-
Notifications
You must be signed in to change notification settings - Fork 2
Commit e08e25e
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(deps): update maru support dependencies (#181)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token)
| action | patch | `v1.11.1` -> `v1.11.6` |
|
[actions/download-artifact](https://redirect.github.com/actions/download-artifact)
| action | patch | `v4.1.8` -> `v4.1.9` |
| [actions/setup-go](https://redirect.github.com/actions/setup-go) |
action | minor | `v5.2.0` -> `v5.3.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | minor | `v4.1.0` -> `v4.2.0` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | patch | `v4.6.0` -> `v4.6.1` |
| [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action)
| action | minor | `v0.17.9` -> `v0.18.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | patch | `v3.28.1` -> `v3.28.11` |
|
[goreleaser/goreleaser-action](https://redirect.github.com/goreleaser/goreleaser-action)
| action | minor | `v6.1.0` -> `v6.2.1` |
|
[morphy/revive-action](https://redirect.github.com/morphy2k/revive-action)
| docker | digest | `793c4e8` -> `28eca8b` |
|
[ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action)
| action | patch | `v2.4.0` -> `v2.4.1` |
| [zarf-dev/zarf](https://redirect.github.com/zarf-dev/zarf) | | minor |
`v0.46.0` -> `v0.49.1` |
---
### Release Notes
<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>
###
[`v1.11.6`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.6)
[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6)
##### Bug Fixes
- **deps:** bump the production-dependencies group with 2 updates
([#​210](https://redirect.github.com/actions/create-github-app-token/issues/210))
([1ff1dea](https://redirect.github.com/actions/create-github-app-token/commit/1ff1dea6a9d1de5b4795e5314291e04acc63c38b))
###
[`v1.11.5`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.5)
[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.4...v1.11.5)
##### Bug Fixes
- **deps:** bump
[@​octokit/request](https://redirect.github.com/octokit/request)
from 9.2.0 to 9.2.2
([#​209](https://redirect.github.com/actions/create-github-app-token/issues/209))
([8cedd97](https://redirect.github.com/actions/create-github-app-token/commit/8cedd97af185a345311c6ff53158738940cfef67)),
closes
[#​740](https://redirect.github.com/actions/create-github-app-token/issues/740)
[#​738](https://redirect.github.com/actions/create-github-app-token/issues/738)
[#​740](https://redirect.github.com/actions/create-github-app-token/issues/740)
[#​737](https://redirect.github.com/actions/create-github-app-token/issues/737)
[#​738](https://redirect.github.com/actions/create-github-app-token/issues/738)
[#​736](https://redirect.github.com/actions/create-github-app-token/issues/736)
[#​735](https://redirect.github.com/actions/create-github-app-token/issues/735)
[#​734](https://redirect.github.com/actions/create-github-app-token/issues/734)
[#​733](https://redirect.github.com/actions/create-github-app-token/issues/733)
[#​732](https://redirect.github.com/actions/create-github-app-token/issues/732)
- **deps:** bump
[@​octokit/request-error](https://redirect.github.com/octokit/request-error)
from 6.1.6 to 6.1.7
([#​208](https://redirect.github.com/actions/create-github-app-token/issues/208))
([415f6a5](https://redirect.github.com/actions/create-github-app-token/commit/415f6a523daf7072d0ea81f3cdc20426287bd566)),
closes
[#​494](https://redirect.github.com/actions/create-github-app-token/issues/494)
[#​491](https://redirect.github.com/actions/create-github-app-token/issues/491)
[#​490](https://redirect.github.com/actions/create-github-app-token/issues/490)
[#​488](https://redirect.github.com/actions/create-github-app-token/issues/488)
[#​486](https://redirect.github.com/actions/create-github-app-token/issues/486)
[#​487](https://redirect.github.com/actions/create-github-app-token/issues/487)
[#​485](https://redirect.github.com/actions/create-github-app-token/issues/485)
[#​484](https://redirect.github.com/actions/create-github-app-token/issues/484)
###
[`v1.11.4`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.4)
[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.3...v1.11.4)
##### Bug Fixes
- **deps:** bump
[@​octokit/endpoint](https://redirect.github.com/octokit/endpoint)
from 10.1.1 to 10.1.3
([#​207](https://redirect.github.com/actions/create-github-app-token/issues/207))
([d30def8](https://redirect.github.com/actions/create-github-app-token/commit/d30def842e4992ac18a35cd1108d776944ab7535)),
closes
[#​507](https://redirect.github.com/actions/create-github-app-token/issues/507)
[#​514](https://redirect.github.com/actions/create-github-app-token/issues/514)
[#​512](https://redirect.github.com/actions/create-github-app-token/issues/512)
[#​511](https://redirect.github.com/actions/create-github-app-token/issues/511)
[#​509](https://redirect.github.com/actions/create-github-app-token/issues/509)
[#​508](https://redirect.github.com/actions/create-github-app-token/issues/508)
[#​507](https://redirect.github.com/actions/create-github-app-token/issues/507)
[#​506](https://redirect.github.com/actions/create-github-app-token/issues/506)
[#​505](https://redirect.github.com/actions/create-github-app-token/issues/505)
[#​504](https://redirect.github.com/actions/create-github-app-token/issues/504)
###
[`v1.11.3`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.3)
[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.2...v1.11.3)
##### Bug Fixes
- **deps:** bump the production-dependencies group with 3 updates
([#​203](https://redirect.github.com/actions/create-github-app-token/issues/203))
([8e85a3c](https://redirect.github.com/actions/create-github-app-token/commit/8e85a3cf1418b864b528ed9c756cd9c84932d442)),
closes
[#​665](https://redirect.github.com/actions/create-github-app-token/issues/665)
[#​665](https://redirect.github.com/actions/create-github-app-token/issues/665)
[#​663](https://redirect.github.com/actions/create-github-app-token/issues/663)
[#​662](https://redirect.github.com/actions/create-github-app-token/issues/662)
[#​661](https://redirect.github.com/actions/create-github-app-token/issues/661)
[#​659](https://redirect.github.com/actions/create-github-app-token/issues/659)
[#​660](https://redirect.github.com/actions/create-github-app-token/issues/660)
[#​658](https://redirect.github.com/actions/create-github-app-token/issues/658)
[#​656](https://redirect.github.com/actions/create-github-app-token/issues/656)
[#​657](https://redirect.github.com/actions/create-github-app-token/issues/657)
[#​655](https://redirect.github.com/actions/create-github-app-token/issues/655)
[#​731](https://redirect.github.com/actions/create-github-app-token/issues/731)
[nodejs/undici#4016](https://redirect.github.com/nodejs/undici/issues/4016)
[nodejs/undici#4017](https://redirect.github.com/nodejs/undici/issues/4017)
[nodejs/undici#4018](https://redirect.github.com/nodejs/undici/issues/4018)
[nodejs/undici#4008](https://redirect.github.com/nodejs/undici/issues/4008)
[nodejs/undici#3991](https://redirect.github.com/nodejs/undici/issues/3991)
[nodejs/undici#4001](https://redirect.github.com/nodejs/undici/issues/4001)
[nodejs/undici#3980](https://redirect.github.com/nodejs/undici/issues/3980)
[nodejs/undici#4003](https://redirect.github.com/nodejs/undici/issues/4003)
[nodejs/undici#3965](https://redirect.github.com/nodejs/undici/issues/3965)
[nodejs/undici#4002](https://redirect.github.com/nodejs/undici/issues/4002)
[nodejs/undici#4006](https://redirect.github.com/nodejs/undici/issues/4006)
[nodejs/undici#3956](https://redirect.github.com/nodejs/undici/issues/3956)
[nodejs/undici#3964](https://redirect.github.com/nodejs/undici/issues/3964)
[nodejs/undici#3447](https://redirect.github.com/nodejs/undici/issues/3447)
[#​3966](https://redirect.github.com/actions/create-github-app-token/issues/3966)
[nodejs/undici#3967](https://redirect.github.com/nodejs/undici/issues/3967)
[nodejs/undici#3971](https://redirect.github.com/nodejs/undici/issues/3971)
[nodejs/undici#3954](https://redirect.github.com/nodejs/undici/issues/3954)
[nodejs/undici#3972](https://redirect.github.com/nodejs/undici/issues/3972)
[nodejs/undici#3974](https://redirect.github.com/nodejs/undici/issues/3974)
[nodejs/undici#3976](https://redirect.github.com/nodejs/undici/issues/3976)
[#​3975](https://redirect.github.com/actions/create-github-app-token/issues/3975)
[nodejs/undici#3977](https://redirect.github.com/nodejs/undici/issues/3977)
[nodejs/undici#3978](https://redirect.github.com/nodejs/undici/issues/3978)
[nodejs/undici#3981](https://redirect.github.com/nodejs/undici/issues/3981)
[nodejs/undici#3983](https://redirect.github.com/nodejs/undici/issues/3983)
[nodejs/undici#3986](https://redirect.github.com/nodejs/undici/issues/3986)
[#​4021](https://redirect.github.com/actions/create-github-app-token/issues/4021)
[#​4018](https://redirect.github.com/actions/create-github-app-token/issues/4018)
[#​4017](https://redirect.github.com/actions/create-github-app-token/issues/4017)
[#​4016](https://redirect.github.com/actions/create-github-app-token/issues/4016)
[#​4008](https://redirect.github.com/actions/create-github-app-token/issues/4008)
[#​4007](https://redirect.github.com/actions/create-github-app-token/issues/4007)
[#​4006](https://redirect.github.com/actions/create-github-app-token/issues/4006)
[#​3965](https://redirect.github.com/actions/create-github-app-token/issues/3965)
###
[`v1.11.2`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v1.11.2)
[Compare
Source](https://redirect.github.com/actions/create-github-app-token/compare/v1.11.1...v1.11.2)
##### Bug Fixes
- **deps:** bump
[@​octokit/request](https://redirect.github.com/octokit/request)
from 9.1.3 to 9.1.4 in the production-dependencies group
([#​196](https://redirect.github.com/actions/create-github-app-token/issues/196))
([b4192a5](https://redirect.github.com/actions/create-github-app-token/commit/b4192a5b3659c0e5875f868c44727ef4ecc5d579)),
closes
[#​730](https://redirect.github.com/actions/create-github-app-token/issues/730)
[#​730](https://redirect.github.com/actions/create-github-app-token/issues/730)
[#​729](https://redirect.github.com/actions/create-github-app-token/issues/729)
[#​727](https://redirect.github.com/actions/create-github-app-token/issues/727)
[#​726](https://redirect.github.com/actions/create-github-app-token/issues/726)
[#​723](https://redirect.github.com/actions/create-github-app-token/issues/723)
[#​724](https://redirect.github.com/actions/create-github-app-token/issues/724)
[#​722](https://redirect.github.com/actions/create-github-app-token/issues/722)
[#​721](https://redirect.github.com/actions/create-github-app-token/issues/721)
[#​720](https://redirect.github.com/actions/create-github-app-token/issues/720)
[#​719](https://redirect.github.com/actions/create-github-app-token/issues/719)
- **deps:** bump undici from 6.19.8 to 7.2.0
([#​198](https://redirect.github.com/actions/create-github-app-token/issues/198))
([29aa051](https://redirect.github.com/actions/create-github-app-token/commit/29aa0514a79f3b4aa8b1547173a41455949e4bf6)),
closes
[nodejs/undici#3958](https://redirect.github.com/nodejs/undici/issues/3958)
[nodejs/undici#3955](https://redirect.github.com/nodejs/undici/issues/3955)
[nodejs/undici#3962](https://redirect.github.com/nodejs/undici/issues/3962)
[nodejs/undici#3921](https://redirect.github.com/nodejs/undici/issues/3921)
[nodejs/undici#3923](https://redirect.github.com/nodejs/undici/issues/3923)
[nodejs/undici#3925](https://redirect.github.com/nodejs/undici/issues/3925)
[nodejs/undici#3926](https://redirect.github.com/nodejs/undici/issues/3926)
[nodejs/undici#3924](https://redirect.github.com/nodejs/undici/issues/3924)
[nodejs/undici#3933](https://redirect.github.com/nodejs/undici/issues/3933)
[nodejs/undici#3916](https://redirect.github.com/nodejs/undici/issues/3916)
[nodejs/undici#3930](https://redirect.github.com/nodejs/undici/issues/3930)
[nodejs/undici#3938](https://redirect.github.com/nodejs/undici/issues/3938)
[#​3937](https://redirect.github.com/actions/create-github-app-token/issues/3937)
[nodejs/undici#3940](https://redirect.github.com/nodejs/undici/issues/3940)
[nodejs/undici#3931](https://redirect.github.com/nodejs/undici/issues/3931)
[nodejs/undici#3941](https://redirect.github.com/nodejs/undici/issues/3941)
[nodejs/undici#3911](https://redirect.github.com/nodejs/undici/issues/3911)
[nodejs/undici#3888](https://redirect.github.com/nodejs/undici/issues/3888)
[nodejs/undici#3939](https://redirect.github.com/nodejs/undici/issues/3939)
[nodejs/undici#3947](https://redirect.github.com/nodejs/undici/issues/3947)
[nodejs/undici#3945](https://redirect.github.com/nodejs/undici/issues/3945)
[nodejs/undici#3916](https://redirect.github.com/nodejs/undici/issues/3916)
[nodejs/undici#3893](https://redirect.github.com/nodejs/undici/issues/3893)
[nodejs/undici#3902](https://redirect.github.com/nodejs/undici/issues/3902)
[#​3901](https://redirect.github.com/actions/create-github-app-token/issues/3901)
[nodejs/undici#3903](https://redirect.github.com/nodejs/undici/issues/3903)
[nodejs/undici#3905](https://redirect.github.com/nodejs/undici/issues/3905)
[nodejs/undici#3900](https://redirect.github.com/nodejs/undici/issues/3900)
[nodejs/undici#3913](https://redirect.github.com/nodejs/undici/issues/3913)
[nodejs/undici#3910](https://redirect.github.com/nodejs/undici/issues/3910)
[nodejs/undici#3909](https://redirect.github.com/nodejs/undici/issues/3909)
[nodejs/undici#3906](https://redirect.github.com/nodejs/undici/issues/3906)
[nodejs/undici#3922](https://redirect.github.com/nodejs/undici/issues/3922)
[#​3962](https://redirect.github.com/actions/create-github-app-token/issues/3962)
[#​3955](https://redirect.github.com/actions/create-github-app-token/issues/3955)
[#​3958](https://redirect.github.com/actions/create-github-app-token/issues/3958)
[#​3945](https://redirect.github.com/actions/create-github-app-token/issues/3945)
[#​3947](https://redirect.github.com/actions/create-github-app-token/issues/3947)
[#​3939](https://redirect.github.com/actions/create-github-app-token/issues/3939)
[#​3888](https://redirect.github.com/actions/create-github-app-token/issues/3888)
[#​3911](https://redirect.github.com/actions/create-github-app-token/issues/3911)
[#​3941](https://redirect.github.com/actions/create-github-app-token/issues/3941)
</details>
<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>
###
[`v4.1.9`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.9)
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.8...v4.1.9)
#### What's Changed
- Add workflow file for publishing releases to immutable action package
by [@​Jcambass](https://redirect.github.com/Jcambass) in
[https://github.com/actions/download-artifact/pull/354](https://redirect.github.com/actions/download-artifact/pull/354)
- docs: small migration fix by
[@​froblesmartin](https://redirect.github.com/froblesmartin) in
[https://github.com/actions/download-artifact/pull/370](https://redirect.github.com/actions/download-artifact/pull/370)
- Update MIGRATION.md by
[@​andyfeller](https://redirect.github.com/andyfeller) in
[https://github.com/actions/download-artifact/pull/372](https://redirect.github.com/actions/download-artifact/pull/372)
- Update artifact package to 2.2.2 by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc) in
[https://github.com/actions/download-artifact/pull/380](https://redirect.github.com/actions/download-artifact/pull/380)
#### New Contributors
- [@​Jcambass](https://redirect.github.com/Jcambass) made their
first contribution in
[https://github.com/actions/download-artifact/pull/354](https://redirect.github.com/actions/download-artifact/pull/354)
- [@​froblesmartin](https://redirect.github.com/froblesmartin)
made their first contribution in
[https://github.com/actions/download-artifact/pull/370](https://redirect.github.com/actions/download-artifact/pull/370)
- [@​andyfeller](https://redirect.github.com/andyfeller) made
their first contribution in
[https://github.com/actions/download-artifact/pull/372](https://redirect.github.com/actions/download-artifact/pull/372)
- [@​yacaovsnc](https://redirect.github.com/yacaovsnc) made their
first contribution in
[https://github.com/actions/download-artifact/pull/380](https://redirect.github.com/actions/download-artifact/pull/380)
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.9
</details>
<details>
<summary>actions/setup-go (actions/setup-go)</summary>
###
[`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0)
[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0)
##### What's Changed
- Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by
[@​Link-](https://redirect.github.com/Link-) in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)
- Configure Dependabot settings by
[@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530)
- Document update - permission section by
[@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534)
##### New Contributors
- [@​Link-](https://redirect.github.com/Link-) made their first
contribution in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)
**Full Changelog**:
https://github.com/actions/setup-go/compare/v5...v5.3.0
</details>
<details>
<summary>actions/setup-node (actions/setup-node)</summary>
###
[`v4.2.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.2.0)
[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0)
#### What's Changed
- Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by
[@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in
[https://github.com/actions/setup-node/pull/1174](https://redirect.github.com/actions/setup-node/pull/1174)
- Add recommended permissions section to readme by
[@​benwells](https://redirect.github.com/benwells) in
[https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193)
- Configure Dependabot settings by
[@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-node/pull/1192](https://redirect.github.com/actions/setup-node/pull/1192)
- Upgrade `@actions/cache` to `^4.0.0` by
[@​priyagupta108](https://redirect.github.com/priyagupta108) in
