Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update all dependencies #313

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update all dependencies #313

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 1, 2024

This PR contains the following updates:

Package Type Update Change
actions/cache action minor v4.0.2 -> v4.2.0
actions/checkout action minor v4.1.7 -> v4.2.2
actions/upload-artifact action minor v4.3.4 -> v4.4.3
erlef/setup-elixir action patch v1.18.0 -> v1.18.2
ex_doc minor ~> 0.34 -> ~> 0.35
github/codeql-action action minor v3.25.12 -> v3.27.6
ossf/scorecard-action action minor v2.3.3 -> v2.4.0
step-security/harden-runner action minor v2.8.1 -> v2.10.2

Release Notes

actions/cache (actions/cache)

v4.2.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

Full Changelog: actions/cache@v4...v4.2.0

v4.1.2

Compare Source

What's Changed
New Contributors

Full Changelog: actions/cache@v4...v4.1.2

v4.1.1

Compare Source

What's Changed

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/cache@v4.0.2...v4.1.0

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

actions/upload-artifact (actions/upload-artifact)

v4.4.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed
New Contributors

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Compare Source

v4.3.6

Compare Source

v4.3.5

Compare Source

erlef/setup-elixir (erlef/setup-elixir)

v1.18.2

Compare Source

What's Changed

Full Changelog: erlef/setup-beam@v1.18.1...v1.18.2

v1.18.1

Compare Source

What's Changed

Full Changelog: erlef/setup-beam@v1...v1.18.1

github/codeql-action (github/codeql-action)

v3.27.6

Compare Source

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024
  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024
  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

v3.26.13

Compare Source

v3.26.12

Compare Source

v3.26.11

Compare Source

v3.26.10

Compare Source

v3.26.9

Compare Source

v3.26.8

Compare Source

v3.26.7

Compare Source

v3.26.6

Compare Source

v3.26.5

Compare Source

v3.26.4

Compare Source

v3.26.3

Compare Source

v3.26.2

Compare Source

v3.26.1

Compare Source

v3.26.0

Compare Source

v3.25.15

Compare Source

v3.25.14

Compare Source

v3.25.13

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

step-security/harden-runner (step-security/harden-runner)

v2.10.2

Compare Source

What's Changed
  1. Fixes low-severity command injection weaknesses
    The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

v2.10.1

Compare Source

What's Changed

Release v2.10.1 by @​varunsh-coder in https://github.com/step-security/harden-runner/pull/463
Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

v2.10.0

Compare Source

What's Changed

Release v2.10.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

v2.9.1

Compare Source

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #​440
This release includes two changes:

  1. Updated markdown displayed in the job summary by the Harden-Runner Action.
  2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0


Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from ddce10e to cb9f06b Compare August 6, 2024 17:51
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 224eb2c to 641b36e Compare August 19, 2024 19:04
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 9d6cbe8 to 1ed0e63 Compare August 24, 2024 01:27
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from c0b8bb3 to ca897d5 Compare August 30, 2024 19:46
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 5012c90 to ff24193 Compare September 13, 2024 16:01
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from 7818cb9 to f66031b Compare September 25, 2024 21:37
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 685ce19 to 5156a20 Compare October 4, 2024 22:58
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from 08d27d4 to bfc8ef7 Compare October 9, 2024 19:43
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from b928caa to dc0c8b1 Compare October 23, 2024 17:42
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 996d71b to bc255a2 Compare November 12, 2024 13:50
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 2128e8f to a454a8e Compare November 18, 2024 22:03
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from c0923ce to 609c317 Compare November 20, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants