build(deps): bump the ci group with 6 updates

[dependabot[bot]]

Bumps the ci group with 6 updates:

Package	From	To
actions/cache	3	4
helm/kind-action	1.8.0	1.9.0
yokawasa/action-setup-kube-tools	0.9.3	0.10.0
slackapi/slack-github-action	1.24.0	1.25.0
8BitJonny/gh-get-current-pr	2.2.0	3.0.0
thollander/actions-comment-pull-request	2.4.3	2.5.0

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: https://github.com/actions/cache/compare/v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.2

v3.3.1

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in actions/cache#1129

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.1

v3.3.0

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

• Updated minimum runner version support from node 12 -> node 16

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

3.0.2

• Added support for dynamic cache size cap on GHES.

3.0.3

• Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

• Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

• Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

• Fixed #809 - zstd -d: no such file or directory error
• Fixed #833 - cache doesn't work with github workspace directory

3.0.7

• Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

• Fix zstd not working for windows on gnu tar in issues #888 and #891.
• Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

• Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

... (truncated)

Commits

• 13aacd8 Merge pull request #1242 from to-s/main
• 53b35c5 Merge branch 'main' into main
• 65b8989 Merge pull request #1284 from takost/update-to-node-20
• d0be34d Fix dist
• 66cf064 Merge branch 'main' into update-to-node-20
• 1326563 Merge branch 'main' into main
• e718767 Fix format
• 0122982 Apply workaround for earlyExit
• 3185ecf Update "only-" actions to node20
• 25618a0 Bump version
• Additional commits viewable in compare view

Updates helm/kind-action from 1.8.0 to 1.9.0

Release notes

Sourced from helm/kind-action's releases.

v1.9.0

What's Changed

• Bump actions/checkout from 3.3.0 to 3.5.3 by @​dependabot in helm/kind-action#90
• Bump actions/checkout from 3.5.3 to 3.6.0 by @​dependabot in helm/kind-action#96
• Bump actions/checkout from 3.6.0 to 4.0.0 by @​dependabot in helm/kind-action#97
• Bump actions/checkout from 4.0.0 to 4.1.0 by @​dependabot in helm/kind-action#98
• Bump actions/checkout from 4.1.0 to 4.1.1 by @​dependabot in helm/kind-action#99
• chore: Bump node version to node20 by @​sayboras in helm/kind-action#102
• Fix arch detection in non-Debian distros by @​musse in helm/kind-action#93
• docs: fix default version in action.yml by @​dunglas in helm/kind-action#91
• docs: bump outdated action version in README by @​dunglas in helm/kind-action#92

New Contributors

• @​musse made their first contribution in helm/kind-action#93
• @​dunglas made their first contribution in helm/kind-action#91

Full Changelog: https://github.com/helm/kind-action/compare/v1.8.0...v1.9.0

Commits

• 99576bf docs: bump outdated action version in README (#92)
• 0ca85d0 docs: fix default version in action.yml (#91)
• fc8d4ed Fix arch detection in non-Debian distros (#93)
• 4be822c chore: Bump node version to node20 (#102)
• 100421e Bump actions/checkout from 4.1.0 to 4.1.1 (#99)
• 5adb538 Bump actions/checkout from 4.0.0 to 4.1.0 (#98)
• 49375a6 Bump actions/checkout from 3.6.0 to 4.0.0 (#97)
• 2d498b1 Bump actions/checkout from 3.5.3 to 3.6.0 (#96)
• 77db130 Bump actions/checkout from 3.3.0 to 3.5.3 (#90)
• See full diff in compare view

Updates yokawasa/action-setup-kube-tools from 0.9.3 to 0.10.0

Release notes

Sourced from yokawasa/action-setup-kube-tools's releases.

v0.10.0

What's Changed

• node 20 by @​till in yokawasa/action-setup-kube-tools#49
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in yokawasa/action-setup-kube-tools#45
• Bump undici from 5.19.1 to 5.26.3 by @​dependabot in yokawasa/action-setup-kube-tools#46
• Bump undici from 5.26.3 to 5.28.3 by @​dependabot in yokawasa/action-setup-kube-tools#50
• Bump @​babel/traverse from 7.7.4 to 7.23.9 by @​dependabot in yokawasa/action-setup-kube-tools#51
• fix readme and add dependencies for v0.10.0 release by @​yokawasa in yokawasa/action-setup-kube-tools#52

New Contributors

• @​till made their first contribution in yokawasa/action-setup-kube-tools#49

Full Changelog: https://github.com/yokawasa/action-setup-kube-tools/compare/v0.9.3...v0.10.0

Changelog

Sourced from yokawasa/action-setup-kube-tools's changelog.

v0.10.0

• update action to node20

Commits

• 93f6df1 Merge pull request #52 from yokawasa/fix-readme
• fafd2a5 prod dependencies for v0.10.0 release
• acaa718 update README for v0.10.0
• 7b696e2 Merge pull request #51 from yokawasa/dependabot/npm_and_yarn/babel/traverse-7...
• 49a17d2 Merge pull request #50 from yokawasa/dependabot/npm_and_yarn/undici-5.28.3
• 3c18327 Bump @​babel/traverse from 7.7.4 to 7.23.9
• c1f2efa Bump undici from 5.26.3 to 5.28.3
• 4bebd64 Merge pull request #46 from yokawasa/dependabot/npm_and_yarn/undici-5.26.3
• ec8c7e3 Merge pull request #45 from yokawasa/dependabot/npm_and_yarn/word-wrap-1.2.4
• 0b9f434 Merge pull request #49 from till/node-20
• Additional commits viewable in compare view

Updates slackapi/slack-github-action from 1.24.0 to 1.25.0

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send V1.25.0

What's Changed

• Update payload integration test to escape invalid characters by @​hello-ashleyintech in slackapi/slack-github-action#207
• #204: Handle proxies when using Slack WebClient by @​raihle in slackapi/slack-github-action#205
• README: clarify limitations to workflow builder approach by @​ryan-williams in slackapi/slack-github-action#228
• Add instructions for developing with a local version of the action by @​zimeg in slackapi/slack-github-action#250
• Pass secrets to approved workflow jobs by @​zimeg in slackapi/slack-github-action#258
• build(node): bump the runtime version to node 20 by @​zimeg in slackapi/slack-github-action#267
• ci(security): require access checks to pass before running unit tests by @​zimeg in slackapi/slack-github-action#279
• ci(security): check for pull_request_target events in the access check by @​zimeg in slackapi/slack-github-action#282

New Contributors

• @​raihle made their first contribution in slackapi/slack-github-action#205
• @​ryan-williams made their first contribution in slackapi/slack-github-action#228
• @​zimeg made their first contribution in slackapi/slack-github-action#250

Full Changelog: https://github.com/slackapi/slack-github-action/compare/v1.24.0...v1.25.0

Commits

• 6c661ce Automatic compilation
• 2a8087d v1.25.0
• a678e58 ci(security): check for pull_request_target events in the access check (#282)
• 84a8f7d ci(security): require access checks to pass before running unit tests (#279)
• f6aff2f Bump eslint from 8.54.0 to 8.56.0 (#275)
• 372e934 Bump eslint-plugin-import from 2.29.0 to 2.29.1 (#274)
• bac28df Bump @​slack/web-api from 6.9.1 to 6.11.1 (#277)
• 0474a45 Unit tests in GitHub CI should test the PR/branch (#276)
• 34ae0b4 Bump @​actions/github from 5.1.1 to 6.0.0 (#265)
• e7f3840 Bump whatwg-url from 13.0.0 to 14.0.0 (#263)
• Additional commits viewable in compare view

Updates 8BitJonny/gh-get-current-pr from 2.2.0 to 3.0.0

Release notes

Sourced from 8BitJonny/gh-get-current-pr's releases.

v3.0.0

• Update to using Node20 (#295)
• docs(readme): correct step id (#261)

🤖 Dependency Updates

• build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#289)
• build(deps-dev): bump eslint from 8.34.0 to 8.45.0 (#288)
• build(deps-dev): bump eslint-plugin-jest from 27.2.1 to 27.2.3 (#286)
• build(deps-dev): bump @​types/node from 18.16.0 to 20.4.4 (#290)
• build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9 (#296)
• build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (#282)
• build(deps-dev): bump prettier from 2.8.1 to 2.8.8 (#251)
• build(deps-dev): bump @​vercel/ncc from 0.36.0 to 0.36.1 (#228)
• build(deps-dev): bump @​types/node from 18.13.0 to 18.16.0 (#252)
• build(deps-dev): bump eslint-plugin-github from 4.6.0 to 4.7.0 (#244)
• build(deps-dev): bump typescript from 4.9.3 to 4.9.5 (#222)
• build(deps-dev): bump @​types/node from 18.11.13 to 18.13.0 (#225)
• build(deps): bump json5 from 1.0.1 to 1.0.2 (#215)
• build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.2.1 (#217)
• build(deps-dev): bump eslint from 8.29.0 to 8.34.0 (#226)
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.1 to 5.52.0 (#227)
• build(deps-dev): bump @​typescript-eslint/parser from 5.45.1 to 5.46.1 (#200)
• build(deps-dev): bump eslint-plugin-github from 4.4.1 to 4.6.0 (#201)
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.0 (#199)
• build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#202)
• build(deps-dev): bump @​types/node from 18.11.11 to 18.11.13 (#203)

Full Changelog: https://github.com/8BitJonny/gh-get-current-pr/compare/2.2.0...v3.0.0

Contributors: @​8BitJonny, @​dargmuesli, @​dependabot and @​dependabot[bot]

Commits

• 08e737c Merge pull request #295 from 8BitJonny/upgrade-to-node20
• f21b71e (dep): run npm audit fix
• 2fe5f33 (chore): update to node v20 in nvmrc
• 2011959 Merge branch 'master' into upgrade-to-node20
• fda1672 Merge pull request #289 from 8BitJonny/dependabot/npm_and_yarn/word-wrap-1.2.4
• f4fb4f8 Merge pull request #288 from 8BitJonny/dependabot/npm_and_yarn/eslint-8.45.0
• a293d8b Merge pull request #286 from 8BitJonny/dependabot/npm_and_yarn/eslint-plugin-...
• f24508c Merge pull request #290 from 8BitJonny/dependabot/npm_and_yarn/types/node-20.4.4
• f65b5c7 Merge pull request #296 from 8BitJonny/dependabot/npm_and_yarn/babel/traverse...
• 1b34411 build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9
• Additional commits viewable in compare view

Updates thollander/actions-comment-pull-request from 2.4.3 to 2.5.0

Release notes

Sourced from thollander/actions-comment-pull-request's releases.

v2.4.3 : Node 20 version support

What's Changed

• chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 by @​dependabot in thollander/actions-comment-pull-request#304
• feat: node 20 version support by @​thollander in thollander/actions-comment-pull-request#307

Full Changelog: https://github.com/thollander/actions-comment-pull-request/compare/v2.4.3...v2.5.0

Commits

• fabd468 Merge pull request #307 from thollander/feat/node-20
• cb9f4be chore: bump to v2.5.0
• 2f69210 feat: node 20 version support
• 9d67388 chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 (#304)
• 88b3c3f docs: fix wrong indent
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/MPAS

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	1

Detailed Logs: mend-scan-> Generate Report Mend UI

[dependabot[bot]]

Superseded by #194.