From 84cf2f7015b98bcc32087b23beb26165c3e9f0b6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 20:21:24 -0600
Subject: [PATCH] chore(deps): update maru support dependencies (#119)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.6` -> `v4.1.7` |
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | patch | `v1.10.1` -> `v1.10.3` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.7` -> `v4.1.8` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.1` -> `v5.0.2` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v4.0.2` -> `v4.0.3` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.3` -> `v4.3.4` |
| [anchore/sbom-action](https://togithub.com/anchore/sbom-action) |
action | patch | `v0.16.0` -> `v0.16.1` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.34.0` -> `v0.35.0` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | minor | `v3.3.0` -> `v3.4.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.8` -> `v3.25.11` |
---
### Release Notes
actions/checkout (actions/checkout)
###
[`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417)
[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7)
- Bump the minor-npm-dependencies group across 1 directory with 4
updates by [@dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739)
- Bump actions/checkout from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697)
- Check out other refs/\* by commit by
[@orhantoy](https://togithub.com/orhantoy) in
[https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774)
- Pin actions/checkout's own workflows to a known, good, stable version.
by [@jww3](https://togithub.com/jww3) in
[https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776)
actions/create-github-app-token
(actions/create-github-app-token)
###
[`v1.10.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.3)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.2...v1.10.3)
##### Bug Fixes
- **deps:** bump undici from 6.18.2 to 6.19.2 in the
production-dependencies group
([#149](https://togithub.com/actions/create-github-app-token/issues/149))
([cc82279](https://togithub.com/actions/create-github-app-token/commit/cc82279e84540c5543078cedc5af4fcfab0a96bb)),
closes
[#3337](https://togithub.com/actions/create-github-app-token/issues/3337)
[nodejs/undici#3338](https://togithub.com/nodejs/undici/issues/3338)
[nodejs/undici#3340](https://togithub.com/nodejs/undici/issues/3340)
[nodejs/undici#3332](https://togithub.com/nodejs/undici/issues/3332)
[nodejs/undici#3335](https://togithub.com/nodejs/undici/issues/3335)
[nodejs/undici#3305](https://togithub.com/nodejs/undici/issues/3305)
[nodejs/undici#3303](https://togithub.com/nodejs/undici/issues/3303)
[nodejs/undici#3304](https://togithub.com/nodejs/undici/issues/3304)
[nodejs/undici#3306](https://togithub.com/nodejs/undici/issues/3306)
[nodejs/undici#3309](https://togithub.com/nodejs/undici/issues/3309)
[nodejs/undici#3313](https://togithub.com/nodejs/undici/issues/3313)
[nodejs/undici#3311](https://togithub.com/nodejs/undici/issues/3311)
[nodejs/undici#3107](https://togithub.com/nodejs/undici/issues/3107)
[nodejs/undici#3302](https://togithub.com/nodejs/undici/issues/3302)
[nodejs/undici#3320](https://togithub.com/nodejs/undici/issues/3320)
[nodejs/undici#3321](https://togithub.com/nodejs/undici/issues/3321)
[nodejs/undici#3316](https://togithub.com/nodejs/undici/issues/3316)
[nodejs/undici#3318](https://togithub.com/nodejs/undici/issues/3318)
[nodejs/undici#3326](https://togithub.com/nodejs/undici/issues/3326)
[nodejs/undici#3324](https://togithub.com/nodejs/undici/issues/3324)
[nodejs/undici#3325](https://togithub.com/nodejs/undici/issues/3325)
[nodejs/undici#3316](https://togithub.com/nodejs/undici/issues/3316)
[nodejs/undici#3318](https://togithub.com/nodejs/undici/issues/3318)
[#3342](https://togithub.com/actions/create-github-app-token/issues/3342)
[#3332](https://togithub.com/actions/create-github-app-token/issues/3332)
[#3340](https://togithub.com/actions/create-github-app-token/issues/3340)
[#3337](https://togithub.com/actions/create-github-app-token/issues/3337)
[#3338](https://togithub.com/actions/create-github-app-token/issues/3338)
[#3336](https://togithub.com/actions/create-github-app-token/issues/3336)
[#3335](https://togithub.com/actions/create-github-app-token/issues/3335)
[#3325](https://togithub.com/actions/create-github-app-token/issues/3325)
[#3324](https://togithub.com/actions/create-github-app-token/issues/3324)
[#3326](https://togithub.com/actions/create-github-app-token/issues/3326)
###
[`v1.10.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.2)
[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.1...v1.10.2)
##### Bug Fixes
- do not revoke token if already expired
([#147](https://togithub.com/actions/create-github-app-token/issues/147))
([66a7045](https://togithub.com/actions/create-github-app-token/commit/66a70456860bafc79e37635eea77b8b2a929f6c8)),
closes
[#140](https://togithub.com/actions/create-github-app-token/issues/140)
[#95](https://togithub.com/actions/create-github-app-token/issues/95)
actions/download-artifact (actions/download-artifact)
###
[`v4.1.8`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.8)
[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.7...v4.1.8)
##### What's Changed
- Update
[@actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@robherley](https://togithub.com/robherley) in
[https://github.com/actions/download-artifact/pull/341](https://togithub.com/actions/download-artifact/pull/341)
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.8
actions/setup-go (actions/setup-go)
###
[`v5.0.2`](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)
[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)
actions/setup-node (actions/setup-node)
###
[`v4.0.3`](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)
[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)
actions/upload-artifact (actions/upload-artifact)
###
[`v4.3.4`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.4)
[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.3...v4.3.4)
##### What's Changed
- Update
[@actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@robherley](https://togithub.com/robherley) in
[https://github.com/actions/upload-artifact/pull/584](https://togithub.com/actions/upload-artifact/pull/584)
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4
anchore/sbom-action (anchore/sbom-action)
###
[`v0.16.1`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.1)
[Compare
Source](https://togithub.com/anchore/sbom-action/compare/v0.16.0...v0.16.1)
#### Changes in v0.16.1
- fix: workaround windows install issue
([#477](https://togithub.com/anchore/sbom-action/issues/477))
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- fix: allow users to properly use the file input over the default path
value
([#471](https://togithub.com/anchore/sbom-action/issues/471))
\[[komish](https://togithub.com/komish)]
- chore(deps): update Syft to v1.5.0
([#470](https://togithub.com/anchore/sbom-action/issues/470))
\[[anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)]
- docs: notes for matrix and required permissions
([#469](https://togithub.com/anchore/sbom-action/issues/469))
\[[kzantow](https://togithub.com/kzantow)]
- chore(deps): bump actions/checkout from 4.1.5 to 4.1.6
([#466](https://togithub.com/anchore/sbom-action/issues/466))
\[[dependabot](https://togithub.com/dependabot)]
defenseunicorns/zarf (defenseunicorns/zarf)
###
[`v0.35.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.35.0)
[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.34.0...v0.35.0)
##### What's Changed
- refactor: remove use of k8s info and nodes by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2551](https://togithub.com/defenseunicorns/zarf/pull/2551)
- test: shutdown http test servers by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2559](https://togithub.com/defenseunicorns/zarf/pull/2559)
- feat: adding labels to all resources mutated by the agent by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2557](https://togithub.com/defenseunicorns/zarf/pull/2557)
- test: zarf init state by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2556](https://togithub.com/defenseunicorns/zarf/pull/2556)
- refactor: remove use of k8s deprecations by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2560](https://togithub.com/defenseunicorns/zarf/pull/2560)
- test: remove validate pkg arch e2e test by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2563](https://togithub.com/defenseunicorns/zarf/pull/2563)
- test: remove TestMismatchedVersions e2e test by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2564](https://togithub.com/defenseunicorns/zarf/pull/2564)
- test: delete agent e2e label test by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2568](https://togithub.com/defenseunicorns/zarf/pull/2568)
- fix: add custom error printing for Zarf commands by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2575](https://togithub.com/defenseunicorns/zarf/pull/2575)
- refactor: remove use of k8s dynamic by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2561](https://togithub.com/defenseunicorns/zarf/pull/2561)
- refactor: remove use of k8s namespace by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2550](https://togithub.com/defenseunicorns/zarf/pull/2550)
- fix: cancel Cobra parent context on interrupt by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2567](https://togithub.com/defenseunicorns/zarf/pull/2567)
- refactor: use root ctx in agent by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2578](https://togithub.com/defenseunicorns/zarf/pull/2578)
- chore: deprecate DeprecatedKeys by
[@schristoff-du](https://togithub.com/schristoff-du) in
[https://github.com/defenseunicorns/zarf/pull/2581](https://togithub.com/defenseunicorns/zarf/pull/2581)
- test: validate package by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2569](https://togithub.com/defenseunicorns/zarf/pull/2569)
- chore: fix typos by
[@beholdenkey](https://togithub.com/beholdenkey) in
[https://github.com/defenseunicorns/zarf/pull/2590](https://togithub.com/defenseunicorns/zarf/pull/2590)
- fix: docker containerd blob error by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2593](https://togithub.com/defenseunicorns/zarf/pull/2593)
- fix(deps): update module github.com/defenseunicorns/pkg/oci to v1 by
[@renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2511](https://togithub.com/defenseunicorns/zarf/pull/2511)
- fix: change so that second SIGINT signal immediately exits program by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2598](https://togithub.com/defenseunicorns/zarf/pull/2598)
- refactor: add context in packager by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2597](https://togithub.com/defenseunicorns/zarf/pull/2597)
