chore(deps): update github-actions (#3991)

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `9a9194f` -> `cbb7224` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | minor | `v4.1.7` -> `v4.2.2` | | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.0.2` -> `v5.2.0` | | [actions/setup-java](https://redirect.github.com/actions/setup-java) | action | minor | `v4.2.1` -> `v4.5.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v4.0.3` -> `v4.1.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | digest | `1e60f62` -> `39370e3` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.3.5` -> `v4.4.3` | | [geekyeggo/delete-artifact](https://redirect.github.com/geekyeggo/delete-artifact) | action | minor | `v5.0.0` -> `v5.1.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.25.15` -> `v3.27.9` | | [google-github-actions/auth](https://redirect.github.com/google-github-actions/auth) | action | patch | `v2.1.3` -> `v2.1.7` | | [ianlewis/todo-issue-reopener](https://redirect.github.com/ianlewis/todo-issue-reopener) | action | minor | `v1.2.1` -> `v1.4.0` | | [sigstore/cosign-installer](https://redirect.github.com/sigstore/cosign-installer) | action | minor | `v3.5.0` -> `v3.7.0` | | [softprops/action-gh-release](https://redirect.github.com/softprops/action-gh-release) | action | minor | `v2.0.8` -> `v2.2.0` | | [thehanimo/pr-title-checker](https://redirect.github.com/thehanimo/pr-title-checker) | action | patch | `v1.4.2` -> `v1.4.3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.2.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v422) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.1...v4.2.2) - `url-helper.ts` now leverages well-known environment variables by [@jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1941](https://redirect.github.com/actions/checkout/pull/1941) - Expand unit test coverage for `isGhes` by [@jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1946](https://redirect.github.com/actions/checkout/pull/1946) ### [`v4.2.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v421) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.0...v4.2.1) - Check out other refs/\* by commit if provided, fall back to ref by [@orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1924](https://redirect.github.com/actions/checkout/pull/1924) ### [`v4.2.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v420) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.7...v4.2.0) - Add Ref and Commit outputs by [@lucacome](https://redirect.github.com/lucacome) in [https://github.com/actions/checkout/pull/1180](https://redirect.github.com/actions/checkout/pull/1180) - Dependency updates by [@dependabot-](https://redirect.github.com/dependabot-) [https://github.com/actions/checkout/pull/1777](https://redirect.github.com/actions/checkout/pull/1777), [https://github.com/actions/checkout/pull/1872](https://redirect.github.com/actions/checkout/pull/1872) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.2.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.1.0...v5.2.0) #### What's Changed - Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by [@Shegox](https://redirect.github.com/Shegox) in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) #### New Contributors - [@Shegox](https://redirect.github.com/Shegox) made their first contribution in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) **Full Changelog**: actions/setup-go@v5...v5.2.0 ### [`v5.1.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.1.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.0.2...v5.1.0) ##### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-go/pull/500](https://redirect.github.com/actions/setup-go/pull/500) - Upgrade IA Publish by [@Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-go/pull/502](https://redirect.github.com/actions/setup-go/pull/502) - Add architecture to cache key by [@Zxilly](https://redirect.github.com/Zxilly) in [https://github.com/actions/setup-go/pull/493](https://redirect.github.com/actions/setup-go/pull/493) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. - Enhance workflows and Upgrade micromatch Dependency by [@priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-go/pull/510](https://redirect.github.com/actions/setup-go/pull/510) **Bug Fixes** - Revise `isGhes` logic by [@jww3](https://redirect.github.com/jww3) in [https://github.com/actions/setup-go/pull/511](https://redirect.github.com/actions/setup-go/pull/511) ##### New Contributors - [@Zxilly](https://redirect.github.com/Zxilly) made their first contribution in [https://github.com/actions/setup-go/pull/493](https://redirect.github.com/actions/setup-go/pull/493) - [@Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/setup-go/pull/500](https://redirect.github.com/actions/setup-go/pull/500) - [@jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/setup-go/pull/511](https://redirect.github.com/actions/setup-go/pull/511) - [@priyagupta108](https://redirect.github.com/priyagupta108) made their first contribution in [https://github.com/actions/setup-go/pull/510](https://redirect.github.com/actions/setup-go/pull/510) **Full Changelog**: actions/setup-go@v5...v5.1.0 </details> <details> <summary>actions/setup-java (actions/setup-java)</summary> ### [`v4.5.0`](https://redirect.github.com/actions/setup-java/releases/tag/v4.5.0) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.4.0...v4.5.0) #### What's Changed - Upgrade IA Publish by [@Jcambass](https://redirect.github.com/Jcambass) in [#686](https://redirect.github.com/actions/setup-java/issues/686) ##### Bug fixes: - Improve archive extraction on windows runners without powershell core and Update micromatch dependency by [@priyagupta108](https://redirect.github.com/priyagupta108) in [#689](https://redirect.github.com/actions/setup-java/issues/689) - Update workflows for GraalVM and Version Enhancements by [@mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [#699](https://redirect.github.com/actions/setup-java/issues/699) - Refine `isGhes` logic by [@jww3](https://redirect.github.com/jww3) in [#697](https://redirect.github.com/actions/setup-java/issues/697) ##### New Contributors: - [@priyagupta108](https://redirect.github.com/priyagupta108) made their first contribution in [https://github.com/actions/setup-java/pull/689](https://redirect.github.com/actions/setup-java/pull/689) - [@jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/setup-java/pull/697](https://redirect.github.com/actions/setup-java/pull/697) **Full Changelog**: actions/setup-java@v4...v4.5.0 ### [`v4.4.0`](https://redirect.github.com/actions/setup-java/releases/tag/v4.4.0) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.3.0...v4.4.0) ##### What's Changed **Add-ons :** - Add support for Oracle GraalVM by [@fniephaus](https://redirect.github.com/fniephaus) in [https://github.com/actions/setup-java/pull/501](https://redirect.github.com/actions/setup-java/pull/501)  steps: - name: Checkout uses: actions/checkout@v4 - name: Setup-java uses: actions/setup-java@v4 with: distribution: 'graalvm' java-version: '21' - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-java/pull/684](https://redirect.github.com/actions/setup-java/pull/684) **Bug fixes :** - Add architecture to cache key by [@Zxilly](https://redirect.github.com/Zxilly) in [https://github.com/actions/setup-java/pull/664](https://redirect.github.com/actions/setup-java/pull/664) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. - Resolve check failures by [@aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-java/pull/687](https://redirect.github.com/actions/setup-java/pull/687) ##### New Contributors - [@Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/setup-java/pull/684](https://redirect.github.com/actions/setup-java/pull/684) - [@Zxilly](https://redirect.github.com/Zxilly) made their first contribution in [https://github.com/actions/setup-java/pull/664](https://redirect.github.com/actions/setup-java/pull/664) **Full Changelog**: actions/setup-java@v4...v4.4.0 ### [`v4.3.0`](https://redirect.github.com/actions/setup-java/compare/v4.2.2...v4.3.0) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.2.2...v4.3.0) ### [`v4.2.2`](https://redirect.github.com/actions/setup-java/releases/tag/v4.2.2) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.2.1...v4.2.2) ##### What's Changed #####   Bug fixes: - Fix macos latest check failures by [@HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-java/pull/634](https://redirect.github.com/actions/setup-java/pull/634) - Fix dragonwell distribution parsing issues by [@Accelerator1996](https://redirect.github.com/Accelerator1996) in [https://github.com/actions/setup-java/pull/643](https://redirect.github.com/actions/setup-java/pull/643) ##### Documentation changes - Update advanced documentation for java-version-file by [@mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/622](https://redirect.github.com/actions/setup-java/pull/622) ##### Dependency updates: - Bump undici from 5.28.3 to 5.28.4 and other dependency updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-java/pull/616](https://redirect.github.com/actions/setup-java/pull/616) **Full Changelog**: actions/setup-java@v4...v4.2.2 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.1.0`](https://redirect.github.com/actions/setup-node/compare/v4.0.4...v4.1.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.4...v4.1.0) ### [`v4.0.4`](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.4.3`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.3) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3) ##### What's Changed - Undo indirect dependency updates from [#627](https://redirect.github.com/actions/upload-artifact/issues/627) by [@joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/632](https://redirect.github.com/actions/upload-artifact/pull/632) **Full Changelog**: actions/upload-artifact@v4.4.2...v4.4.3 ### [`v4.4.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.2) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2) ##### What's Changed - Bump `@actions/artifact` to 2.1.11 by [@robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/627](https://redirect.github.com/actions/upload-artifact/pull/627) - Includes fix for relative symlinks not resolving properly **Full Changelog**: actions/upload-artifact@v4.4.1...v4.4.2 ### [`v4.4.