chore(deps): bump the ci group across 1 directory with 9 updates

[dependabot]

Bumps the ci group with 9 updates in the / directory:

Package	From	To
mercedesbenzio/detect-action	1	2
actions/cache	3	4
peter-evans/repository-dispatch	2	3
8BitJonny/gh-get-current-pr	2.2.0	3.0.0
thollander/actions-comment-pull-request	2.4.3	3.0.0
release-drafter/release-drafter	5	6
anchore/sbom-action	0.15.11	0.17.4
sigstore/cosign-installer	3.5.0	3.7.0
goreleaser/goreleaser-action	5	6

Updates mercedesbenzio/detect-action from 1 to 2

Release notes

Sourced from mercedesbenzio/detect-action's releases.

v2.0.0

What's Changed

• feat!: update to node 20 by @​tvcsantos in tvcsantos/detect-action#17

Full Changelog: tvcsantos/detect-action@v1.5.0...v2.0.0

v1.5.0

What's Changed

• feat: add support for custom PR comments by @​tvcsantos in tvcsantos/detect-action#16

Full Changelog: tvcsantos/detect-action@v1.4.1...v1.5.0

v1.4.1

What's Changed

• feat: improve tool name on PR comment header by @​tvcsantos in mercedesbenzio/detect-action#13

Full Changelog: tvcsantos/detect-action@v1.4.0...v1.4.1

v1.4.0

What's Changed

• feat: add tool name to PR comment header by @​tvcsantos in mercedesbenzio/detect-action#12

Full Changelog: tvcsantos/detect-action@v1.3.0...v1.4.0

v1.3.0

What's Changed

• feat: add input to control PR comments on success by @​tvcsantos in mercedesbenzio/detect-action#11

Full Changelog: tvcsantos/detect-action@v1.2.0...v1.3.0

v1.2.0

What's Changed

• build: update package version by @​tvcsantos in mercedesbenzio/detect-action#10
• feat: improve debug log level and add fail-if-detect-fails by @​tvcsantos in mercedesbenzio/detect-action#9

Full Changelog: tvcsantos/detect-action@v1.1.0...v1.2.0

v1.1.0

What's Changed

• feat: make detect-version optional by downloading latest by @​tvcsantos in mercedesbenzio/detect-action#8

Full Changelog: tvcsantos/detect-action@v1.0.0...v1.1.0

Changelog

Sourced from mercedesbenzio/detect-action's changelog.

Commits

• 290ca63 fix: fix incompatible package @​actions/artifact (#18)
• c5123b0 feat!: update to node 20 (#17)
• See full diff in compare view

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

• Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

• Added option to fail job on cache miss.

... (truncated)

Commits

• 3624ceb Restore original behavior of cache-hit output (#1467)
• 2cdf405 Prepare 4.1.0 release (#1464)
• a11fb02 restore action's README now references v4 instead of v3 (#1445)
• cf7a75e Fix typo: depening -> depending (#1462)
• c74ca40 Deprecate save-always input (#1452)
• f8a7ab4 Merge pull request #1463 from actions/Jcambass-patch-1
• 45b7be0 Add workflow file for publishing releases to immutable action package
• 81382a7 Merge pull request #1311 from todgru/todgru/v4-documentation-update
• c4ee99a Merge branch 'main' into todgru/v4-documentation-update
• 57b8e40 Clarify that the restore-keys input is a string in the docs (#1434)
• Additional commits viewable in compare view

Updates peter-evans/repository-dispatch from 2 to 3

Release notes

Sourced from peter-evans/repository-dispatch's releases.

Repository Dispatch v3.0.0

⚙️ Updated runtime to Node.js 20

• The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.

What's Changed

• Bump prettier to fix deps by @​peter-evans in peter-evans/repository-dispatch#255
• build(deps-dev): bump @​types/node from 18.17.12 to 18.17.14 by @​dependabot in peter-evans/repository-dispatch#257
• build(deps-dev): bump @​vercel/ncc from 0.36.1 to 0.38.0 by @​dependabot in peter-evans/repository-dispatch#258
• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in peter-evans/repository-dispatch#259
• build(deps-dev): bump @​types/node from 18.17.14 to 18.17.16 by @​dependabot in peter-evans/repository-dispatch#261
• build(deps): bump @​actions/core from 1.10.0 to 1.10.1 by @​dependabot in peter-evans/repository-dispatch#262
• build(deps-dev): bump jest-circus from 29.6.4 to 29.7.0 by @​dependabot in peter-evans/repository-dispatch#263
• build(deps-dev): bump eslint from 8.48.0 to 8.49.0 by @​dependabot in peter-evans/repository-dispatch#264
• Update distribution by @​actions-bot in peter-evans/repository-dispatch#265
• build(deps-dev): bump @​types/node from 18.17.16 to 18.17.18 by @​dependabot in peter-evans/repository-dispatch#266
• build(deps-dev): bump eslint-plugin-github from 4.10.0 to 4.10.1 by @​dependabot in peter-evans/repository-dispatch#267
• build(deps-dev): bump @​types/node from 18.17.18 to 18.18.0 by @​dependabot in peter-evans/repository-dispatch#268
• build(deps-dev): bump eslint from 8.49.0 to 8.50.0 by @​dependabot in peter-evans/repository-dispatch#269
• build(deps-dev): bump @​types/node from 18.18.0 to 18.18.3 by @​dependabot in peter-evans/repository-dispatch#271
• build(deps-dev): bump eslint-plugin-prettier from 5.0.0 to 5.0.1 by @​dependabot in peter-evans/repository-dispatch#275
• build(deps-dev): bump @​types/node from 18.18.3 to 18.18.5 by @​dependabot in peter-evans/repository-dispatch#274
• build(deps-dev): bump eslint from 8.50.0 to 8.51.0 by @​dependabot in peter-evans/repository-dispatch#276
• build(deps-dev): bump @​babel/traverse from 7.16.3 to 7.23.2 by @​dependabot in peter-evans/repository-dispatch#278
• build(deps-dev): bump @​types/node from 18.18.5 to 18.18.6 by @​dependabot in peter-evans/repository-dispatch#279
• build(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 by @​dependabot in peter-evans/repository-dispatch#280
• build(deps-dev): bump eslint from 8.51.0 to 8.52.0 by @​dependabot in peter-evans/repository-dispatch#281
• build(deps-dev): bump @​types/node from 18.18.6 to 18.18.7 by @​dependabot in peter-evans/repository-dispatch#282
• build(deps): bump actions/setup-node from 3 to 4 by @​dependabot in peter-evans/repository-dispatch#283
• build(deps-dev): bump @​types/node from 18.18.7 to 18.18.8 by @​dependabot in peter-evans/repository-dispatch#284
• build(deps-dev): bump @​types/node from 18.18.8 to 18.18.9 by @​dependabot in peter-evans/repository-dispatch#285
• build(deps-dev): bump eslint from 8.52.0 to 8.53.0 by @​dependabot in peter-evans/repository-dispatch#286
• build(deps-dev): bump prettier from 3.0.3 to 3.1.0 by @​dependabot in peter-evans/repository-dispatch#287
• build(deps-dev): bump eslint from 8.53.0 to 8.54.0 by @​dependabot in peter-evans/repository-dispatch#289
• build(deps-dev): bump @​types/node from 18.18.9 to 18.18.13 by @​dependabot in peter-evans/repository-dispatch#290
• build(deps-dev): bump @​types/node from 18.18.13 to 18.19.0 by @​dependabot in peter-evans/repository-dispatch#291
• build(deps-dev): bump @​types/node from 18.19.0 to 18.19.3 by @​dependabot in peter-evans/repository-dispatch#292
• build(deps-dev): bump eslint from 8.54.0 to 8.55.0 by @​dependabot in peter-evans/repository-dispatch#293
• build(deps-dev): bump prettier from 3.1.0 to 3.1.1 by @​dependabot in peter-evans/repository-dispatch#296
• build(deps): bump actions/upload-artifact from 3 to 4 by @​dependabot in peter-evans/repository-dispatch#295
• build(deps-dev): bump eslint from 8.55.0 to 8.56.0 by @​dependabot in peter-evans/repository-dispatch#297
• build(deps-dev): bump eslint-plugin-prettier from 5.0.1 to 5.1.1 by @​dependabot in peter-evans/repository-dispatch#298
• build(deps-dev): bump eslint-plugin-prettier from 5.1.1 to 5.1.2 by @​dependabot in peter-evans/repository-dispatch#299
• build(deps-dev): bump @​types/node from 18.19.3 to 18.19.4 by @​dependabot in peter-evans/repository-dispatch#300
• build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 by @​dependabot in peter-evans/repository-dispatch#301
• build(deps-dev): bump @​types/node from 18.19.4 to 18.19.6 by @​dependabot in peter-evans/repository-dispatch#302
• build(deps-dev): bump prettier from 3.1.1 to 3.2.4 by @​dependabot in peter-evans/repository-dispatch#303
• build(deps-dev): bump @​types/node from 18.19.6 to 18.19.8 by @​dependabot in peter-evans/repository-dispatch#304
• feat: update runtime to node 20 by @​peter-evans in peter-evans/repository-dispatch#305

... (truncated)

Commits

• ff45666 feat: update runtime to node 20 (#305)
• a4a9027 build(deps-dev): bump @​types/node from 18.19.6 to 18.19.8 (#304)
• 2605253 build(deps-dev): bump prettier from 3.1.1 to 3.2.4 (#303)
• ab3258e build(deps-dev): bump @​types/node from 18.19.4 to 18.19.6 (#302)
• 240bc73 build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (#301)
• 8aa15c5 build(deps-dev): bump @​types/node from 18.19.3 to 18.19.4 (#300)
• 22aa07c build(deps-dev): bump eslint-plugin-prettier from 5.1.1 to 5.1.2 (#299)
• ba02985 build(deps-dev): bump eslint-plugin-prettier from 5.0.1 to 5.1.1 (#298)
• accfd7b build(deps-dev): bump eslint from 8.55.0 to 8.56.0 (#297)
• 3c7d964 build(deps): bump actions/upload-artifact from 3 to 4 (#295)
• Additional commits viewable in compare view

Updates 8BitJonny/gh-get-current-pr from 2.2.0 to 3.0.0

Release notes

Sourced from 8BitJonny/gh-get-current-pr's releases.

v3.0.0

• Update to using Node20 (#295)
• docs(readme): correct step id (#261)

🤖 Dependency Updates

• build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#289)
• build(deps-dev): bump eslint from 8.34.0 to 8.45.0 (#288)
• build(deps-dev): bump eslint-plugin-jest from 27.2.1 to 27.2.3 (#286)
• build(deps-dev): bump @​types/node from 18.16.0 to 20.4.4 (#290)
• build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9 (#296)
• build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (#282)
• build(deps-dev): bump prettier from 2.8.1 to 2.8.8 (#251)
• build(deps-dev): bump @​vercel/ncc from 0.36.0 to 0.36.1 (#228)
• build(deps-dev): bump @​types/node from 18.13.0 to 18.16.0 (#252)
• build(deps-dev): bump eslint-plugin-github from 4.6.0 to 4.7.0 (#244)
• build(deps-dev): bump typescript from 4.9.3 to 4.9.5 (#222)
• build(deps-dev): bump @​types/node from 18.11.13 to 18.13.0 (#225)
• build(deps): bump json5 from 1.0.1 to 1.0.2 (#215)
• build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.2.1 (#217)
• build(deps-dev): bump eslint from 8.29.0 to 8.34.0 (#226)
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.1 to 5.52.0 (#227)
• build(deps-dev): bump @​typescript-eslint/parser from 5.45.1 to 5.46.1 (#200)
• build(deps-dev): bump eslint-plugin-github from 4.4.1 to 4.6.0 (#201)
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.36.0 (#199)
• build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#202)
• build(deps-dev): bump @​types/node from 18.11.11 to 18.11.13 (#203)

Full Changelog: 8BitJonny/gh-get-current-pr@2.2.0...v3.0.0

Contributors: @​8BitJonny, @​dargmuesli, @​dependabot and @​dependabot[bot]

Commits

• 08e737c Merge pull request #295 from 8BitJonny/upgrade-to-node20
• f21b71e (dep): run npm audit fix
• 2fe5f33 (chore): update to node v20 in nvmrc
• 2011959 Merge branch 'master' into upgrade-to-node20
• fda1672 Merge pull request #289 from 8BitJonny/dependabot/npm_and_yarn/word-wrap-1.2.4
• f4fb4f8 Merge pull request #288 from 8BitJonny/dependabot/npm_and_yarn/eslint-8.45.0
• a293d8b Merge pull request #286 from 8BitJonny/dependabot/npm_and_yarn/eslint-plugin-...
• f24508c Merge pull request #290 from 8BitJonny/dependabot/npm_and_yarn/types/node-20.4.4
• f65b5c7 Merge pull request #296 from 8BitJonny/dependabot/npm_and_yarn/babel/traverse...
• 1b34411 build(deps-dev): bump @​babel/traverse from 7.17.3 to 7.23.9
• Additional commits viewable in compare view

