Merge branch 'main' into feature/add-first-run-notice

rjaegers · web-flow · commit 636640da2283 · 2025-01-28T10:35:26.000+01:00
Signed-off-by: Ron &lt;45816308+rjaegers@users.noreply.github.com&gt;
diff --git a/.devcontainer/cpp/apt-requirements-base.json b/.devcontainer/cpp/apt-requirements-base.json
@@ -3,7 +3,7 @@
   "ca-certificates": "20240203",
   "g++-14": "14.2.0-4ubuntu2~24.04",
   "gdb-multiarch": "15.0.50.20240403-0ubuntu1",
-  "git": "1:2.43.0-1ubuntu7.1",
+  "git": "1:2.43.0-1ubuntu7.2",
   "gnupg2": "2.4.4-2ubuntu17",
   "ninja-build": "1.11.1-2",
   "python3-pip": "24.0+dfsg-1ubuntu1.1",
diff --git a/.devcontainer/cpp/devcontainer-metadata-vscode.json b/.devcontainer/cpp/devcontainer-metadata-vscode.json
@@ -11,8 +11,8 @@
         "mhutchie.git-graph@1.30.0",
         "ms-vscode.cmake-tools@1.19.52",
         "ms-vscode.cpptools@1.22.11",
-        "ms-vsliveshare.vsliveshare@1.0.5941",
-        "sonarsource.sonarlint-vscode@4.14.1"
+        "ms-vsliveshare.vsliveshare@1.0.5948",
+        "sonarsource.sonarlint-vscode@4.15.0"
       ],
       "settings": {
         "C_Cpp.intelliSenseEngine": "disabled",
diff --git a/.devcontainer/cpp/requirements.in b/.devcontainer/cpp/requirements.in
@@ -1,3 +1,3 @@
-cmake==3.31.2
+cmake==3.31.4
 conan==2.11.0
-gcovr==8.2
+gcovr==8.3
diff --git a/.devcontainer/cpp/requirements.txt b/.devcontainer/cpp/requirements.txt
@@ -115,26 +115,26 @@ charset-normalizer==3.4.0 \
     --hash=sha256:fe9f97feb71aa9896b81973a7bbada8c49501dc73e58a10fcef6663af95e5079 \
     --hash=sha256:ffc519621dce0c767e96b9c53f09c5d215578e10b02c285809f76509a3931482
     # via requests
-cmake==3.31.2 \
-    --hash=sha256:09b3b1c919c76d25272bd9a0f15baf954d6c883abffdd1cfb3fbf1afa7a2c556 \
-    --hash=sha256:16a323fcbb86cf8a10aea82cd4deecb33edb3ed7e8907be8a06933ce04f6e6d1 \
-    --hash=sha256:2988aac62b9ada74bb802a8065ea58abe57bf203c057bb7e0456c3575a89c48a \
-    --hash=sha256:31aaa73c6bf49109b2a7ab86b3e6887b5db0da6be30ddfb30bed160b84787f89 \
-    --hash=sha256:378036396394dad7673cdfc603bb85af34945607df43e8dad731f5907c755f3b \
-    --hash=sha256:3bd054996b8a36ff5beb3cdd0ffbf8edf23d719cf946762662a9fb70525b1d1b \
-    --hash=sha256:604c44684dbcbec1458310bd57b9e69b7768ddd7cd2fc852607ca24616f34518 \
-    --hash=sha256:79b7eb78aea04e363a736e544afc4b4489f50415075bd77131e5314778b8e879 \
-    --hash=sha256:7b5f4f5ec4b0d6275369881a2a7bf7230af1cb60afdb20a7b2fbc70690f13564 \
-    --hash=sha256:8210a40d5b08bec7c752974f2b217a062a092480e33dcbd39d46a8cd96c29ddc \
-    --hash=sha256:82ec0a96b965874dc793ed6d3aa7edad6f364d4ba8b86307548bfbbca70fd2dd \
-    --hash=sha256:8c1fa50cafe54f9aa074d03cda1ade54271039d939194adc9cd1ac388b1af055 \
-    --hash=sha256:8d8c840502f84a16562820ee23f963583953939de63a9582f0f7735868cd18e6 \
-    --hash=sha256:994e14f485329d58d316487bd1759ad89717b895079e8b892a8220f03c1c5267 \
-    --hash=sha256:aec014f19536f2b6b0a94f4e20990c28fb93c4bdf9193d57fa5e50ef829aaf78 \
-    --hash=sha256:c8f9d7f8371a6739bbec7c238d213877f31b22a10930c91dea59b8b9463b6ee1 \
-    --hash=sha256:cedb6de320a65ff0137e5c6090b9b7fba459788237d3d4deb6e66be19fe9b61d \
-    --hash=sha256:e8fc23d376b3fae8945067f397d8503fff210eefe1e49ab9ece1d99a88679cf4 \
-    --hash=sha256:fa3b23b8bd52c0ae9e3c6b635ac8ee70d8f35d24bacf39cc4cea22aec6e4ed84
+cmake==3.31.4 \
+    --hash=sha256:20be7cdb41903edf85e8a498c4beff8d6854acbb087abfb07c362c738bdf0018 \
+    --hash=sha256:225d9a643b0b60ffce0399ff0cabd7a4820e0dbcb794e97d3aacfcf7c0589ae6 \
+    --hash=sha256:23781e17563693a68b0cef85749746894b8a61488e56e96fc6649b73652e8236 \
+    --hash=sha256:25c5094394f0cee21130b5678e5b4552f72470e266df6d6fb1d5c505100f0eaa \
+    --hash=sha256:2a37be93534df04513f0845492d71bc80899c3f87b77e3b01c95aff1a7fc9bde \
+    --hash=sha256:466c9295af440bb4a47cc5e1af10576cf2227620528afd0fd0b3effa1d513b49 \
+    --hash=sha256:838a388b559137f3654d8cf30f62bbdec10f8d1c3624f0d289614d33cdf4fba1 \
+    --hash=sha256:89143a5e2a5916061f2cfc5012e9fe6281aaf7c0dae7930bdc68d105d22ddc39 \
+    --hash=sha256:926d91cae2ba7d2f3df857d0fc066bdac4f3904bf5c95e99b60435e85aabedb4 \
+    --hash=sha256:929a8d8d289d69e43784661748ddd08933ce1ec5db8f9bcfce6ee817a48f8787 \
+    --hash=sha256:9479a9255197c49e135df039d8484c69aa63158a06ae9c2d0eb939da2f0f7dff \
+    --hash=sha256:a6a3b0b9557f41c955a6b25c94205f2ca9c3a46edca809ad87507c5ef6bc4274 \
+    --hash=sha256:a6ac2242e0b16ad7d94c9f8572d6f232e6169747be50e5cdf497f206c4819ce1 \
+    --hash=sha256:b463efdf5b92f3b290235aa9f8da092b3dac19b7636c563fd156022dab580649 \
+    --hash=sha256:c9f5f8289c5e7bd2ed654cbac164021fa7723064fee0443a2f0068bc08413d81 \
+    --hash=sha256:d378c9e58eac906bddafd673c7571262dcd5a9946bb1e8f9e3902572a8fa95ca \
+    --hash=sha256:f6af3b83a1b1fc1d990d18b6a566ee9c95c0393f986c6df15f2505dda8ad1bcc \
+    --hash=sha256:f96127bf663168accd29d5a50ee68ea80f26bcd37f96c7a14ef2378781f19936 \
+    --hash=sha256:fc048b4b70facd16699a43c737f6782b4eff56e8e6093090db5979532d9db0f6
     # via -r cpp/requirements.in
 colorama==0.4.6 \
     --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
@@ -155,9 +155,9 @@ fasteners==0.19 \
     --hash=sha256:758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 \
     --hash=sha256:b4f37c3ac52d8a445af3a66bce57b33b5e90b97c696b7b984f530cf8f0ded09c
     # via conan
-gcovr==8.2 \
-    --hash=sha256:9a1dddd4585d13ec77555db5d6b6a31ee81587ea6fc604ff9fcd232cb0782df5 \
-    --hash=sha256:bee23da2198bc1e0b9d0109018b9460df52355372319b5ddf81aca4e54f6bd61
+gcovr==8.3 \
+    --hash=sha256:d613a90aeea967b4972fbff69587bf8995ee3cd80df2556983b73141f30642d2 \
+    --hash=sha256:faa371f9c4a7f78c9800da655107d4f99f04b718d1c0d9f48cafdcbef0049079
     # via -r cpp/requirements.in
 idna==3.10 \
     --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \
diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile
@@ -1,8 +1,8 @@
 FROM ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
 
 ARG BATS_VERSION=1.11.0
-ARG CARGO_BINSTALL_VERSION=1.10.8
-ARG RUST_VERSION=1.81.0
+ARG CARGO_BINSTALL_VERSION=1.10.22
+ARG RUST_VERSION=1.84.0
 
 ARG DEBIAN_FRONTEND=noninteractive
 
@@ -47,9 +47,9 @@ RUN update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \
 ENV BINSTALL_DISABLE_TELEMETRY=true
 # Install additional rust tools
 RUN wget -qO - "https://github.com/cargo-bins/cargo-binstall/releases/download/v${CARGO_BINSTALL_VERSION}/cargo-binstall-$(uname -m)-unknown-linux-gnu.tgz" | tar xz -C "/usr/bin" \
- && cargo-binstall -y --locked cargo-binutils@0.3.6 cargo-mutants@24.9.0 flip-link@0.1.9 \
+ && cargo-binstall -y --locked cargo-binutils@0.3.6 cargo-mutants@25.0.0 flip-link@0.1.10 \
  # cargo-binstall can't (yet) install probe-rs-tools for aarch64, fall-back to script installation
- && wget -qO - https://github.com/probe-rs/probe-rs/releases/download/v0.24.0/probe-rs-tools-installer.sh | sh
+ && wget -qO - https://github.com/probe-rs/probe-rs/releases/download/v0.26.0/probe-rs-tools-installer.sh | sh
 
