Bump IAreKyleW00t/crane-installer from 1.3.9 to 3.0.1

[dependabot[bot]]

Bumps IAreKyleW00t/crane-installer from 1.3.9 to 3.0.1.

Release notes

Sourced from IAreKyleW00t/crane-installer's releases.

v3.0.1

What's Changed

✨ Other Changes

• feat: Switching to @​actions/io package by @​IAreKyleW00t in IAreKyleW00t/crane-installer#28
• feat: Bumping version to 3.0.1 by @​IAreKyleW00t in IAreKyleW00t/crane-installer#29

🏗️ Dependencies

• build(deps-dev): Bump typescript from 5.5.4 to 5.6.2 by @​dependabot in IAreKyleW00t/crane-installer#25
• build(deps-dev): Bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 by @​dependabot in IAreKyleW00t/crane-installer#26
• build(deps-dev): Bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 by @​dependabot in IAreKyleW00t/crane-installer#27

Full Changelog: https://github.com/IAreKyleW00t/crane-installer/compare/v3.0.0...v3.0.1

v3.0.0

[!CAUTION]

This Action is now written in TypeScript and utilizes the Runners hostedtoolcache.

There should be no changes necessary from v1 or v2 - the inputs and overall functionality have remained the same, however this is a large change compared to how this Action was previously written, thus warranting a MAJOR version release.

For more details behind this decision please see PR #24

What's Changed

✨ Other Changes

• feat: Switching to iarekylew00t/setup-slsa-verifier by @​IAreKyleW00t in IAreKyleW00t/crane-installer#19
• refactor: Switching to TypeScript by @​IAreKyleW00t in IAreKyleW00t/crane-installer#24

🏗️ Dependencies

• build(deps): Bump iarekylew00t/setup-slsa-verifier from 1.0.0 to 1.0.1 by @​dependabot in IAreKyleW00t/crane-installer#20
• build(deps): Bump iarekylew00t/setup-slsa-verifier from 1.0.1 to 1.1.1 by @​dependabot in IAreKyleW00t/crane-installer#21
• build(deps): Bump iarekylew00t/setup-slsa-verifier from 1.1.1 to 1.2.0 by @​dependabot in IAreKyleW00t/crane-installer#23

Full Changelog: https://github.com/IAreKyleW00t/crane-installer/compare/v2.0.0...v3.0.0

v2.0.0

[!CAUTION]

This release removes the GHCR auto-login functionality. You will need to manually login before or after configuring crane in order to perform image/registry operations. See the Examples in the README for more details on how to do this.

This release also cleans up a lot of the codebase with some better standards, and adds the cache and verify inputs. Again, see the README for more details. Other than the GHCR login changes, there are no other breaking changes; everything else should continue to function the same, except with caching enabled by default.

What's Changed

⚙️ Other Changes

• feat: Manually controlling tests and releases by @​IAreKyleW00t in IAreKyleW00t/crane-installer#13

... (truncated)

Commits

• 1f0747c feat: Bumping version to 3.0.1 (#29)
• aa17d07 feat: Switching to @​actions/io package (#28)
• ca0d871 build(deps-dev): Bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 (#27)
• f27929f build(deps-dev): Bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 (#26)
• 5acb4c3 build(deps-dev): Bump typescript from 5.5.4 to 5.6.2 (#25)
• 6badef2 fix: Disable cache during version tests
• 63a8be7 fix: Disable cache during SLSA tests
• 3e53fcd refactor: Switching to TypeScript (#24)
• a90e6d8 build(deps): Bump iarekylew00t/setup-slsa-verifier from 1.1.1 to 1.2.0 (#23)
• c669240 chore: Updating release template
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/IAreKyleW00t/crane-installer	1f0747c035dbcafd3686159e221825b2dfd7dbdb	:green_circle: 6.9	Details Check Score Reason Code-Review :warning: 0 Found 0/20 approved changesets -- score normalized to 0 Maintained :green_circle: 10 29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Packaging :warning: -1 packaging workflow not detected Branch-Protection :green_circle: 3 branch protection is not maximal on development and all release branches Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 7 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :green_circle: 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/IAreKyleW00t/crane-installer	66858ae469ebd32ce731051d9c2bae9b811537e9	:green_circle: 6.9	Details Check Score Reason Code-Review :warning: 0 Found 0/20 approved changesets -- score normalized to 0 Maintained :green_circle: 10 29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Packaging :warning: -1 packaging workflow not detected Branch-Protection :green_circle: 3 branch protection is not maximal on development and all release branches Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 7 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :green_circle: 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/sbom.yml

• IAreKyleW00t/crane-installer@1f0747c035dbcafd3686159e221825b2dfd7dbdb
• IAreKyleW00t/crane-installer@66858ae469ebd32ce731051d9c2bae9b811537e9

[dependabot[bot]]

Superseded by #228.