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1) ##### What's Changed - Add a section about hidden files by [@joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/upload-artifact/pull/607](https://redirect.github.com/actions/upload-artifact/pull/607) - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621) - Update [@actions/artifact](https://redirect.github.com/actions/artifact) to latest version, includes symlink and timeout fixes by [@robherley](https://redirect.github.com/robherley) in [https://github.com/actions/upload-artifact/pull/625](https://redirect.github.com/actions/upload-artifact/pull/625) ##### New Contributors - [@Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/upload-artifact/pull/621](https://redirect.github.com/actions/upload-artifact/pull/621) **Full Changelog**: actions/upload-artifact@v4.4.0...v4.4.1 ### [`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0) ### [`v4.3.6`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) </details> <details> <summary>geekyeggo/delete-artifact (geekyeggo/delete-artifact)</summary> ### [`v5.1.0`](https://redirect.github.com/GeekyEggo/delete-artifact/releases/tag/v5.1.0) [Compare Source](https://redirect.github.com/geekyeggo/delete-artifact/compare/v5.0.0...v5.1.0) - Mark deprecated token parameter as optional. - Bump undici dependency. </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.27.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.8...v3.27.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.9 - 12 Dec 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.9/CHANGELOG.md) for more information. ### [`v3.27.8`](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) ### [`v3.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.6...v3.27.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.7 - 10 Dec 2024 - We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. [#2631](https://redirect.github.com/github/codeql-action/pull/2631) - Update default CodeQL bundle version to 2.20.0. [#2636](https://redirect.github.com/github/codeql-action/pull/2636) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md) for more information. ### [`v3.27.6`](https://redirect.github.com/github/codeql-action/compare/v3.27.5...v3.27.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.5...v3.27.6) ### [`v3.27.5`](https://redirect.github.com/github/codeql-action/compare/v3.27.4...v3.27.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.4...v3.27.5) ### [`v3.27.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.3...v3.27.4) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.4 - 14 Nov 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.4/CHANGELOG.md) for more information. ### [`v3.27.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.2...v3.27.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.3 - 12 Nov 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.3/CHANGELOG.md) for more information. ### [`v3.27.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.1...v3.27.2) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". [#2590](https://redirect.github.com/github/codeql-action/pull/2590) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.2/CHANGELOG.md) for more information. ### [`v3.27.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.0...v3.27.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.1 - 08 Nov 2024 - The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. [#2573](https://redirect.github.com/github/codeql-action/pull/2573) - Update default CodeQL bundle version to 2.19.3. [#2576](https://redirect.github.com/github/codeql-action/pull/2576) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.1/CHANGELOG.md) for more information. ### [`v3.27.0`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.13...v3.27.0) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL bundle version to 2.14.6. [#2549](https://redirect.github.com/github/codeql-action/pull/2549) - Fix an issue where the `upload-sarif` Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the `upload-sarif` Action. [#2557](https://redirect.github.com/github/codeql-action/pull/2557) - Update default CodeQL bundle version to 2.19.2. [#2552](https://redirect.github.com/github/codeql-action/pull/2552) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.0/CHANGELOG.md) for more information. ### [`v3.26.13`](https://redirect.github.com/github/codeql-action/compare/v3.26.12...v3.26.13) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.12...v3.26.13) ### [`v3.26.12`](https://redirect.github.com/github/codeql-action/compare/v3.26.11...v3.26.12) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.11...v3.26.12) ### [`v3.26.11`](https://redirect.github.com/github/codeql-action/compare/v3.26.10...v3.26.11) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.10...v3.26.11) ### [`v3.26.10`](https://redirect.github.com/github/codeql-action/compare/v3.26.9...v3.26.10) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.9...v3.26.10) ### [`v3.26.9`](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.8...v3.26.9) ### [`v3.26.8`](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.7...v3.26.8) ### [`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7) ### [`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6) ### [`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5) ### [`v3.26.4`](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.3...v3.26.4) ### [`v3.26.3`](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.2...v3.26.3) ### [`v3.26.2`](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.1...v3.26.2) ### [`v3.26.1`](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.26.0...v3.26.1) ### [`v3.26.0`](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.25.15...v3.26.0) </details> <details> <summary>google-github-actions/auth (google-github-actions/auth)</summary> ### [`v2.1.7`](https://redirect.github.com/google-github-actions/auth/releases/tag/v2.1.7) [Compare Source](https://redirect.github.com/google-github-actions/auth/compare/v2.1.6...v2.1.7) #### What's Changed - fix: update relase workflows by [@verbanicm](https://redirect.github.com/verbanicm) in [https://github.com/google-github-actions/auth/pull/452](https://redirect.github.com/google-github-actions/auth/pull/452) - Release: v2.1.7 by [@google-github-actions-bot](https://redirect.github.