[https://github.com/actions/setup-node/pull/1191](https://redirect.github.com/actions/setup-node/pull/1191)
- Upgrade pnpm/action-setup from 2 to 4 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-node/pull/1194](https://redirect.github.com/actions/setup-node/pull/1194)
- Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-node/pull/1195](https://redirect.github.com/actions/setup-node/pull/1195)
- Upgrade semver from 7.6.0 to 7.6.3 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-node/pull/1196](https://redirect.github.com/actions/setup-node/pull/1196)
- Upgrade [@​types/jest](https://redirect.github.com/types/jest)
from 29.5.12 to 29.5.14 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-node/pull/1201](https://redirect.github.com/actions/setup-node/pull/1201)
- Upgrade undici from 5.28.4 to 5.28.5 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-node/pull/1205](https://redirect.github.com/actions/setup-node/pull/1205)
#### New Contributors
- [@​benwells](https://redirect.github.com/benwells) made their
first contribution in
[https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193)
**Full Changelog**:
https://github.com/actions/setup-node/compare/v4...v4.2.0
</details>
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
###
[`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1)
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1)
#### What's Changed
- Update to use artifact 2.2.2 package by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc) in
[https://github.com/actions/upload-artifact/pull/673](https://redirect.github.com/actions/upload-artifact/pull/673)
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.6.1
</details>
<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>
###
[`v0.18.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.18.0)
[Compare
Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.9...v0.18.0)
#### Changes in v0.18.0
- chore(deps): update Syft to v1.19.0
([#​513](https://redirect.github.com/anchore/sbom-action/issues/513))
- [See Syft changelog for latest
changes](https://redirect.github.com/anchore/syft/releases/tag/v1.19.0)
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
###
[`v3.28.11`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.11)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.10...v3.28.11)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.11 - 07 Mar 2025
- Update default CodeQL bundle version to 2.20.6.
[#​2793](https://redirect.github.com/github/codeql-action/pull/2793)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.11/CHANGELOG.md)
for more information.
###
[`v3.28.10`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.10)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.9...v3.28.10)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.10 - 21 Feb 2025
- Update default CodeQL bundle version to 2.20.5.
[#​2772](https://redirect.github.com/github/codeql-action/pull/2772)
- Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS.
[#​2768](https://redirect.github.com/github/codeql-action/pull/2768)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md)
for more information.
###
[`v3.28.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.9)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.8...v3.28.9)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.9 - 07 Feb 2025
- Update default CodeQL bundle version to 2.20.4.
[#​2753](https://redirect.github.com/github/codeql-action/pull/2753)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.9/CHANGELOG.md)
for more information.
###
[`v3.28.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.8)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.7...v3.28.8)
### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
#### 3.28.8 - 29 Jan 2025
- Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3.
[#​2744](https://redirect.github.com/github/codeql-action/pull/2744)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.8/CHANGELOG.md)
for more information.
###
[`v3.28.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.7)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.6...v3.28.7)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.7 - 29 Jan 2025
No user facing changes.
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.7/CHANGELOG.md)
for more information.
###
[`v3.28.6`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.6)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.6 - 27 Jan 2025
- Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
[#​2726](https://redirect.github.com/github/codeql-action/pull/2726)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.6/CHANGELOG.md)
for more information.
###
[`v3.28.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.5)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.4...v3.28.5)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.5 - 24 Jan 2025
- Update default CodeQL bundle version to 2.20.3.
[#​2717](https://redirect.github.com/github/codeql-action/pull/2717)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md)
for more information.
###
[`v3.28.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.4)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.3...v3.28.4)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.4 - 23 Jan 2025
No user facing changes.
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md)
for more information.
###
[`v3.28.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.3)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.2...v3.28.3)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.3 - 22 Jan 2025
- Update default CodeQL bundle version to 2.20.2.
[#​2707](https://redirect.github.com/github/codeql-action/pull/2707)
- Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the [CodeQL Action sync
tool](https://redirect.github.com/github/codeql-action-sync-tool) and
the Actions runner did not have Zstandard installed.
[#​2710](https://redirect.github.com/github/codeql-action/pull/2710)
- Uploading debug artifacts for CodeQL analysis is temporarily disabled.
