chore(deps): update maru support dependencies

This PR contains the following updates:

Package	Type	Update	Change
actions/create-github-app-token	action	minor	`v1.9.0` -> `v1.10.0`
actions/setup-go	action	patch	`v5.0.0` -> `v5.0.1`
anchore/sbom-action	action	minor	`v0.15.11` -> `v0.16.0`
defenseunicorns/zarf		minor	`v0.32.5` -> `v0.33.2`
github/codeql-action	action	patch	`v3.25.3` -> `v3.25.6`
goreleaser/goreleaser-action	action	minor	`v5.0.0` -> `v5.1.0`
ossf/scorecard-action	action	patch	`v2.3.1` -> `v2.3.3`

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

### [`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0) ##### Features - **`private-key`:** escaped newlines will be replaced ([#132](https://togithub.com/actions/create-github-app-token/issues/132)) ([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f)) ### [`v1.9.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.3) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3) ##### Bug Fixes - **deps:** bump undici from 6.10.2 to 6.11.1 ([#125](https://togithub.com/actions/create-github-app-token/issues/125)) ([3c223c7](https://togithub.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)), closes [#3024](https://togithub.com/actions/create-github-app-token/issues/3024) [nodejs/undici#3044](https://togithub.com/nodejs/undici/issues/3044) [#3023](https://togithub.com/actions/create-github-app-token/issues/3023) [nodejs/undici#3025](https://togithub.com/nodejs/undici/issues/3025) [nodejs/undici#3024](https://togithub.com/nodejs/undici/issues/3024) [nodejs/undici#3034](https://togithub.com/nodejs/undici/issues/3034) [nodejs/undici#3038](https://togithub.com/nodejs/undici/issues/3038) [nodejs/undici#2947](https://togithub.com/nodejs/undici/issues/2947) [nodejs/undici#3040](https://togithub.com/nodejs/undici/issues/3040) [nodejs/undici#3036](https://togithub.com/nodejs/undici/issues/3036) [nodejs/undici#3041](https://togithub.com/nodejs/undici/issues/3041) [#3024](https://togithub.com/actions/create-github-app-token/issues/3024) [#3041](https://togithub.com/actions/create-github-app-token/issues/3041) [#3036](https://togithub.com/actions/create-github-app-token/issues/3036) ### [`v1.9.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.2) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2) ##### Bug Fixes - **deps:** bump the production-dependencies group with 1 update ([#123](https://togithub.com/actions/create-github-app-token/issues/123)) ([beea7b8](https://togithub.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)), closes [nodejs/undici#2978](https://togithub.com/nodejs/undici/issues/2978) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [#2982](https://togithub.com/actions/create-github-app-token/issues/2982) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [#2986](https://togithub.com/actions/create-github-app-token/issues/2986) [nodejs/undici#2992](https://togithub.com/nodejs/undici/issues/2992) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2993](https://togithub.com/nodejs/undici/issues/2993) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2998](https://togithub.com/nodejs/undici/issues/2998) [#2863](https://togithub.com/actions/create-github-app-token/issues/2863) [nodejs/undici#2999](https://togithub.com/nodejs/undici/issues/2999) [nodejs/undici#3001](https://togithub.com/nodejs/undici/issues/3001) [nodejs/undici#2971](https://togithub.com/nodejs/undici/issues/2971) [nodejs/undici#2980](https://togithub.com/nodejs/undici/issues/2980) [nodejs/undici#2983](https://togithub.com/nodejs/undici/issues/2983) [nodejs/undici#2987](https://togithub.com/nodejs/undici/issues/2987) [nodejs/undici#2991](https://togithub.com/nodejs/undici/issues/2991) [nodejs/undici#2985](https://togithub.com/nodejs/undici/issues/2985) [nodejs/undici#2995](https://togithub.com/nodejs/undici/issues/2995) [nodejs/undici#2960](https://togithub.com/nodejs/undici/issues/2960) [nodejs/undici#2959](https://togithub.com/nodejs/undici/issues/2959) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2974](https://togithub.com/nodejs/undici/issues/2974) [nodejs/undici#2967](https://togithub.com/nodejs/undici/issues/2967) [nodejs/undici#2966](https://togithub.com/nodejs/undici/issues/2966) [nodejs/undici#2969](https://togithub.com/nodejs/undici/issues/2969) [nodejs/undici#2962](https://togithub.com/nodejs/undici/issues/2962) [nodejs/undici#2826](https://togithub.com/nodejs/undici/issues/2826) [nodejs/undici#2952](https://togithub.com/nodejs/undici/issues/2952) [#3001](https://togithub.com/actions/create-github-app-token/issues/3001) [#2863](https://togithub.com/actions/create-github-app-token/issues/2863) [#2999](https://togithub.com/actions/create-github-app-token/issues/2999) [#2998](https://togithub.com/actions/create-github-app-token/issues/2998) [#2993](https://togithub.com/actions/create-github-app-token/issues/2993) [#2986](https://togithub.com/actions/create-github-app-token/issues/2986) [#2992](https://togithub.com/actions/create-github-app-token/issues/2992) [#2991](https://togithub.com/actions/create-github-app-token/issues/2991) [#2987](https://togithub.com/actions/create-github-app-token/issues/2987) ### [`v1.9.1`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.9.1) [Compare Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1) ##### Bug Fixes - clarify `owner` input description ([#118](https://togithub.com/actions/create-github-app-token/issues/118)) ([d9bc169](https://togithub.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f))

actions/setup-go (actions/setup-go)

### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@dependabot](https://togithub.com/dependabot) , [@HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1

anchore/sbom-action (anchore/sbom-action)

### [`v0.16.0`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.0): v0.16 [Compare Source](https://togithub.com/anchore/sbom-action/compare/v0.15.11...v0.16.0) #### Changes in v0.16.0 - Update Syft to v1.4.1 ([#465](https://togithub.com/anchore/sbom-action/issues/465)) - Update GitHub artifact client ([#463](https://togithub.com/anchore/sbom-action/issues/463)) \[[kzantow](https://togithub.com/kzantow)]

defenseunicorns/zarf (defenseunicorns/zarf)

### [`v0.33.2`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.2) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2) ##### What's Changed - fix: schema integration by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2463](https://togithub.com/defenseunicorns/zarf/pull/2463) - docs: add contributor covenant code of conduct by [@salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - docs: fix casing on code of conduct badge by [@salaxander](https://togithub.com/salaxander) in [https://github.com/defenseunicorns/zarf/pull/2466](https://togithub.com/defenseunicorns/zarf/pull/2466) - fix(deps): update github.com/anchore/clio digest to [`3c4abf8`](https://togithub.com/defenseunicorns/zarf/commit/3c4abf8) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2424](https://togithub.com/defenseunicorns/zarf/pull/2424) - fix: update docker media type in registry by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2476](https://togithub.com/defenseunicorns/zarf/pull/2476) - fix: adds GetVariableConfig function for packager by [@decleaver](https://togithub.com/decleaver) in [https://github.com/defenseunicorns/zarf/pull/2475](https://togithub.com/defenseunicorns/zarf/pull/2475) - test: add tests for remove copies from components to enable refactoring by [@phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - fix!: do not uninstall helm chart after failed install or upgrade by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2456](https://togithub.com/defenseunicorns/zarf/pull/2456) - feat: inspect --list-images by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2478](https://togithub.com/defenseunicorns/zarf/pull/2478) - refactor: remove copies from components to a filter by [@phillebaba](https://togithub.com/phillebaba) in [https://github.com/defenseunicorns/zarf/pull/2474](https://togithub.com/defenseunicorns/zarf/pull/2474) - chore: add support.md by [@schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) - chore: add a check for go mod tidy by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2481](https://togithub.com/defenseunicorns/zarf/pull/2481) - fix: use correct sha256 checksum for arm64 injector binary by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2483](https://togithub.com/defenseunicorns/zarf/pull/2483) - fix: simplify go mod tidy check by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2482](https://togithub.com/defenseunicorns/zarf/pull/2482) ##### New Contributors - [@salaxander](https://togithub.com/salaxander) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2462](https://togithub.com/defenseunicorns/zarf/pull/2462) - [@phillebaba](https://togithub.com/phillebaba) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2473](https://togithub.com/defenseunicorns/zarf/pull/2473) - [@schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2480](https://togithub.com/defenseunicorns/zarf/pull/2480) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2 ### [`v0.33.1`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.1) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1) #### What's Changed - fix: add redirect so old zarf base link is compatiable by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2432](https://togithub.com/defenseunicorns/zarf/pull/2432) - ci: pin third-party gh actions by hash by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2433](https://togithub.com/defenseunicorns/zarf/pull/2433) - docs: add redirect for examples by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2438](https://togithub.com/defenseunicorns/zarf/pull/2438) - docs: update contributing and pre-commit by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2439](https://togithub.com/defenseunicorns/zarf/pull/2439) - ci: fix revive image ref in lint workflow by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2436](https://togithub.com/defenseunicorns/zarf/pull/2436) - fix: filter on running pods when finding an image for injector pod by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2415](https://togithub.com/defenseunicorns/zarf/pull/2415) - fix: readme dead links by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2442](https://togithub.com/defenseunicorns/zarf/pull/2442) - fix: differential package create with non local sources by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2444](https://togithub.com/defenseunicorns/zarf/pull/2444) - refactor: move variables into separate package by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2414](https://togithub.com/defenseunicorns/zarf/pull/2414) - ci: add top level workflow permission to commitlint by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2449](https://togithub.com/defenseunicorns/zarf/pull/2449) - ci: remove unused env var from codeql workflow by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2450](https://togithub.com/defenseunicorns/zarf/pull/2450) - chore: cleanup root level files and add SPDX check for Go files by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2431](https://togithub.com/defenseunicorns/zarf/pull/2431) - feat: config to enable resilient registry by [@Michael-Kruggel](https://togithub.com/Michael-Kruggel) in [https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440) - docs: init package clarity and cleanup by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2447](https://togithub.com/defenseunicorns/zarf/pull/2447) - ci: compare cves to main by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2448](https://togithub.com/defenseunicorns/zarf/pull/2448) - test: unpin version in bigbang extension test by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2459](https://togithub.com/defenseunicorns/zarf/pull/2459) - fix: broken schema from unexpanded embedded variables by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2458](https://togithub.com/defenseunicorns/zarf/pull/2458) - fix: error on create if an index sha is used by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2429](https://togithub.com/defenseunicorns/zarf/pull/2429) #### New Contributors - [@Michael-Kruggel](https://togithub.com/Michael-Kruggel) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2440](https://togithub.com/defenseunicorns/zarf/pull/2440) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1 ### [`v0.33.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.33.0) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0) #### What's Changed - fix: update deprecated syft packages command to syft scan by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2399](https://togithub.com/defenseunicorns/zarf/pull/2399) - chore: move helpers to defenseunicorns/pkg by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2402](https://togithub.com/defenseunicorns/zarf/pull/2402) - fix(deps): update github.com/anchore/clio digest to [`fb5fc4c`](https://togithub.com/defenseunicorns/zarf/commit/fb5fc4c) by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2366](https://togithub.com/defenseunicorns/zarf/pull/2366) - feat(tools): add yq by [@zachariahmiller](https://togithub.com/zachariahmiller) in [https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406) - chore: switch to use oci lib in defenseunicorns/pkg by [@AustinAbro321](https://togithub.com/AustinAbro321) in [https://github.com/defenseunicorns/zarf/pull/2404](https://togithub.com/defenseunicorns/zarf/pull/2404) - fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1 by [@renovate](https://togithub.com/renovate) in [https://github.com/defenseunicorns/zarf/pull/2411](https://togithub.com/defenseunicorns/zarf/pull/2411) - fix: use env var for PR title in commitlint workflow to prevent untrusted script injection by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2418](https://togithub.com/defenseunicorns/zarf/pull/2418) - fix: use default GITHUB_TOKEN for ossf/scorecard-action by [@bburky](https://togithub.com/bburky) in [https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416) - fix: remove duplicate logic for writing image layers to disk concurrently by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2409](https://togithub.com/defenseunicorns/zarf/pull/2409) - feat: add option to skip cosign lookup during find images by [@Racer159](https://togithub.com/Racer159) in [https://github.com/defenseunicorns/zarf/pull/2427](https://togithub.com/defenseunicorns/zarf/pull/2427) - feat: allow chart deploy overrides ALPHA by [@naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/defenseunicorns/zarf/pull/2403](https://togithub.com/defenseunicorns/zarf/pull/2403) - chore: update pull_request_template.md by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2428](https://togithub.com/defenseunicorns/zarf/pull/2428) - ci: pin k3s image version in k3d github action by [@lucasrod16](https://togithub.com/lucasrod16) in [https://github.com/defenseunicorns/zarf/pull/2430](https://togithub.com/defenseunicorns/zarf/pull/2430) - feat(docs): port docs to starlight by [@Noxsios](https://togithub.com/Noxsios) in [https://github.com/defenseunicorns/zarf/pull/2315](https://togithub.com/defenseunicorns/zarf/pull/2315) #### New Contributors - [@zachariahmiller](https://togithub.com/zachariahmiller) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2406](https://togithub.com/defenseunicorns/zarf/pull/2406) - [@bburky](https://togithub.com/bburky) made their first contribution in [https://github.com/defenseunicorns/zarf/pull/2416](https://togithub.com/defenseunicorns/zarf/pull/2416) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0 ### [`v0.32.6`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.32.6) [Compare Source](https://togithub.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6) #### \[0.32.6] - 2024-03-22 > trying out some different release note generators, formatting may vary for a few releases while we figure out what works best ~[@Noxsios](https://togithub.com/Noxsios) ##### 🚀 Features - \[**ALPHA**] feat: package generation ALPHA by [@andrewg-xyz](https://togithub.com/andrewg-xyz) in [#2269](https://togithub.com/defenseunicorns/zarf/pull/2269) - *(lib)* feat(lib): configurable log file location by [@Noxsios](https://togithub.com/Noxsios) in [#2380](https://togithub.com/defenseunicorns/zarf/pull/2380) - \[**BREAKING**] feat!: filter package components with strategy interface by [@Noxsios](https://togithub.com/Noxsios) in [#2321](https://togithub.com/defenseunicorns/zarf/pull/2321) ##### 🐛 Bug Fixes - fix: refactor create stages into separate lib by [@lucasrod16](https://togithub.com/lucasrod16) in [#2223](https://togithub.com/defenseunicorns/zarf/pull/2223) - fix: handle registry caBundle as a multiline string by [@AbrohamLincoln](https://togithub.com/AbrohamLincoln) in [#2381](https://togithub.com/defenseunicorns/zarf/pull/2381) - *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and `mirror` by [@lucasrod16](https://togithub.com/lucasrod16) in [#2386](https://togithub.com/defenseunicorns/zarf/pull/2386) - fix: allow absolute paths for differential packages by [@AustinAbro321](https://togithub.com/AustinAbro321) in [#2397](https://togithub.com/defenseunicorns/zarf/pull/2397) - fix: hotfix skeleton publish by [@Noxsios](https://togithub.com/Noxsios) in [#2398](https://togithub.com/defenseunicorns/zarf/pull/2398) ##### 🚜 Refactor - refactor: split helpers/exec libs by [@Racer159](https://togithub.com/Racer159) in [#2379](https://togithub.com/defenseunicorns/zarf/pull/2379) ##### 🧪 Testing - test: data injection flake by [@lucasrod16](https://togithub.com/lucasrod16) in [#2361](https://togithub.com/defenseunicorns/zarf/pull/2361) ##### ⚙️ Miscellaneous Tasks - ci: add commitlint workflow and update contributing guide by [@lucasrod16](https://togithub.com/lucasrod16) in [#2391](https://togithub.com/defenseunicorns/zarf/pull/2391) ##### 🛡️ Security - *(release)* build: create PRs on `homebrew-tap` by [@Noxsios](https://togithub.com/Noxsios) in [#2385](https://togithub.com/defenseunicorns/zarf/pull/2385) **Full Changelog**: https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6

github/codeql-action (github/codeql-action)

### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

goreleaser/goreleaser-action (goreleaser/goreleaser-action)

### [`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0) #### Important This version changes the default behavior of `latest` to `~> v1`. The next major of this action (v6), will change this to `~> v2`, and will be launched together with GoReleaser v2. #### What's Changed - docs: bump actions to latest major by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435) - chore(deps): bump docker/bake-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437) - chore(deps): bump actions/setup-go from 4 to 5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443) - chore(deps): bump actions/upload-artifact from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444) - Delete .kodiak.toml by [@vedantmgoyal9](https://togithub.com/vedantmgoyal9) in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) - chore(deps): bump codecov/codecov-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448) - chore(deps): bump ip from 2.0.0 to 2.0.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450) - Upgrade setup-go action version in README by [@kishaningithub](https://togithub.com/kishaningithub) in [https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455) - chore(deps): bump tar from 6.1.14 to 6.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456) - chore: use corepack to install yarn by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458) - feat: lock this major version of the action to use '~> v1' as 'latest' by [@caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461) - chore(deps): bump semver from 7.6.0 to 7.6.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462) - chore(deps): bump [@actions/http-client](https://togithub.com/actions/http-client) from 2.2.0 to 2.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451) #### New Contributors - [@vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446) **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0

ossf/scorecard-action (ossf/scorecard-action)

### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - :book: Move token discussion out of main README. by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - :book: link to `ossf/scorecard` workflow instead of maintaining an example by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - :book: update api links to new scorecard.dev site by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

Configuration

📅 Schedule: Branch creation - "after 12pm every weekday,before 11am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

defenseunicorns / maru-runner

chore(deps): update maru support dependencies #99

Release Notes

Configuration