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/453](https://redirect.github.com/google-github-actions/auth/pull/453) **Full Changelog**: google-github-actions/auth@v2.1.6...v2.1.7 ### [`v2.1.6`](https://redirect.github.com/google-github-actions/auth/releases/tag/v2.1.6) [Compare Source](https://redirect.github.com/google-github-actions/auth/compare/v2.1.5...v2.1.6) ##### What's Changed - Recommend `gcloud storage` over `gsutil` by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/438](https://redirect.github.com/google-github-actions/auth/pull/438) - Add missing log line by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/448](https://redirect.github.com/google-github-actions/auth/pull/448) - Release: v2.1.6 by [@google-github-actions-bot](https://redirect.github.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/449](https://redirect.github.com/google-github-actions/auth/pull/449) **Full Changelog**: google-github-actions/auth@v2.1.5...v2.1.6 ### [`v2.1.5`](https://redirect.github.com/google-github-actions/auth/releases/tag/v2.1.5) [Compare Source](https://redirect.github.com/google-github-actions/auth/compare/v2.1.4...v2.1.5) ##### What's Changed - Document ID Token lifetimes by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/433](https://redirect.github.com/google-github-actions/auth/pull/433) - fix !project_id error message typo by [@seth-acuitymd](https://redirect.github.com/seth-acuitymd) in [https://github.com/google-github-actions/auth/pull/435](https://redirect.github.com/google-github-actions/auth/pull/435) - Update deps by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/436](https://redirect.github.com/google-github-actions/auth/pull/436) - Release: v2.1.5 by [@google-github-actions-bot](https://redirect.github.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/437](https://redirect.github.com/google-github-actions/auth/pull/437) ##### New Contributors - [@seth-acuitymd](https://redirect.github.com/seth-acuitymd) made their first contribution in [https://github.com/google-github-actions/auth/pull/435](https://redirect.github.com/google-github-actions/auth/pull/435) **Full Changelog**: google-github-actions/auth@v2.1.4...v2.1.5 ### [`v2.1.4`](https://redirect.github.com/google-github-actions/auth/releases/tag/v2.1.4) [Compare Source](https://redirect.github.com/google-github-actions/auth/compare/v2.1.3...v2.1.4) #### What's Changed - security: bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/google-github-actions/auth/pull/420](https://redirect.github.com/google-github-actions/auth/pull/420) - Update spelling and workflow versions by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/422](https://redirect.github.com/google-github-actions/auth/pull/422) - Update deps by [@sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/430](https://redirect.github.com/google-github-actions/auth/pull/430) - Release: v2.1.4 by [@google-github-actions-bot](https://redirect.github.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/431](https://redirect.github.com/google-github-actions/auth/pull/431) **Full Changelog**: google-github-actions/auth@v2.1.3...v2.1.4 </details> <details> <summary>ianlewis/todo-issue-reopener (ianlewis/todo-issue-reopener)</summary> ### [`v1.4.0`](https://redirect.github.com/ianlewis/todo-issue-reopener/releases/tag/v1.4.0) [Compare Source](https://redirect.github.com/ianlewis/todo-issue-reopener/compare/v1.3.0...v1.4.0) #### Updated in 1.4.0 - Updated the version of `todos` used to v0.10.0. #### All Changes Since v1.3.0 - chore(deps-dev): Bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1141](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1141) - chore(deps): Bump uuid from 7.0.3 to 10.0.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1148](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1148) - chore(deps): Bump actions/upload-artifact from 4.3.6 to 4.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1170](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1170) - chore(deps-dev): Bump [@typescript-eslint/eslint-plugin](https://redirect.github.com/typescript-eslint/eslint-plugin) from 8.0.1 to 8.8.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1194](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1194) - chore(deps): Bump actions/setup-node from 4.0.2 to 4.0.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1208](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1208) - chore(deps): Bump github/codeql-action from 3.26.0 to 3.26.13 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1267](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1267) - chore(deps-dev): Bump [@typescript-eslint/eslint-plugin](https://redirect.github.com/typescript-eslint/eslint-plugin) from 8.8.0 to 8.10.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1241](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1241) - chore(deps): Bump codecov/codecov-action from 4.5.0 to 4.6.