- chore: update go version to 1.22.4 by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2595](https://togithub.com/defenseunicorns/zarf/pull/2595)
- fix: handle errors in version command by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2589](https://togithub.com/defenseunicorns/zarf/pull/2589)
- fix: cosign image pulls by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2599](https://togithub.com/defenseunicorns/zarf/pull/2599)
- refactor: move k8s tunnel to cluster package by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2566](https://togithub.com/defenseunicorns/zarf/pull/2566)
- test: cleanup e2e tests by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2601](https://togithub.com/defenseunicorns/zarf/pull/2601)
- refactor: enable errcheck linter by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2501](https://togithub.com/defenseunicorns/zarf/pull/2501)
- fix: crane option argument parameters by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2609](https://togithub.com/defenseunicorns/zarf/pull/2609)
- feat: remove .metadata.image from schema by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2606](https://togithub.com/defenseunicorns/zarf/pull/2606)
- refactor: remove use of k8s pods by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2553](https://togithub.com/defenseunicorns/zarf/pull/2553)
- fix: pass image reference to syft sbom source object by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2612](https://togithub.com/defenseunicorns/zarf/pull/2612)
- fix: only build a single binary in the init-package make target by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2614](https://togithub.com/defenseunicorns/zarf/pull/2614)
- fix: avoid injector pod name collisions by
[@lucasrod16](https://togithub.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2620](https://togithub.com/defenseunicorns/zarf/pull/2620)
- fix: no longer remove the agent ignore label from namespaces by
[@Racer159](https://togithub.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2623](https://togithub.com/defenseunicorns/zarf/pull/2623)
- refactor: remove use of k8s secret by
[@phillebaba](https://togithub.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2565](https://togithub.com/defenseunicorns/zarf/pull/2565)
- fix: using a new s3 backend for test data by
[@AustinAbro321](https://togithub.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2630](https://togithub.com/defenseunicorns/zarf/pull/2630)
- chore(deps): update goreleaser/goreleaser-action action to v6 by
[@renovate](https://togithub.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2596](https://togithub.com/defenseunicorns/zarf/pull/2596)
**Full Changelog**:
https://github.com/defenseunicorns/zarf/compare/v0.34.0...v0.35.0
docker/setup-buildx-action
(docker/setup-buildx-action)
###
[`v3.4.0`](https://togithub.com/docker/setup-buildx-action/releases/tag/v3.4.0)
[Compare
Source](https://togithub.com/docker/setup-buildx-action/compare/v3.3.0...v3.4.0)
- Throw error message instead of exit code by
[@crazy-max](https://togithub.com/crazy-max) in
[https://github.com/docker/setup-buildx-action/pull/315](https://togithub.com/docker/setup-buildx-action/pull/315)
- Bump
[@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.20.0 to 0.31.0 in
[https://github.com/docker/setup-buildx-action/pull/321](https://togithub.com/docker/setup-buildx-action/pull/321)
[https://github.com/docker/setup-buildx-action/pull/338](https://togithub.com/docker/setup-buildx-action/pull/338)
- Bump braces from 3.0.2 to 3.0.3 in
[https://github.com/docker/setup-buildx-action/pull/329](https://togithub.com/docker/setup-buildx-action/pull/329)
- Bump undici from 5.28.3 to 5.28.4 in
[https://github.com/docker/setup-buildx-action/pull/312](https://togithub.com/docker/setup-buildx-action/pull/312)
- Bump uuid from 9.0.1 to 10.0.0 in
[https://github.com/docker/setup-buildx-action/pull/326](https://togithub.com/docker/setup-buildx-action/pull/326)
**Full Changelog**:
https://github.com/docker/setup-buildx-action/compare/v3.3.0...v3.4.0
github/codeql-action (github/codeql-action)
###
[`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)
###
[`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)
###
[`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)
---
### Configuration
📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr
---
.github/actions/golang/action.yaml | 2 +-
.github/actions/install-tools/action.yaml | 4 ++--
.github/actions/save-logs/action.yaml | 2 +-
.github/actions/zarf/action.yaml | 2 +-
.github/workflows/commitlint.yaml | 4 ++--
.github/workflows/dependency-review.yaml | 2 +-
.github/workflows/release.yaml | 14 +++++++-------
.github/workflows/scan-codeql.yaml | 6 +++---
.github/workflows/scan-lint.yaml | 2 +-
.github/workflows/scorecard.yaml | 6 +++---
.github/workflows/test-e2e-pr.yaml | 2 +-
.github/workflows/test-schema.yaml | 2 +-
.github/workflows/test-unit-pr.yaml | 2 +-
13 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
index cf102bf..60cf98e 100644
--- a/.github/actions/golang/action.yaml
+++ b/.github/actions/golang/action.yaml
@@ -4,6 +4,6 @@ description: "Setup Go binary and caching"
runs:
using: composite
steps:
- - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+ - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.21.x
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
index 6a22639..90b4032 100644
--- a/.github/actions/install-tools/action.yaml
+++ b/.github/actions/install-tools/action.yaml
@@ -6,9 +6,9 @@ runs:
steps:
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
+ - uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
- run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
shell: bash
- - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+ - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml
index 37cadf4..23cdef6 100644
--- a/.github/actions/save-logs/action.yaml
+++ b/.github/actions/save-logs/action.yaml
@@ -4,7 +4,7 @@ description: "Save debug logs"
runs:
using: composite
steps:
- - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+ - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: debug-log
path: /tmp/maru-*.log
diff --git a/.github/actions/zarf/action.yaml b/.github/actions/zarf/action.yaml
index 073361c..8cc235f 100644
--- a/.github/actions/zarf/action.yaml
+++ b/.github/actions/zarf/action.yaml
@@ -7,4 +7,4 @@ runs:
- uses: defenseunicorns/setup-zarf@main
with:
# renovate: datasource=github-tags depName=defenseunicorns/zarf
- version: v0.34.0
+ version: v0.35.0
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 2fdbbf6..e661cce 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -16,12 +16,12 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Setup Node.js
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+ uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
- name: Install commitlint
run: npm install --save-dev @commitlint/{config-conventional,cli}
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index 7b289a7..ae4d4d5 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Dependency Review
uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 09a7d6d..5f69d41 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -11,7 +11,7 @@ jobs:
steps:
# Checkout the repo and setup the tooling for this job
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
@@ -24,7 +24,7 @@ jobs:
# Upload the contents of the build directory for later stages to use
- name: Upload build artifacts
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+ uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: build-artifacts
path: build/
@@ -38,12 +38,12 @@ jobs:
steps:
# Checkout the repo and setup the tooling for this job
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Download build artifacts
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+ uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-artifacts
path: build/
@@ -78,7 +78,7 @@ jobs:
contents: write
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
@@ -89,7 +89,7 @@ jobs:
uses: ./.github/actions/install-tools
- name: Download build artifacts
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+ uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-artifacts
path: build/
@@ -104,7 +104,7 @@ jobs:
- name: Get Brew tap repo token
id: brew-tap-token
- uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
+ uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
with:
app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml
index f9a9c68..a261f3e 100644
--- a/.github/workflows/scan-codeql.yaml
+++ b/.github/workflows/scan-codeql.yaml
@@ -36,7 +36,7 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup golang
uses: ./.github/actions/golang
@@ -45,7 +45,7 @@ jobs:
run: make build-cli-linux-amd
- name: Initialize CodeQL
- uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+ uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
env:
CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
with:
@@ -54,6 +54,6 @@ jobs:
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+ uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scan-lint.yaml b/.github/workflows/scan-lint.yaml
index c4af665..ad9dc13 100644
--- a/.github/workflows/scan-lint.yaml
+++ b/.github/workflows/scan-lint.yaml
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup golang
uses: ./.github/actions/golang
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index 61afd07..f94ede9 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
@@ -37,7 +37,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+ uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: SARIF file
path: results.sarif
@@ -45,6 +45,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+ uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
sarif_file: results.sarif
diff --git a/.github/workflows/test-e2e-pr.yaml b/.github/workflows/test-e2e-pr.yaml
index 972aa11..68cf848 100644
--- a/.github/workflows/test-e2e-pr.yaml
+++ b/.github/workflows/test-e2e-pr.yaml
@@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup golang
uses: ./.github/actions/golang
diff --git a/.github/workflows/test-schema.yaml b/.github/workflows/test-schema.yaml
index 04d4cbe..8681ae1 100644
--- a/.github/workflows/test-schema.yaml
+++ b/.github/workflows/test-schema.yaml
@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup golang
uses: ./.github/actions/golang
diff --git a/.github/workflows/test-unit-pr.yaml b/.github/workflows/test-unit-pr.yaml
index 933c4ac..c5caeb8 100644
--- a/.github/workflows/test-unit-pr.yaml
+++ b/.github/workflows/test-unit-pr.yaml
@@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup golang
uses: ./.github/actions/golang