-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump lycheeverse/lychee-action from 1.5.4 to 1.8.0 #25
Open
dependabot
wants to merge
136
commits into
develop
Choose a base branch
from
dependabot/github_actions/develop/lycheeverse/lychee-action-1.8.0
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Bump lycheeverse/lychee-action from 1.5.4 to 1.8.0 #25
dependabot
wants to merge
136
commits into
develop
from
dependabot/github_actions/develop/lycheeverse/lychee-action-1.8.0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Many fixes to the constraints in the OSCAL metaschemas to repair broken Metapaths. * fixing defects in metaschema constraints * Updating to latest Metaschema toolchain. Removed use of the "require" constraint. * updating readme with current links
…ts (#1101) * Group scenarios and add edge case scenario * Group the scenarios that test o:glob-as-regex. * Add scenario for edge case where input is empty. * For selection, augment XSpec and update XSLT * Add XSpec tests for oscal-profile-resolve-select.xsl, mostly at the level of templates and functions. * Minor enhancements in oscal-profile-resolve-select.xsl: * Add support for with-parent-controls * Generate fatal error if resource cannot be fetched * Provide focused error message if resource has no suitable rlink * Handle missing matching pattern * Fix indentation * Fix scenario that intentionally omits pattern * Rename o:resource-or-warning as o:resource-or-error * Attributes, not elements, for "from" and "to" * Update expected value for 4a3cadf changes in catalog * The abc-full_catalog.xml file has changed, so the "Loose parameters" test scenario needs adjustment. * Reduce redundancy in expected metadata * metadata is copied verbatim, so no need to check details in multiple test scenarios for the match=profile template * Update verbiage to cross-reference with logged discussion pages
For consistency with select.xspec, use XSpec variable instead of entity for the path to the profile resolution examples.
random-util.xsl provides r:make-uuid and r:make-uuid-sequence for creating one or more random UUIDs. The r:make-random-string-sequence function supports more flexible random patterns. Implementations here use the XPath function, random-number-generator. random-util.xspec provides template- and function-level tests for code in random-util.xsl.
Implementing an idea from @wendellpiez: Instead of iterating over a numeric sequence that represents the position of each character in a long string, iterate over the sequence of characters. This change is in the implementation only, not in the function output. I used ad hoc modifications of the label="seq-length=10000" scenario in the XSpec test to check that the original and modified functions produce the same UUID sequence.
- Metadata tests and way of determining top UUID - Remove global parameter assign-uuid (note backward incompatibility - is it OK?) - Instead, support global parameters uuid-method and top-uuid, in uuid-method-choice.xsl - Support global parameter hide-source-profile-uri - Stub of opr:oscal-version function - Stub of message handler template, using xsl:message for now - Add XSpec tests - Add table of parameters and clarify testing folder content - Change "home" from global param to global variable; does not need to be set from outside
XSLT - Move some code from oscal-profile-resolve-select.xsl to new file, select-or-custom-merge.xsl, and share it between Selection phase and Merge phase. - Add error checking for multiple structuring directives. - Finish the incomplete support for `insert-controls/@order`. - Fix bug in support for `@with-parent-controls` in Selection phase. XSpec - In select.xspec, add test for order of controls matching imported document, not profile document. Also, add test for `@with-parent-controls` bug fix. - Create merge-combine.xspec for testing combine-elements and mode="o:combine-elements" templates. - Organize tests among merge.xspec, merge-combine.xspec, merge-as-is.xspec, and merge-custom.xspec. - Integrate back-matter testing into template-level tests in merge.xspec and merge-as-is.xspec, and delete merge-back-matter.xspec.
* Added mapping model supporting mapping controls and control statements between two catalogs. * Adjusted relationships based on PR #1150 discussions. Added type enumerations. * Included a simple example
Adding the mapping model to the metaschema CI build.
Bumps [ajv-cli](https://github.com/ajv-validator/ajv-cli) from 4.2.0 to 5.0.0. - [Release notes](https://github.com/ajv-validator/ajv-cli/releases) - [Commits](ajv-validator/ajv-cli@v4.2.0...v5.0.0) --- updated-dependencies: - dependency-name: ajv-cli dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 3.0.0 to 4. - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](peter-evans/create-issue-from-file@97e6f90...99b87c3) --- updated-dependencies: - dependency-name: peter-evans/create-issue-from-file dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v2...v3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.9.2 to 4.14.1. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@be7095c...49620cd) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.83.1 to 0.101.0. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/goreleaser.yml) - [Commits](gohugoio/hugo@v0.83.1...v0.101.0) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Saxon-HE from 10.6 to 10.8. --- updated-dependencies: - dependency-name: net.sf.saxon:Saxon-HE dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@5b949b5...2fddd88) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.2.5-100 to 1.4.1-100. - [Release notes](https://github.com/ndw/xmlcalabash1/releases) - [Commits](ndw/xmlcalabash1@1.2.5-100...1.4.1-100) --- updated-dependencies: - dependency-name: com.xmlcalabash:xmlcalabash dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.18.3-bullseye to 1.18.4-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add mapping model to docs collection.
…s and profiles (#1380) Addresses #1312
* Revised text to address ambiguity around handling `oscal-version` in the generated catalog target based on the versions provided in the imports and source profile. Resolves #1272. * Adding swap space to resolve memory issue with Hugo build
* Profile Resolution spec: updated names of 'remove' directives * Resolves #1246. Also repairs a few errors in surrounding copy. * Adding swap space to address Hugo memory exhaustion. Co-authored-by: David Waltermire <[email protected]>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 19eeec562b37d29a1ad055b7de9c280bd0906d8d to c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@19eeec5...c3ac5dd) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.107.0 to 0.108.0. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.toml) - [Commits](gohugoio/hugo@v0.107.0...v0.108.0) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.19.3-bullseye to 1.19.4-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ops in the OSCAL namespace are properly closed and all link rels are open for extension. (#1579)
* Bump xmlcalabash from 1.5.1-100 to 1.5.3-110 in /build Bumps [xmlcalabash](https://github.com/ndw/xmlcalabash1) from 1.5.1-100 to 1.5.3-110. - [Release notes](https://github.com/ndw/xmlcalabash1/releases) - [Commits](ndw/xmlcalabash1@1.5.1-100...1.5.3-110) --- updated-dependencies: - dependency-name: com.xmlcalabash:xmlcalabash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update pom.xml Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David Waltermire <[email protected]>
* Fix Dockerfile multi-stage builds, closes #1597. * Add maven.restlet.org workaround. If the TLS cert is bad, it will break local build just like maven building Java deps in GHA. * Fix directory safety for doctor, closes usnistgov/OSCAL#1600. * Somehow, docs/run-server.sh set to non-executable again.
Dependabot couldn't find the original pull request head commit, 6a131ed2d145b11a76a8fb4e32eae5d1fa7f521c. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, bac53979a935df659c535fe2244d790a80d7495e. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 794aaad2d05b2547c7cedf8f6e975472060dcdc9. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 0fc50f7a116787dec18ce4b687a86bf3a9cb072c. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 4abee5e00492b4a66d9936deddb10a1207bf1da1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 1ea8e7a9b954338a44e02daf43e4240da9c4808f. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.19.4-bullseye to 1.19.5-bullseye. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot couldn't find the original pull request head commit, 6e86f78b8482b07071dd6643e59ff81c569ba291. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](peaceiris/actions-gh-pages@de7ea6f...64b46b4) --- updated-dependencies: - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.4.0...maven-dependency-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3.1.1...0b7f8ab) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@8c91899...64ed1c7) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) from 3.9.1 to 3.9.2. - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](peaceiris/actions-gh-pages@64b46b4...bd8c6b0) --- updated-dependencies: - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.109.0 to 0.110.0. - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.toml) - [Commits](gohugoio/hugo@v0.109.0...v0.110.0) --- updated-dependencies: - dependency-name: github.com/gohugoio/hugo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@d556fea...98814c5) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.5.4 to 1.8.0. - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](lycheeverse/lychee-action@4dcb8be...ec3ed11) --- updated-dependencies: - dependency-name: lycheeverse/lychee-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
labels
May 15, 2023
aj-stein-nist
force-pushed
the
develop
branch
from
September 28, 2023 05:12
5afde6c
to
0825b9f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps lycheeverse/lychee-action from 1.5.4 to 1.8.0.
Release notes
Sourced from lycheeverse/lychee-action's releases.
Commits
ec3ed11
bump lychee versionec7614d
bump lychee-action version3908ce5
Merge branch 'master' of github.com:lycheeverse/lychee-action5d778f1
bump lychee version697a995
Note about GitHub token97189f2
bump version01d72a0
update to 1.7.07dedc2e
bump lychee version (#192)a12cbb3
add info about split up cache steps (#190)053a19c
Update FUNDING.ymlDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)