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1206](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1206) - chore(deps-dev): Bump [@typescript-eslint/parser](https://redirect.github.com/typescript-eslint/parser) from 8.0.1 to 8.10.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1240](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1240) - chore(deps): Bump yaml from 2.4.0 to 2.6.0 by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/1319](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1319) - chore(deps): Update todos version to v0.10.0 by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/1330](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1330) - chore(release): v1.4.0 by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/1341](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1341) **Full Changelog**: ianlewis/todo-issue-reopener@v1.3.0...v1.4.0 ### [`v1.3.0`](https://redirect.github.com/ianlewis/todo-issue-reopener/releases/tag/v1.3.0) [Compare Source](https://redirect.github.com/ianlewis/todo-issue-reopener/compare/v1.2.1...v1.3.0) #### Updated in 1.3.0 - Updated the version of `todos` used to v0.9.0. #### All Changes - chore(deps): Bump codecov/codecov-action from 4.4.0 to 4.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/922](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/922) - chore(deps): Bump actions/checkout from 4.1.1 to 4.1.7 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/923](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/923) - chore(deps-dev): Bump ts-jest from 29.1.2 to 29.2.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/940](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/940) - chore(deps-dev): Bump [@types/node](https://redirect.github.com/types/node) from 20.11.15 to 22.0.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/959](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/959) - chore: Update todos version by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/988](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/988) - chore(deps-dev): Bump prettier from 3.0.1 to 3.3.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/952](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/952) - chore(deps): Bump ossf/scorecard-action from 2.3.1 to 2.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/970](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/970) - chore(deps): Bump actions/upload-artifact from 4.3.3 to 4.3.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1016](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1016) - chore(deps): Bump github/codeql-action from 3.25.5 to 3.26.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1020](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1020) - chore(deps-dev): Bump [@types/node](https://redirect.github.com/types/node) from 22.0.2 to 22.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/ianlewis/todo-issue-reopener/pull/1022](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1022) - chore(deps): Update typescript by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/1108](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1108) - chore(release): v1.3.0 by [@ianlewis](https://redirect.github.com/ianlewis) in [https://github.com/ianlewis/todo-issue-reopener/pull/1129](https://redirect.github.com/ianlewis/todo-issue-reopener/pull/1129) **Full Changelog**: ianlewis/todo-issue-reopener@v1.2.1...v1.3.0 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.7.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.7.0) [Compare Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.6.0...v3.7.0) #### What's Changed - Bump actions/checkout from 4.1.7 to 4.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/172](https://redirect.github.com/sigstore/cosign-installer/pull/172) - bump for latest cosign v2.4.1 release by [@bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/173](https://redirect.github.com/sigstore/cosign-installer/pull/173) **Full Changelog**: sigstore/cosign-installer@v3.6.0...v3.7.0 ### [`v3.6.0`](https://redirect.github.com/sigstore/cosign-installer/releases/tag/v3.6.0) [Compare Source](https://redirect.github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0) #### What's Changed - Bump actions/checkout from 4.1.2 to 4.1.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/161](https://redirect.github.com/sigstore/cosign-installer/pull/161) - Bump actions/checkout from 4.1.3 to 4.1.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/162](https://redirect.github.com/sigstore/cosign-installer/pull/162) - Bump actions/setup-go from 5.0.0 to 5.0.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/163](https://redirect.github.com/sigstore/cosign-installer/pull/163) - Bump actions/checkout from 4.1.4 to 4.1.5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/164](https://redirect.github.com/sigstore/cosign-installer/pull/164) - Bump actions/checkout from 4.1.5 to 4.1.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/165](https://redirect.github.com/sigstore/cosign-installer/pull/165) - Bump actions/checkout from 4.1.6 to 4.1.7 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/166](https://redirect.github.com/sigstore/cosign-installer/pull/166) - Bump actions/setup-go from 5.0.1 to 5.0.