)
- feat: add option to skip cosign lookup during find images by
[@Racer159](https://togithub.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2427](https://togithub.com/defenseunicorns/zarf/pull/2427)
- feat: allow chart deploy overrides ALPHA by
[@naveensrinivasan](https://togithub.com/naveensrinivasan) in
[https://github.com/defenseunicorns/zarf/pull/2403](https://togithub.com/defenseunicorns/zarf/pull/2403)
- chore: update pull_request_template.md by
[@Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2428](https://togithub.com/defenseunicorns/zarf/pull/2428)
- ci: pin k3s image version in k3d github action by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2430](https://togithub.com/defenseunicorns/zarf/pull/2430)
- feat(docs): port docs to starlight by
[@Noxsios](https://togithub.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2315](https://togithub.com/defenseunicorns/zarf/pull/2315)
#### New Contributors
- [@zachariahmiller](https://togithub.com/zachariahmiller) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406)
- [@bburky](https://togithub.com/bburky) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416)
**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0
###
[`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6)
[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6)
#### \[0.32.6] - 2024-03-22
> trying out some different release note generators, formatting may vary
for a few releases while we figure out what works best
~[@Noxsios](https://togithub.com/Noxsios)
##### ๐ Features
- \[**ALPHA**] feat: package generation ALPHA by
[@andrewg-xyz](https://togithub.com/andrewg-xyz) in
[#2269](https://togithub.com/defenseunicorns/zarf/pull/2269)
- *(lib)* feat(lib): configurable log file location by
[@Noxsios](https://togithub.com/Noxsios) in
[#2380](https://togithub.com/defenseunicorns/zarf/pull/2380)
- \[**BREAKING**] feat!: filter package components with strategy
interface by [@Noxsios](https://togithub.com/Noxsios) in
[#2321](https://togithub.com/defenseunicorns/zarf/pull/2321)
##### ๐ Bug Fixes
- fix: refactor create stages into separate lib by
[@lucasrod16](https://togithub.com/lucasrod16) in
[#2223](https://togithub.com/defenseunicorns/zarf/pull/2223)
- fix: handle registry caBundle as a multiline string by
[@AbrohamLincoln](https://togithub.com/AbrohamLincoln) in
[#2381](https://togithub.com/defenseunicorns/zarf/pull/2381)
- *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and
`mirror` by [@lucasrod16](https://togithub.com/lucasrod16) in
[#2386](https://togithub.com/defenseunicorns/zarf/pull/2386)
- fix: allow absolute paths for differential packages by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[#2397](https://togithub.com/defenseunicorns/zarf/pull/2397)
- fix: hotfix skeleton publish by
[@Noxsios](https://togithub.com/Noxsios) in
[#2398](https://togithub.com/defenseunicorns/zarf/pull/2398)
##### ๐ Refactor
- refactor: split helpers/exec libs by
[@Racer159](https://togithub.com/Racer159) in
[#2379](https://togithub.com/defenseunicorns/zarf/pull/2379)
##### ๐งช Testing
- test: data injection flake by
[@lucasrod16](https://togithub.com/lucasrod16) in
[#2361](https://togithub.com/defenseunicorns/zarf/pull/2361)
##### โ๏ธ Miscellaneous Tasks
- ci: add commitlint workflow and update contributing guide by
[@lucasrod16](https://togithub.com/lucasrod16) in
[#2391](https://togithub.com/defenseunicorns/zarf/pull/2391)
##### ๐ก๏ธ Security
- *(release)* build: create PRs on `homebrew-tap` by
[@Noxsios](https://togithub.com/Noxsios) in
[#2385](https://togithub.com/defenseunicorns/zarf/pull/2385)
**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6
github/codeql-action (github/codeql-action)
###
[`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)
###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)
###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)
goreleaser/goreleaser-action
(goreleaser/goreleaser-action)
###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)
[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)
#### Important
This version changes the default behavior of `latest` to `~> v1`.
The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.
#### What's Changed
- docs: bump actions to latest major by
[@crazy-max](https://togithub.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435)
- chore(deps): bump docker/bake-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437)
- chore(deps): bump actions/setup-go from 4 to 5 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443)
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444)
- Delete .kodiak.toml by
[@vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448)
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450)
- Upgrade setup-go action version in README by
[@kishaningithub](https://togithub.com/kishaningithub) in
[https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455)
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456)
- chore: use corepack to install yarn by
[@crazy-max](https://togithub.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458)
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@caarlos0](https://togithub.com/caarlos0) in
[https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461)
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462)
- chore(deps): bump
[@actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451)
#### New Contributors
- [@vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)
**Full Changelog**:
https://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0
ossf/scorecard-action (ossf/scorecard-action)
###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)
[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)
> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag
#### What's Changed
- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366)
- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374)
- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377)
For a full changelist of what these include, see the
[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.
##### Documentation
- :book: Move token discussion out of main README. by
[@spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279)
- :book: link to `ossf/scorecard` workflow instead of maintaining an
example by [@spencerschrock](https://togithub.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352)
- :book: update api links to new scorecard.dev site by
[@spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376)
**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)
[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)
---
### Configuration
๐
**Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).
๐ฆ **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
โป **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
๐ป **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
.github/actions/golang/action.yaml | 2 +-
.github/actions/install-tools/action.yaml | 2 +-
.github/actions/zarf/action.yaml | 2 +-
.github/workflows/release.yaml | 4 ++--
.github/workflows/scan-codeql.yaml | 4 ++--
.github/workflows/scorecard.yaml | 4 ++--
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
index b13f384..cf102bf 100644
--- a/.github/actions/golang/action.yaml
+++ b/.github/actions/golang/action.yaml
@@ -4,6 +4,6 @@ description: "Setup Go binary and caching"
runs:
using: composite
steps:
- - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.21.x
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
index 9ed249b..6a22639 100644
--- a/.github/actions/install-tools/action.yaml
+++ b/.github/actions/install-tools/action.yaml
@@ -6,7 +6,7 @@ runs:
steps:
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
+ - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
- run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
shell: bash
diff --git a/.github/actions/zarf/action.yaml b/.github/actions/zarf/action.yaml
index b0b458d..e6ec5fc 100644
--- a/.github/actions/zarf/action.yaml
+++ b/.github/actions/zarf/action.yaml
@@ -7,4 +7,4 @@ runs:
- uses: defenseunicorns/setup-zarf@main
with:
# renovate: datasource=github-tags depName=defenseunicorns/zarf
- version: v0.32.5
+ version: v0.33.2
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index eeda68e..277b37d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -104,7 +104,7 @@ jobs:
- name: Get Brew tap repo token
id: brew-tap-token
- uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+ uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
with:
app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
@@ -112,7 +112,7 @@ jobs:
repositories: homebrew-tap
- name: Run GoReleaser
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+ uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
with:
distribution: goreleaser
version: latest
diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml
index 0211c1d..5ad7489 100644
--- a/.github/workflows/scan-codeql.yaml
+++ b/.github/workflows/scan-codeql.yaml
@@ -45,7 +45,7 @@ jobs:
run: make build-cli-linux-amd
- name: Initialize CodeQL
- uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
with:
@@ -54,6 +54,6 @@ jobs:
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index b1f8752..55041bf 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -27,7 +27,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+ uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
@@ -45,6 +45,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
with:
sarif_file: results.sarif