From e058bdbfa15fe4813f594df30bd8763ae258c37e Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:50:51 +0100 Subject: [PATCH 01/65] chore: pin pip dependencies by hash (#237) * chore: pin pip dependencies by hash * chore: add recursive hashes * ci(dependabot): switch from pip to pip-compile * ci(dependabot): revert invalid change --- .devcontainer/Dockerfile | 2 +- .devcontainer/requirements.in | 2 + .devcontainer/requirements.txt | 195 ++++++++++++++++++++++++++++++++- 3 files changed, 196 insertions(+), 3 deletions(-) create mode 100644 .devcontainer/requirements.in diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 032a840e..edcbcdef 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -28,7 +28,7 @@ RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https:/ # Install some tools via pip to get more recent versions COPY .devcontainer/requirements.txt /tmp/requirements.txt -RUN python3 -m pip install --no-cache-dir -r /tmp/requirements.txt \ +RUN python3 -m pip install --require-hashes --no-cache-dir -r /tmp/requirements.txt \ && rm -rf /tmp/requirements.txt # Set default generator for CMake to Ninja diff --git a/.devcontainer/requirements.in b/.devcontainer/requirements.in new file mode 100644 index 00000000..8cc0dde5 --- /dev/null +++ b/.devcontainer/requirements.in @@ -0,0 +1,2 @@ +cmake==3.27.9 +gcovr==6.0 diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index 8cc0dde5..ac5cfa1b 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -1,2 +1,193 @@ -cmake==3.27.9 -gcovr==6.0 +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --generate-hashes requirements.in +# +cmake==3.27.9 \ + --hash=sha256:07bf268f42c9cdf3b06e04cc145c203b83d5a700f7c2a597772610f48c3dca04 \ + --hash=sha256:434714990d82e3c3936a726c1706c6a1d5a34964a7415d1433af0904a994e414 \ + --hash=sha256:5c83fe2c6059aaa3ad86f49e6e3da4483e582994a6c152aa7efa175282f7b207 \ + --hash=sha256:5c91df483ebaa03107f8b9488de207ff32fc74ef93bba79ac52dd830fff40b06 \ + --hash=sha256:5e8cc5554de86a072e6cbfef725e7dff542bc164a08f5fd41bc194f7778710b7 \ + --hash=sha256:64c7cd776d07a82163c3265cc82920e64e328d1c87049644005bfd49e4de4d7b \ + --hash=sha256:87e95c452e522c9379bbd04b300a0b28ba03841d57532166e109669f82f2bdef \ + --hash=sha256:8eb760800b8bd0178a29334ea3c729ac0534865a30f40994cdfc9c0897488a9e \ + --hash=sha256:9163fabf484b437cd11d5abe0b5161de57e9c22c75f779c9e6df7765b8138b42 \ + --hash=sha256:baad87ffe2b257ad51f66fab23f3ba5c16e24d757ba1543d4edb3b6cb4de47a2 \ + --hash=sha256:c0603c6dc9c7a4c6fce2717e5813bc6126d86388ce057f5bf1a643384966d784 \ + --hash=sha256:d3030f9f3773154cf6e8c581eac7b0225822f08d6bce37995180d901dfc62465 \ + --hash=sha256:d7880be7798bd58e43e0eb2e0ce67e7bb0d2ae29b3dc8f3cfbc1f991ae94305d \ + --hash=sha256:d8306b6e4442496dc1d87e3e64394ebbf02c04f1c6324a1a37cad3695f7d835a \ + --hash=sha256:d8a40eef1268c91e5b520b28fd5fe0591d750e48e44276dbfd493a14ee595c41 \ + --hash=sha256:e09cddb8338aab68b17f99ac0ac39ec3d9f8923f0d1527d25f9b4e1bdf8fa057 \ + --hash=sha256:f564e739b0ef37c1422fe91938b2ab971e21756b848bf840e3672ef3acacf73f + # via -r requirements.in +gcovr==6.0 \ + --hash=sha256:2e52019fdb76c6e327f48c2a2d8555fb5e362570b79cc74c5498804d1ce54a60 \ + --hash=sha256:8638d5f44def10e38e3166c8a33bef6643ec204687e0ac7d345ce41a98c5750b + # via -r requirements.in +jinja2==3.1.2 \ + --hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \ + --hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61 + # via gcovr +lxml==4.9.3 \ + --hash=sha256:05186a0f1346ae12553d66df1cfce6f251589fea3ad3da4f3ef4e34b2d58c6a3 \ + --hash=sha256:075b731ddd9e7f68ad24c635374211376aa05a281673ede86cbe1d1b3455279d \ + --hash=sha256:081d32421db5df44c41b7f08a334a090a545c54ba977e47fd7cc2deece78809a \ + --hash=sha256:0a3d3487f07c1d7f150894c238299934a2a074ef590b583103a45002035be120 \ + --hash=sha256:0bfd0767c5c1de2551a120673b72e5d4b628737cb05414f03c3277bf9bed3305 \ + --hash=sha256:0c0850c8b02c298d3c7006b23e98249515ac57430e16a166873fc47a5d549287 \ + --hash=sha256:0e2cb47860da1f7e9a5256254b74ae331687b9672dfa780eed355c4c9c3dbd23 \ + --hash=sha256:120fa9349a24c7043854c53cae8cec227e1f79195a7493e09e0c12e29f918e52 \ + --hash=sha256:1247694b26342a7bf47c02e513d32225ededd18045264d40758abeb3c838a51f \ + --hash=sha256:141f1d1a9b663c679dc524af3ea1773e618907e96075262726c7612c02b149a4 \ + --hash=sha256:14e019fd83b831b2e61baed40cab76222139926b1fb5ed0e79225bc0cae14584 \ + --hash=sha256:1509dd12b773c02acd154582088820893109f6ca27ef7291b003d0e81666109f \ + --hash=sha256:17a753023436a18e27dd7769e798ce302963c236bc4114ceee5b25c18c52c693 \ + --hash=sha256:1e224d5755dba2f4a9498e150c43792392ac9b5380aa1b845f98a1618c94eeef \ + --hash=sha256:1f447ea5429b54f9582d4b955f5f1985f278ce5cf169f72eea8afd9502973dd5 \ + --hash=sha256:23eed6d7b1a3336ad92d8e39d4bfe09073c31bfe502f20ca5116b2a334f8ec02 \ + --hash=sha256:25f32acefac14ef7bd53e4218fe93b804ef6f6b92ffdb4322bb6d49d94cad2bc \ + --hash=sha256:2c74524e179f2ad6d2a4f7caf70e2d96639c0954c943ad601a9e146c76408ed7 \ + --hash=sha256:303bf1edce6ced16bf67a18a1cf8339d0db79577eec5d9a6d4a80f0fb10aa2da \ + --hash=sha256:3331bece23c9ee066e0fb3f96c61322b9e0f54d775fccefff4c38ca488de283a \ + --hash=sha256:3e9bdd30efde2b9ccfa9cb5768ba04fe71b018a25ea093379c857c9dad262c40 \ + --hash=sha256:411007c0d88188d9f621b11d252cce90c4a2d1a49db6c068e3c16422f306eab8 \ + --hash=sha256:42871176e7896d5d45138f6d28751053c711ed4d48d8e30b498da155af39aebd \ + --hash=sha256:46f409a2d60f634fe550f7133ed30ad5321ae2e6630f13657fb9479506b00601 \ + --hash=sha256:48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c \ + --hash=sha256:48d6ed886b343d11493129e019da91d4039826794a3e3027321c56d9e71505be \ + --hash=sha256:4930be26af26ac545c3dffb662521d4e6268352866956672231887d18f0eaab2 \ + --hash=sha256:4aec80cde9197340bc353d2768e2a75f5f60bacda2bab72ab1dc499589b3878c \ + --hash=sha256:4c28a9144688aef80d6ea666c809b4b0e50010a2aca784c97f5e6bf143d9f129 \ + --hash=sha256:4d2d1edbca80b510443f51afd8496be95529db04a509bc8faee49c7b0fb6d2cc \ + --hash=sha256:4dd9a263e845a72eacb60d12401e37c616438ea2e5442885f65082c276dfb2b2 \ + --hash=sha256:4f1026bc732b6a7f96369f7bfe1a4f2290fb34dce00d8644bc3036fb351a4ca1 \ + --hash=sha256:4fb960a632a49f2f089d522f70496640fdf1218f1243889da3822e0a9f5f3ba7 \ + --hash=sha256:50670615eaf97227d5dc60de2dc99fb134a7130d310d783314e7724bf163f75d \ + --hash=sha256:50baa9c1c47efcaef189f31e3d00d697c6d4afda5c3cde0302d063492ff9b477 \ + --hash=sha256:53ace1c1fd5a74ef662f844a0413446c0629d151055340e9893da958a374f70d \ + --hash=sha256:5515edd2a6d1a5a70bfcdee23b42ec33425e405c5b351478ab7dc9347228f96e \ + --hash=sha256:56dc1f1ebccc656d1b3ed288f11e27172a01503fc016bcabdcbc0978b19352b7 \ + --hash=sha256:578695735c5a3f51569810dfebd05dd6f888147a34f0f98d4bb27e92b76e05c2 \ + --hash=sha256:57aba1bbdf450b726d58b2aea5fe47c7875f5afb2c4a23784ed78f19a0462574 \ + --hash=sha256:57d6ba0ca2b0c462f339640d22882acc711de224d769edf29962b09f77129cbf \ + --hash=sha256:5c245b783db29c4e4fbbbfc9c5a78be496c9fea25517f90606aa1f6b2b3d5f7b \ + --hash=sha256:5c31c7462abdf8f2ac0577d9f05279727e698f97ecbb02f17939ea99ae8daa98 \ + --hash=sha256:64f479d719dc9f4c813ad9bb6b28f8390360660b73b2e4beb4cb0ae7104f1c12 \ + --hash=sha256:65299ea57d82fb91c7f019300d24050c4ddeb7c5a190e076b5f48a2b43d19c42 \ + --hash=sha256:6689a3d7fd13dc687e9102a27e98ef33730ac4fe37795d5036d18b4d527abd35 \ + --hash=sha256:690dafd0b187ed38583a648076865d8c229661ed20e48f2335d68e2cf7dc829d \ + --hash=sha256:6fc3c450eaa0b56f815c7b62f2b7fba7266c4779adcf1cece9e6deb1de7305ce \ + --hash=sha256:704f61ba8c1283c71b16135caf697557f5ecf3e74d9e453233e4771d68a1f42d \ + --hash=sha256:71c52db65e4b56b8ddc5bb89fb2e66c558ed9d1a74a45ceb7dcb20c191c3df2f \ + --hash=sha256:71d66ee82e7417828af6ecd7db817913cb0cf9d4e61aa0ac1fde0583d84358db \ + --hash=sha256:7d298a1bd60c067ea75d9f684f5f3992c9d6766fadbc0bcedd39750bf344c2f4 \ + --hash=sha256:8b77946fd508cbf0fccd8e400a7f71d4ac0e1595812e66025bac475a8e811694 \ + --hash=sha256:8d7e43bd40f65f7d97ad8ef5c9b1778943d02f04febef12def25f7583d19baac \ + --hash=sha256:8df133a2ea5e74eef5e8fc6f19b9e085f758768a16e9877a60aec455ed2609b2 \ + --hash=sha256:8ed74706b26ad100433da4b9d807eae371efaa266ffc3e9191ea436087a9d6a7 \ + --hash=sha256:92af161ecbdb2883c4593d5ed4815ea71b31fafd7fd05789b23100d081ecac96 \ + --hash=sha256:97047f0d25cd4bcae81f9ec9dc290ca3e15927c192df17331b53bebe0e3ff96d \ + --hash=sha256:9719fe17307a9e814580af1f5c6e05ca593b12fb7e44fe62450a5384dbf61b4b \ + --hash=sha256:9767e79108424fb6c3edf8f81e6730666a50feb01a328f4a016464a5893f835a \ + --hash=sha256:9a92d3faef50658dd2c5470af249985782bf754c4e18e15afb67d3ab06233f13 \ + --hash=sha256:9bb6ad405121241e99a86efff22d3ef469024ce22875a7ae045896ad23ba2340 \ + --hash=sha256:9e28c51fa0ce5674be9f560c6761c1b441631901993f76700b1b30ca6c8378d6 \ + --hash=sha256:aca086dc5f9ef98c512bac8efea4483eb84abbf926eaeedf7b91479feb092458 \ + --hash=sha256:ae8b9c6deb1e634ba4f1930eb67ef6e6bf6a44b6eb5ad605642b2d6d5ed9ce3c \ + --hash=sha256:b0a545b46b526d418eb91754565ba5b63b1c0b12f9bd2f808c852d9b4b2f9b5c \ + --hash=sha256:b4e4bc18382088514ebde9328da057775055940a1f2e18f6ad2d78aa0f3ec5b9 \ + --hash=sha256:b6420a005548ad52154c8ceab4a1290ff78d757f9e5cbc68f8c77089acd3c432 \ + --hash=sha256:b86164d2cff4d3aaa1f04a14685cbc072efd0b4f99ca5708b2ad1b9b5988a991 \ + --hash=sha256:bb3bb49c7a6ad9d981d734ef7c7193bc349ac338776a0360cc671eaee89bcf69 \ + --hash=sha256:bef4e656f7d98aaa3486d2627e7d2df1157d7e88e7efd43a65aa5dd4714916cf \ + --hash=sha256:c0781a98ff5e6586926293e59480b64ddd46282953203c76ae15dbbbf302e8bb \ + --hash=sha256:c2006f5c8d28dee289f7020f721354362fa304acbaaf9745751ac4006650254b \ + --hash=sha256:c41bfca0bd3532d53d16fd34d20806d5c2b1ace22a2f2e4c0008570bf2c58833 \ + --hash=sha256:cd47b4a0d41d2afa3e58e5bf1f62069255aa2fd6ff5ee41604418ca925911d76 \ + --hash=sha256:cdb650fc86227eba20de1a29d4b2c1bfe139dc75a0669270033cb2ea3d391b85 \ + --hash=sha256:cef2502e7e8a96fe5ad686d60b49e1ab03e438bd9123987994528febd569868e \ + --hash=sha256:d27be7405547d1f958b60837dc4c1007da90b8b23f54ba1f8b728c78fdb19d50 \ + --hash=sha256:d37017287a7adb6ab77e1c5bee9bcf9660f90ff445042b790402a654d2ad81d8 \ + --hash=sha256:d3ff32724f98fbbbfa9f49d82852b159e9784d6094983d9a8b7f2ddaebb063d4 \ + --hash=sha256:d73d8ecf8ecf10a3bd007f2192725a34bd62898e8da27eb9d32a58084f93962b \ + --hash=sha256:dd708cf4ee4408cf46a48b108fb9427bfa00b9b85812a9262b5c668af2533ea5 \ + --hash=sha256:e3cd95e10c2610c360154afdc2f1480aea394f4a4f1ea0a5eacce49640c9b190 \ + --hash=sha256:e4da8ca0c0c0aea88fd46be8e44bd49716772358d648cce45fe387f7b92374a7 \ + --hash=sha256:eadfbbbfb41b44034a4c757fd5d70baccd43296fb894dba0295606a7cf3124aa \ + --hash=sha256:ed667f49b11360951e201453fc3967344d0d0263aa415e1619e85ae7fd17b4e0 \ + --hash=sha256:f3df3db1d336b9356dd3112eae5f5c2b8b377f3bc826848567f10bfddfee77e9 \ + --hash=sha256:f6bdac493b949141b733c5345b6ba8f87a226029cbabc7e9e121a413e49441e0 \ + --hash=sha256:fbf521479bcac1e25a663df882c46a641a9bff6b56dc8b0fafaebd2f66fb231b \ + --hash=sha256:fc9b106a1bf918db68619fdcd6d5ad4f972fdd19c01d19bdb6bf63f3589a9ec5 \ + --hash=sha256:fcdd00edfd0a3001e0181eab3e63bd5c74ad3e67152c84f93f13769a40e073a7 \ + --hash=sha256:fe4bda6bd4340caa6e5cf95e73f8fea5c4bfc55763dd42f1b50a94c1b4a2fbd4 + # via gcovr +markupsafe==2.1.3 \ + --hash=sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e \ + --hash=sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e \ + --hash=sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431 \ + --hash=sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686 \ + --hash=sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c \ + --hash=sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559 \ + --hash=sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc \ + --hash=sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb \ + --hash=sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939 \ + --hash=sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c \ + --hash=sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0 \ + --hash=sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4 \ + --hash=sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9 \ + --hash=sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575 \ + --hash=sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba \ + --hash=sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d \ + --hash=sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd \ + --hash=sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3 \ + --hash=sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00 \ + --hash=sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155 \ + --hash=sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac \ + --hash=sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52 \ + --hash=sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f \ + --hash=sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8 \ + --hash=sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b \ + --hash=sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007 \ + --hash=sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24 \ + --hash=sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea \ + --hash=sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198 \ + --hash=sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0 \ + --hash=sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee \ + --hash=sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be \ + --hash=sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2 \ + --hash=sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1 \ + --hash=sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707 \ + --hash=sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6 \ + --hash=sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c \ + --hash=sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58 \ + --hash=sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823 \ + --hash=sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779 \ + --hash=sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636 \ + --hash=sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c \ + --hash=sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad \ + --hash=sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee \ + --hash=sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc \ + --hash=sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2 \ + --hash=sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48 \ + --hash=sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7 \ + --hash=sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e \ + --hash=sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b \ + --hash=sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa \ + --hash=sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5 \ + --hash=sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e \ + --hash=sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb \ + --hash=sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9 \ + --hash=sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57 \ + --hash=sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc \ + --hash=sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc \ + --hash=sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2 \ + --hash=sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11 + # via jinja2 +pygments==2.17.2 \ + --hash=sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c \ + --hash=sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367 + # via gcovr From 879f98c1dfb2a9dcddd6bf4fd338e4ee0cbcdb1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 10:29:38 +0100 Subject: [PATCH 02/65] chore(deps): bump oxsecurity/megalinter from 7.6.0 to 7.7.0 (#241) Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7.6.0 to 7.7.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/5364b811bbe86576d832227be174ebc2aa0f5f49...7e042c726c68415475b05a65a686c612120a1232) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index ceee7551..fd9c62f5 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: oxsecurity/megalinter/flavors/documentation@5364b811bbe86576d832227be174ebc2aa0f5f49 # v7.6.0 + - uses: oxsecurity/megalinter/flavors/documentation@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true From 29105b92f6215d5efadc1fe87ba86cd268477de3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 10:30:01 +0100 Subject: [PATCH 03/65] chore(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (#242) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.8 to 2.22.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/407ffafae6a767df3e0230c3df91b6443ae8df75...c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index fd9c62f5..41e672cf 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 + - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 28691e22..5f495ee7 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 + uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 8869957a..1b23173b 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 + - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From e817ce8cadfaafe128c4bdeaac89118e1414a017 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 11:35:32 +0100 Subject: [PATCH 04/65] chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#243) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/1fc5bd396d372bee37d608f955b336615edf79c8...9614fae9e5c5eddabb09f90a270fcb487c9f7149) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- .github/workflows/cleanup-pr-image.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 9e0e2eff..8bfb85af 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -29,7 +29,7 @@ jobs: # with sigstore/fulcio when running outside of PRs. id-token: write steps: - - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 if: ${{ github.event_name != 'merge_group' }} - uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0 id: meta diff --git a/.github/workflows/cleanup-pr-image.yml b/.github/workflows/cleanup-pr-image.yml index af1eb4c6..5a79d0fb 100644 --- a/.github/workflows/cleanup-pr-image.yml +++ b/.github/workflows/cleanup-pr-image.yml @@ -16,7 +16,7 @@ jobs: permissions: packages: write steps: - - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} From 0e98b18300784fd6d69dbac4a799ac228bbc3ca4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 15:50:19 +0100 Subject: [PATCH 05/65] chore(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (#244) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 2.22.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2...305f6546310b9203e892c28c1484e82977f4f63d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 41e672cf..817b9440 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + - uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 5f495ee7..dff6b13a 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 1b23173b..1e389e3c 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 + - uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 55eb9ed44925a298c2fd5173a6c4fa69d84921a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 15:50:38 +0100 Subject: [PATCH 06/65] feat(deps): bump cmake from 3.27.9 to 3.28.0 in /.devcontainer (#245) Bumps [cmake](https://github.com/scikit-build/cmake-python-distributions) from 3.27.9 to 3.28.0. - [Release notes](https://github.com/scikit-build/cmake-python-distributions/releases) - [Changelog](https://github.com/scikit-build/cmake-python-distributions/blob/master/HISTORY.rst) - [Commits](https://github.com/scikit-build/cmake-python-distributions/compare/3.27.9...3.28.0) --- updated-dependencies: - dependency-name: cmake dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/requirements.in | 2 +- .devcontainer/requirements.txt | 36 +++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.devcontainer/requirements.in b/.devcontainer/requirements.in index 8cc0dde5..2041dfb9 100644 --- a/.devcontainer/requirements.in +++ b/.devcontainer/requirements.in @@ -1,2 +1,2 @@ -cmake==3.27.9 +cmake==3.28.0 gcovr==6.0 diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index ac5cfa1b..488cf05a 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -4,24 +4,24 @@ # # pip-compile --generate-hashes requirements.in # -cmake==3.27.9 \ - --hash=sha256:07bf268f42c9cdf3b06e04cc145c203b83d5a700f7c2a597772610f48c3dca04 \ - --hash=sha256:434714990d82e3c3936a726c1706c6a1d5a34964a7415d1433af0904a994e414 \ - --hash=sha256:5c83fe2c6059aaa3ad86f49e6e3da4483e582994a6c152aa7efa175282f7b207 \ - --hash=sha256:5c91df483ebaa03107f8b9488de207ff32fc74ef93bba79ac52dd830fff40b06 \ - --hash=sha256:5e8cc5554de86a072e6cbfef725e7dff542bc164a08f5fd41bc194f7778710b7 \ - --hash=sha256:64c7cd776d07a82163c3265cc82920e64e328d1c87049644005bfd49e4de4d7b \ - --hash=sha256:87e95c452e522c9379bbd04b300a0b28ba03841d57532166e109669f82f2bdef \ - --hash=sha256:8eb760800b8bd0178a29334ea3c729ac0534865a30f40994cdfc9c0897488a9e \ - --hash=sha256:9163fabf484b437cd11d5abe0b5161de57e9c22c75f779c9e6df7765b8138b42 \ - --hash=sha256:baad87ffe2b257ad51f66fab23f3ba5c16e24d757ba1543d4edb3b6cb4de47a2 \ - --hash=sha256:c0603c6dc9c7a4c6fce2717e5813bc6126d86388ce057f5bf1a643384966d784 \ - --hash=sha256:d3030f9f3773154cf6e8c581eac7b0225822f08d6bce37995180d901dfc62465 \ - --hash=sha256:d7880be7798bd58e43e0eb2e0ce67e7bb0d2ae29b3dc8f3cfbc1f991ae94305d \ - --hash=sha256:d8306b6e4442496dc1d87e3e64394ebbf02c04f1c6324a1a37cad3695f7d835a \ - --hash=sha256:d8a40eef1268c91e5b520b28fd5fe0591d750e48e44276dbfd493a14ee595c41 \ - --hash=sha256:e09cddb8338aab68b17f99ac0ac39ec3d9f8923f0d1527d25f9b4e1bdf8fa057 \ - --hash=sha256:f564e739b0ef37c1422fe91938b2ab971e21756b848bf840e3672ef3acacf73f +cmake==3.28.0 \ + --hash=sha256:0859c21a248083352a881ba22cec4c1c82c0e2bd1c0e8d76b8b066388da66c91 \ + --hash=sha256:1c90c1bcd60ab3f18bfa54842fb3871f91af2af70354790d26dcaf77e001f34a \ + --hash=sha256:31f9d0b6ccaa22071f44c07f56b2b2df5e6cff96ea310c746527a3ba5df273bc \ + --hash=sha256:3ee912c1cbfde5f411ee83afad1c6a58e57e4e0ddd26084b635c2c4968aac2fb \ + --hash=sha256:487dc103efa107ad4723577c0c073bcb19816066abe9023c9884fabcb212875e \ + --hash=sha256:5187f874dcc3dd30b9c3a1054dfba51a03e8ecc45fda18d8772434fe9b70fbed \ + --hash=sha256:6f50f2140552e4b6a8d1224a9e6bf09e308375fa41f27392bdfb37a75ec89c0e \ + --hash=sha256:7509d9593565e1b21b273a18f9d7fea7696a10b7f42a1d01192d12afbd52588a \ + --hash=sha256:84327cff8933224037b2eb94e7934c71e1a6e8bd13907f8fd32201e9ab9851e7 \ + --hash=sha256:8eb9282f160a93b8e4f1df9c3ee0272c9b8fbd51c42d951e1fe239bcfa06d02a \ + --hash=sha256:9f2c72a25b9069fafde7cd42a6964035d4a3590a3b12b0e861bdf69189cdf221 \ + --hash=sha256:a25ed6db0255a825434f6dc6b7dfa923bf5616b1df403b1e1ec2e3016d10237b \ + --hash=sha256:b74832801f6333226ff5cf19d1635f48af6b23942f1623608b8d7df9c43162a4 \ + --hash=sha256:bd5e402fd8b5c0ab3f95d0eee000d089b727cdeec12e77513cc6a4177730f253 \ + --hash=sha256:cb16c350eaa8543afcb1a9b142809b075f5ee8d94fa07b7c769fbd827c985dd0 \ + --hash=sha256:d80fb0a4017df18b0199623431561f31eb119ba9d4c060ba8145d21e5c3e9c4c \ + --hash=sha256:ee56311654a66d77b105e4a8f1816e87aff6f3380c362a8c4f5437762b13eb25 # via -r requirements.in gcovr==6.0 \ --hash=sha256:2e52019fdb76c6e327f48c2a2d8555fb5e362570b79cc74c5498804d1ce54a60 \ From 74c14060ab683fd29b7cb3d7b15e5e5af5917693 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 10:24:17 +0100 Subject: [PATCH 07/65] chore(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (#246) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.10 to 3.22.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/305f6546310b9203e892c28c1484e82977f4f63d...b374143c1149a9115d881581d29b8390bbcbb59c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 817b9440..67cf1fed 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 + - uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index dff6b13a..648906ca 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 + uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 1e389e3c..d6f210ee 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 + - uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From b56e88bc663d98f83e1a2fe61a7a67e752c562bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 12:17:28 +0100 Subject: [PATCH 08/65] chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#247) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...c7d193f32edcb7bfad88892161225aeda64e9392) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 67cf1fed..110a5642 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -34,7 +34,7 @@ jobs: if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 if: ${{ success() || failure() }} with: name: Linter Report From d08e9a0304fb795743282fc6e57b7caef9cc90a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 10:46:35 +0100 Subject: [PATCH 09/65] feat(deps): bump ubuntu from `8eab65d` to `6042500` in /.devcontainer (#249) Bumps ubuntu from `8eab65d` to `6042500`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index edcbcdef..c1767242 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb +FROM ubuntu:22.04@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b ARG BATS_VERSION=1.10.0 ARG CCACHE_VERSION=4.8.3 From 8c81bbba8087e56c79342e8300ea60e6819c362b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 09:47:12 +0000 Subject: [PATCH 10/65] feat(deps): bump cmake from 3.28.0 to 3.28.1 in /.devcontainer (#248) Bumps [cmake](https://github.com/scikit-build/cmake-python-distributions) from 3.28.0 to 3.28.1. - [Release notes](https://github.com/scikit-build/cmake-python-distributions/releases) - [Changelog](https://github.com/scikit-build/cmake-python-distributions/blob/master/HISTORY.rst) - [Commits](https://github.com/scikit-build/cmake-python-distributions/compare/3.28.0...3.28.1) --- updated-dependencies: - dependency-name: cmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/requirements.in | 2 +- .devcontainer/requirements.txt | 36 +++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.devcontainer/requirements.in b/.devcontainer/requirements.in index 2041dfb9..7362fd4d 100644 --- a/.devcontainer/requirements.in +++ b/.devcontainer/requirements.in @@ -1,2 +1,2 @@ -cmake==3.28.0 +cmake==3.28.1 gcovr==6.0 diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index 488cf05a..79680956 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -4,24 +4,24 @@ # # pip-compile --generate-hashes requirements.in # -cmake==3.28.0 \ - --hash=sha256:0859c21a248083352a881ba22cec4c1c82c0e2bd1c0e8d76b8b066388da66c91 \ - --hash=sha256:1c90c1bcd60ab3f18bfa54842fb3871f91af2af70354790d26dcaf77e001f34a \ - --hash=sha256:31f9d0b6ccaa22071f44c07f56b2b2df5e6cff96ea310c746527a3ba5df273bc \ - --hash=sha256:3ee912c1cbfde5f411ee83afad1c6a58e57e4e0ddd26084b635c2c4968aac2fb \ - --hash=sha256:487dc103efa107ad4723577c0c073bcb19816066abe9023c9884fabcb212875e \ - --hash=sha256:5187f874dcc3dd30b9c3a1054dfba51a03e8ecc45fda18d8772434fe9b70fbed \ - --hash=sha256:6f50f2140552e4b6a8d1224a9e6bf09e308375fa41f27392bdfb37a75ec89c0e \ - --hash=sha256:7509d9593565e1b21b273a18f9d7fea7696a10b7f42a1d01192d12afbd52588a \ - --hash=sha256:84327cff8933224037b2eb94e7934c71e1a6e8bd13907f8fd32201e9ab9851e7 \ - --hash=sha256:8eb9282f160a93b8e4f1df9c3ee0272c9b8fbd51c42d951e1fe239bcfa06d02a \ - --hash=sha256:9f2c72a25b9069fafde7cd42a6964035d4a3590a3b12b0e861bdf69189cdf221 \ - --hash=sha256:a25ed6db0255a825434f6dc6b7dfa923bf5616b1df403b1e1ec2e3016d10237b \ - --hash=sha256:b74832801f6333226ff5cf19d1635f48af6b23942f1623608b8d7df9c43162a4 \ - --hash=sha256:bd5e402fd8b5c0ab3f95d0eee000d089b727cdeec12e77513cc6a4177730f253 \ - --hash=sha256:cb16c350eaa8543afcb1a9b142809b075f5ee8d94fa07b7c769fbd827c985dd0 \ - --hash=sha256:d80fb0a4017df18b0199623431561f31eb119ba9d4c060ba8145d21e5c3e9c4c \ - --hash=sha256:ee56311654a66d77b105e4a8f1816e87aff6f3380c362a8c4f5437762b13eb25 +cmake==3.28.1 \ + --hash=sha256:0d4051d101d151d8387156c463aa45c8cd0e164f870e0ac0c8c91d3ff08528e1 \ + --hash=sha256:1be8f351271f8bcbe32288066e5add642d7c32f2f8fec3f135949c2cb13dfac2 \ + --hash=sha256:2ad22d897d2ed38544e5ef26ee21c4dccc38e938660cd07497fd6bdba0993ea6 \ + --hash=sha256:363bd0124d71d7e3d9b1ac9bd1dce1d80ba90f48b264c3bf9dbfcfda875cafc9 \ + --hash=sha256:379a730b274f39e5858ef2107861b2727918493347b0ccdd5f62bcbb6a8450d9 \ + --hash=sha256:3ed193134a4937bad8de2b4f62faebc8c1a4049cd37dad9767db7e7d91a08b52 \ + --hash=sha256:40f0671c05ef7eec27c4f53c63630b0b621e40f80ab38607d3a0e3a1f2c9242a \ + --hash=sha256:64d4642c48486bb4320540781a2266c2060929d1e236d6eb2b2c96273e75e958 \ + --hash=sha256:6a9549755d1178426502753d48949edae9bb0c66f15a07f09904783125beb0e3 \ + --hash=sha256:6ffb1fdb0b0f7f11271d82b5892c2edc109d561e186f882def095970403e2110 \ + --hash=sha256:74c9878c504ccc6ddd5b0914cbe3b86417a36a2c2dfc486040bfdfe63fbbb1ac \ + --hash=sha256:96d506c417d63bbcff19b3e9eaa69fe546456a0ddeffe914bcbb23cceee6818e \ + --hash=sha256:9c77c47afef821c0044ba73d182c386ab02e92e6bda5296e553c12455a083f29 \ + --hash=sha256:9ea12ebe4b8266f04d6619ed64860bd6e687522f02caf3131515dd39d614ef00 \ + --hash=sha256:bb03ed4753185d0c70c0bc3212e5533e20eb2c17fa0ca1e7603b702c6d0db8cf \ + --hash=sha256:c82bc0eb1495cf518cb4f355b8a73e584e67d53453406c0498bacc454cf6c404 \ + --hash=sha256:d0978cdd08c0ebc76f4f8543aba1381a41580dcb9c3bcffb536c41337b75aea1 # via -r requirements.in gcovr==6.0 \ --hash=sha256:2e52019fdb76c6e327f48c2a2d8555fb5e362570b79cc74c5498804d1ce54a60 \ From bb1436cf5fb4a6bb98974ce9781364452f0959b3 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 19 Dec 2023 08:43:22 +0100 Subject: [PATCH 11/65] chore(main): release 4.1.0 (#223) --- .release-please-manifest.json | 2 +- CHANGELOG.md | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 1778b2a6..411256bc 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "4.0.2" + ".": "4.1.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index a3f142bf..18c642e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/) and this project adheres to [Semantic Versioning](https://semver.org/). +## [4.1.0](https://github.com/philips-software/amp-devcontainer/compare/v4.0.2...v4.1.0) (2023-12-18) + + +### Features + +* **deps:** Bump cmake from 3.27.9 to 3.28.0 in /.devcontainer ([#245](https://github.com/philips-software/amp-devcontainer/issues/245)) ([55eb9ed](https://github.com/philips-software/amp-devcontainer/commit/55eb9ed44925a298c2fd5173a6c4fa69d84921a4)) +* **deps:** Bump cmake from 3.28.0 to 3.28.1 in /.devcontainer ([#248](https://github.com/philips-software/amp-devcontainer/issues/248)) ([8c81bbb](https://github.com/philips-software/amp-devcontainer/commit/8c81bbba8087e56c79342e8300ea60e6819c362b)) +* **deps:** Bump ubuntu from `8eab65d` to `6042500` in /.devcontainer ([#249](https://github.com/philips-software/amp-devcontainer/issues/249)) ([d08e9a0](https://github.com/philips-software/amp-devcontainer/commit/d08e9a0304fb795743282fc6e57b7caef9cc90a3)) +* Update xwin from v0.3.1 to v0.5.0 ([#222](https://github.com/philips-software/amp-devcontainer/issues/222)) ([dbb4ce3](https://github.com/philips-software/amp-devcontainer/commit/dbb4ce3bb0c65ab9cfe30e53054b513fae7a7ee8)) + + +### Bug Fixes + +* Update xwin to v0.5.0 ([dbb4ce3](https://github.com/philips-software/amp-devcontainer/commit/dbb4ce3bb0c65ab9cfe30e53054b513fae7a7ee8)) + ## [4.0.2](https://github.com/philips-software/amp-devcontainer/compare/v4.0.1...v4.0.2) (2023-11-13) From 421b09cba25dcc33f8d7c43519c7eaac58263f2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 10:25:51 +0100 Subject: [PATCH 12/65] chore(deps): bump google-github-actions/release-please-action from 4.0.1 to 4.0.2 (#250) chore(deps): bump google-github-actions/release-please-action Bumps [google-github-actions/release-please-action](https://github.com/google-github-actions/release-please-action) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/google-github-actions/release-please-action/releases) - [Changelog](https://github.com/google-github-actions/release-please-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/release-please-action/compare/a2d8d683f209466ee8c695cd994ae2cf08b1642d...cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e) --- updated-dependencies: - dependency-name: google-github-actions/release-please-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release-please.