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/167](https://redirect.github.com/sigstore/cosign-installer/pull/167) - pin public key used for verification by [@bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/169](https://redirect.github.com/sigstore/cosign-installer/pull/169) - bump default version to v2.4.0 release by [@bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/168](https://redirect.github.com/sigstore/cosign-installer/pull/168) - update readme for new release by [@bobcallaway](https://redirect.github.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/170](https://redirect.github.com/sigstore/cosign-installer/pull/170) **Full Changelog**: sigstore/cosign-installer@v3...v3.6.0 </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.2.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.2.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.1.0...v2.2.0) ##### What's Changed ##### Exciting New Features 🎉 - feat: read the release assets asynchronously by [@xen0n](https://redirect.github.com/xen0n) in [https://github.com/softprops/action-gh-release/pull/552](https://redirect.github.com/softprops/action-gh-release/pull/552) ##### Bug fixes 🐛 - fix(docs): clarify the default for tag_name by [@alexeagle](https://redirect.github.com/alexeagle) in [https://github.com/softprops/action-gh-release/pull/544](https://redirect.github.com/softprops/action-gh-release/pull/544) ##### Other Changes 🔄 - chore(deps): bump typescript from 5.6.3 to 5.7.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/548](https://redirect.github.com/softprops/action-gh-release/pull/548) - chore(deps): bump [@types/node](https://redirect.github.com/types/node) from 22.9.0 to 22.9.4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/547](https://redirect.github.com/softprops/action-gh-release/pull/547) - chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/545](https://redirect.github.com/softprops/action-gh-release/pull/545) - chore(deps): bump [@vercel/ncc](https://redirect.github.com/vercel/ncc) from 0.38.2 to 0.38.3 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/543](https://redirect.github.com/softprops/action-gh-release/pull/543) - chore(deps): bump prettier from 3.3.3 to 3.4.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/550](https://redirect.github.com/softprops/action-gh-release/pull/550) - chore(deps): bump [@types/node](https://redirect.github.com/types/node) from 22.9.4 to 22.10.1 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/551](https://redirect.github.com/softprops/action-gh-release/pull/551) - chore(deps): bump prettier from 3.4.1 to 3.4.2 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/554](https://redirect.github.com/softprops/action-gh-release/pull/554) ##### New Contributors - [@alexeagle](https://redirect.github.com/alexeagle) made their first contribution in [https://github.com/softprops/action-gh-release/pull/544](https://redirect.github.com/softprops/action-gh-release/pull/544) - [@xen0n](https://redirect.github.com/xen0n) made their first contribution in [https://github.com/softprops/action-gh-release/pull/552](https://redirect.github.com/softprops/action-gh-release/pull/552) **Full Changelog**: softprops/action-gh-release@v2.1.0...v2.2.0 ### [`v2.1.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.0.9...v2.1.0)  #### What's Changed ##### Exciting New Features 🎉 - feat: add support for release assets with multiple spaces within the name by [@dukhine](https://redirect.github.com/dukhine) in [https://github.com/softprops/action-gh-release/pull/518](https://redirect.github.com/softprops/action-gh-release/pull/518) - feat: preserve upload order by [@richarddd](https://redirect.github.com/richarddd) in [https://github.com/softprops/action-gh-release/pull/500](https://redirect.github.com/softprops/action-gh-release/pull/500) ##### Other Changes 🔄 - chore(deps): bump [@types/node](https://redirect.github.com/types/node) from 22.8.2 to 22.8.7 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/539](https://redirect.github.com/softprops/action-gh-release/pull/539) #### New Contributors - [@dukhine](https://redirect.github.com/dukhine) made their first contribution in [https://github.com/softprops/action-gh-release/pull/518](https://redirect.github.com/softprops/action-gh-release/pull/518) - [@richarddd](https://redirect.github.com/richarddd) made their first contribution in [https://github.com/softprops/action-gh-release/pull/500](https://redirect.github.com/softprops/action-gh-release/pull/500) **Full Changelog**: softprops/action-gh-release@v2...v2.1.0 ### [`v2.0.9`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.0.9) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.0.8...v2.0.9)  #### What's Changed - maintenance release with updated dependencies #### New Contributors - [@kbakdev](https://redirect.github.com/kbakdev) made their first contribution in [https://github.com/softprops/action-gh-release/pull/521](https://redirect.github.com/softprops/action-gh-release/pull/521) **Full Changelog**: softprops/action-gh-release@v2...v2.0.9 </details> <details> <summary>thehanimo/pr-title-checker (thehanimo/pr-title-checker)</summary> ### [`v1.4.3`](https://redirect.github.com/thehanimo/pr-title-checker/compare/v1.4.2...v1.4.3) [Compare Source](https://redirect.github.com/thehanimo/pr-title-checker/compare/v1.4.2...v1.4.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator).  Signed-off-by: Mend Renovate <[email protected]>
slsa-framework · Dec 13, 2024 · 19535f3 · 19535f3
1 parent 2747648
commit 19535f3
Show file tree

Hide file tree

Showing 36 changed files with 110 additions and 110 deletions.
diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml
@@ -76,7 +76,7 @@ runs:
         token: ${{ inputs.token }}
 
     - name: Set up Go environment
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: ${{ inputs.go-version }}
 

diff --git a/.github/actions/secure-builder-checkout/action.yaml b/.github/actions/secure-builder-checkout/action.yaml
@@ -37,7 +37,7 @@ runs:
     # and has an associated release. This will require exceptions
     # for e2e tests.
     - name: Checkout the repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         repository: ${{ inputs.repository }}
         ref: ${{ inputs.ref }}

diff --git a/.github/actions/secure-project-checkout-go/action.yml b/.github/actions/secure-project-checkout-go/action.yml
@@ -65,7 +65,7 @@ runs:
         fi
 
     - name: Set up Go environment
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: ${{ steps.validate.outputs.go_version }}
         go-version-file: ${{ steps.validate.outputs.go_version_file }}
diff --git a/.github/actions/secure-project-checkout-node/action.yml b/.github/actions/secure-project-checkout-node/action.yml
@@ -41,6 +41,6 @@ runs:
         path: ${{ inputs.path }}
 
     - name: Set up Node environment
-      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
         node-version: ${{ inputs.node-version }}
diff --git a/.github/actions/secure-project-checkout/action.yaml b/.github/actions/secure-project-checkout/action.yaml
@@ -40,7 +40,7 @@ runs:
   using: "composite"
   steps:
     - name: Checkout the repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         fetch-depth: ${{ inputs.fetch-depth }}
         ref: ${{ inputs.checkout-sha1 }}

diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml
@@ -37,7 +37,7 @@ runs:
         path: "${{ inputs.path }}"
 
     - name: Upload the artifact
-      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
       with:
         name: "${{ inputs.name }}"
         path: "${{ inputs.path }}"

diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml
@@ -209,7 +209,7 @@ jobs:
           allow-private-repository: ${{ inputs.rekor-log-public }}
 
       - name: Upload builder
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}"
           path: "${{ env.BUILDER_BINARY }}"
@@ -228,7 +228,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [rng, detect-env, generate-builder]
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Checkout builder repository
         uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main
         with:
@@ -306,7 +306,7 @@ jobs:
       - id: auth
         name: Authenticate to Google Cloud
         if: inputs.gcp-workload-identity-provider != ''
-        uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
         with:
           token_format: "access_token"
           workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }}
@@ -372,7 +372,7 @@ jobs:
           set-executable: true
 
       - name: Checkout the source repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
           persist-credentials: false
@@ -462,7 +462,7 @@ jobs:
         # TODO(https://github.com/slsa-framework/slsa-github-generator/issues/1655): Use a
         # secure upload or verify this against the SLSA layout file.
         id: upload-artifacts
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ steps.build.outputs.build-outputs-name }}
           path: /tmp/build-outputs-${{ needs.rng.outputs.value }}
@@ -535,7 +535,7 @@ jobs:
       - name: Upload unsigned intoto attestations file for pull request
         if: ${{ github.event_name == 'pull_request' }}
         id: upload-unsigned
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
           path: "attestations-${{ needs.rng.outputs.value }}"
@@ -556,7 +556,7 @@ jobs:
       - name: Upload the signed attestations
         id: upload-signed
         if: ${{ github.event_name != 'pull_request' }}
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
           path: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
@@ -598,7 +598,7 @@ jobs:
           path: "${{ needs.provenance.outputs.provenance-name }}"
 
       - name: Upload provenance new tag
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         if: startsWith(github.ref, 'refs/tags/') && inputs.upload-tag-name == ''
         id: release-new-tags
         with:
@@ -609,7 +609,7 @@ jobs:
           draft: ${{ inputs.draft-release }}
 
       - name: Upload provenance tag name
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         if: inputs.upload-tag-name != ''
         with:
           prerelease: ${{ inputs.prerelease }}
@@ -633,13 +633,13 @@ jobs:
       SLSA_OUTPUTS_NAME: ${{ needs.build.outputs.slsa-outputs-name }}
       RNG: ${{ needs.rng.outputs.value }}
     steps:
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.BUILD_DEFINITION_NAME }}-${{ env.RNG }}"
           useGlob: true
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.SLSA_OUTPUTS_NAME }}-${{ env.RNG }}"
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.BUILDER_BINARY }}-${{ env.RNG }}"
diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml
@@ -169,7 +169,7 @@ jobs:
           allow-private-repository: ${{ inputs.private-repository }}
 
