Skip to content

Commit

Permalink
chore: bump slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0 (#…
Browse files Browse the repository at this point in the history 
…1875)

Bumps
[slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/slsa-framework/slsa-github-generator/releases">slsa-framework/slsa-github-generator's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<p><strong>This is an un-finalized release.</strong></p>
<p>See the <a
href="https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md">CHANGELOG</a>
for details.</p>
<h2>What's Changed</h2>
<ul>
<li>chore: v2.0.0: update tags to v2.0.0 by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3584">slsa-framework/slsa-github-generator#3584</a></li>
<li>fix: use <code>@​sigstore/cli</code> in
e2e.sign-attestations.schedule.yml by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3572">slsa-framework/slsa-github-generator#3572</a></li>
<li>docs: fix broken links by <a
href="https://github.com/suzuki-shunsuke"><code>@​suzuki-shunsuke</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3605">slsa-framework/slsa-github-generator#3605</a></li>
<li>chore(setup-go): update actions/setup-go to resolve the warning by
<a
href="https://github.com/suzuki-shunsuke"><code>@​suzuki-shunsuke</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3604">slsa-framework/slsa-github-generator#3604</a></li>
<li>fix: Update release docs by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3589">slsa-framework/slsa-github-generator#3589</a></li>
<li>docs: Add Atsign-Foundation NoPorts to the Hall of Fame by <a
href="https://github.com/cpswan"><code>@​cpswan</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3616">slsa-framework/slsa-github-generator#3616</a></li>
<li>docs: Add v2.0.0 to SECURITY.md by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3630">slsa-framework/slsa-github-generator#3630</a></li>
<li>docs: Add links to CHANGELOG by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3631">slsa-framework/slsa-github-generator#3631</a></li>
<li>ci: fix PR title checker by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3632">slsa-framework/slsa-github-generator#3632</a></li>
<li>ci: Add issue reopener by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3629">slsa-framework/slsa-github-generator#3629</a></li>
<li>fix: update softprops/action-gh-release to v2.0.5 by <a
href="https://github.com/suzuki-shunsuke"><code>@​suzuki-shunsuke</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3619">slsa-framework/slsa-github-generator#3619</a></li>
<li>chore(renovate): use cron syntax for schedule by <a
href="https://github.com/rarkins"><code>@​rarkins</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3638">slsa-framework/slsa-github-generator#3638</a></li>
<li>chore: Fix Renovate config by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3635">slsa-framework/slsa-github-generator#3635</a></li>
<li>feat: workflow to update actions dist by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3653">slsa-framework/slsa-github-generator#3653</a></li>
<li>fix(deps): update dependency <code>@​sigstore/rekor-types</code> to
v2 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3650">slsa-framework/slsa-github-generator#3650</a></li>
<li>chore(deps): update github-actions (major) by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3648">slsa-framework/slsa-github-generator#3648</a></li>
<li>fix(deps): update dependency org.json:json to v20231013 [security]
by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3641">slsa-framework/slsa-github-generator#3641</a></li>
<li>fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4
[security] by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3640">slsa-framework/slsa-github-generator#3640</a></li>
<li>chore(deps): update dependency pathspec to v0.12.1 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3644">slsa-framework/slsa-github-generator#3644</a></li>
<li>fix(deps): update dependency <code>@​actions/github</code> to v6 by
<a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3649">slsa-framework/slsa-github-generator#3649</a></li>
<li>fix(deps): update module golang.org/x/oauth2 to v0.20.0 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3646">slsa-framework/slsa-github-generator#3646</a></li>
<li>fix(deps): update npm by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3647">slsa-framework/slsa-github-generator#3647</a></li>
<li>chore: formatting by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3655">slsa-framework/slsa-github-generator#3655</a></li>
<li>chore(deps): update github-actions by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3642">slsa-framework/slsa-github-generator#3642</a></li>
<li>docs: Add openfga as another user of slsa-github-generator via
Github Actions by <a
href="https://github.com/aaguiarz"><code>@​aaguiarz</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/2950">slsa-framework/slsa-github-generator#2950</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-plugin-api to
v3.9.6 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3645">slsa-framework/slsa-github-generator#3645</a></li>
<li>chore: allow Renovate to create new config warning issues by <a
href="https://github.com/HonkingGoose"><code>@​HonkingGoose</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3662">slsa-framework/slsa-github-generator#3662</a></li>
<li>chore: Fix markdown issues by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3658">slsa-framework/slsa-github-generator#3658</a></li>
