slsa-framework / slsa-github-generator

Language-agnostic SLSA provenance generation for Github Actions
Apache License 2.0
433 stars 130 forks source link

Dependency Dashboard #408

Open forking-renovate[bot] opened 2 years ago

forking-renovate[bot] commented 2 years ago

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.


[!WARNING] Renovate failed to look up the following dependencies: Failed to look up maven package io.github.slsa-framework.slsa-github-generator:hash-maven-plugin.

Files affected: e2e/maven/workflow_dispatch/pom.xml


Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/actions/generate-builder/action.yml - `actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32`
.github/actions/secure-builder-checkout/action.yaml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/actions/secure-download-artifact/action.yml - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
.github/actions/secure-download-folder/action.yml - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
.github/actions/secure-project-checkout-go/action.yml - `actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32`
.github/actions/secure-project-checkout-node/action.yml - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b`
.github/actions/secure-project-checkout/action.yaml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/actions/secure-upload-artifact/action.yml - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029`
.github/actions/secure-upload-folder/action.yml
.github/workflows/builder_bazel_slsa3.yml
.github/workflows/builder_container-based_slsa3.yml - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `google-github-actions/auth v2.1.3@71fee32a0bb7e97b4d33d548e7d957010649d8fa` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `softprops/action-gh-release v2.0.8@c062e08bd532815e2082a85e87e3ef29c3e6d191` - `softprops/action-gh-release v2.0.8@c062e08bd532815e2082a85e87e3ef29c3e6d191` - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1` - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1` - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1`
.github/workflows/builder_go_slsa3.yml - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `softprops/action-gh-release v2.0.8@c062e08bd532815e2082a85e87e3ef29c3e6d191`
.github/workflows/builder_gradle_slsa3.yml
.github/workflows/builder_maven_slsa3.yml
.github/workflows/builder_nodejs_slsa3.yml
.github/workflows/codeql-analysis.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `github/codeql-action v3.25.15@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a` - `github/codeql-action v3.25.15@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a` - `github/codeql-action v3.25.15@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a`
.github/workflows/delegator_generic_slsa3.yml - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1` - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1`
.github/workflows/delegator_lowperms-generic_slsa3.yml - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1` - `geekyeggo/delete-artifact v5.0.0@24928e75e6e6590170563b8ddae9fac674508aa1`
.github/workflows/e2e.create-container_based-predicate.schedule.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/e2e.detect-workflow-js.schedule.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/e2e.sign-attestations.schedule.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-node v4@1e60f620b9541d16bece96c5465dc8ee9832be0b` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/e2e.upload-folder.schedule.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/generator_container_slsa3.yml - `google-github-actions/auth v2.1.3@71fee32a0bb7e97b4d33d548e7d957010649d8fa` - `sigstore/cosign-installer v3.5.0@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20`
.github/workflows/generator_generic_slsa3.yml - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `softprops/action-gh-release v2.0.8@c062e08bd532815e2082a85e87e3ef29c3e6d191`
.github/workflows/pre-submit.actions.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/pre-submit.apis.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/pre-submit.delegators.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/pre-submit.e2e.container-based.default.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
.github/workflows/pre-submit.e2e.generic.default.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
.github/workflows/pre-submit.e2e.maven.yml
.github/workflows/pre-submit.lint.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32` - `actions/setup-node v3.8.2@1a4442cacd436585916779262731d5b162bc6ec7` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b`
.github/workflows/pre-submit.pr-title.yml - `thehanimo/pr-title-checker v1.4.2@1d8cd483a2b73118406a187f54dca8a9415f1375`
.github/workflows/pre-submit.units.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32` - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/release.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332`
.github/workflows/schedule.issue-reopener.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `ianlewis/todo-issue-reopener v1.2.1@339a05bfcc934adf6aa425b968a2d2f2af4f12ad`
.github/workflows/scorecards.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `github/codeql-action v3.25.15@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a`
.github/workflows/update-actions-dist-post-commit.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/upload-artifact v4.3.5@89ef406dd8d7e03cfd12d9e0a4a378f454709029` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/download-artifact v4.1.8@fa0a91b85d4f404e444e00e005971372dc801d16`
actions/delegator/random/action.yml
actions/delegator/secure-attestations-download/action.yml
actions/delegator/secure-download-folder/action.yml
actions/delegator/secure-upload-folder/action.yml