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 40506ab3..86288eb1 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -16,6 +16,6 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@a2d8d683f209466ee8c695cd994ae2cf08b1642d # v4.0.1 + - uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4.0.2 with: token: ${{ secrets.AMP_RELEASER_TOKEN }} From b34d59ff5d8146b28907c50d1fdfd55cd0954020 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 10:26:11 +0100 Subject: [PATCH 13/65] chore(deps): bump docker/metadata-action from 5.3.0 to 5.4.0 (#251) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/31cebacef4805868f9ce9a0cb03ee36c32df2ac4...9dc751fe249ad99385a2583ee0d084c400eee04e) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 8bfb85af..44ce866c 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -31,7 +31,7 @@ jobs: steps: - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 if: ${{ github.event_name != 'merge_group' }} - - uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0 + - uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0 id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index From b04975e2ff3241384f72ad84edf1c4af979acad0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Dec 2023 16:59:47 +0100 Subject: [PATCH 14/65] chore(deps): bump reviewdog/action-suggester from 1.8.0 to 1.9.0 (#253) Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/reviewdog/action-suggester/releases) - [Commits](https://github.com/reviewdog/action-suggester/compare/94877e550e6b522dc1d21231974b645ff2f084ce...4daff13db10cd0ddb200b45c8c7166dd0d5c85a9) --- updated-dependencies: - dependency-name: reviewdog/action-suggester dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 110a5642..0c4e8e03 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -40,6 +40,6 @@ jobs: name: Linter Report path: | megalinter-reports - - uses: reviewdog/action-suggester@94877e550e6b522dc1d21231974b645ff2f084ce # v1.8.0 + - uses: reviewdog/action-suggester@4daff13db10cd0ddb200b45c8c7166dd0d5c85a9 # v1.9.0 with: tool_name: MegaLinter From cee21a1e19376e1396c52be02b3dfd283c5a3625 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Dec 2023 17:08:07 +0100 Subject: [PATCH 15/65] chore(deps): bump Namchee/conventional-pr from 0.15.1 to 0.15.3 (#252) Bumps [Namchee/conventional-pr](https://github.com/namchee/conventional-pr) from 0.15.1 to 0.15.3. - [Release notes](https://github.com/namchee/conventional-pr/releases) - [Commits](https://github.com/namchee/conventional-pr/compare/93f510707dd4ef011c5e8fe7c94c93c59fc86d4c...8378fb29fcf8e0b18ce4f366ffd70483e5e9e8d8) --- updated-dependencies: - dependency-name: Namchee/conventional-pr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/validate-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index 101d559d..846dd7d5 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -11,7 +11,7 @@ jobs: conventional-commit: runs-on: ubuntu-latest steps: - - uses: Namchee/conventional-pr@93f510707dd4ef011c5e8fe7c94c93c59fc86d4c # v0.15.1 + - uses: Namchee/conventional-pr@8378fb29fcf8e0b18ce4f366ffd70483e5e9e8d8 # v0.15.3 with: access_token: ${{ secrets.GITHUB_TOKEN }} body: false From ad0682b61edbb4e6dfabe2a0207c60bd0f40c8a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 13:50:59 +0100 Subject: [PATCH 16/65] chore(deps): bump Namchee/conventional-pr from 0.15.3 to 0.15.4 (#254) Bumps [Namchee/conventional-pr](https://github.com/namchee/conventional-pr) from 0.15.3 to 0.15.4. - [Release notes](https://github.com/namchee/conventional-pr/releases) - [Commits](https://github.com/namchee/conventional-pr/compare/8378fb29fcf8e0b18ce4f366ffd70483e5e9e8d8...b31518c34a4243c21484e3187abbbee4a44d0ec4) --- updated-dependencies: - dependency-name: Namchee/conventional-pr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/validate-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index 846dd7d5..f8fbd48a 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -11,7 +11,7 @@ jobs: conventional-commit: runs-on: ubuntu-latest steps: - - uses: Namchee/conventional-pr@8378fb29fcf8e0b18ce4f366ffd70483e5e9e8d8 # v0.15.3 + - uses: Namchee/conventional-pr@b31518c34a4243c21484e3187abbbee4a44d0ec4 # v0.15.4 with: access_token: ${{ secrets.GITHUB_TOKEN }} body: false From cf8939c23129f6d7520089160d13b6748d7ccf6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Dec 2023 15:09:27 +0100 Subject: [PATCH 17/65] chore(deps): bump github/codeql-action from 3.22.11 to 3.22.12 (#255) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.22.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b374143c1149a9115d881581d29b8390bbcbb59c...012739e5082ff0c22ca6d6ab32e07c36df03c4a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 0c4e8e03..6a68fdaa 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 + - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 648906ca..b728f33f 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 + uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index d6f210ee..3f6a24b8 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11 + - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 3f13ae8e90c037735a57c220bba97b24f9b69f41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Dec 2023 10:25:41 +0100 Subject: [PATCH 18/65] chore(deps): bump EnricoMi/publish-unit-test-result-action from 2.11.0 to 2.12.0 (#256) chore(deps): bump EnricoMi/publish-unit-test-result-action Bumps [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) from 2.11.0 to 2.12.0. - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](https://github.com/enricomi/publish-unit-test-result-action/compare/ca89ad036b5fcd524c1017287fb01b5139908408...e780361cd1fc1b1a170624547b3ffda64787d365) --- updated-dependencies: - dependency-name: EnricoMi/publish-unit-test-result-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 47b4d7d2..198b1683 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: run: | set -Eeuo pipefail docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ${{ github.repository }}:test bats --formatter junit testsuite.bats | tee test-report.xml - - uses: EnricoMi/publish-unit-test-result-action@ca89ad036b5fcd524c1017287fb01b5139908408 # v2.11.0 + - uses: EnricoMi/publish-unit-test-result-action@e780361cd1fc1b1a170624547b3ffda64787d365 # v2.12.0 if: always() with: files: test-report.xml From 4d3fd6b758f2152cef0e795c62ad3a528ce57c56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jan 2024 11:09:46 +0100 Subject: [PATCH 19/65] chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (#257) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/5ecf649a417b8ae17dc8383dc32d46c03f2312df...719133684c7d294116626d1344fe64f0d2ff3e9e) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 44ce866c..9dd27717 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1 + - uses: anchore/sbom-action@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From d5a37eafee10a061759300eefd4ea2aee2a880bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jan 2024 12:16:42 +0100 Subject: [PATCH 20/65] chore(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#258) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.4 to 3.1.5. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/01bc87099ba56df1e897b6874784491ea6309bc4...c74b580d73376b7750d3d2a50bfb8adc2c937507) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 9dd27717..dc561adc 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -73,7 +73,7 @@ jobs: with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} dependency-snapshot: true - - uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4 + - uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 if: ${{ github.event_name == 'pull_request' }} with: comment-summary-in-pr: on-failure From 06ed1327e9e08b275f60947ad64646419b6558b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 10:36:23 +0100 Subject: [PATCH 21/65] chore(deps): bump docker/metadata-action from 5.4.0 to 5.5.0 (#259) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.4.0 to 5.5.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/9dc751fe249ad99385a2583ee0d084c400eee04e...dbef88086f6cef02e264edb7dbf63250c17cef6c) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index dc561adc..56f8617d 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -31,7 +31,7 @@ jobs: steps: - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 if: ${{ github.event_name != 'merge_group' }} - - uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0 + - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index From fac92f451a0209a5473ac210892a1383d128863a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 06:31:43 +0100 Subject: [PATCH 22/65] chore(deps): bump github/codeql-action from 3.22.12 to 3.23.0 (#260) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e5f05b81d5b6ff8cfa111c80c22c5fd02a384118) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 6a68fdaa..ee125183 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index b728f33f..0dcc7181 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 3f6a24b8..b3b6b7d0 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From c9432b9ec2576acb492964a0d55b2ef51142a44d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 05:32:21 +0000 Subject: [PATCH 23/65] chore(deps): bump anchore/sbom-action from 0.15.2 to 0.15.3 (#261) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.2 to 0.15.3. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/719133684c7d294116626d1344fe64f0d2ff3e9e...c7f031d9249a826a082ea14c79d3b686a51d485a) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 56f8617d..22b6c10c 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2 + - uses: anchore/sbom-action@c7f031d9249a826a082ea14c79d3b686a51d485a # v0.15.3 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From ab056fca8188a84f63e6bcedaa2018830bf8a279 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jan 2024 14:33:36 +0100 Subject: [PATCH 24/65] feat(deps): bump jinja2 from 3.1.2 to 3.1.3 in /.devcontainer (#262) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index 79680956..1ac3b7c8 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -27,9 +27,9 @@ gcovr==6.0 \ --hash=sha256:2e52019fdb76c6e327f48c2a2d8555fb5e362570b79cc74c5498804d1ce54a60 \ --hash=sha256:8638d5f44def10e38e3166c8a33bef6643ec204687e0ac7d345ce41a98c5750b # via -r requirements.in -jinja2==3.1.2 \ - --hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \ - --hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61 +jinja2==3.1.3 \ + --hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \ + --hash=sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90 # via gcovr lxml==4.9.3 \ --hash=sha256:05186a0f1346ae12553d66df1cfce6f251589fea3ad3da4f3ef4e34b2d58c6a3 \ From ca156eb43322071ef8023dec2d5580487f5bbd95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:30:45 +0000 Subject: [PATCH 25/65] chore(deps): bump actions/cache from 3.3.2 to 3.3.3 (#263) * chore(deps): bump actions/cache from 3.3.2 to 3.3.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...e12d46a63a90f2fae62d114769bbf2a179198b5c) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * resolve possible linter issue * Apply suggestions from code review --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/prime-cache.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 198b1683..5b05f89e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: tags: ${{ github.repository }}:test cache-from: type=gha cache-to: type=gha,mode=max - - uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 with: path: test/.xwin-cache key: xwin-cache diff --git a/.github/workflows/prime-cache.yml b/.github/workflows/prime-cache.yml index 17493c01..a758e539 100644 --- a/.github/workflows/prime-cache.yml +++ b/.github/workflows/prime-cache.yml @@ -31,7 +31,7 @@ jobs: set -Eeuo pipefail mkdir test docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ghcr.io/${{ github.repository }}:latest xwin --accept-license splat --preserve-ms-arch-notation - - uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache/save@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 with: path: test/.xwin-cache key: xwin-cache From dea510b040804a43d04f02076f60f5ea47f5de7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 09:00:28 +0000 Subject: [PATCH 26/65] chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#266) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/c7d193f32edcb7bfad88892161225aeda64e9392...1eb3cb2b3e0f29609092a73eb033bb759a334595) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index ee125183..823a904b 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -34,7 +34,7 @@ jobs: if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif - - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 if: ${{ success() || failure() }} with: name: Linter Report From 98226b8ed3651622912f5fd6d08218279a6bdfbf Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 15 Jan 2024 11:39:06 +0100 Subject: [PATCH 27/65] feat: update ccache from 4.8.3 to 4.9 (#265) * feat: update ccache from 4.8.3 to 4.9 * chore: rely on ccache compiler detection for clang-cl --- .devcontainer/Dockerfile | 2 +- test/CMakePresets.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index c1767242..6d363c80 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:22.04@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b ARG BATS_VERSION=1.10.0 -ARG CCACHE_VERSION=4.8.3 +ARG CCACHE_VERSION=4.9 ARG CLANG_VERSION=16 ARG DOCKER_VERSION=24.0.6 ARG MULL_VERSION=main diff --git a/test/CMakePresets.json b/test/CMakePresets.json index f038d058..8014b350 100644 --- a/test/CMakePresets.json +++ b/test/CMakePresets.json @@ -24,8 +24,7 @@ "inherits": "defaults", "toolchainFile": "${sourceDir}/clang-cl/toolchain.cmake", "environment": { - "CCACHE_DEPEND": "true", - "CCACHE_COMPILERTYPE": "clang-cl" + "CCACHE_DEPEND": "true" }, "cacheVariables": { "CMAKE_BUILD_TYPE": "Release" From 67047029277331ba947a38ade39fedc7add64744 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Mon, 15 Jan 2024 13:59:29 +0100 Subject: [PATCH 28/65] chore(main): release 4.2.0 (#264) --- .release-please-manifest.json | 2 +- CHANGELOG.md | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 411256bc..34a3350a 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "4.1.0" + ".": "4.2.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 18c642e7..0cbe2bb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/) and this project adheres to [Semantic Versioning](https://semver.org/). +## [4.2.0](https://github.com/philips-software/amp-devcontainer/compare/v4.1.0...v4.2.0) (2024-01-15) + + +### Features + +* **deps:** Bump jinja2 from 3.1.2 to 3.1.3 in /.devcontainer ([#262](https://github.com/philips-software/amp-devcontainer/issues/262)) ([ab056fc](https://github.com/philips-software/amp-devcontainer/commit/ab056fca8188a84f63e6bcedaa2018830bf8a279)) +* Update ccache from 4.8.3 to 4.9 ([#265](https://github.com/philips-software/amp-devcontainer/issues/265)) ([98226b8](https://github.com/philips-software/amp-devcontainer/commit/98226b8ed3651622912f5fd6d08218279a6bdfbf)) + ## [4.1.0](https://github.com/philips-software/amp-devcontainer/compare/v4.0.2...v4.1.0) (2023-12-18) From 21b84652a36461fcfe73f4cce4309f1d0f705ab0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 07:19:33 +0100 Subject: [PATCH 29/65] chore(deps): bump actions/cache from 3.3.3 to 4.0.0 (#267) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.3 to 4.0.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/e12d46a63a90f2fae62d114769bbf2a179198b5c...13aacd865c20de90d75de3b17ebe84f7a17d57d2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/prime-cache.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b05f89e..0f35633f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: tags: ${{ github.repository }}:test cache-from: type=gha cache-to: type=gha,mode=max - - uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 + - uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: path: test/.xwin-cache key: xwin-cache diff --git a/.github/workflows/prime-cache.yml b/.github/workflows/prime-cache.yml index a758e539..82b625f3 100644 --- a/.github/workflows/prime-cache.yml +++ b/.github/workflows/prime-cache.yml @@ -31,7 +31,7 @@ jobs: set -Eeuo pipefail mkdir test docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ghcr.io/${{ github.repository }}:latest xwin --accept-license splat --preserve-ms-arch-notation - - uses: actions/cache/save@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 + - uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: path: test/.xwin-cache key: xwin-cache From 48f20ac5cce536541a31e893615730643513a8cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 07:20:00 +0100 Subject: [PATCH 30/65] feat(deps): bump ubuntu from `6042500` to `a2bbdf7` in /.devcontainer (#268) Bumps ubuntu from `6042500` to `a2bbdf7`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 6d363c80..22bac2e0 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:6042500cf4b44023ea1894effe7890666b0c5c7871ed83a97c36c76ae560bb9b +FROM ubuntu:22.04@sha256:a2bbdf79d03f6d4171bbd6ebb4782f6229375951987d3427ec3d9373f9841cd7 ARG BATS_VERSION=1.10.0 ARG CCACHE_VERSION=4.9 From 4a3de47154173d3ace68bd3982be4f20fd8b2e33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 10:14:50 +0100 Subject: [PATCH 31/65] chore(deps): bump github/codeql-action from 3.23.0 to 3.23.1 (#271) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118...0b21cf2492b6b02c465a3e5d7c473717ad7721ba) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 823a904b..15463386 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 + - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 0dcc7181..5d89b882 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 + uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index b3b6b7d0..f2c0d2ee 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 + - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 445373734e545826f2c9e6e525d6fec4f8a68fb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 10:20:30 +0100 Subject: [PATCH 32/65] feat(deps): bump ubuntu from `a2bbdf7` to `e6173d4` in /.devcontainer (#270) Bumps ubuntu from `a2bbdf7` to `e6173d4`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 22bac2e0..064c1408 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:a2bbdf79d03f6d4171bbd6ebb4782f6229375951987d3427ec3d9373f9841cd7 +FROM ubuntu:22.04@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74 ARG BATS_VERSION=1.10.0 ARG CCACHE_VERSION=4.9 From 01fdee67a56ca6f382d45138ec60910e6d07b155 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 10:49:27 +0100 Subject: [PATCH 33/65] chore(deps): bump anchore/sbom-action from 0.15.3 to 0.15.4 (#274) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.3 to 0.15.4. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/c7f031d9249a826a082ea14c79d3b686a51d485a...41f7a6c033dbcdf78917f23b652c8b8146298c85) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 22b6c10c..04bed413 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@c7f031d9249a826a082ea14c79d3b686a51d485a # v0.15.3 + - uses: anchore/sbom-action@41f7a6c033dbcdf78917f23b652c8b8146298c85 # v0.15.4 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From a3198040c1c82127c76458c172cb984aa21a8f85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:50:06 +0000 Subject: [PATCH 34/65] chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#273) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/1eb3cb2b3e0f29609092a73eb033bb759a334595...694cdabd8bdb0f10b2cea11669e1bf5453eed0a6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 15463386..ef852c77 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -34,7 +34,7 @@ jobs: if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif - - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 if: ${{ success() || failure() }} with: name: Linter Report From bb7cf8e3cdf96ffb363d3c3daf9076b67ef6f891 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:50:38 +0000 Subject: [PATCH 35/65] chore(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#272) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/c74b580d73376b7750d3d2a50bfb8adc2c937507...4901385134134e04cec5fbe5ddfe3b2c5bd5d976) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 04bed413..6398d32a 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -73,7 +73,7 @@ jobs: with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} dependency-snapshot: true - - uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 + - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 if: ${{ github.event_name == 'pull_request' }} with: comment-summary-in-pr: on-failure From 335f3c9682852337729ee3c46affa4800464dda7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 14:25:41 +0100 Subject: [PATCH 36/65] chore(deps): bump oxsecurity/megalinter from 7.7.0 to 7.8.0 (#275) Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7.7.0 to 7.8.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/7e042c726c68415475b05a65a686c612120a1232...688bc7466d7ab4faa83d614c2e6f9acf42b674dc) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index ef852c77..2f9a2bf8 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: oxsecurity/megalinter/flavors/documentation@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 + - uses: oxsecurity/megalinter/flavors/documentation@688bc7466d7ab4faa83d614c2e6f9acf42b674dc # v7.8.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true From ba079b2d4649da7d114c4f3cba5286bf0f07b659 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jan 2024 11:13:43 +0100 Subject: [PATCH 37/65] chore(deps): bump anchore/sbom-action from 0.15.4 to 0.15.5 (#276) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.4 to 0.15.5. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/41f7a6c033dbcdf78917f23b652c8b8146298c85...24b0d5238516480139aa8bc6f92eeb7b54a9eb0a) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 6398d32a..68a3e01c 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@41f7a6c033dbcdf78917f23b652c8b8146298c85 # v0.15.4 + - uses: anchore/sbom-action@24b0d5238516480139aa8bc6f92eeb7b54a9eb0a # v0.15.5 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From f2e3783d465069249b248aa0dd74a85fdfc30ad4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jan 2024 15:17:50 +0100 Subject: [PATCH 38/65] chore(deps): bump reviewdog/action-suggester from 1.9.0 to 1.10.0 (#277) Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/reviewdog/action-suggester/releases) - [Commits](https://github.com/reviewdog/action-suggester/compare/4daff13db10cd0ddb200b45c8c7166dd0d5c85a9...45ee3515eafbecd5fc154cd8a74e0de93ee2b28e) --- updated-dependencies: - dependency-name: reviewdog/action-suggester dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 2f9a2bf8..b0a49ed6 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -40,6 +40,6 @@ jobs: name: Linter Report path: | megalinter-reports - - uses: reviewdog/action-suggester@4daff13db10cd0ddb200b45c8c7166dd0d5c85a9 # v1.9.0 + - uses: reviewdog/action-suggester@45ee3515eafbecd5fc154cd8a74e0de93ee2b28e # v1.10.0 with: tool_name: MegaLinter From d34a061b0b93b506a60aa976616ed08fe581af5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:18:35 +0000 Subject: [PATCH 39/65] chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#278) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/694cdabd8bdb0f10b2cea11669e1bf5453eed0a6...26f96dfa697d77e81fd5907df203aa23a56210a8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index b0a49ed6..f69a731c 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -34,7 +34,7 @@ jobs: if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif - - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 if: ${{ success() || failure() }} with: name: Linter Report From cdcf39bd584153ce06024b1c72aa53308bc38eda Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jan 2024 12:20:41 +0100 Subject: [PATCH 40/65] feat(deps): bump gcovr from 6.0 to 7.0 in /.devcontainer (#279) Bumps [gcovr](https://github.com/gcovr/gcovr) from 6.0 to 7.0. - [Release notes](https://github.com/gcovr/gcovr/releases) - [Changelog](https://github.com/gcovr/gcovr/blob/main/CHANGELOG.rst) - [Commits](https://github.com/gcovr/gcovr/compare/6.0...7.0) --- updated-dependencies: - dependency-name: gcovr dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/requirements.in | 2 +- .devcontainer/requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.devcontainer/requirements.in b/.devcontainer/requirements.in index 7362fd4d..15b95cb4 100644 --- a/.devcontainer/requirements.in +++ b/.devcontainer/requirements.in @@ -1,2 +1,2 @@ cmake==3.28.1 -gcovr==6.0 +gcovr==7.0 diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index 1ac3b7c8..491004f0 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -23,9 +23,9 @@ cmake==3.28.1 \ --hash=sha256:c82bc0eb1495cf518cb4f355b8a73e584e67d53453406c0498bacc454cf6c404 \ --hash=sha256:d0978cdd08c0ebc76f4f8543aba1381a41580dcb9c3bcffb536c41337b75aea1 # via -r requirements.in -gcovr==6.0 \ - --hash=sha256:2e52019fdb76c6e327f48c2a2d8555fb5e362570b79cc74c5498804d1ce54a60 \ - --hash=sha256:8638d5f44def10e38e3166c8a33bef6643ec204687e0ac7d345ce41a98c5750b +gcovr==7.0 \ + --hash=sha256:9bb365aadaf0c8d95fb457bba9f6fb6e306804faedc883786d90a72f93ed2d57 \ + --hash=sha256:d4124f89e9299cce4a0b2fda9b9cd6c07c4b7d0e94705eb071fd332671ee1125 # via -r requirements.in jinja2==3.1.3 \ --hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \ From 0323e9132f19e7bb38fa95ff69d0c2c6e5f7c32b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 11:23:41 +0100 Subject: [PATCH 41/65] chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#280) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0b21cf2492b6b02c465a3e5d7c473717ad7721ba...b7bf0a3ed3ecfa44160715d7c442788f65f0f923) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index f69a731c..fc98872e 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 5d89b882..1469c61b 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index f2c0d2ee..ca9b89da 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From c46ba0fa38176eca9cdab965138b8a2002370fa5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 15:42:04 +0100 Subject: [PATCH 42/65] chore(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 (#281) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.5 to 0.15.6. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/24b0d5238516480139aa8bc6f92eeb7b54a9eb0a...c6aed38a4323b393d05372c58a74c39ae8386d02) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 68a3e01c..1cb0c8a3 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@24b0d5238516480139aa8bc6f92eeb7b54a9eb0a # v0.15.5 + - uses: anchore/sbom-action@c6aed38a4323b393d05372c58a74c39ae8386d02 # v0.15.6 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From 3434ef36201d2f60c5a32f0f00d16c82123097b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jan 2024 18:09:14 +0100 Subject: [PATCH 43/65] chore(deps): bump anchore/sbom-action from 0.15.6 to 0.15.7 (#282) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.6 to 0.15.7. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/c6aed38a4323b393d05372c58a74c39ae8386d02...767b08fd8822486ad890abb8f1d31721bebd651c) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 1cb0c8a3..d1cd2c37 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@c6aed38a4323b393d05372c58a74c39ae8386d02 # v0.15.6 + - uses: anchore/sbom-action@767b08fd8822486ad890abb8f1d31721bebd651c # v0.15.7 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From 0a8ffc5077d162c637c667ce93a99f7797cbc0cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:46:49 +0100 Subject: [PATCH 44/65] chore(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 (#283) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.0 to 5.5.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/dbef88086f6cef02e264edb7dbf63250c17cef6c...8e5442c4ef9f78752691e2d8f8d19755c6f78e81) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index d1cd2c37..4c8e5940 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -31,7 +31,7 @@ jobs: steps: - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 if: ${{ github.event_name != 'merge_group' }} - - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index From b8a02bd4899ee03166312befc9d3a20f4798bd1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:32:30 +0100 Subject: [PATCH 45/65] chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 (#284) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.2 to 6.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/153407881ec5c347639a548ade7d8ad1d6740e38...b1ddad2c994a25fbc81a28b3ec0e368bb2021c50) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/update-dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 0703c9b8..5cafec7a 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -23,7 +23,7 @@ jobs: - name: Update dependencies working-directory: .devcontainer run: ./update-dependencies.sh apt-requirements-base.json apt-requirements-clang.json - - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 with: commit-message: "feat(deps): update dependencies" branch: feature/update-apt-dependencies From 745d4add665d169b3c5d83b9b7cf81f1db228412 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:34:17 +0100 Subject: [PATCH 46/65] chore(deps): bump anchore/sbom-action from 0.15.7 to 0.15.8 (#285) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.7 to 0.15.8. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/767b08fd8822486ad890abb8f1d31721bebd651c...b6a39da80722a2cb0ef5d197531764a89b5d48c3) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 4c8e5940..b91e3a5d 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -68,7 +68,7 @@ jobs: provenance: true cache-from: type=gha cache-to: type=gha,mode=max - - uses: anchore/sbom-action@767b08fd8822486ad890abb8f1d31721bebd651c # v0.15.7 + - uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 if: ${{ steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group' }} with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} From 65aa1eb2611e7f6dac788009707112a6499b839a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:35:24 +0100 Subject: [PATCH 47/65] chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#286) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9614fae9e5c5eddabb09f90a270fcb487c9f7149...e1523de7571e31dbe865fd2e80c5c7c23ae71eb4) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- .github/workflows/cleanup-pr-image.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index b91e3a5d..29dfacb7 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -29,7 +29,7 @@ jobs: # with sigstore/fulcio when running outside of PRs. id-token: write steps: - - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 if: ${{ github.event_name != 'merge_group' }} - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 id: meta diff --git a/.github/workflows/cleanup-pr-image.yml b/.github/workflows/cleanup-pr-image.yml index 5a79d0fb..047302d7 100644 --- a/.github/workflows/cleanup-pr-image.yml +++ b/.github/workflows/cleanup-pr-image.yml @@ -16,7 +16,7 @@ jobs: permissions: packages: write steps: - - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} From 41bf430ab50777c2cbb855aae994356f9159e56a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Feb 2024 18:39:08 +0100 Subject: [PATCH 48/65] feat(deps): bump ubuntu from `e6173d4` to `e9569c2` in /.devcontainer (#287) Bumps ubuntu from `e6173d4` to `e9569c2`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 064c1408..1ce59d25 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74 +FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999 ARG BATS_VERSION=1.10.0 ARG CCACHE_VERSION=4.9 From 9928d88976e0e4d0d7d49545ca8a0f5bb4fd279f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 14:10:01 +0100 Subject: [PATCH 49/65] chore(deps): bump EnricoMi/publish-unit-test-result-action from 2.12.0 to 2.13.0 (#288) chore(deps): bump EnricoMi/publish-unit-test-result-action Bumps [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](https://github.com/enricomi/publish-unit-test-result-action/compare/e780361cd1fc1b1a170624547b3ffda64787d365...4e121453199042300b654ee3b4b52720bc645dc6) --- updated-dependencies: - dependency-name: EnricoMi/publish-unit-test-result-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f35633f..fc961bb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: run: | set -Eeuo pipefail docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ${{ github.repository }}:test bats --formatter junit testsuite.bats | tee test-report.xml - - uses: EnricoMi/publish-unit-test-result-action@e780361cd1fc1b1a170624547b3ffda64787d365 # v2.12.0 + - uses: EnricoMi/publish-unit-test-result-action@4e121453199042300b654ee3b4b52720bc645dc6 # v2.13.0 if: always() with: files: test-report.xml From 950be0962748370aacab4b5a2cf89b302adb51c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 13:10:39 +0000 Subject: [PATCH 50/65] chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 (#289) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b7bf0a3ed3ecfa44160715d7c442788f65f0f923...e8893c57a1f3a2b659b6b55564fdfdbbd2982911) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index fc98872e..af0bd61d 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 1469c61b..481f24e8 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index ca9b89da..05c3fbc2 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 2b8f061b447b0d48bd0754373f706212510603be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 11:44:22 +0100 Subject: [PATCH 51/65] chore(deps): bump EnricoMi/publish-unit-test-result-action from 2.13.0 to 2.14.0 (#292) chore(deps): bump EnricoMi/publish-unit-test-result-action Bumps [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) from 2.13.0 to 2.14.0. - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](https://github.com/enricomi/publish-unit-test-result-action/compare/4e121453199042300b654ee3b4b52720bc645dc6...8885e273a4343cd7b48eaa72428dea0c3067ea98) --- updated-dependencies: - dependency-name: EnricoMi/publish-unit-test-result-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc961bb6..3da95bb1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: run: | set -Eeuo pipefail docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ${{ github.repository }}:test bats --formatter junit testsuite.bats | tee test-report.xml - - uses: EnricoMi/publish-unit-test-result-action@4e121453199042300b654ee3b4b52720bc645dc6 # v2.13.0 + - uses: EnricoMi/publish-unit-test-result-action@8885e273a4343cd7b48eaa72428dea0c3067ea98 # v2.14.0 if: always() with: files: test-report.xml From 2f06fa03f1d36e5cbe9356f35a20963ea10dca21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 11:44:41 +0100 Subject: [PATCH 52/65] chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#291) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index af0bd61d..ebc40a77 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -34,7 +34,7 @@ jobs: if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif - - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: ${{ success() || failure() }} with: name: Linter Report From c45dba82994ef969b37953a0cce6a37e657f67e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 11 Feb 2024 12:19:21 +0100 Subject: [PATCH 53/65] chore(deps): bump reviewdog/action-suggester from 1.10.0 to 1.11.0 (#296) Bumps [reviewdog/action-suggester](https://github.com/reviewdog/action-suggester) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/reviewdog/action-suggester/releases) - [Commits](https://github.com/reviewdog/action-suggester/compare/45ee3515eafbecd5fc154cd8a74e0de93ee2b28e...3d7fde6859623ad6174df5fd662677a0eb63310a) --- updated-dependencies: - dependency-name: reviewdog/action-suggester dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index ebc40a77..a9b45b50 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -40,6 +40,6 @@ jobs: name: Linter Report path: | megalinter-reports - - uses: reviewdog/action-suggester@45ee3515eafbecd5fc154cd8a74e0de93ee2b28e # v1.10.0 + - uses: reviewdog/action-suggester@3d7fde6859623ad6174df5fd662677a0eb63310a # v1.11.0 with: tool_name: MegaLinter From 41d095588ae50b8bb6094abc5b94bc61fcf273c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 10:15:08 +0100 Subject: [PATCH 54/65] feat(deps): bump cmake from 3.28.1 to 3.28.3 in /.devcontainer (#297) Bumps [cmake](https://github.com/scikit-build/cmake-python-distributions) from 3.28.1 to 3.28.3. - [Release notes](https://github.com/scikit-build/cmake-python-distributions/releases) - [Changelog](https://github.com/scikit-build/cmake-python-distributions/blob/master/HISTORY.rst) - [Commits](https://github.com/scikit-build/cmake-python-distributions/compare/3.28.1...3.28.3) --- updated-dependencies: - dependency-name: cmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/requirements.in | 2 +- .devcontainer/requirements.txt | 36 +++++++++++++++++----------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.devcontainer/requirements.in b/.devcontainer/requirements.in index 15b95cb4..ce4df2e6 100644 --- a/.devcontainer/requirements.in +++ b/.devcontainer/requirements.in @@ -1,2 +1,2 @@ -cmake==3.28.1 +cmake==3.28.3 gcovr==7.0 diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt index 491004f0..70bfd611 100644 --- a/.devcontainer/requirements.txt +++ b/.devcontainer/requirements.txt @@ -4,24 +4,24 @@ # # pip-compile --generate-hashes requirements.in # -cmake==3.28.1 \ - --hash=sha256:0d4051d101d151d8387156c463aa45c8cd0e164f870e0ac0c8c91d3ff08528e1 \ - --hash=sha256:1be8f351271f8bcbe32288066e5add642d7c32f2f8fec3f135949c2cb13dfac2 \ - --hash=sha256:2ad22d897d2ed38544e5ef26ee21c4dccc38e938660cd07497fd6bdba0993ea6 \ - --hash=sha256:363bd0124d71d7e3d9b1ac9bd1dce1d80ba90f48b264c3bf9dbfcfda875cafc9 \ - --hash=sha256:379a730b274f39e5858ef2107861b2727918493347b0ccdd5f62bcbb6a8450d9 \ - --hash=sha256:3ed193134a4937bad8de2b4f62faebc8c1a4049cd37dad9767db7e7d91a08b52 \ - --hash=sha256:40f0671c05ef7eec27c4f53c63630b0b621e40f80ab38607d3a0e3a1f2c9242a \ - --hash=sha256:64d4642c48486bb4320540781a2266c2060929d1e236d6eb2b2c96273e75e958 \ - --hash=sha256:6a9549755d1178426502753d48949edae9bb0c66f15a07f09904783125beb0e3 \ - --hash=sha256:6ffb1fdb0b0f7f11271d82b5892c2edc109d561e186f882def095970403e2110 \ - --hash=sha256:74c9878c504ccc6ddd5b0914cbe3b86417a36a2c2dfc486040bfdfe63fbbb1ac \ - --hash=sha256:96d506c417d63bbcff19b3e9eaa69fe546456a0ddeffe914bcbb23cceee6818e \ - --hash=sha256:9c77c47afef821c0044ba73d182c386ab02e92e6bda5296e553c12455a083f29 \ - --hash=sha256:9ea12ebe4b8266f04d6619ed64860bd6e687522f02caf3131515dd39d614ef00 \ - --hash=sha256:bb03ed4753185d0c70c0bc3212e5533e20eb2c17fa0ca1e7603b702c6d0db8cf \ - --hash=sha256:c82bc0eb1495cf518cb4f355b8a73e584e67d53453406c0498bacc454cf6c404 \ - --hash=sha256:d0978cdd08c0ebc76f4f8543aba1381a41580dcb9c3bcffb536c41337b75aea1 +cmake==3.28.3 \ + --hash=sha256:2745d4362ac23f2f979e71d44759af740c3890429cb8a7e2fd449a30a901632f \ + --hash=sha256:29d127e5ef256d389feac0884e918612b89eb3a8febff1acf83bb27bc65042ab \ + --hash=sha256:2b811a7c97b2b31a56397baeb5ca93119fa4d215846851059748427c67f14a58 \ + --hash=sha256:35b14086257dc7ce8e83c19d2d20f7953d584fa3c9d1904211d8498fe1134ecc \ + --hash=sha256:4b1b413cf7683d54ec2a0f3b17a4d7c6979eb469270439c0e7a082256c78ab96 \ + --hash=sha256:5e4972e455fc24509561873cb06c9d9394852d77adde1cf970b859ad14a2a66f \ + --hash=sha256:795c4c7f0ad16cc6553085502a76aa7fcf36fd2f4c8420542d1c7f3be6f9de1e \ + --hash=sha256:8415ed1a9335eb30b0e435c38bcaeb8fd9ae900a9594fe500f3bcba744be1dc7 \ + --hash=sha256:a8092815c739da7d6775c26ec30c2645f0fca9527a29e36a682faec7d39cde89 \ + --hash=sha256:c6415d382933854d2b5508c4d2218cfb1a8cb90f5f78b4e97183f80089868eea \ + --hash=sha256:cc67c5e5df8db0be57d25b81f7dc76e0ec79215f914e585a8045589a380bcd3c \ + --hash=sha256:d3bc42bf54ea3d64e5d81eb31275076817507cf4a6aa07a49ffc01985cae1f09 \ + --hash=sha256:de10be2f470c41a3628e27157168f017ade2f14065588497e00f4582bc5eec07 \ + --hash=sha256:ea338ae68e0c5626f7c21f89b765eb0e81f7b497e977503a3bcce569984dc8a7 \ + --hash=sha256:f27187ae016b089d1c1fca6a24b3af58f9d79471097eaa3b7a7a7623ad12ea89 \ + --hash=sha256:f5573c453f7a6c213c82741c173d174b5c6b576eea5cc00e2a8a5a30c40244b3 \ + --hash=sha256:f6fc9755979d17970ca6d9688fb5cdd3702c9eaa7ac1ee97074e3d39d3400970 # via -r requirements.in gcovr==7.0 \ --hash=sha256:9bb365aadaf0c8d95fb457bba9f6fb6e306804faedc883786d90a72f93ed2d57 \ From b7f343a52ae6775af7c9809d28f4a4c2e15787bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 10:17:48 +0100 Subject: [PATCH 55/65] chore(deps): bump oxsecurity/megalinter from 7.8.0 to 7.9.0 (#298) Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7.8.0 to 7.9.