chore(deps): update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
GoogleCloudPlatform/functions-framework-conformance	action	minor	v1.6.0 -> v1.8.0
actions/checkout	action	minor	v3.1.0 -> v3.5.2
actions/checkout	action	minor	v3.3.0 -> v3.5.2
github/codeql-action	action	minor	v2.1.27 -> v2.3.3
github/codeql-action	action	minor	v2.2.4 -> v2.3.3
ossf/scorecard-action	action	minor	v2.0.6 -> v2.1.3
step-security/harden-runner	action	minor	v2.1.0 -> v2.4.0
org.apache.maven.plugins:maven-gpg-plugin	build	minor	3.0.1 -> 3.1.0
org.apache.maven.plugins:maven-shade-plugin	build	minor	3.2.1 -> 3.4.1
org.apache.maven.plugins:maven-jar-plugin	build	minor	3.1.2 -> 3.3.0
org.eclipse.jetty:jetty-client (source)	test	patch	9.4.26.v20200117 -> 9.4.51.v20230217
com.google.truth.extensions:truth-java8-extension	test	minor	1.0.1 -> 1.1.3
com.google.truth:truth	test	minor	1.0.1 -> 1.1.3
com.google.re2j:re2j	compile	minor	1.6 -> 1.7
junit:junit (source)	test	patch	4.13.1 -> 4.13.2
org.mockito:mockito-core	test	minor	3.2.4 -> 3.12.4
org.apache.maven.plugins:maven-javadoc-plugin	build	minor	3.1.0 -> 3.5.0
org.eclipse.jetty:jetty-servlet (source)	compile	patch	9.4.49.v20220914 -> 9.4.51.v20230217
com.google.auto.value:auto-value-annotations (source)	provided	minor	1.7 -> 1.10.1
com.google.auto.value:auto-value (source)	provided	minor	1.7 -> 1.10.1
org.apache.maven.plugins:maven-deploy-plugin	build	minor	3.0.0-M1 -> 3.1.1
com.ryanharter.auto.value:auto-value-gson	provided	patch	1.3.0 -> 1.3.1
com.google.code.gson:gson	compile	minor	2.8.9 -> 2.10.1
org.apache.maven.plugins:maven-plugin-plugin	build	minor	3.6.0 -> 3.9.0
io.cloudevents:cloudevents-api (source)	compile	minor	2.0.0.RC2 -> 2.5.0
com.google.cloud.tools:appengine-maven-plugin	compile	patch	2.4.1 -> 2.4.4
com.google.cloud.functions.invoker:java-function-invoker (source)	compile	minor	1.1.1 -> 1.2.1
io.cloudevents:cloudevents-json-jackson (source)	compile	minor	2.2.0 -> 2.5.0
org.apache.maven.plugin-tools:maven-plugin-annotations	provided	minor	3.6.0 -> 3.9.0
io.cloudevents:cloudevents-core (source)	compile	minor	2.2.0 -> 2.5.0
org.apache.maven:maven-core	compile	minor	3.6.3 -> 3.9.2
org.apache.maven:maven-plugin-api	compile	minor	3.6.3 -> 3.9.2
org.apache.maven.plugins:maven-compiler-plugin	build	minor	3.8.0 -> 3.11.0
io.cloudevents:cloudevents-json-jackson (source)	compile	minor	2.0.0.RC2 -> 2.5.0
io.cloudevents:cloudevents-http-basic (source)	compile	minor	2.0.0.RC2 -> 2.5.0
io.cloudevents:cloudevents-core (source)	compile	minor	2.0.0.RC2 -> 2.5.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the logs for more information.

---

Release Notes

GoogleCloudPlatform/functions-framework-conformance

### [`v1.8.0`](https://togithub.com/GoogleCloudPlatform/functions-framework-conformance/releases/tag/v1.8.0) [Compare Source](https://togithub.com/GoogleCloudPlatform/functions-framework-conformance/compare/v1.7.0...v1.8.0) ##### Client - Update builder image path ### [`v1.7.0`](https://togithub.com/GoogleCloudPlatform/functions-framework-conformance/releases/tag/v1.7.0) [Compare Source](https://togithub.com/GoogleCloudPlatform/functions-framework-conformance/compare/v1.6.0...v1.7.0) ##### Actions - Add `cache-path` parameter to actions/client/install Action

actions/checkout

### [`v3.5.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.1...v3.5.2) - [Fix api endpoint for GHES](https://togithub.com/actions/checkout/pull/1289) ### [`v3.5.1`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.0...v3.5.1) - [Fix slow checkout on Windows](https://togithub.com/actions/checkout/pull/1246) ### [`v3.5.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) - [Add new public key for known_hosts](https://togithub.com/actions/checkout/pull/1237) ### [`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://togithub.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://togithub.com/actions/checkout/pull/1210) - [Upgrade @​actions/io](https://togithub.com/actions/checkout/pull/1225) ### [`v3.3.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330) [Compare Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0) - [Implement branch list using callbacks from exec function](https://togithub.com/actions/checkout/pull/1045) - [Add in explicit reference to private checkout options](https://togithub.com/actions/checkout/pull/1050) - [Fix comment typos (that got added in #​770)](https://togithub.com/actions/checkout/pull/1057) ### [`v3.2.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v320) [Compare Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0) - [Add GitHub Action to perform release](https://togithub.com/actions/checkout/pull/942) - [Fix status badge](https://togithub.com/actions/checkout/pull/967) - [Replace datadog/squid with ubuntu/squid Docker image](https://togithub.com/actions/checkout/pull/1002) - [Wrap pipeline commands for submoduleForeach in quotes](https://togithub.com/actions/checkout/pull/964) - [Update @​actions/io to 1.1.2](https://togithub.com/actions/checkout/pull/1029) - [Upgrading version to 3.2.0](https://togithub.com/actions/checkout/pull/1039)

github/codeql-action

### [`v2.3.3`](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.1...v2.3.2) ### [`v2.3.1`](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.0...v2.3.1) ### [`v2.3.0`](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.12...v2.3.0) ### [`v2.2.12`](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.11...v2.2.12) ### [`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11) ### [`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10) ### [`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) ### [`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) ### [`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) ### [`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) ### [`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) ### [`v2.2.4`](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) ### [`v2.2.3`](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) ### [`v2.2.2`](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) ### [`v2.2.1`](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) ### [`v2.2.0`](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) ### [`v2.1.39`](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) ### [`v2.1.38`](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38) ### [`v2.1.37`](https://togithub.com/github/codeql-action/compare/v2.1.36...v2.1.37) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.36...v2.1.37) ### [`v2.1.36`](https://togithub.com/github/codeql-action/compare/v2.1.35...v2.1.36) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.35...v2.1.36) ### [`v2.1.35`](https://togithub.com/github/codeql-action/compare/v2.1.34...v2.1.35) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.34...v2.1.35) ### [`v2.1.34`](https://togithub.com/github/codeql-action/compare/v2.1.33...v2.1.34) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.33...v2.1.34) ### [`v2.1.33`](https://togithub.com/github/codeql-action/compare/v2.1.32...v2.1.33) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.32...v2.1.33) ### [`v2.1.32`](https://togithub.com/github/codeql-action/compare/v2.1.31...v2.1.32) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.31...v2.1.32) ### [`v2.1.31`](https://togithub.com/github/codeql-action/compare/v2.1.30...v2.1.31) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.30...v2.1.31) ### [`v2.1.30`](https://togithub.com/github/codeql-action/compare/v2.1.29...v2.1.30) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.29...v2.1.30) ### [`v2.1.29`](https://togithub.com/github/codeql-action/compare/v2.1.28...v2.1.29) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.28...v2.1.29) ### [`v2.1.28`](https://togithub.com/github/codeql-action/compare/v2.1.27...v2.1.28) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.27...v2.1.28)

ossf/scorecard-action

### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: https://github.com/ossf/scorecard/compare/v4.10.2...v4.10.5 **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3 ### [`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2) #### What's Changed ##### Fixes - 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2 ### [`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1) #### Scorecard version This release use [Scorecard's v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1 ### [`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0) #### What's Changed ##### Scorecard version This release uses [scorecard v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0). ##### Improvements - Docker build workflow by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981) - Use root user in distroless to support GitHub Actions by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994) - Disable pull_request_target by [@​laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031) ##### Documentation - Add PAT section explaining risks by [@​olivekl](https://togithub.com/olivekl) in [https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024) - Make the badge text easier to copy by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) #### New Contributors - [@​joycebrum](https://togithub.com/joycebrum) made their first contribution in [https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0