actions/generator/generic/create-base64-subjects-from-file/action.yml
actions/gradle/publish/action.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-java v4.2.1@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9`
actions/gradle/secure-download-attestations/action.yml
actions/gradle/secure-download-target/action.yml
actions/maven/publish/action.yml - `actions/setup-java v4.2.1@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9`
actions/maven/secure-download-attestations/action.yml
actions/maven/secure-download-target/action.yml
actions/nodejs/publish/action.yml
actions/nodejs/secure-attestations-download/action.yml
actions/nodejs/secure-package-download/action.yml
internal/builders/bazel/action.yml - `bazelbuild/setup-bazelisk v3.0.0@b39c379c82683a5f25d34f0d062761f62693e0b2` - `actions/setup-java v4.2.1@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9`
internal/builders/gradle/action.yml - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/setup-java v4.2.1@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9` - `gradle/gradle-build-action v3.5.0@ac2d340dc04d9e1113182899e983b5400c17cda1`
internal/builders/maven/action.yml - `actions/checkout 9a9194f87191a7e9055e3e9b95b8cfb13023bb08` - `actions/setup-java v4.2.1@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9`
internal/builders/nodejs/action.yml - `actions/setup-node v4.0.3@1e60f620b9541d16bece96c5465dc8ee9832be0b`
gomod
go.mod - `go 1.23.1` - `github.com/coreos/go-oidc/v3 v3.11.0` - `github.com/go-openapi/strfmt v0.23.0` - `github.com/go-openapi/swag v0.23.0` - `github.com/google/go-cmp v0.6.0` - `github.com/google/go-github/v57 v57.0.0` - `github.com/in-toto/in-toto-golang v0.9.0` - `github.com/pelletier/go-toml v1.9.5` - `github.com/secure-systems-lab/go-securesystemslib v0.8.0` - `github.com/sigstore/cosign/v2 v2.4.1` - `github.com/sigstore/rekor v1.3.6` - `github.com/sigstore/sigstore v1.8.10` - `github.com/spf13/cobra v1.8.1` - `golang.org/x/oauth2 v0.23.0` - `gopkg.in/square/go-jose.v2 v2.6.0` - `gopkg.in/yaml.v3 v3.0.1`
internal/builders/go/e2e-presubmits/go.mod - `go 1.23.1` - `github.com/pborman/uuid v1.2.1`
internal/builders/go/pkg/testdata/go/go.mod - `go 1.23.1`
maven
actions/maven/publish/slsa-hashing-plugin/pom.xml - `org.apache.maven:maven-plugin-api 3.9.8` - `org.apache.maven.plugin-tools:maven-plugin-annotations 3.15.1` - `org.apache.maven:maven-core 3.9.8` - `org.json:json 20231013` - `org.apache.maven.plugins:maven-plugin-plugin 3.6.0`
e2e/maven/workflow_dispatch/pom.xml - `org.apache.maven.plugins:maven-source-plugin 3.3.1` - `org.apache.maven.plugins:maven-javadoc-plugin 3.10.1` - `org.apache.maven.plugins:maven-shade-plugin 3.5.1` - `org.sonatype.plugins:nexus-staging-maven-plugin 1.6.13` - `org.apache.maven.plugins:maven-gpg-plugin 3.2.5` - `org.apache.maven.plugins:maven-deploy-plugin 3.1.3` - `io.github.slsa-framework.slsa-github-generator:hash-maven-plugin 0.0.1`
npm
.github/actions/compute-sha256/package.json - `@actions/core 1.11.1` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `typescript 5.4.5`
.github/actions/create-container_based-predicate/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@types/jest 29.5.12` - `@types/make-fetch-happen 10.0.4` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `jest 29.7.0` - `prettier 3.2.5` - `ts-jest 29.1.3` - `typescript 5.4.5`
.github/actions/detect-workflow-js/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@types/jest 29.5.12` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `ts-jest 29.1.3` - `typescript 5.4.5`
.github/actions/generate-attestations/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@types/jest 29.5.12` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `ts-jest 29.1.3` - `typescript 5.4.5`
.github/actions/privacy-check/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `typescript 5.4.5`
.github/actions/sign-attestations/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@sigstore/rekor-types 2.0.0` - `sigstore 2.3.1` - `@types/make-fetch-happen 10.0.4` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `typescript 5.4.5`
.github/actions/tscommon/package.json - `@types/jest 29.5.12` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `ts-jest 29.1.3` - `typescript 5.4.5`
.github/actions/verify-token/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@octokit/webhooks-types 7.6.1` - `@sigstore/rekor-types 2.0.0` - `sigstore 2.3.1` - `yaml 2.5.1` - `@types/jest 29.5.12` - `@types/make-fetch-happen 10.0.4` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `jest 29.7.0` - `prettier 3.2.5` - `ts-jest 29.1.3` - `typescript 5.4.5`
actions/delegator/setup-generic/package.json - `@actions/core 1.11.1` - `@actions/github 6.0.0` - `@sigstore/rekor-types 2.0.0` - `sigstore 2.3.1` - `@types/make-fetch-happen 10.0.4` - `@types/node 20.12.12` - `@typescript-eslint/eslint-plugin 6.21.0` - `@typescript-eslint/parser 6.21.0` - `@vercel/ncc 0.38.1` - `eslint 8.57.0` - `eslint-plugin-github 4.10.2` - `eslint-plugin-prettier 5.1.3` - `prettier 3.2.5` - `typescript 5.4.5`
package.json - `@sigstore/cli 0.8.0` - `markdown-toc 1.2.0` - `markdownlint-cli 0.40.0` - `prettier 3.2.5` - `renovate 37.371.0` - `sigstore 2.3.1`
pip_requirements
requirements.txt - `yamllint ==1.35.1` - `pathspec ==0.12.1`

ianlewis commented 6 months ago

Keeping this pinned since renovate updates it to provide it's current status.

ianlewis commented 6 months ago

@rarkins Renovate seems stuck and has closed all it's PRs. It doesn't seem to be responding to the checkboxes in this issue.

ianlewis commented 6 months ago

@rarkins Renovate seems stuck and has closed all it's PRs. It doesn't seem to be responding to the checkboxes in this issue.

nevermind, I think I figured out what the issue is -> #404

rarkins commented 6 months ago

Fix PR: https://github.com/slsa-framework/slsa-github-generator/pull/3638