chore(deps): update github-actions

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	`v4.1.1` -> `v4.1.7`
actions/dependency-review-action	action	minor	`v4.2.5` -> `v4.3.3`
actions/download-artifact	action	patch	`v4.1.4` -> `v4.1.7`
actions/setup-go	action	patch	`v5.0.0` -> `v5.0.1`
actions/upload-artifact	action	patch	`v4.3.1` -> `v4.3.3`
actionsdesk/lfs-warning	action	minor	`v3.2` -> `v3.3`
github/codeql-action	action	minor	`v3.24.9` -> `v3.25.11`
golangci/golangci-lint-action	action	pinDigest	-> `d6238b0`
ossf/scorecard-action	action	patch	`v2.3.1` -> `v2.3.3`
slsa-framework/slsa-github-generator	action	pinDigest	-> `c747fe7`
slsa-framework/slsa-verifier	action	minor	`v2.4.1` -> `v2.5.1`

Release Notes

actions/checkout (actions/checkout)

### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)

actions/dependency-review-action (actions/dependency-review-action)

### [`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3): Notes for v4.3.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3) #### What's Changed - Allow slashes in purl package names by [@juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765) - use the v3 version of the deps.dev API by [@josieang](https://togithub.com/josieang) in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - PR with suggestions - \[Improvement]: Help streamline / simplify dependency review action README by [@am-stead](https://togithub.com/am-stead) in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - fix show-openssf-scorecard-levels input by [@ramann](https://togithub.com/ramann) in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) - Updates to the contribution guidelines by [@jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778) - Create issue templates by [@jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777) - Fix the max comment length issue by [@jhutchings1](https://togithub.com/jhutchings1) and [@elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767) - Bump project version to 4.3.3 in prep for a release by [@elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781) #### New Contributors - [@josieang](https://togithub.com/josieang) made their first contribution in [https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741) - [@am-stead](https://togithub.com/am-stead) made their first contribution in [https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773) - [@ramann](https://togithub.com/ramann) made their first contribution in [https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2) #### What's Changed - Fix package-url parsing for allow-dependencies-licenses by [@juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/761](https://togithub.com/actions/dependency-review-action/pull/761) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.1...v4.3.2 ### [`v4.3.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.0...v4.3.1) #### What's Changed This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See [https://github.com/actions/dependency-review-action/pull/753](https://togithub.com/actions/dependency-review-action/pull/753). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/V4.3.0...v4.3.1 ### [`v4.3.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.5...v4.3.0) #### New Features - The `deny-packages` option can now be used without a version number to exclude *all* versions of a package. #### What's Changed - Fix action variable name for scorecard by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) - Fix extra https:// in summary by [@jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/748](https://togithub.com/actions/dependency-review-action/pull/748) - Bump typescript from 5.3.3 to 5.4.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/744](https://togithub.com/actions/dependency-review-action/pull/744) - Bump eslint-plugin-github from 4.10.1 to 4.10.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/737](https://togithub.com/actions/dependency-review-action/pull/737) - Show denied packages with red X by [@juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/750](https://togithub.com/actions/dependency-review-action/pull/750) - deny-packages configuration option can deny specified version or all packages by [@febuiles](https://togithub.com/febuiles) and [@bteng22](https://togithub.com/bteng22) in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) #### New Contributors - [@bteng22](https://togithub.com/bteng22) made their first contribution in [https://github.com/actions/dependency-review-action/pull/733](https://togithub.com/actions/dependency-review-action/pull/733) - [@lukehinds](https://togithub.com/lukehinds) made their first contribution in [https://github.com/actions/dependency-review-action/pull/735](https://togithub.com/actions/dependency-review-action/pull/735) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.5...V4.3.0

actions/download-artifact (actions/download-artifact)

### [`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7) #### What's Changed - Update [@actions/artifact](https://togithub.com/actions/artifact) dependency by [@bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7 ### [`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6) #### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6 ### [`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5) #### What's Changed - Update readme with v3/v2/v1 deprecation notice by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322) - Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact` to v2.1.5 **Full Changelog**: https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5

actions/setup-go (actions/setup-go)

