⬆️ bump RedHatProductSecurity/trestle-bot from 0.8.0 to 0.9.0

[dependabot]

Bumps RedHatProductSecurity/trestle-bot from 0.8.0 to 0.9.0.

Release notes

Sourced from RedHatProductSecurity/trestle-bot's releases.

v0.9.0

Maintainer Notes

These release has a breaking change. Updating to this version will require code changes - see #195 more more information.

Migration Notes

If you were using the check_only input in the autosync action, please see the example below on how to achieve this with the dry_run input:

   steps:
      - uses: actions/checkout@v3
      - name: Run trestlebot
        id: check
        uses: RedHatProductSecurity/trestle-bot/actions/[email protected]
        with:
          markdown_path: "markdown/profiles"
          oscal_model: "profile"
          dry_run: true
      # Optional - Set the action to failed if changes are detected.
      - name: Fail for changes
        if: ${{ steps.check.outputs.changes == 'true' }}
        uses: actions/github-script@v7
        with:
          script: |
              core.setFailed('Changes detected. Manual intervention required.')

What's Changed

• ⬆️ Bump idna from 3.6 to 3.7 by @​dependabot in RedHatProductSecurity/trestle-bot#210
• ⬆️ Bump safety from 3.0.1 to 3.1.0 by @​dependabot in RedHatProductSecurity/trestle-bot#203
• feat: replaces 'check_only' with 'dry_run' option by @​jpower432 in RedHatProductSecurity/trestle-bot#195
• ⬆️ Bump email-validator from 2.1.0.post1 to 2.1.1 by @​dependabot in RedHatProductSecurity/trestle-bot#180
• refactor: migrates rule validation to pydantic by @​jpower432 in RedHatProductSecurity/trestle-bot#207

Full Changelog: RedHatProductSecurity/trestle-bot@v0.8.1...v0.9.0

v0.8.1

What's Changed

• fix: removes default version in GitHub action by @​jpower432 in RedHatProductSecurity/trestle-bot#194
• chore: update logging format by @​jpower432 in RedHatProductSecurity/trestle-bot#196
• docs: update README under actions directory by @​jpower432 in RedHatProductSecurity/trestle-bot#192
• fix: prevent extra log messages in stdout by @​jpower432 in RedHatProductSecurity/trestle-bot#199
• refactor: improves readability of the SSP end to end tests by @​jpower432 in RedHatProductSecurity/trestle-bot#198
• ⬆️ Bump black from 23.12.1 to 24.3.0 by @​dependabot in RedHatProductSecurity/trestle-bot#202
• ⬆️ Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @​dependabot in RedHatProductSecurity/trestle-bot#201
• ⬆️ Bump responses from 0.24.1 to 0.25.0 by @​dependabot in RedHatProductSecurity/trestle-bot#174

... (truncated)

Commits

• 10421a3 refactor: migrates rule validation to pydantic (#207)
• 28ab4e5 ⬆️ Bump email-validator from 2.1.0.post1 to 2.1.1 (#180)
• 6e87853 feat: replaces 'check_only' with 'dry_run' option (#195)
• 6fa45bc ⬆️ Bump safety from 3.0.1 to 3.1.0 (#203)
• c5e9046 ⬆️ Bump idna from 3.6 to 3.7 (#210)
• 8279d6f ⬆️ Bump responses from 0.24.1 to 0.25.0 (#174)
• 2ec0cd8 ⬆️ Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#201)
• 2e03b60 ⬆️ Bump black from 23.12.1 to 24.3.0 (#202)
• 39c6b52 refactor: improves readability of the SSP end to end tests (#198)
• 05b0c4c fix: prevent extra log messages in stdout (#199)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	4		0	0.02s
✅ REPOSITORY	gitleaks	yes		no	5.87s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[dependabot]

Looks like RedHatProductSecurity/trestle-bot is up-to-date now, so this is no longer needed.