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/688bc7466d7ab4faa83d614c2e6f9acf42b674dc...190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index a9b45b50..7844cf4e 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: oxsecurity/megalinter/flavors/documentation@688bc7466d7ab4faa83d614c2e6f9acf42b674dc # v7.8.0 + - uses: oxsecurity/megalinter/flavors/documentation@190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2 # v7.9.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true From a75d891fbc90ad93975b4d3d0ae28a84406dd458 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Tue, 13 Feb 2024 09:14:19 +0100 Subject: [PATCH 56/65] chore(main): release 4.3.0 (#269) --- .release-please-manifest.json | 2 +- CHANGELOG.md | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 34a3350a..83f9eb80 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "4.2.0" + ".": "4.3.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cbe2bb9..f649b434 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/) and this project adheres to [Semantic Versioning](https://semver.org/). +## [4.3.0](https://github.com/philips-software/amp-devcontainer/compare/v4.2.0...v4.3.0) (2024-02-12) + + +### Features + +* **deps:** Bump cmake from 3.28.1 to 3.28.3 in /.devcontainer ([#297](https://github.com/philips-software/amp-devcontainer/issues/297)) ([41d0955](https://github.com/philips-software/amp-devcontainer/commit/41d095588ae50b8bb6094abc5b94bc61fcf273c3)) +* **deps:** Bump gcovr from 6.0 to 7.0 in /.devcontainer ([#279](https://github.com/philips-software/amp-devcontainer/issues/279)) ([cdcf39b](https://github.com/philips-software/amp-devcontainer/commit/cdcf39bd584153ce06024b1c72aa53308bc38eda)) +* **deps:** Bump ubuntu from `6042500` to `a2bbdf7` in /.devcontainer ([#268](https://github.com/philips-software/amp-devcontainer/issues/268)) ([48f20ac](https://github.com/philips-software/amp-devcontainer/commit/48f20ac5cce536541a31e893615730643513a8cf)) +* **deps:** Bump ubuntu from `a2bbdf7` to `e6173d4` in /.devcontainer ([#270](https://github.com/philips-software/amp-devcontainer/issues/270)) ([4453737](https://github.com/philips-software/amp-devcontainer/commit/445373734e545826f2c9e6e525d6fec4f8a68fb4)) +* **deps:** Bump ubuntu from `e6173d4` to `e9569c2` in /.devcontainer ([#287](https://github.com/philips-software/amp-devcontainer/issues/287)) ([41bf430](https://github.com/philips-software/amp-devcontainer/commit/41bf430ab50777c2cbb855aae994356f9159e56a)) + ## [4.2.0](https://github.com/philips-software/amp-devcontainer/compare/v4.1.0...v4.2.0) (2024-01-15) From c309236303f43337af777af98af2f00304229652 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:16:46 +0000 Subject: [PATCH 57/65] chore(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 (#301) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4901385134134e04cec5fbe5ddfe3b2c5bd5d976...80f10bf419f34980065523f5efca7ebed17576aa) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 29dfacb7..332c9520 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -73,7 +73,7 @@ jobs: with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }} dependency-snapshot: true - - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + - uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0 if: ${{ github.event_name == 'pull_request' }} with: comment-summary-in-pr: on-failure From dc4724a4d558c71220ede864599be8f95aed0d45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:17:15 +0000 Subject: [PATCH 58/65] chore(deps): bump github/codeql-action from 3.24.0 to 3.24.1 (#302) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e8893c57a1f3a2b659b6b55564fdfdbbd2982911...e675ced7a7522a761fc9c8eb26682c8b27c42b2b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 7844cf4e..bf8b3627 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 481f24e8..b0851132 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 05c3fbc2..973f9922 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 6d0c7d7edccb8e26ec04ceabd2244eb2798e9663 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:26:26 +0100 Subject: [PATCH 59/65] ci(dependabot): group minor and patch updates for actions (#303) --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 97393f75..bed60d14 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,11 @@ updates: directory: / schedule: interval: daily + groups: + minor-and-patch-action-updates: + update-types: + - minor + - patch - package-ecosystem: docker directory: .devcontainer schedule: From 584aa6c8d4dc215b902ef74850604a5eb50fc50a Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:26:35 +0100 Subject: [PATCH 60/65] feat: remove unused package bzip2 (#300) bzip2 was used to extract the previous arm toolchain. The arm toolchain is now packed with xz. --- .devcontainer/apt-requirements-base.json | 1 - 1 file changed, 1 deletion(-) diff --git a/.devcontainer/apt-requirements-base.json b/.devcontainer/apt-requirements-base.json index 3f0c37e7..4c63c649 100644 --- a/.devcontainer/apt-requirements-base.json +++ b/.devcontainer/apt-requirements-base.json @@ -1,5 +1,4 @@ { - "bzip2": "1.0.8-5build1", "ca-certificates": "20230311ubuntu0.22.04.1", "g++-12": "12.3.0-1ubuntu1~22.04", "gdb-multiarch": "12.1-0ubuntu1~22.04", From b8f6b9722cb26b747019e49e65b2a38e7c4e99e5 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:26:43 +0100 Subject: [PATCH 61/65] chore: pin vscode plug-in versions (#299) chore: pin plug-in versions --- .devcontainer/devcontainer.json | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 8c2b43de..83d0bd26 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,4 @@ { - // This devcontainer has been set-up to run docker-from-docker scenarios as per - // https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker "build": { "dockerfile": "Dockerfile", "context": ".." @@ -13,11 +11,14 @@ "customizations": { "vscode": { "extensions": [ - "jetmartin.bats", - "matepek.vscode-catch2-test-adapter", - "ms-vscode.cmake-tools", - "ms-vscode.cpptools", - "SonarSource.sonarlint-vscode" + "GitHub.vscode-github-actions@0.26.2", + "GitHub.vscode-pull-request-github@0.76.1", + "jetmartin.bats@0.1.10", + "matepek.vscode-catch2-test-adapter@4.6.3", + "mhutchie.git-graph@1.30.0", + "ms-vscode.cmake-tools@1.16.32", + "ms-vscode.cpptools@1.18.5", + "SonarSource.sonarlint-vscode@4.1.0" ] } } From 43327fcdf92f3312753a20ff9e314d151627faf3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:05:32 +0100 Subject: [PATCH 62/65] chore(deps): bump the minor-and-patch-action-updates group with 1 update (#305) Bumps the minor-and-patch-action-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.24.1 to 3.24.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e675ced7a7522a761fc9c8eb26682c8b27c42b2b...ece8414c725e29de2e18c0859fda9e7280df9488) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-action-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index bf8b3627..a82aed8a 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + - uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index b0851132..d00c79ce 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 973f9922..22dc0693 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + - uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }} From 079aa82b5aa8ce2081360453b17c27b02475b695 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Fri, 16 Feb 2024 10:55:19 +0100 Subject: [PATCH 63/65] feat(deps): update unzip to 6.0-26ubuntu3.2 (#307) feat(deps): update dependencies --- .devcontainer/apt-requirements-base.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/apt-requirements-base.json b/.devcontainer/apt-requirements-base.json index 4c63c649..02da287a 100644 --- a/.devcontainer/apt-requirements-base.json +++ b/.devcontainer/apt-requirements-base.json @@ -6,7 +6,7 @@ "gnupg2": "2.2.27-3ubuntu2.1", "ninja-build": "1.10.1-1", "python3-pip": "22.0.2+dfsg-1ubuntu0.4", - "unzip": "6.0-26ubuntu3.1", + "unzip": "6.0-26ubuntu3.2", "wget": "1.21.2-2ubuntu1", "xsltproc": "1.1.34-4ubuntu0.22.04.1", "xz-utils": "5.2.5-2ubuntu1" From dcdd2dfa42cd801a755b28faac9f329cb4839d8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Feb 2024 10:56:35 +0100 Subject: [PATCH 64/65] feat(deps): bump ubuntu from `e9569c2` to `f9d633f` in /.devcontainer (#309) Bumps ubuntu from `e9569c2` to `f9d633f`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1ce59d25..cd18257f 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999 +FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da ARG BATS_VERSION=1.10.0 ARG CCACHE_VERSION=4.9 From ee51be1116cadbbeb052eeaaa75cd8b1c0454a5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Feb 2024 10:58:04 +0100 Subject: [PATCH 65/65] chore(deps): bump the minor-and-patch-action-updates group with 1 update (#308) Bumps the minor-and-patch-action-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.24.2 to 3.24.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ece8414c725e29de2e18c0859fda9e7280df9488...379614612a29c9e28f31f39a59013eb8012a51f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-action-updates ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting-formatting.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/vulnerability-scan.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index a82aed8a..11e2bc85 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -30,7 +30,7 @@ jobs: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 + - uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index d00c79ce..4ea03538 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -29,6 +29,6 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 22dc0693..34de74c5 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -19,7 +19,7 @@ jobs: with: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@ece8414c725e29de2e18c0859fda9e7280df9488 # v3.24.2 + - uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 if: ${{ steps.scan.outputs.sarif != '' }} with: sarif_file: ${{ steps.scan.outputs.sarif }}