### [`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1) [Compare Source](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1) #### What's Changed - Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by [@dependabot](https://togithub.com/dependabot) , [@HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465) - Update documentation with latest V5 release notes by [@ab](https://togithub.com/ab) in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) - Update version documentation by [@178inaba](https://togithub.com/178inaba) in [https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458) - Documentation update of `actions/setup-go` to v5 by [@chenrui333](https://togithub.com/chenrui333) in [https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449) #### New Contributors - [@ab](https://togithub.com/ab) made their first contribution in [https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459) **Full Changelog**: https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1

actions/upload-artifact (actions/upload-artifact)

### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2

actionsdesk/lfs-warning (actionsdesk/lfs-warning)

### [`v3.3`](https://togithub.com/ppremk/lfs-warning/releases/tag/v3.3) [Compare Source](https://togithub.com/actionsdesk/lfs-warning/compare/v3.2...v3.3) #### What's Changed - update node js to 16 by [@GlazerMann](https://togithub.com/GlazerMann) in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - Fixing README to match repo move by [@samthebest](https://togithub.com/samthebest) in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - Update CODEOWNERS by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) - Bump http-cache-semantics from 4.1.0 to 4.1.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/151](https://togithub.com/ppremk/lfs-warning/pull/151) - Bump [@babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/159](https://togithub.com/ppremk/lfs-warning/pull/159) - Bump tough-cookie from 4.0.0 to 4.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/160](https://togithub.com/ppremk/lfs-warning/pull/160) - Bump cacheable-request and gts by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/152](https://togithub.com/ppremk/lfs-warning/pull/152) - Update emoji and convert file list to markdown list by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/161](https://togithub.com/ppremk/lfs-warning/pull/161) - Bump got and gts by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/155](https://togithub.com/ppremk/lfs-warning/pull/155) - Exclude files without blob_url when getting PR blobs by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/162](https://togithub.com/ppremk/lfs-warning/pull/162) - Support pull_request_target by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/164](https://togithub.com/ppremk/lfs-warning/pull/164) - Update-node by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/163](https://togithub.com/ppremk/lfs-warning/pull/163) - Fix text setup for the issue comment by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/166](https://togithub.com/ppremk/lfs-warning/pull/166) - Validate PR changes to make sure there are no changes missing by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/165](https://togithub.com/ppremk/lfs-warning/pull/165) - Fix emoji by [@rajbos](https://togithub.com/rajbos) in [https://github.com/ppremk/lfs-warning/pull/167](https://togithub.com/ppremk/lfs-warning/pull/167) - Bump undici from 5.28.2 to 5.28.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/ppremk/lfs-warning/pull/171](https://togithub.com/ppremk/lfs-warning/pull/171) #### New Contributors - [@GlazerMann](https://togithub.com/GlazerMann) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/148](https://togithub.com/ppremk/lfs-warning/pull/148) - [@samthebest](https://togithub.com/samthebest) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/153](https://togithub.com/ppremk/lfs-warning/pull/153) - [@rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ppremk/lfs-warning/pull/158](https://togithub.com/ppremk/lfs-warning/pull/158) **Full Changelog**: https://github.com/ppremk/lfs-warning/compare/v3.2...v3.3

github/codeql-action (github/codeql-action)

### [`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11) ### [`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) ### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)

ossf/scorecard-action (ossf/scorecard-action)

### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - :book: Move token discussion out of main README. by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - :book: link to `ossf/scorecard` workflow instead of maintaining an example by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - :book: update api links to new scorecard.dev site by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)

### [`v2.5.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.5.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1) #### What's Changed - feat: Add cosign registry opts for provenance registry by [@saisatishkarra](https://togithub.com/saisatishkarra) in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) and [https://github.com/slsa-framework/slsa-verifier/pull/736](https://togithub.com/slsa-framework/slsa-verifier/pull/736) - feat: Add support for DSSE Rekor type by [@haydentherapper](https://togithub.com/haydentherapper) in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) #### New Contributors - [@saisatishkarra](https://togithub.com/saisatishkarra) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/729](https://togithub.com/slsa-framework/slsa-verifier/pull/729) - [@ramonpetgrave64](https://togithub.com/ramonpetgrave64) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/737](https://togithub.com/slsa-framework/slsa-verifier/pull/737) - [@haydentherapper](https://togithub.com/haydentherapper) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/742](https://togithub.com/slsa-framework/slsa-verifier/pull/742) **Full Changelog**: https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1...v2.5.1

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

slsa-framework / slsa-verifier

chore(deps): update github-actions #786

Release Notes

Configuration