 COPY .devcontainer/rust/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt
 RUN sed -i '/^<!--/d' /usr/local/etc/vscode-dev-containers/first-run-notice.txt
diff --git a/.devcontainer/rust/apt-requirements-base.json b/.devcontainer/rust/apt-requirements-base.json
@@ -2,7 +2,7 @@
   "bash-completion": "1:2.11-8",
   "ca-certificates": "20240203",
   "g++-14": "14.2.0-4ubuntu2~24.04",
-  "git": "1:2.43.0-1ubuntu7.1",
+  "git": "1:2.43.0-1ubuntu7.2",
   "gnupg2": "2.4.4-2ubuntu17",
   "libc6-dev": "2.39-0ubuntu8.3",
   "rustup": "1.26.0-5build1",
diff --git a/.devcontainer/rust/devcontainer-metadata-vscode.json b/.devcontainer/rust/devcontainer-metadata-vscode.json
@@ -6,8 +6,8 @@
     "vscode": {
       "extensions": [
         "mhutchie.git-graph@1.30.0",
-        "ms-vsliveshare.vsliveshare@1.0.5941",
-        "rust-lang.rust-analyzer@0.3.2237",
+        "ms-vsliveshare.vsliveshare@1.0.5948",
+        "rust-lang.rust-analyzer@0.3.2273",
         "tamasfe.even-better-toml@0.21.2",
         "usernamehw.errorlens@3.22.0"
       ]
diff --git a/.github/workflows/acceptance-test.yml b/.github/workflows/acceptance-test.yml
@@ -19,7 +19,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v9.0.1
+      - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -35,7 +35,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}
           HEAD_REF: ${{ github.head_ref }}
-      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 20
       - run: npm ci
@@ -68,7 +68,7 @@ jobs:
           GITHUB_USER: ${{ secrets.TEST_GITHUB_USER }}
           GITHUB_PASSWORD: ${{ secrets.TEST_GITHUB_PASSWORD }}
           GITHUB_TOTP_SECRET: ${{ secrets.TEST_GITHUB_TOTP_SECRET }}
-      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: always()
         with:
           name: playwright-artifacts
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -22,25 +22,23 @@ jobs:
   build-push:
     runs-on: ubuntu-latest
     permissions:
+      attestations: write
       # dependency-submission needs contents write permission.
       contents: write
+      # attest-build-provenance needs id-token write permission.
+      id-token: write
       packages: write
       pull-requests: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
     strategy:
       matrix:
         flavor: ["cpp", "rust"]
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v9.0.1
+      - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
-        if: github.event_name != 'merge_group'
       - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
       - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         if: github.event_name != 'merge_group'
@@ -84,7 +82,7 @@ jobs:
         id: devcontainer-metadata
       - run: echo "git-commit-epoch=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
         id: devcontainer-epoch
-      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+      - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         id: build-and-push
         env:
           SOURCE_DATE_EPOCH: ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }}
@@ -98,20 +96,19 @@ jobs:
             devcontainer.metadata=${{ steps.devcontainer-metadata.outputs.metadata }}
           annotations: ${{ steps.metadata.outputs.annotations }}
           sbom: true
-          provenance: true
           cache-from: type=gha,scope=${{ github.repository }}-${{ matrix.flavor }}
           cache-to: type=gha,mode=max,scope=${{ github.repository }}-${{ matrix.flavor }}
       - uses: ./.github/actions/container-size-diff
         id: container-size-diff
         with:
           from-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}:latest
           to-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }}
-      - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+      - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         with:
           header: container-size-diff-${{ matrix.flavor }}
           message: |
             ${{ steps.container-size-diff.outputs.size-diff-markdown }}
-      - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
+      - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
         if: steps.build-and-push.outputs.digest != '' && github.event_name != 'merge_group'
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }}
@@ -121,14 +118,18 @@ jobs:
         with:
           comment-summary-in-pr: on-failure
           fail-on-severity: critical
-      - name: Sign the images with GitHub OIDC token
+      - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
+        if: github.event_name != 'merge_group'
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: true
+      - name: Verify attestation
         if: github.event_name != 'merge_group'
-        # This step uses the GitHub OIDC identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
         env:
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          GH_TOKEN: ${{ github.token }}
         run: |
-          cosign sign --yes --recursive "${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${DIGEST}"
+          gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }}
   acceptance-test:
     if: github.event_name == 'pull_request'
     needs: build-push
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           persist-credentials: false
       - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
-      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+      - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           file: .devcontainer/${{ matrix.flavor }}/Dockerfile
           load: true
@@ -43,7 +43,7 @@ jobs:
         run: |
           set -Eeuo pipefail
           docker run --rm --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src="${{ github.workspace }}/test/${{ matrix.flavor }}",dst=/ws -w /ws ${{ github.repository }}-${{ matrix.flavor }}:test bats --formatter junit integration-tests.bats | tee test-report-${{ matrix.flavor }}.xml
-      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: always()
         with:
           name: test-results-${{ matrix.flavor }}
diff --git a/.github/workflows/issue-cleanup.yml b/.github/workflows/issue-cleanup.yml
@@ -15,7 +15,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
         with:
           stale-issue-label: "stale"
           stale-pr-label: "stale"
diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml
@@ -26,21 +26,21 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: false
-      - uses: oxsecurity/megalinter@1fc052d03c7a43c78fe0fee19c9d648b749e0c01 # v8.3.0
+      - uses: oxsecurity/megalinter@f90c800040e4f84800700b27b2394d3eecc1fdad # v8.4.0
         env:
           APPLY_FIXES: all
           VALIDATE_ALL_CODEBASE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
         if: success() || failure()
         with:
           sarif_file: megalinter-reports/megalinter-report.sarif
-      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: success() || failure()
         with:
           name: Linter Report
           path: |
             megalinter-reports
-      - uses: reviewdog/action-suggester@db4abb16fbaabe386831e5addb7be1485d0d63d3 # v1.18.0
+      - uses: reviewdog/action-suggester@a3026c6020837c23b61a79d12db223a00df19e6a # v1.19.0
         with:
           tool_name: MegaLinter
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -27,6 +27,6 @@ jobs:
           results_format: sarif
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
           publish_results: true
-      - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/package-published.yml b/.github/workflows/package-published.yml
@@ -0,0 +1,19 @@
+---
+name: Package Published
+
+on:
+  registry_package:
+    types: [updated]
+
+permissions:
+  contents: read
+
+jobs:
+  attach-provenance-to-release:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          set -Eeuo pipefail
+          echo "${{ toJson(github.event.registry_package) }}" | jq .
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-conventional-title.yml b/.github/workflows/pr-conventional-title.yml
@@ -26,7 +26,7 @@ jobs:
             doesn't start with an uppercase character.
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+      - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         if: always() && steps.pr-title.outputs.error_message != null
         with:
           header: pr-title-lint-error
@@ -40,7 +40,7 @@ jobs:
             ${{ steps.pr-title.outputs.error_message }}
 
       - if: steps.pr-title.outputs.error_message == null
-        uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         with:
           header: pr-title-lint-error
           delete: true
diff --git a/.github/workflows/pr-image-cleanup.yml b/.github/workflows/pr-image-cleanup.yml
@@ -20,13 +20,11 @@ jobs:
     permissions:
       packages: write
     steps:
-      - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
       - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - run: cosign clean -f --type=signature "${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}:pr-${{ github.event.pull_request.number }}"
       - uses: bots-house/ghcr-delete-image-action@3827559c68cb4dcdf54d813ea9853be6d468d3a4 # v1.1.0
         with:
           owner: ${{ github.repository_owner }}
diff --git a/.github/workflows/prime-cache.yml b/.github/workflows/prime-cache.yml
@@ -36,7 +36,7 @@ jobs:
               "root-ccache": "/root/.ccache"
             }
           skip-extraction: ${{ steps.buildkit-cache.outputs.cache-hit }}
-      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
+      - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           file: .devcontainer/${{ matrix.flavor }}/Dockerfile
           platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/social-interaction.yml b/.github/workflows/social-interaction.yml
@@ -3,7 +3,9 @@ name: Social Interaction
 
 on:
   issues:
+    types: [opened]
   pull_request:
+    types: [opened]
 
 permissions:
   contents: read
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           image: ghcr.io/${{ github.repository }}-${{ matrix.flavor }}:latest
           dockerfile: .devcontainer/Dockerfile
-      - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
         if: steps.scan.outputs.sarif != ''
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "5.5.4"
+  ".": "5.6.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/README.md b/README.md
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/test/rust/integration-tests.bats b/test/rust/integration-tests.bats

-Original file line number
+Diff line change
         "[email protected]",
         "[email protected]",
         "[email protected]",
 -        "[email protected].5941",
 -        "sonarsource.sonarlint-vscode@4.14.1"
 +        "[email protected].5948",
 +        "sonarsource.sonarlint-vscode@4.15.0"
       ],
       "settings": {
         "C_Cpp.intelliSenseEngine": "disabled",