Updates thollander/actions-comment-pull-request from 2.4.3 to 3.0.0

Release notes

Sourced from thollander/actions-comment-pull-request's releases.

v3.0.0

What's Changed

• chore(deps-dev): bump typescript from 5.2.2 to 5.3.3 by @​dependabot in thollander/actions-comment-pull-request#326
• chore(deps-dev): bump prettier from 3.0.3 to 3.2.5 by @​dependabot in thollander/actions-comment-pull-request#350
• chore(deps-dev): bump @​tsconfig/node20 from 20.1.2 to 20.1.4 by @​dependabot in thollander/actions-comment-pull-request#367
• chore(deps-dev): bump typescript from 5.3.3 to 5.6.3 by @​dependabot in thollander/actions-comment-pull-request#390
• chore(deps-dev): bump @​types/node from 20.8.7 to 22.7.5 by @​dependabot in thollander/actions-comment-pull-request#389
• feat: manage delete modes in a better way + consistent input naming by @​thollander in thollander/actions-comment-pull-request#391

Breaking changes

Parameters

• From filePath to file-path
• From GITHUB_TOKEN to github-token
• From pr_number to pr-number
• From comment_tag to comment-tag
• From create_if_not_exists to create-if-not-exists

Mode

delete now deletes a comment immediately. To delete the comment at the end of the job, use delete-on-completion mode.

Full Changelog: thollander/actions-comment-pull-request@v2...v3.0.0

v2.5.0 : Node 20 version support

What's Changed

• chore(deps-dev): bump @​vercel/ncc from 0.38.0 to 0.38.1 by @​dependabot in thollander/actions-comment-pull-request#304
• feat: node 20 version support by @​thollander in thollander/actions-comment-pull-request#307

Full Changelog: thollander/actions-comment-pull-request@v2.4.3...v2.5.0

Commits

• e2c37e5 Merge pull request #391 from thollander/v3
• 65f9e5c docs: add migration guide
• 107ab45 feat: manage delete modes in a better way
• ce644a4 chore(deps-dev): bump @​types/node from 20.8.7 to 22.7.5 (#389)
• 52f13cb chore(deps-dev): bump typescript from 5.3.3 to 5.6.3 (#390)
• 77f7e42 chore(deps-dev): bump @​tsconfig/node20 from 20.1.2 to 20.1.4 (#367)
• e5dae98 chore(deps-dev): bump prettier from 3.0.3 to 3.2.5 (#350)
• bc14ce3 chore(deps-dev): bump typescript from 5.2.2 to 5.3.3 (#326)
• fabd468 Merge pull request #307 from thollander/feat/node-20
• cb9f4be chore: bump to v2.5.0
• Additional commits viewable in compare view

Updates release-drafter/release-drafter from 5 to 6

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

• Update Node.js to 20 (#1379) @​massongit

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

v5.25.0

What's Changed

New

• add prerelease increment behavior (#1303) @​neilime
• add latest input (#1348) @​o-mago

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

What's Changed

New

• Add release version to github action output (#1300) @​mehdihadeli

Bug Fixes

• fix(release): strip prefix before comparing version (#1255) @​neilime

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

What's Changed

New

• Add include-pre-releases configuration option (#1302) @​robbinjanssen

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

What's Changed

New

• Only use last full release when drafting (#1240) @​ssbarnea

... (truncated)

Commits

• 3f0f870 v6.0.0
• 80296b4 Update Node.js to 20 (#1379)
• See full diff in compare view

Updates anchore/sbom-action from 0.15.11 to 0.17.4

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.4

Changes in v0.17.4

• chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

v0.17.3

Changes in v0.17.3

• chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

v0.17.2

Changes in v0.17.2

• Update Syft to v1.11.1 (#485) [anchore-actions-token-generator]

v0.17.1

Changes in v0.17.1

• chore(deps): update Syft to v1.11.0 (#483) [anchore-actions-token-generator]

v0.17.0

Changes in v0.17.0

• chore(deps): update Syft to v1.9.0 (#479) [anchore-actions-token-generator]

v0.16.1

Changes in v0.16.1

• fix: workaround windows install issue (#477) [willmurphyscode]
• fix: allow users to properly use the file input over the default path value (#471) [komish]
• chore(deps): update Syft to v1.5.0 (#470) [anchore-actions-token-generator]
• docs: notes for matrix and required permissions (#469) [kzantow]
• chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466) [dependabot]

v0.16

Changes in v0.16.0

• Update Syft to v1.4.1 (#465)
• Update GitHub artifact client (#463) [kzantow]

NOTE: if you are using this action within a matrix build and see failures attempting to upload artifacts with duplicate names, you will need to set the artifact-name to be unique based on the matrix properties (an example here). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names.

