feat: Add homebrew formula to README#702
Merged
laurentsimon merged 2 commits intomainfrom Sep 21, 2023
Merged
Conversation
Add installation using Homebrew on macOS Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
trishankatdatadog
requested review from
asraa,
ianlewis,
kpk47 and
laurentsimon
as code owners
|
|
||
| ### Use Homebrew on macOS | ||
|
|
||
| If you are using macOS and Homebrew, then you can install the verifier using this [formula](https://formulae.brew.sh/formula/slsa-verifier). |
Contributor
There was a problem hiding this comment.
Can you add you a note that the formula is maintained by the community.. or your GitHub handle?
Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
laurentsimon
approved these changes
Sep 21, 2023
laurentsimon
referenced
this pull request
Mar 22, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <[email protected]>
ramonpetgrave64
referenced
this pull request
in ramonpetgrave64/slsa-verifier
Apr 10, 2024
](https://renovatebot.com){kind=link}
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: slsa-framework/slsa-verifier@v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <[email protected]> Signed-off-by: Ramon Petgrave <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add installation using Homebrew on macOS