step-security/harden-runner

### [`v2.4.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.1...v2.4.0) ##### What's Changed - Release v2.4.0 by [@​varunsh-coder](https://togithub.com/varunsh-coder) and [@​h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/292](https://togithub.com/step-security/harden-runner/pull/292) Adds support for wildcard domains in `block` mode. e.g. you can add `*.data.mcr.microsoft.com:443` to the allowed list, and egress traffic will be allowed to `eastus.data.mcr.microsoft.com:443` and `westus.data.mcr.microsoft.com:443`. [Link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains). - Bump actions/checkout from 3.5.0 to 3.5.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/277](https://togithub.com/step-security/harden-runner/pull/277) - Bump github/codeql-action from 2.2.11 to 2.2.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/278](https://togithub.com/step-security/harden-runner/pull/278) - Bump step-security/harden-runner from 2.3.0 to 2.3.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/282](https://togithub.com/step-security/harden-runner/pull/282) - Added a workflow for reviewing code changes using stepsecurity code reviewer by [@​boahc077](https://togithub.com/boahc077) in [https://github.com/step-security/harden-runner/pull/290](https://togithub.com/step-security/harden-runner/pull/290) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.0 ### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1) ##### What's Changed - Release v2.3.1 by [@​arjundashrath](https://togithub.com/arjundashrath) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281) Fixes [#​279](https://togithub.com/step-security/harden-runner/issues/279) and [#​275](https://togithub.com/step-security/harden-runner/issues/275) - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267) - Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268) - Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273) - Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265) - Bump actions/checkout from 3.3.0 to 3.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261) - Bump github/codeql-action from 2.2.6 to 2.2.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1 ### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0) ##### What's Changed - Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#​2-add-the-policy-using-the-policy-store)) by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266) The Policy Store helps you manage Harden Runner policies without altering your workflow files. - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255) - Bump github/codeql-action from 2.2.4 to 2.2.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254) - Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0 ### [`v2.2.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.2.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.0...v2.2.1) ##### What's Changed - Fix issue to get cache endpoint by [@​h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/253](https://togithub.com/step-security/harden-runner/pull/253) Harden runner has the ability to automatically detect the cache endpoint used by each job. When Harden runner is used in block mode, this endpoint is added to the list of allowed endpoints. A fix has been implemented to improve this feature by updating the logic used to fetch the cache endpoint. This update involves using code from the actions/cache library to ensure the endpoint is properly retrieved. - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/247](https://togithub.com/step-security/harden-runner/pull/247) - Bump step-security/harden-runner from 2.1.0 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/248](https://togithub.com/step-security/harden-runner/pull/248) - Bump github/codeql-action from 2.1.38 to 2.2.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/244](https://togithub.com/step-security/harden-runner/pull/244) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.2.1 ### [`v2.2.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.2.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.1.0...v2.2.0) ##### What's Changed - Release v2.2.0 by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/245](https://togithub.com/step-security/harden-runner/pull/245) 1. Added functionality that allows for skipping Harden Runner installation if any errors arise during the installation process. 2. Updated Harden-Runner GitHub Action to use the latest version of the Harden Runner agent, which resolves three issues: - Addressed a bug that allowed calls to direct IP addresses not included in the allowed list when executing code in a docker image. - Enhanced annotations to eliminate false positives, specifically not showing false positive calls to docker.io - Upgraded `containerd` dependency to a non-vulnerable version. - Bump codecov/codecov-action from 2.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/233](https://togithub.com/step-security/harden-runner/pull/233) - Bump step-security/harden-runner from 2.0.0 to 2.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/232](https://togithub.com/step-security/harden-runner/pull/232) - Bump github/codeql-action from 2.1.37 to 2.1.38 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/229](https://togithub.com/step-security/harden-runner/pull/229) - Update README.md by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/231](https://togithub.com/step-security/harden-runner/pull/231) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.2.0

mockito/mockito

### [`v3.12.4`](https://togithub.com/mockito/mockito/releases/tag/v3.12.4) [Compare Source](https://togithub.com/mockito/mockito/compare/v3.12.3...v3.12.4) ^{*Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)*} ##### 3.12.4 - 2021-08-25 - [1 commit(s)](https://togithub.com/mockito/mockito/compare/v3.12.3...v3.12.4) by Rafael Winterhalter - No notable improvements. No pull requests (issues) were referenced from commits. ### [`v3.12.3`](https://togithub.com/mockito/mockito/releases/tag/v3.12.3) [Compare Source](https://togithub.com/mockito/mockito/compare/v3.12.2...v3.12.3) ^{*Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)*} ##### 3.12.3 - 2021-08-24 - [9 commit(s)](https://togithub.com/mockito/mockito/compare/v3.12.2...v3.12.3) by Rafael Winterhalter - Fix implementation of proxy mock maker for toString and add additional unit tests. [(#​2405)](https://togithub.com/mockito/mockito/pull/2405) - Avoid cache breakage [(#​2402)](https://togithub.com/mockito/mockito/pull/2402) - Add a limited mock maker that is based only on the java.lang.reflect.Proxy utility [(#​2397)](https://togithub.com/mockito/mockito/pull/2397) ### [`v3.12.2`](https://togithub.com/mockito/mockito/releases/tag/v3.12.2) [Compare Source](https://togithub.com/mockito/mockito/compare/v3.12.1...v3.12.2) ^{*Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)*} ##### 3.12.2 - 2021-08-24 - [2 commit(s)](https://togithub.com/mockito/mockito/compare/v3.12.1...v3.12.2) by Dmitry Vyazelenko, dependabot\[bot] - Fixes [#​2399](https://togithub.com/mockito/mockito/issues/2399) : Adds defaultAnswer to the MockitoMockKey to distinguish the mock types, i.e. to separate mocks from spies otherwise spy type is reused for a mock or vice versa. [(#​2400)](https://togithub.com/mockito/mockito/pull/2400) - Sporadic mock verification failures related to hashCode/equals on 3.12.1 [(#​2399)](https://togithub.com/mockito/mockito/issues/2399) - Bump versions.errorprone from 2.8.1 to 2.9.0 [(#​2396)](https://togithub.com/mockito/mockito/pull/2396) ### [`v3.12.1`](https://togithub.com/mockito/mockito/releases/tag/v3.12.1) [Compare Source](https://togithub.com/mockito/mockito/compare/v3.12.0...v3.12.1) ^{*Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)*} ##### 3.12.1 - 2021-08-20 - [2 commit(s)](https://togithub.com/mockito/mockito/compare/v3.12.0...v3.12.1) by Tim van der Lippe, dependabot\[bot] - Fix verifyNoMoreInteractions inOrder invocations for spies [(#​2395)](https://togithub.com/mockito/mockito/pull/2395) - Regression with InOrder verification after [#​2369](https://togithub.com/mockito/mockito/issues/2369) [(#​2394)](https://togithub.com/mockito/mockito/issues/2394) - Bump versions.bytebuddy from 1.11.12 to 1.11.13 [(#​2393)](https://togithub.com/mockito/mockito/pull/2393) ### [`v3.12.0`](https://togithub.com/mockito/mockito/releases/tag/v3.12.0) [Compare Source](https://togithub.com/mockito/mockito/compare/v3.11.2...v3.12.0) ^{*Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)*} ##### 3.12.0 - 2021-08-19 - [31 commit(s)](https://togithub.com/mockito/mockito/compare/v3.11.2...v3.12.0) by EugeneLesnov, Lars Vogel, Logan Rosen, Rafael Winterhalter, Rob Pridham, Tim van der Lippe, dependabot\[bot], saurabh7248 - Add checks for sealed types [(#​2392)](https://togithub.com/mockito/mockito/pull/2392) - Bump versions.bytebuddy from 1.11.10 to 1.11.12 [(#​2388)](https://togithub.com/mockito/mockito/pull/2388) - Bump versions.bytebuddy from 1.11.9 to 1.11.10 [(#​2387)](https://togithub.com/mockito/mockito/pull/2387) - Bump versions.errorprone from 2.8.0 to 2.8.1 [(#​2386)](https://togithub.com/mockito/mockito/pull/2386) - Update StaticMockTest to use unified verify method [(#​2385)](https://togithub.com/mockito/mockito/pull/2385) - Reorder InjectMock Javadoc to fit the order of injection [(#​2383)](https://togithub.com/mockito/mockito/pull/2383) - Bump core-ktx from 1.5.0 to 1.6.0 [(#​2382)](https://togithub.com/mockito/mockito/pull/2382) - Bump google-java-format from 1.10.0 to 1.11.0 [(#​2381)](https://togithub.com/mockito/mockito/pull/2381) - Downgrade Android gradle plugin [(#​2380)](https://togithub.com/mockito/mockito/pull/2380) - Applied [@​CheckReturnValue](https://togithub.com/CheckReturnValue) to some classes [(#​2379)](https://togithub.com/mockito/mockito/pull/2379) - how to solve gradle sync failed after 'Add basic Android instrumented and unit tests' [(#​2378)](https://togithub.com/mockito/mockito/issues/2378) - Bump junit from 1.1.2 to 1.1.3 [(#​2377)](https://togithub.com/mockito/mockito/pull/2377) - Bump appcompat from 1.3.0 to 1.3.1 [(#​2376)](https://togithub.com/mockito/mockito/pull/2376) - Bump kotlin-gradle-plugin from 1.5.20 to 1.5.21 [(#​2374)](https://togithub.com/mockito/mockito/pull/2374) - Bump material from 1.3.0 to 1.4.0 [(#​2373)](https://togithub.com/mockito/mockito/pull/2373) - Bump espresso-core from 3.3.0 to 3.4.0 [(#​2372)](https://togithub.com/mockito/mockito/pull/2372) - Fixes [#​2331](https://togithub.com/mockito/mockito/issues/2331) [(#​2369)](https://togithub.com/mockito/mockito/pull/2369) - Fix typo in exception [(#​2368)](https://togithub.com/mockito/mockito/pull/2368) - Bump versions.bytebuddy from 1.11.8 to 1.11.9 [(#​2367)](https://togithub.com/mockito/mockito/pull/2367) - Bump versions.errorprone from 2.7.1 to 2.8.0 [(#​2365)](https://togithub.com/mockito/mockito/pull/2365) - Bump versions.bytebuddy from 1.11.7 to 1.11.8 [(#​2361)](https://togithub.com/mockito/mockito/pull/2361) - Basic Android instrumented and unit tests (closes [#​2341](https://togithub.com/mockito/mockito/issues/2341)) [(#​2360)](https://togithub.com/mockito/mockito/pull/2360) - Bump versions.bytebuddy from 1.11.6 to 1.11.7 [(#​2359)](https://togithub.com/mockito/mockito/pull/2359) - Bump kotlin-stdlib from 1.5.20 to 1.5.21 [(#​2356)](https://togithub.com/mockito/mockito/pull/2356) - Bump kotlinx-coroutines-core from 1.5.1 to 1.5.1-native-mt [(#​2354)](https://togithub.com/mockito/mockito/pull/2354) - Bump kotlinx-coroutines-core from 1.5.0-native-mt to 1.5.1 [(#​2353)](https://togithub.com/mockito/mockito/pull/2353) - Bump versions.bytebuddy from 1.11.5 to 1.11.6 [(#​2351)](https://togithub.com/mockito/mockito/pull/2351) - Bump gradle-errorprone-plugin from 2.0.1 to 2.0.2 [(#​2347)](https://togithub.com/mockito/mockito/pull/2347) - Bump kotlin-stdlib from 1.5.10 to 1.5.20 [(#​2343)](https://togithub.com/mockito/mockito/pull/2343) - Bump versions.bytebuddy from 1.11.3 to 1.11.5 [(#​2337)](https://togithub.com/mockito/mockito/pull/2337) - Bump assertj-core from 3.20.1 to 3.20.2 [(#​2336)](https://togithub.com/mockito/mockito/pull/2336) - Spy doesn't forward hashcode/equals to actual object [(#​2331)](https://togithub.com/mockito/mockito/issues/2331) - Fixes [#​2311](https://togithub.com/mockito/mockito/issues/2311) [(#​2320)](https://togithub.com/mockito/mockito/pull/2320) ### [`v3.11.2`](https://togithub.com/mockito/mockito/releases/tag/v3.11.2) [Compare Source](https://togithub.com/mockito/mockit

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.