Bump the ci group with 3 updates

[dependabot[bot]]

Bumps the ci group with 3 updates: mercedesbenzio/detect-action, myrotvorets/trigger-repository-dispatch-action and anchore/sbom-action.

Updates mercedesbenzio/detect-action from 1 to 2

Release notes

Sourced from mercedesbenzio/detect-action's releases.

v2.0.0

What's Changed

• feat!: update to node 20 by @​tvcsantos in tvcsantos/detect-action#17

Full Changelog: https://github.com/tvcsantos/detect-action/compare/v1.5.0...v2.0.0

v1.5.0

What's Changed

• feat: add support for custom PR comments by @​tvcsantos in tvcsantos/detect-action#16

Full Changelog: https://github.com/tvcsantos/detect-action/compare/v1.4.1...v1.5.0

v1.4.1

What's Changed

• feat: improve tool name on PR comment header by @​tvcsantos in mercedesbenzio/detect-action#13

Full Changelog: https://github.com/mercedesbenzio/detect-action/compare/v1.4.0...v1.4.1

v1.4.0

What's Changed

• feat: add tool name to PR comment header by @​tvcsantos in mercedesbenzio/detect-action#12

Full Changelog: https://github.com/mercedesbenzio/detect-action/compare/v1.3.0...v1.4.0

v1.3.0

What's Changed

• feat: add input to control PR comments on success by @​tvcsantos in mercedesbenzio/detect-action#11

Full Changelog: https://github.com/mercedesbenzio/detect-action/compare/v1.2.0...v1.3.0

v1.2.0

What's Changed

• build: update package version by @​tvcsantos in mercedesbenzio/detect-action#10
• feat: improve debug log level and add fail-if-detect-fails by @​tvcsantos in mercedesbenzio/detect-action#9

Full Changelog: https://github.com/mercedesbenzio/detect-action/compare/v1.1.0...v1.2.0

v1.1.0

What's Changed

• feat: make detect-version optional by downloading latest by @​tvcsantos in mercedesbenzio/detect-action#8

Full Changelog: https://github.com/mercedesbenzio/detect-action/compare/v1.0.0...v1.1.0

Changelog

Sourced from mercedesbenzio/detect-action's changelog.

Commits

• 290ca63 fix: fix incompatible package @​actions/artifact (#18)
• c5123b0 feat!: update to node 20 (#17)
• See full diff in compare view

Updates myrotvorets/trigger-repository-dispatch-action from 2.0.0 to 2.0.2

Release notes

Sourced from myrotvorets/trigger-repository-dispatch-action's releases.

2.0.2

What's Changed

• Update workflows by @​myrotvorets-team in myrotvorets/trigger-repository-dispatch-action#395

Full Changelog: https://github.com/myrotvorets/trigger-repository-dispatch-action/compare/v2.0.1...v2.0.2

2.0.1

What's Changed

• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#311
• chore(deps): update dependency @​actions/core to v1.10.1 by @​renovate in myrotvorets/trigger-repository-dispatch-action#312
• chore(deps): update github/codeql-action digest to 701f152 by @​renovate in myrotvorets/trigger-repository-dispatch-action#313
• chore(deps): update github/codeql-action digest to 04daf01 by @​renovate in myrotvorets/trigger-repository-dispatch-action#314
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#315
• chore(deps): update github/codeql-action digest to 6a28655 by @​renovate in myrotvorets/trigger-repository-dispatch-action#316
• chore(deps): update actions/checkout action to v4.1.0 by @​renovate in myrotvorets/trigger-repository-dispatch-action#318
• chore(deps): update actions/checkout digest to 8ade135 by @​renovate in myrotvorets/trigger-repository-dispatch-action#317
• chore(deps): update dependency @​octokit/request-error to v5.0.1 by @​renovate in myrotvorets/trigger-repository-dispatch-action#319
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#320
• chore(deps): update github/codeql-action digest to ddccb87 by @​renovate in myrotvorets/trigger-repository-dispatch-action#321
• chore(deps): update github/codeql-action digest to 2cb752a by @​renovate in myrotvorets/trigger-repository-dispatch-action#322
• chore(deps): update devdependencies (non-major) by @​renovate in myrotvorets/trigger-repository-dispatch-action#324
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.21.0 by @​renovate in myrotvorets/trigger-repository-dispatch-action#323
• chore(deps): update typescript-related packages by @​renovate in myrotvorets/trigger-repository-dispatch-action#325
• chore(deps): update github/codeql-action digest to fdcae64 by @​renovate in myrotvorets/trigger-repository-dispatch-action#326
• chore(deps): update dependency @​actions/github to v6 by @​renovate in myrotvorets/trigger-repository-dispatch-action#327
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.22.4 by @​renovate in myrotvorets/trigger-repository-dispatch-action#328
• chore(deps): update github/codeql-action digest to d90b8d7 by @​renovate in myrotvorets/trigger-repository-dispatch-action#329
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.22.5 by @​renovate in myrotvorets/trigger-repository-dispatch-action#330
• chore(deps): update github/codeql-action digest to 0116bc2 by @​renovate in myrotvorets/trigger-repository-dispatch-action#331
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#332
• fix(deps): roll back actions/checkout action by @​renovate in myrotvorets/trigger-repository-dispatch-action#333
• chore(deps): update actions/checkout action to v4.1.1 by @​renovate in myrotvorets/trigger-repository-dispatch-action#334
• chore(deps): update dependency @​vercel/ncc to ^0.38.1 by @​renovate in myrotvorets/trigger-repository-dispatch-action#335
• chore(deps): update github/codeql-action digest to 49abf0b by @​renovate in myrotvorets/trigger-repository-dispatch-action#336
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#337
• chore(deps): update actions/setup-node action to v3.8.2 by @​renovate in myrotvorets/trigger-repository-dispatch-action#338
• chore(deps): update actions/setup-node action to v4 by @​renovate in myrotvorets/trigger-repository-dispatch-action#339
• chore(deps): update github/codeql-action digest to 74483a3 by @​renovate in myrotvorets/trigger-repository-dispatch-action#340
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.22.6 by @​renovate in myrotvorets/trigger-repository-dispatch-action#341
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#342
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.23.0 by @​renovate in myrotvorets/trigger-repository-dispatch-action#343
• chore(deps): update dependency @​myrotvorets/eslint-config-myrotvorets-ts to ^2.24.0 by @​renovate in myrotvorets/trigger-repository-dispatch-action#344
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#345
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#346
• chore(deps): update github/codeql-action digest to 689fdc5 by @​renovate in myrotvorets/trigger-repository-dispatch-action#347
• chore(deps): update github/codeql-action digest to 66b90a5 by @​renovate in myrotvorets/trigger-repository-dispatch-action#348
• chore(deps): lock file maintenance by @​renovate in myrotvorets/trigger-repository-dispatch-action#349
• chore(deps): update dependency typescript to ^5.3.2 by @​renovate in myrotvorets/trigger-repository-dispatch-action#350
• chore(deps): update github/codeql-action digest to 407ffaf by @​renovate in myrotvorets/trigger-repository-dispatch-action#351

... (truncated)

Commits

• 7a1a910 2.0.2
• 2816d54 Merge pull request #395 from myrotvorets/update-workflows
• 164b255 Update workflows
• c2e930d Update CodeQL workflow
• 824a9fb Update workflows
• c698982 2.0.1
• be37101 Merge pull request #394 from myrotvorets/renovate/lock-file-maintenance
• 72ca8bc Fix ESLint issues
• 383a02a chore(deps): lock file maintenance
• a31eafa chore(deps): update github/codeql-action digest to 1b1aada
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.15.9 to 0.15.10

Release notes

Sourced from anchore/sbom-action's releases.

v0.15.10

Changes in v0.15.10

• Update Syft to v1.1.0 (#454)
• Bump Node to v20 on download-syft/publish-sbom actions (#448) [ViacheslavKudinov]

Commits

• ab5d7b5 chore(deps): update Syft to v1.1.0 (#454)
• 6e7f9d7 chore(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 (#450)
• 2d906a3 chore(deps): bump peter-evans/create-or-update-comment (#452)
• 691c762 chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.2 (#453)
• f0dafef chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#451)
• c6d7b2a chore: add dependabot configuration for actions (#449)
• 31e2bb2 chore(deps): update @types/node to Node 20 (#443)
• 670514f chore: Bump Node to v20 on download-syft/publish-sbom actions (#448)
• a5afbb1 chore(deps): update Syft to v1.0.1 (#444)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for c4c81c576d1390c1a594b0783bded6265f8dc0e8 run with result: Success ✅!

[ocmbot[bot]]

Integration Tests for 87584373c613da5b1a7c644e879c7cf3f8df4a8b run with result: Success ✅!