       - name: Upload builder
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}"
           path: "${{ env.BUILDER_BINARY }}"
@@ -358,7 +358,7 @@ jobs:
             --workingDir "$UNTRUSTED_WORKING_DIR"
 
       - name: Upload the signed provenance
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ steps.sign-prov.outputs.signed-provenance-name }}"
           path: "${{ steps.sign-prov.outputs.signed-provenance-name }}"
@@ -399,7 +399,7 @@ jobs:
           sha256: "${{ needs.provenance.outputs.go-provenance-sha256 }}"
 
       - name: Upload provenance
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         with:
           tag_name: ${{ inputs.upload-tag-name }}
           prerelease: ${{ inputs.prerelease }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -55,11 +55,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -72,7 +72,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
 
       # Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -85,7 +85,7 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
 
   # NOTE: Checks that the matrix job above completes successfully.
   # This is necessary because the matrix strategy generates new jobs with

diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml
@@ -294,9 +294,9 @@ jobs:
     env:
       RNG: ${{ needs.rng.outputs.value }}
     steps:
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}"
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}"
diff --git a/.github/workflows/delegator_lowperms-generic_slsa3.yml b/.github/workflows/delegator_lowperms-generic_slsa3.yml
@@ -297,9 +297,9 @@ jobs:
     env:
       RNG: ${{ needs.rng.outputs.value }}
     steps:
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}"
-      - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
+      - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
           name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}"
diff --git a/.github/workflows/e2e.create-container_based-predicate.schedule.yml b/.github/workflows/e2e.create-container_based-predicate.schedule.yml
@@ -39,7 +39,7 @@ jobs:
     permissions:
       id-token: write # Needed to detect the current reusable repository and ref.
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Detect the builder ref
         id: detect
         uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main
@@ -71,7 +71,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main
@@ -85,7 +85,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main

diff --git a/.github/workflows/e2e.detect-workflow-js.schedule.yml b/.github/workflows/e2e.detect-workflow-js.schedule.yml
@@ -33,7 +33,7 @@ jobs:
       id-token: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - id: detect
         uses: ./.github/actions/detect-workflow-js
       - id: verify
@@ -70,7 +70,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main
@@ -84,7 +84,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main

diff --git a/.github/workflows/e2e.sign-attestations.schedule.yml b/.github/workflows/e2e.sign-attestations.schedule.yml
@@ -33,14 +33,14 @@ jobs:
       id-token: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - id: setup
         uses: ./.github/actions/sign-attestations
         with:
           attestations: .github/actions/sign-attestations/testdata/attestations
           output-folder: outputs
       - name: Setup node
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
         with:
           node-version: 20
       - name: install sigstore-js
@@ -62,7 +62,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main
@@ -76,7 +76,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main

diff --git a/.github/workflows/e2e.upload-folder.schedule.yml b/.github/workflows/e2e.upload-folder.schedule.yml
@@ -37,7 +37,7 @@ jobs:
       sha256: ${{ steps.upload.outputs.sha256 }}
       sha256-noroot: ${{ steps.upload-noroot.outputs.sha256 }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Create folder
         run: |
           set -euo pipefail
@@ -100,7 +100,7 @@ jobs:
     needs: [secure-upload-folder]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Download in new folder
         uses: ./.github/actions/secure-download-folder
@@ -180,7 +180,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main
@@ -194,7 +194,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: slsa-framework/example-package
           ref: main

diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
@@ -158,14 +158,14 @@ jobs:
       - id: auth
         name: Authenticate to Google Cloud
         if: inputs.gcp-workload-identity-provider != ''
-        uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
         with:
           token_format: "access_token"
           workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }}
           service_account: ${{ inputs.gcp-service-account }}
 
       - id: cosign-install
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
         with:
           cosign-release: v2.2.3
         continue-on-error: true

diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml
@@ -239,7 +239,7 @@ jobs:
       - name: Upload the signed provenance
         id: upload-prov
         continue-on-error: true
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ steps.sign-prov.outputs.provenance-name }}"
           path: "${{ steps.sign-prov.outputs.provenance-name }}"
@@ -285,7 +285,7 @@ jobs:
           sha256: "${{ needs.generator.outputs.provenance-sha256 }}"
 
       - name: Upload provenance
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         id: release
         with:
           draft: ${{ inputs.draft-release }}