[#​2712](https://redirect.github.com/github/codeql-action/pull/2712)
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md)
for more information.
###
[`v3.28.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.2)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.1...v3.28.2)
##### CodeQL Action Changelog
See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.
##### 3.28.2 - 21 Jan 2025
No user facing changes.
See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md)
for more information.
</details>
<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>
###
[`v6.2.1`](https://redirect.github.com/goreleaser/goreleaser-action/releases/tag/v6.2.1)
[Compare
Source](https://redirect.github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1)
#### What's Changed
This version of the actions adds support for GoReleaser Pro v2.7.0
versioning (which dropped the `-pro` suffix).
Older versions should work fine.
> \[!WARNING]
> This version is **required** for GoReleaser Pro v2.7.0+.
> Read more [here](https://goreleaser.com/blog/goreleaser-v2.7/).
**Full Changelog**:
https://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1
###
[`v6.2.0`](https://redirect.github.com/goreleaser/goreleaser-action/releases/tag/v6.2.0)
[Compare
Source](https://redirect.github.com/goreleaser/goreleaser-action/compare/v6.1.0...v6.2.0)
##### What's Changed
This version of the actions adds support for GoReleaser Pro v2.7.0
versioning (which dropped the `-pro` suffix).
Older versions should work fine.
> \[!WARNING]
> This version is **required** for GoReleaser Pro v2.7.0+.
> Read more [here](https://goreleaser.com/blog/goreleaser-v2.7/).
**Full Changelog**:
https://github.com/goreleaser/goreleaser-action/compare/v6.1.0...v6.2.0
</details>
<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>
###
[`v2.4.1`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.1)
[Compare
Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1)
#### What's Changed
- This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the
[v5.1.0](https://redirect.github.com/ossf/scorecard/releases/tag/v5.1.0)
and
[v5.1.1](https://redirect.github.com/ossf/scorecard/releases/tag/v5.1.1)
release notes.
- Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
- use Scorecard library entrypoint instead of Cobra hooking by
[@​spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1423](https://redirect.github.com/ossf/scorecard-action/pull/1423)
- Some errors were made into annotations to make them more visible
- Make default branch error more prominent by
[@​jsoref](https://redirect.github.com/jsoref) in
[https://github.com/ossf/scorecard-action/pull/1459](https://redirect.github.com/ossf/scorecard-action/pull/1459)
- There is now an optional `file_mode` input which controls how
repository files are fetched from GitHub. The default is `archive`, but
`git` produces the most accurate results for repositories with
`.gitattributes` files at the cost of analysis speed.
- add input for specifying `--file-mode` by
[@​spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1509](https://redirect.github.com/ossf/scorecard-action/pull/1509)
- The underlying container for the action is now [hosted on GitHub
Container
Registry](https://redirect.github.com/ossf/scorecard-action/pkgs/container/scorecard-action).
There should be no functional changes.
- :seedling: publish docker images to GitHub Container Registry by
[@​spencerschrock](https://redirect.github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1453](https://redirect.github.com/ossf/scorecard-action/pull/1453)
##### Docs
- Installation docs update by
[@​JeremiahAHoward](https://redirect.github.com/JeremiahAHoward)
in
[https://github.com/ossf/scorecard-action/pull/1416](https://redirect.github.com/ossf/scorecard-action/pull/1416)
#### New Contributors
- [@​JeremiahAHoward](https://redirect.github.com/JeremiahAHoward)
made their first contribution in
[https://github.com/ossf/scorecard-action/pull/1416](https://redirect.github.com/ossf/scorecard-action/pull/1416)
- [@​jsoref](https://redirect.github.com/jsoref) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1459](https://redirect.github.com/ossf/scorecard-action/pull/1459)
**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1
</details>
<details>
<summary>zarf-dev/zarf (zarf-dev/zarf)</summary>
###
[`v0.49.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.49.1)
[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.49.0...v0.49.1)
<!-- Release notes generated using configuration in .github/release.yml
at v0.49.1 -->
#### What's Changed
##### 🚀 Updates
- fix: allow absolute file paths on create by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3518](https://redirect.github.com/zarf-dev/zarf/pull/3518)
- fix: do not create SBOM for packages without SBOMable material by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3540](https://redirect.github.com/zarf-dev/zarf/pull/3540)
- 2335 docs best practices by
[@​brandtkeller](https://redirect.github.com/brandtkeller) in
[https://github.com/zarf-dev/zarf/pull/3551](https://redirect.github.com/zarf-dev/zarf/pull/3551)
- feat: add more logging to packager2.Pull by
[@​mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/3557](https://redirect.github.com/zarf-dev/zarf/pull/3557)
##### 📦 Dependencies
- chore(deps): bump the cosign-providers group across 1 directory with 3
updates by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3519](https://redirect.github.com/zarf-dev/zarf/pull/3519)
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.1 to
5.21.3 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3522](https://redirect.github.com/zarf-dev/zarf/pull/3522)
- chore(deps): bump github.com/prometheus/client_golang from 1.20.5 to
1.21.0 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3521](https://redirect.github.com/zarf-dev/zarf/pull/3521)
- chore(deps): bump github.com/derailed/k9s from 0.40.3 to 0.40.5 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3520](https://redirect.github.com/zarf-dev/zarf/pull/3520)
- chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3537](https://redirect.github.com/zarf-dev/zarf/pull/3537)
- chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3538](https://redirect.github.com/zarf-dev/zarf/pull/3538)
- chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3539](https://redirect.github.com/zarf-dev/zarf/pull/3539)
- chore(deps): bump golang.org/x/crypto from 0.33.0 to 0.34.0 in the
golang group across 1 directory by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3534](https://redirect.github.com/zarf-dev/zarf/pull/3534)
- chore(deps): bump golang.org/x/crypto from 0.34.0 to 0.35.0 in the
golang group across 1 directory by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3542](https://redirect.github.com/zarf-dev/zarf/pull/3542)
- chore(deps): bump github.com/avast/retry-go/v4 from 4.6.0 to 4.6.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3543](https://redirect.github.com/zarf-dev/zarf/pull/3543)
- chore(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3550](https://redirect.github.com/zarf-dev/zarf/pull/3550)
- chore(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3547](https://redirect.github.com/zarf-dev/zarf/pull/3547)
- chore(deps): bump actions/create-github-app-token from 1.11.5 to
1.11.6 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3555](https://redirect.github.com/zarf-dev/zarf/pull/3555)
- chore(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3545](https://redirect.github.com/zarf-dev/zarf/pull/3545)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.49.0...v0.49.1
###
[`v0.49.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.49.0)
[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.48.1...v0.49.0)
<!-- Release notes generated using configuration in .github/release.yml
at v0.49.0 -->
This release includes a number of project adjustments as well as fixes.
Breaking Changes
- Configuration file formats other than `yaml` and `toml` are being
deprecated
- See Proposed
[ZEP-0015](https://redirect.github.com/zarf-dev/proposals/pull/16) for
background on limitations driving this decision
- `zarf connect` default execution has a UX change
- The `--cli-only` flag has been removed - this behavior is now the
default
- Browsers can be automatically opened with the command using the
`--open` flag
The update to `zarf connect` is with consideration of zarf behaviors
defaulting to fully-encapsulated execution. As a general principle we
want zarf to have minimal dependency on external/system tooling by
default.
#### What's Changed
##### 🚀 Updates
- fix: pass insecure flag option to FindChartInAuthAndTLSRepoURL by
[@​willswire](https://redirect.github.com/willswire) in
[https://github.com/zarf-dev/zarf/pull/3477](https://redirect.github.com/zarf-dev/zarf/pull/3477)
- feat: improve skeleton package messaging by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3482](https://redirect.github.com/zarf-dev/zarf/pull/3482)
- fix: injector build process by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3479](https://redirect.github.com/zarf-dev/zarf/pull/3479)
- feat(connect): update default behavior to be cli-only by
[@​brandtkeller](https://redirect.github.com/brandtkeller) in
[https://github.com/zarf-dev/zarf/pull/3487](https://redirect.github.com/zarf-dev/zarf/pull/3487)
- chore(release): install cross before injector build by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3493](https://redirect.github.com/zarf-dev/zarf/pull/3493)
- fix: pulling not respecting "uncompressed" setting in metadata by
[@​a1994sc](https://redirect.github.com/a1994sc) in
[https://github.com/zarf-dev/zarf/pull/3472](https://redirect.github.com/zarf-dev/zarf/pull/3472)
- chore(docs): update meetups issue reference by
[@​brandtkeller](https://redirect.github.com/brandtkeller) in
[https://github.com/zarf-dev/zarf/pull/3502](https://redirect.github.com/zarf-dev/zarf/pull/3502)
- test: remove dependency on `make build-examples` in e2e tests by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3494](https://redirect.github.com/zarf-dev/zarf/pull/3494)
- fix: add check during image discovery to make sure images are valid by
[@​a1994sc](https://redirect.github.com/a1994sc) in
[https://github.com/zarf-dev/zarf/pull/3234](https://redirect.github.com/zarf-dev/zarf/pull/3234)
- Update TSC in CONTRIBUTING.md by
[@​mkcp](https://redirect.github.com/mkcp) in
[https://github.com/zarf-dev/zarf/pull/3496](https://redirect.github.com/zarf-dev/zarf/pull/3496)
- feat: deprecate config file types other than yaml and toml by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3517](https://redirect.github.com/zarf-dev/zarf/pull/3517)
##### 📦 Dependencies
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.9.0 to 1.10.0
by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3458](https://redirect.github.com/zarf-dev/zarf/pull/3458)
- chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3484](https://redirect.github.com/zarf-dev/zarf/pull/3484)
- chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 in the
golang group across 1 directory by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3485](https://redirect.github.com/zarf-dev/zarf/pull/3485)
- chore(deps): bump golangci/golangci-lint-action from 6.3.0 to 6.3.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3483](https://redirect.github.com/zarf-dev/zarf/pull/3483)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.17 to 1.15.19 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3486](https://redirect.github.com/zarf-dev/zarf/pull/3486)
- chore(deps): bump aws-actions/configure-aws-credentials from 4.0.3 to
4.1.0 by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3488](https://redirect.github.com/zarf-dev/zarf/pull/3488)
- chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.3.2 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3489](https://redirect.github.com/zarf-dev/zarf/pull/3489)
- chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3490](https://redirect.github.com/zarf-dev/zarf/pull/3490)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.19 to 1.15.20 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3492](https://redirect.github.com/zarf-dev/zarf/pull/3492)
- chore(deps): bump github.com/distribution/distribution/v3 from
3.0.0-rc.2 to 3.0.0-rc.3 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3491](https://redirect.github.com/zarf-dev/zarf/pull/3491)
- chore(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3498](https://redirect.github.com/zarf-dev/zarf/pull/3498)
- chore(deps): bump the k8s group across 1 directory with 5 updates by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3503](https://redirect.github.com/zarf-dev/zarf/pull/3503)
- chore(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.4.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3506](https://redirect.github.com/zarf-dev/zarf/pull/3506)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.20 to 1.15.22 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3497](https://redirect.github.com/zarf-dev/zarf/pull/3497)
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.4.1
to 1.5.0 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3505](https://redirect.github.com/zarf-dev/zarf/pull/3505)
- chore(deps): bump the cosign-providers group across 1 directory with 3
updates by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3504](https://redirect.github.com/zarf-dev/zarf/pull/3504)
- chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3512](https://redirect.github.com/zarf-dev/zarf/pull/3512)
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.1 to 0.20.2
by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3509](https://redirect.github.com/zarf-dev/zarf/pull/3509)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3510](https://redirect.github.com/zarf-dev/zarf/pull/3510)
- chore(deps): bump github.com/derailed/k9s from 0.32.7 to 0.40.3 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3513](https://redirect.github.com/zarf-dev/zarf/pull/3513)
- chore(deps): bump actions/create-github-app-token from 1.11.3 to
1.11.5 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3507](https://redirect.github.com/zarf-dev/zarf/pull/3507)
- chore(deps): bump golangci/golangci-lint-action from 6.4.0 to 6.5.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3508](https://redirect.github.com/zarf-dev/zarf/pull/3508)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.48.1...v0.49.0
###
[`v0.48.1`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.48.1)
[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.48.0...v0.48.1)
<!-- Release notes generated using configuration in .github/release.yml
at v0.48.1 -->
#### What's Changed
##### 🚀 Updates
- feat: error when building a package with zero components by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3403](https://redirect.github.com/zarf-dev/zarf/pull/3403)
- chore(deps): group golang dependencies in dependabot by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3471](https://redirect.github.com/zarf-dev/zarf/pull/3471)
- test: delete e2e test for examples/package-flavors by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3463](https://redirect.github.com/zarf-dev/zarf/pull/3463)
- fix: avoid error when building package importing skeleton with remote
components by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3470](https://redirect.github.com/zarf-dev/zarf/pull/3470)
- fix: avoid incorrect cyclic error when two packages import each other
on separate component chains by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3460](https://redirect.github.com/zarf-dev/zarf/pull/3460)
##### 📦 Dependencies
- chore(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3450](https://redirect.github.com/zarf-dev/zarf/pull/3450)
- chore(deps): bump github/codeql-action from 3.28.6 to 3.28.8 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3451](https://redirect.github.com/zarf-dev/zarf/pull/3451)
- chore(deps): bump actions/create-github-app-token from 1.11.1 to
1.11.2 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3456](https://redirect.github.com/zarf-dev/zarf/pull/3456)
- chore(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3465](https://redirect.github.com/zarf-dev/zarf/pull/3465)
- chore(deps): bump actions/create-github-app-token from 1.11.2 to
1.11.3 by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3467](https://redirect.github.com/zarf-dev/zarf/pull/3467)
- chore(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3466](https://redirect.github.com/zarf-dev/zarf/pull/3466)
- chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3468](https://redirect.github.com/zarf-dev/zarf/pull/3468)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.15 to 1.15.17 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3462](https://redirect.github.com/zarf-dev/zarf/pull/3462)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.48.0...v0.48.1
###
[`v0.48.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.48.0)
[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.47.0...v0.48.0)
<!-- Release notes generated using configuration in .github/release.yml
at v0.48.0 -->
#### What's Changed
##### 🚀 Updates
- test: avoid flake in test external by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3432](https://redirect.github.com/zarf-dev/zarf/pull/3432)
- fix: avoid errors when `--max-package-size` differs between create
runs by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3398](https://redirect.github.com/zarf-dev/zarf/pull/3398)
- fix: log correct size with units during image pull by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3440](https://redirect.github.com/zarf-dev/zarf/pull/3440)
- feat: introduce output format flag for `zarf tools get-creds` and
`zarf package list` by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3415](https://redirect.github.com/zarf-dev/zarf/pull/3415)
- feat: deprecate and replace `zarf package inspect` with child commands
`zarf package inspect definition|sbom|images` by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3416](https://redirect.github.com/zarf-dev/zarf/pull/3416)
- chore: separate code changes from dependency updates in release notes
by [@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3445](https://redirect.github.com/zarf-dev/zarf/pull/3445)
- fix: avoid false positives in import cycle detection by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3449](https://redirect.github.com/zarf-dev/zarf/pull/3449)
##### 📦 Dependencies
- chore(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3431](https://redirect.github.com/zarf-dev/zarf/pull/3431)
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.0 to 0.20.1
by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3429](https://redirect.github.com/zarf-dev/zarf/pull/3429)
- chore(deps): bump github/codeql-action from 3.28.3 to 3.28.4 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3430](https://redirect.github.com/zarf-dev/zarf/pull/3430)
- chore(deps): bump codecov/codecov-action from 5.3.0 to 5.3.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3437](https://redirect.github.com/zarf-dev/zarf/pull/3437)
- chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3438](https://redirect.github.com/zarf-dev/zarf/pull/3438)
- chore(deps): bump actions/setup-node from 4.1.0 to 4.2.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3441](https://redirect.github.com/zarf-dev/zarf/pull/3441)
- chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3442](https://redirect.github.com/zarf-dev/zarf/pull/3442)
- chore(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to
4.0.3 by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3443](https://redirect.github.com/zarf-dev/zarf/pull/3443)
- chore(deps): bump github.com/agnivade/levenshtein from 1.2.0 to 1.2.1
by [@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3447](https://redirect.github.com/zarf-dev/zarf/pull/3447)
**Full Changelog**:
https://github.com/zarf-dev/zarf/compare/v0.47.0...v0.48.0
###
[`v0.47.0`](https://redirect.github.com/zarf-dev/zarf/releases/tag/v0.47.0)
[Compare
Source](https://redirect.github.com/zarf-dev/zarf/compare/v0.46.0...v0.47.0)
#### Highlights:
##### Breaking
- Zarf's Commands have been unexported in favor of cmd.NewZarfCommand()
for users embedding Zarf in their CLI applications.
##### UX
- The logging overhaul is out of beta and now fully released.
--log-format="legacy" will be available for at least the next two minor
releases for a smooth upgrade path.
- zarf package create's build scroll has been simplified and Yaml
inspection has been migrated to a first class command zarf dev inspect
{definition} ([dev
inspect](https://redirect.github.com/zarf-dev/proposals/blob/main/0008-rework-inspect/README.md)
feature requests welcome!).
#### What's Changed
- chore(deps): bump the cosign-providers group across 1 directory with 4
updates by [@​dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/zarf-dev/zarf/pull/3390](https://redirect.github.com/zarf-dev/zarf/pull/3390)
- chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3391](https://redirect.github.com/zarf-dev/zarf/pull/3391)
- chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3395](https://redirect.github.com/zarf-dev/zarf/pull/3395)
- chore(deps): bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3394](https://redirect.github.com/zarf-dev/zarf/pull/3394)
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.44.6 to 4.45.1 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3393](https://redirect.github.com/zarf-dev/zarf/pull/3393)
- refactor: normal creator by
[@​phillebaba](https://redirect.github.com/phillebaba) in
[https://github.com/zarf-dev/zarf/pull/3114](https://redirect.github.com/zarf-dev/zarf/pull/3114)
- fix: remove empty directory in package tars by
[@​AustinAbro321](https://redirect.github.com/AustinAbro321) in
[https://github.com/zarf-dev/zarf/pull/3396](https://redirect.github.com/zarf-dev/zarf/pull/3396)
- chore(deps): bump sigs.k8s.io/kustomize/api from 0.18.0 to 0.19.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3405](https://redirect.github.com/zarf-dev/zarf/pull/3405)
- chore(deps): bump helm.sh/helm/v3 from 3.16.4 to 3.17.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3407](https://redirect.github.com/zarf-dev/zarf/pull/3407)
- chore(deps): bump github.com/google/go-containerregistry from 0.20.2
to 0.20.3 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3406](https://redirect.github.com/zarf-dev/zarf/pull/3406)
- chore(deps): bump the k8s group across 1 directory with 5 updates by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3409](https://redirect.github.com/zarf-dev/zarf/pull/3409)
- chore(deps): bump github.com/goccy/go-yaml from 1.15.13 to 1.15.14 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3410](https://redirect.github.com/zarf-dev/zarf/pull/3410)
- chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by
[@​dependabot](https://redirect.github.com/dependabot) in
[https://github.com/zarf-dev/zarf/pull/3412](https://redirect.github.com/zarf
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/maru-runner).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 675192f commit e08e25eCopy full SHA for e08e25e
File tree
9 files changed
+16
-16
lines changedFilter options
- .github
- actions
- golang
- install-tools
- save-logs
- zarf
- workflows
9 files changed
+16
-16
lines changed.github/actions/golang/action.yaml
Copy file name to clipboardExpand all lines: .github/actions/golang/action.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
.github/actions/install-tools/action.yaml
Copy file name to clipboardExpand all lines: .github/actions/install-tools/action.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
| 8 | + | |
.github/actions/save-logs/action.yaml
Copy file name to clipboardExpand all lines: .github/actions/save-logs/action.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
.github/actions/zarf/action.yaml
Copy file name to clipboardExpand all lines: .github/actions/zarf/action.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
.github/workflows/commitlint.yaml
Copy file name to clipboardExpand all lines: .github/workflows/commitlint.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
| |||
.github/workflows/release.yaml
Copy file name to clipboardExpand all lines: .github/workflows/release.yaml+5-5
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
| 46 | + | |
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| |||
91 | 91 | | |
92 | 92 | | |
93 | 93 | | |
94 | | - | |
| 94 | + | |
95 | 95 | | |
96 | 96 | | |
97 | 97 | | |
| |||
106 | 106 | | |
107 | 107 | | |
108 | 108 | | |
109 | | - | |
| 109 | + | |
110 | 110 | | |
111 | 111 | | |
112 | 112 | | |
113 | 113 | | |
114 | 114 | | |
115 | 115 | | |
116 | 116 | | |
117 | | - | |
| 117 | + | |
118 | 118 | | |
119 | 119 | | |
120 | 120 | | |
| |||
.github/workflows/scan-codeql.yaml
Copy file name to clipboardExpand all lines: .github/workflows/scan-codeql.yaml+2-2
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
48 | | - | |
| 48 | + | |
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
| |||
54 | 54 | | |
55 | 55 | | |
56 | 56 | | |
57 | | - | |
| 57 | + | |
58 | 58 | | |
59 | 59 | | |
.github/workflows/scan-lint.yaml
Copy file name to clipboardExpand all lines: .github/workflows/scan-lint.yaml+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
26 | 26 | | |
27 | 27 | | |
28 | 28 | | |
29 | | - | |
| 29 | + | |
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
| |||
.github/workflows/scorecard.yaml
Copy file name to clipboardExpand all lines: .github/workflows/scorecard.yaml+3-3
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | | - | |
| 30 | + | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
40 | | - | |
| 40 | + | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
48 | | - | |
| 48 | + | |
49 | 49 | | |
50 | 50 | | |
0 commit comments