<li>chore(deps): update npm dev by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3643">slsa-framework/slsa-github-generator#3643</a></li>
<li>feat: Record vars in SLSA generators by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3633">slsa-framework/slsa-github-generator#3633</a></li>
<li>chore(deps): update github-actions by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3679">slsa-framework/slsa-github-generator#3679</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-plugin-api to
v3.9.7 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3680">slsa-framework/slsa-github-generator#3680</a></li>
<li>docs: Remove expected GA for Node.js builder by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3659">slsa-framework/slsa-github-generator#3659</a></li>
<li>ci: Add formatting pre-submit check by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3654">slsa-framework/slsa-github-generator#3654</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-plugin-api to
v3.9.8 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3712">slsa-framework/slsa-github-generator#3712</a></li>
<li>chore(deps): bump the npm_and_yarn group across 10 directories with
2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3714">slsa-framework/slsa-github-generator#3714</a></li>
<li>chore(deps): update github-actions by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3711">slsa-framework/slsa-github-generator#3711</a></li>
<li>chore(deps): bump the go_modules group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3715">slsa-framework/slsa-github-generator#3715</a></li>
<li>chore: slsa-verifier v2.6.0: Update action.yml by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3736">slsa-framework/slsa-github-generator#3736</a></li>
<li>fix: Update maven helper plugin build by <a
href="https://github.com/loosebazooka"><code>@​loosebazooka</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3746">slsa-framework/slsa-github-generator#3746</a></li>
<li>fix: maven e2e: remove verify job by <a
href="https://github.com/ramonpetgrave64"><code>@​ramonpetgrave64</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3748">slsa-framework/slsa-github-generator#3748</a></li>
<li>chore(deps): update github-actions by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3753">slsa-framework/slsa-github-generator#3753</a></li>
<li>chore(deps): bump github.com/docker/docker from 24.0.9+incompatible
to 25.0.6+incompatible in the go_modules group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3760">slsa-framework/slsa-github-generator#3760</a></li>
<li>chore(config): migrate renovate config by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/pull/3774">slsa-framework/slsa-github-generator#3774</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/f7dd8c54c2067bafc12ca7a55595d5ee9b75204a"><code>f7dd8c5</code></a>
update the ref in the pre-submit</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/0a5124b181e38cc2890f186c2990ecec131012bc"><code>0a5124b</code></a>
fix jq for the sigstore bundles</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/fbeecf0c1e9cbb70c6828b0d311037a9e6cce717"><code>fbeecf0</code></a>
update docs</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/f701310a334f5d712a8869541c8e19ecb4eefc24"><code>f701310</code></a>
update workflows</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/361859811395a7dfc81e24fb4dfe843a59715a40"><code>3618598</code></a>
v2.1.0-rc.3</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/46f81fc6ad1b81b30ecdcf73ef9968b9787dc2c5"><code>46f81fc</code></a>
chore: update refs to v2.1.0-rc.1 (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/4120">#4120</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/5d20c9315555cc3ea10212f5ab25b0d883f3d428"><code>5d20c93</code></a>
chore: use builder tag v2.1.0-rc.0 (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/4118">#4118</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/e27b237be2003c8ae32f1300b9f5c3cc9c71dce7"><code>e27b237</code></a>
chore: braces and ejs vulns (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/4116">#4116</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/8967e1c98e3dcee60e8651c796b4f5a99300eadc"><code>8967e1c</code></a>
chore: Update CODEOWNERS (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/4115">#4115</a>)</li>
<li><a
href="https://github.com/slsa-framework/slsa-github-generator/commit/47d1954c9e926d98abb20faffbf6352b3f736dce"><code>47d1954</code></a>
chore: update octokit deps (<a
href="https://redirect.github.com/slsa-framework/slsa-github-generator/issues/4114">#4114</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=slsa-framework/slsa-github-generator&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
@dependabot
dependabot[bot] authored Feb 25, 2025
1 parent 1d210a2 commit 261274d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
id-token: write
contents: read
actions: read
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v2.0.0
uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v2.1.0
with:
run-scripts: "set:version, ci, build"

Expand All @@ -82,7 +82,7 @@ jobs:
registry-url: "https://registry.npmjs.org"
- name: Publish package
id: publish
uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0
uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@9103ac683d00ceecdb1c21507a9c7a9983ef46f4 # v2.0.0
with:
access: public
node-auth-token: ${{ secrets.NPM_TOKEN }}
Expand Down

0 comments on commit 261274d

Please sign in to comment.