Commits

• 8d0a650 chore(deps): update Syft to v1.14.1 (#502)
• f5e124a chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)
• eff08d0 chore: configure changelog-ignore label (#499)
• 18f9bde chore: remove snapshot tests; fix deprecation errors for outdated packages (#...
• 2e87236 add release docs (#500)
• 4a914bc chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#497)
• 8cb9966 chore(deps): update Syft to v1.14.0 (#498)
• beb779b Update README to include bit about permissions near the top (#496)
• 87b3137 chore(deps): update Syft to v1.13.0 (#488)
• 5cc1a40 chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#495)
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.5.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in sigstore/cosign-installer#172
• bump for latest cosign v2.4.1 release by @​bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

v3.6.0

What's Changed

• Bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in sigstore/cosign-installer#161
• Bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in sigstore/cosign-installer#162
• Bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in sigstore/cosign-installer#163
• Bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in sigstore/cosign-installer#164
• Bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in sigstore/cosign-installer#165
• Bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in sigstore/cosign-installer#166
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in sigstore/cosign-installer#167
• pin public key used for verification by @​bobcallaway in sigstore/cosign-installer#169
• bump default version to v2.4.0 release by @​bobcallaway in sigstore/cosign-installer#168
• update readme for new release by @​bobcallaway in sigstore/cosign-installer#170

Full Changelog: sigstore/cosign-installer@v3...v3.6.0

Commits

• dc72c7d bump for latest cosign v2.4.1 release (#173)
• 08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
• 4959ce0 update readme for new release (#170)
• 45ffe83 bump default version to v2.4.0 release (#168)
• 7e1d9c1 pin public key used for verification (#169)
• cc23fe1 Bump actions/setup-go from 5.0.1 to 5.0.2 (#167)
• b235ed9 Bump actions/checkout from 4.1.6 to 4.1.7 (#166)
• b49ef6b Bump actions/checkout from 4.1.5 to 4.1.6 (#165)
• 7a59e5a Bump actions/checkout from 4.1.4 to 4.1.5 (#164)
• 8d927bd Bump actions/setup-go from 5.0.0 to 5.0.1 (#163)
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 5 to 6

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.0.0

[!WARNING] This is a breaking change!

Follow the instructions here to upgrade!

What's Changed

• feat!: use "~> v2" as default by @​caarlos0 in goreleaser/goreleaser-action#463

Full Changelog: goreleaser/goreleaser-action@v5...v6.0.0

v5.1.0

Important

This version changes the default behavior of latest to ~> v1.

The next major of this action (v6), will change this to ~> v2, and will be launched together with GoReleaser v2.

What's Changed

• docs: bump actions to latest major by @​crazy-max in goreleaser/goreleaser-action#435
• chore(deps): bump docker/bake-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#436
• chore(deps): bump codecov/codecov-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#437
• chore(deps): bump actions/setup-go from 4 to 5 by @​dependabot in goreleaser/goreleaser-action#443
• chore(deps): bump actions/upload-artifact from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#444
• Delete .kodiak.toml by @​vedantmgoyal9 in goreleaser/goreleaser-action#446
• chore(deps): bump codecov/codecov-action from 3 to 4 by @​dependabot in goreleaser/goreleaser-action#448
• chore(deps): bump ip from 2.0.0 to 2.0.1 by @​dependabot in goreleaser/goreleaser-action#450
• Upgrade setup-go action version in README by @​kishaningithub in goreleaser/goreleaser-action#455
• chore(deps): bump tar from 6.1.14 to 6.2.1 by @​dependabot in goreleaser/goreleaser-action#456
• chore: use corepack to install yarn by @​crazy-max in goreleaser/goreleaser-action#458
• feat: lock this major version of the action to use '~> v1' as 'latest' by @​caarlos0 in goreleaser/goreleaser-action#461
...

Description has been truncated

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/replication-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	4
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	2
LICENSE RISK HIGH	7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI