chore(deps): bump the actions group with 3 updates

[dependabot[bot]]

Bumps the actions group with 3 updates: actions/checkout, mikefarah/yq and ossf/scorecard-action.

Updates actions/checkout from 4.1.4 to 4.1.5

Release notes

Sourced from actions/checkout's releases.

v4.1.5

What's Changed

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

Full Changelog: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5

Commits

• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• fd084cd Bump github/codeql-action from 2 to 3 (#1694)
• 9c1e94e Update NPM dependencies (#1703)
• See full diff in compare view

Updates mikefarah/yq from 4.43.1 to 4.44.1

Release notes

Sourced from mikefarah/yq's releases.

v4.44.1 - min/max/pivot!

• Added min/max operators (#1992) Thanks @​mbenson
• Added pivot oeprator (#1993) Thanks @​mbenson
• Fix: shell-completion (#2006) Thanks @​codekow
• Handle escaped backslashes (#1997) Thanks @​mbenson
• Fix npe when given filename ending with "." (#1994)
• Fix: linux (w/ selinux) build (#2004) Thanks @​codekow
• Bumped dependencies

Changelog

Sourced from mikefarah/yq's changelog.

4.44.1:

• Added min/max operators (#1992) Thanks @​mbenson
• Added pivot oeprator (#1993) Thanks @​mbenson
• Fix: shell-completion (#2006) Thanks @​codekow
• Handle escaped backslashes (#1997) Thanks @​mbenson
• Fix npe when given filename ending with "." (#1994)
• Fix: linux (w/ selinux) build (#2004) Thanks @​codekow
• Bumped dependencies

4.43.1:

• Added omit operator #1989 thanks @​mbenson!
• Added tostring #72
• Added string interpolation #1149
• Can specify parent(n) levels #1970
• Can now multiply strings by numbers #1988 thanks @​mbenson!
• Fixed CSV line break issue #1974
• Adding a EvaluateAll function to StringEvaluator #1966
• yqlib, default to colors off when using yaml library #1964
• Removed JSON output warning
• Bumped dependencies

4.42.1:

• Can execute yq expression files directly with shebang #1851
• Added --csv-separator flag #1950
• Added --properties-separator option - thanks @​learnitall #1864
• Added --properties-array-brackets flag for properties encoder #1933
• Shell completion improvements - thanks @​scop #1911
• Bumped dependencies

4.41.1:

• Can now comment in yq expressions! #1919
• Fixed Toml decoding when table array defined before parent #1922
• Added new CSV option to turn off auto-parsing #1947
• Fixing with_entries context #1925
• Can now retrieve the alias names of merge anchors #1942

4.40.7:

• Bumped dependencies

4.40.6:

• Fix: empty TOML table #1924 - Thanks @​elibroftw
• Fixed "all" error message #1845
• Fixed to_entries[]
• Bumped dependencies

4.40.5:

• Fixing seg fault on bad XML #1888

... (truncated)

Commits

• 557dcb8 Bumping version
• 2daa39e Updating release notes
• 0c15cf3 Added properties convert to numbers example #2023
• d9adcdb Update instructions for Alpine Linux (#2034)
• 9010809 Bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 (#2024)
• 8250f0c Bump golang.org/x/text from 0.14.0 to 0.15.0 (#2036)
• 8ac9f60 Bump golang from 1.22.2 to 1.22.3 (#2037)
• 1748171 Bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 (#2014)
• 21ba506 Fix: shell-completion (#2006)
• b54d7eb handle escaped backslashes (#1997)
• Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.3.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in ossf/scorecard-action#1366
• :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in ossf/scorecard-action#1374
• :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• :book: Move token discussion out of main README. by @​spencerschrock in ossf/scorecard-action#1279
• :book: link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in ossf/scorecard-action#1352
• :book: update api links to new scorecard.dev site by @​spencerschrock in ossf/scorecard-action#1376

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

Commits

• dc50aa9 :seedling: Bump docker tag for v2.3.3 release (#1368)
• 8ff5700 :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
• 8ba5e73 update api links to new scorecard.dev site (#1376)
• 92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
• 6c55905 :seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
• 09bb953 :seedling: Bump distroless/base in the docker-images group (#1372)
• 1511e13 :seedling: Bump the github-actions group across 1 directory with 6 updates (#...
• df66cd8 :seedling: Bump the docker-images group with 2 updates (#1370)
• fad9a3c :seedling: Bump distroless/base in the docker-images group (#1364)
• 1e01a30 :seedling: Bump the github-actions group with 3 updates (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions