Skip to content

chore(deps): bump zircote/adrscope from e6384bf222c179d4083e1003b17154e48fc0f914 to 3ebe4255d8d0d76b563cd91207de209397b65285#136

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/zircote/adrscope-3ebe4255d8d0d76b563cd91207de209397b65285
Open

chore(deps): bump zircote/adrscope from e6384bf222c179d4083e1003b17154e48fc0f914 to 3ebe4255d8d0d76b563cd91207de209397b65285#136
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/zircote/adrscope-3ebe4255d8d0d76b563cd91207de209397b65285

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps zircote/adrscope from e6384bf222c179d4083e1003b17154e48fc0f914 to 3ebe4255d8d0d76b563cd91207de209397b65285.

Changelog

Sourced from zircote/adrscope's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

  • [Docs]: Add comprehensive dependencies reference documentation

    • Complete catalog of all external dependencies with purposes
    • Version constraints and update policy
    • Supply chain security information
    • Dependency graph visualization
  • [Attested Delivery]: Release pipeline now attaches SLSA build provenance and a CycloneDX SBOM attestation to every platform binary, and fail-closed verifies every attestation before the GitHub Release is published

  • [Publish Workflow]: crates.io publishing via OIDC Trusted Publishing, with SLSA provenance attested against the exact .crate bytes the registry serves

  • [Homebrew Workflow]: Formula in zircote/homebrew-tap is regenerated automatically on release (source-built formula)

  • [CI]: pin-check job asserts every workflow uses: reference is pinned to a full 40-char commit SHA

  • [SECURITY.md]: Documents how to verify release artifact attestations

  • [LICENSE]: Add MIT license text

Changed

  • [Deps]: Update pulldown-cmark from 0.13.0 to 0.13.1 (patch release)
  • [Release Artifacts]: Binaries are now published as bare executables named adrscope-{version}-{platform} (e.g. adrscope-0.4.0-linux-amd64) instead of target-triple tar.gz/zip archives
  • [Action]: Downloads the new artifact naming and fail-closed verifies the binary's attestation before use; falls back to legacy archives for releases <= 0.3.0
  • [Crate Packaging]: Cargo.toml include allowlist keeps repo-internal files out of the published crate

28aebca (feat(release): adopt attested delivery pipeline)

[0.3.0] - 2026-01-15

Changed

  • [Action]: Move action.yml to repository root for GitHub Marketplace publishing
  • [Docs]: Add prominent GitHub Action section to README with examples
  • [Docs]: Add Marketplace badge and Homebrew installation instructions

... (truncated)

Commits
  • 3ebe425 ci: bump actions/checkout from 6.0.3 to 7.0.0 (#101)
  • fa2f9c7 ci: bump dtolnay/rust-toolchain from 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9...
  • d9c6e54 ci: bump actions/cache/restore from 5.0.5 to 6.1.0 (#98)
  • 370f004 deps: bump time from 0.3.51 to 0.3.53 (#97)
  • b44d631 ci: bump github/gh-aw-actions/setup-cli from 0.79.6 to 0.81.6 (#96)
  • 8dd2bbd ci: bump taiki-e/install-action from 2.81.10 to 2.82.5 (#95)
  • fcaee3d deps: bump time from 0.3.49 to 0.3.51 (#92)
  • 93e0ca1 ci: bump github/gh-aw/actions/setup-cli from 0.79.6 to 0.80.9 (#94)
  • 53585b0 ci: bump zircote/.github/.github/workflows/reusable-dependabot-automerge.yml ...
  • 3f5aac0 ci: bump zircote/.github/.github/workflows/pin-check.yml from e8f0dbde068cc07...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [zircote/adrscope](https://github.com/zircote/adrscope) from e6384bf222c179d4083e1003b17154e48fc0f914 to 3ebe4255d8d0d76b563cd91207de209397b65285.
- [Release notes](https://github.com/zircote/adrscope/releases)
- [Changelog](https://github.com/zircote/adrscope/blob/main/CHANGELOG.md)
- [Commits](zircote/adrscope@e6384bf...3ebe425)

---
updated-dependencies:
- dependency-name: zircote/adrscope
  dependency-version: 3ebe4255d8d0d76b563cd91207de209397b65285
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot dependabot Bot requested a review from zircote as a code owner July 6, 2026 14:19
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants