chore(deps): update maru support dependencies (#99)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
| action | minor | `v1.9.0` -> `v1.10.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | action |
patch | `v5.0.0` -> `v5.0.1` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) |
action | minor | `v0.15.11` -> `v0.16.0` |
| [defenseunicorns/zarf](https://github.com/defenseunicorns/zarf) | |
minor | `v0.32.5` -> `v0.33.2` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.6` |
|
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |

---

### Release Notes

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.10.0`](https://github.com/actions/create-github-app-token/releases/tag/v1.10.0)

[Compare
Source](https://github.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0)

##### Features

- **`private-key`:** escaped newlines will be replaced
([#&#8203;132](https://github.com/actions/create-github-app-token/issues/132))
([9d23fb9](https://github.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f))

###
[`v1.9.3`](https://github.com/actions/create-github-app-token/releases/tag/v1.9.3)

[Compare
Source](https://github.com/actions/create-github-app-token/compare/v1.9.2...v1.9.3)

##### Bug Fixes

- **deps:** bump undici from 6.10.2 to 6.11.1
([#&#8203;125](https://github.com/actions/create-github-app-token/issues/125))
([3c223c7](https://github.com/actions/create-github-app-token/commit/3c223c7336e276235eb843dd4e6ad42147199cbf)),
closes
[#&#8203;3024](https://github.com/actions/create-github-app-token/issues/3024)
[nodejs/undici#3044](https://github.com/nodejs/undici/issues/3044)
[#&#8203;3023](https://github.com/actions/create-github-app-token/issues/3023)
[nodejs/undici#3025](https://github.com/nodejs/undici/issues/3025)
[nodejs/undici#3024](https://github.com/nodejs/undici/issues/3024)
[nodejs/undici#3034](https://github.com/nodejs/undici/issues/3034)
[nodejs/undici#3038](https://github.com/nodejs/undici/issues/3038)
[nodejs/undici#2947](https://github.com/nodejs/undici/issues/2947)
[nodejs/undici#3040](https://github.com/nodejs/undici/issues/3040)
[nodejs/undici#3036](https://github.com/nodejs/undici/issues/3036)
[nodejs/undici#3041](https://github.com/nodejs/undici/issues/3041)
[#&#8203;3024](https://github.com/actions/create-github-app-token/issues/3024)
[#&#8203;3041](https://github.com/actions/create-github-app-token/issues/3041)
[#&#8203;3036](https://github.com/actions/create-github-app-token/issues/3036)

###
[`v1.9.2`](https://github.com/actions/create-github-app-token/releases/tag/v1.9.2)

[Compare
Source](https://github.com/actions/create-github-app-token/compare/v1.9.1...v1.9.2)

##### Bug Fixes

- **deps:** bump the production-dependencies group with 1 update
([#&#8203;123](https://github.com/actions/create-github-app-token/issues/123))
([beea7b8](https://github.com/actions/create-github-app-token/commit/beea7b860ac0b14ca14258aca701da842aa65e30)),
closes
[nodejs/undici#2978](https://github.com/nodejs/undici/issues/2978)
[nodejs/undici#2971](https://github.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://github.com/nodejs/undici/issues/2980)
[#&#8203;2982](https://github.com/actions/create-github-app-token/issues/2982)
[nodejs/undici#2983](https://github.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://github.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://github.com/nodejs/undici/issues/2991)
[#&#8203;2986](https://github.com/actions/create-github-app-token/issues/2986)
[nodejs/undici#2992](https://github.com/nodejs/undici/issues/2992)
[nodejs/undici#2985](https://github.com/nodejs/undici/issues/2985)
[nodejs/undici#2993](https://github.com/nodejs/undici/issues/2993)
[nodejs/undici#2995](https://github.com/nodejs/undici/issues/2995)
[nodejs/undici#2998](https://github.com/nodejs/undici/issues/2998)
[#&#8203;2863](https://github.com/actions/create-github-app-token/issues/2863)
[nodejs/undici#2999](https://github.com/nodejs/undici/issues/2999)
[nodejs/undici#3001](https://github.com/nodejs/undici/issues/3001)
[nodejs/undici#2971](https://github.com/nodejs/undici/issues/2971)
[nodejs/undici#2980](https://github.com/nodejs/undici/issues/2980)
[nodejs/undici#2983](https://github.com/nodejs/undici/issues/2983)
[nodejs/undici#2987](https://github.com/nodejs/undici/issues/2987)
[nodejs/undici#2991](https://github.com/nodejs/undici/issues/2991)
[nodejs/undici#2985](https://github.com/nodejs/undici/issues/2985)
[nodejs/undici#2995](https://github.com/nodejs/undici/issues/2995)
[nodejs/undici#2960](https://github.com/nodejs/undici/issues/2960)
[nodejs/undici#2959](https://github.com/nodejs/undici/issues/2959)
[nodejs/undici#2969](https://github.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://github.com/nodejs/undici/issues/2962)
[nodejs/undici#2974](https://github.com/nodejs/undici/issues/2974)
[nodejs/undici#2967](https://github.com/nodejs/undici/issues/2967)
[nodejs/undici#2966](https://github.com/nodejs/undici/issues/2966)
[nodejs/undici#2969](https://github.com/nodejs/undici/issues/2969)
[nodejs/undici#2962](https://github.com/nodejs/undici/issues/2962)
[nodejs/undici#2826](https://github.com/nodejs/undici/issues/2826)
[nodejs/undici#2952](https://github.com/nodejs/undici/issues/2952)
[#&#8203;3001](https://github.com/actions/create-github-app-token/issues/3001)
[#&#8203;2863](https://github.com/actions/create-github-app-token/issues/2863)
[#&#8203;2999](https://github.com/actions/create-github-app-token/issues/2999)
[#&#8203;2998](https://github.com/actions/create-github-app-token/issues/2998)
[#&#8203;2993](https://github.com/actions/create-github-app-token/issues/2993)
[#&#8203;2986](https://github.com/actions/create-github-app-token/issues/2986)
[#&#8203;2992](https://github.com/actions/create-github-app-token/issues/2992)
[#&#8203;2991](https://github.com/actions/create-github-app-token/issues/2991)
[#&#8203;2987](https://github.com/actions/create-github-app-token/issues/2987)

###
[`v1.9.1`](https://github.com/actions/create-github-app-token/releases/tag/v1.9.1)

[Compare
Source](https://github.com/actions/create-github-app-token/compare/v1.9.0...v1.9.1)

##### Bug Fixes

- clarify `owner` input description
([#&#8203;118](https://github.com/actions/create-github-app-token/issues/118))
([d9bc169](https://github.com/actions/create-github-app-token/commit/d9bc16919cdbdb07543eb732aa872437384e296f))

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.1`](https://github.com/actions/setup-go/releases/tag/v5.0.1)

[Compare
Source](https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1)

#### What's Changed

- Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by
[@&#8203;dependabot](https://github.com/dependabot) ,
[@&#8203;HarithaVattikuti](https://github.com/HarithaVattikuti) in
[https://github.com/actions/setup-go/pull/465](https://github.com/actions/setup-go/pull/465)
- Update documentation with latest V5 release notes by
[@&#8203;ab](https://github.com/ab) in
[https://github.com/actions/setup-go/pull/459](https://github.com/actions/setup-go/pull/459)
- Update version documentation by
[@&#8203;178inaba](https://github.com/178inaba) in
[https://github.com/actions/setup-go/pull/458](https://github.com/actions/setup-go/pull/458)
- Documentation update of `actions/setup-go` to v5 by
[@&#8203;chenrui333](https://github.com/chenrui333) in
[https://github.com/actions/setup-go/pull/449](https://github.com/actions/setup-go/pull/449)

#### New Contributors

- [@&#8203;ab](https://github.com/ab) made their first contribution in
[https://github.com/actions/setup-go/pull/459](https://github.com/actions/setup-go/pull/459)

**Full Changelog**:
actions/setup-go@v5.0.0...v5.0.1

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.16.0`](https://github.com/anchore/sbom-action/releases/tag/v0.16.0):
v0.16

[Compare
Source](https://github.com/anchore/sbom-action/compare/v0.15.11...v0.16.0)

#### Changes in v0.16.0

- Update Syft to v1.4.1
([#&#8203;465](https://github.com/anchore/sbom-action/issues/465))
- Update GitHub artifact client
([#&#8203;463](https://github.com/anchore/sbom-action/issues/463))
\[[kzantow](https://github.com/kzantow)]

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.33.2`](https://github.com/defenseunicorns/zarf/releases/tag/v0.33.2)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.33.1...v0.33.2)

##### What's Changed

- fix: schema integration by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2463](https://github.com/defenseunicorns/zarf/pull/2463)
- docs: add contributor covenant code of conduct by
[@&#8203;salaxander](https://github.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2462](https://github.com/defenseunicorns/zarf/pull/2462)
- docs: fix casing on code of conduct badge by
[@&#8203;salaxander](https://github.com/salaxander) in
[https://github.com/defenseunicorns/zarf/pull/2466](https://github.com/defenseunicorns/zarf/pull/2466)
- fix(deps): update github.com/anchore/clio digest to
[`3c4abf8`](https://github.com/defenseunicorns/zarf/commit/3c4abf8) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2424](https://github.com/defenseunicorns/zarf/pull/2424)
- fix: update docker media type in registry by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2476](https://github.com/defenseunicorns/zarf/pull/2476)
- fix: adds GetVariableConfig function for packager by
[@&#8203;decleaver](https://github.com/decleaver) in
[https://github.com/defenseunicorns/zarf/pull/2475](https://github.com/defenseunicorns/zarf/pull/2475)
- test: add tests for remove copies from components to enable
refactoring by [@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2473](https://github.com/defenseunicorns/zarf/pull/2473)
- fix!: do not uninstall helm chart after failed install or upgrade by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2456](https://github.com/defenseunicorns/zarf/pull/2456)
- feat: inspect --list-images by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2478](https://github.com/defenseunicorns/zarf/pull/2478)
- refactor: remove copies from components to a filter by
[@&#8203;phillebaba](https://github.com/phillebaba) in
[https://github.com/defenseunicorns/zarf/pull/2474](https://github.com/defenseunicorns/zarf/pull/2474)
- chore: add support.md by
[@&#8203;schristoff](https://github.com/schristoff) in
[https://github.com/defenseunicorns/zarf/pull/2480](https://github.com/defenseunicorns/zarf/pull/2480)
- chore: add a check for go mod tidy by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2481](https://github.com/defenseunicorns/zarf/pull/2481)
- fix: use correct sha256 checksum for arm64 injector binary by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2483](https://github.com/defenseunicorns/zarf/pull/2483)
- fix: simplify go mod tidy check by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2482](https://github.com/defenseunicorns/zarf/pull/2482)

##### New Contributors

- [@&#8203;salaxander](https://github.com/salaxander) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2462](https://github.com/defenseunicorns/zarf/pull/2462)
- [@&#8203;phillebaba](https://github.com/phillebaba) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2473](https://github.com/defenseunicorns/zarf/pull/2473)
- [@&#8203;schristoff](https://github.com/schristoff) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2480](https://github.com/defenseunicorns/zarf/pull/2480)

**Full Changelog**:
zarf-dev/zarf@v0.33.1...v0.33.2

###
[`v0.33.1`](https://github.com/defenseunicorns/zarf/releases/tag/v0.33.1)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.33.0...v0.33.1)

#### What's Changed

- fix: add redirect so old zarf base link is compatiable by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2432](https://github.com/defenseunicorns/zarf/pull/2432)
- ci: pin third-party gh actions by hash by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2433](https://github.com/defenseunicorns/zarf/pull/2433)
- docs: add redirect for examples by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2438](https://github.com/defenseunicorns/zarf/pull/2438)
- docs: update contributing and pre-commit by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2439](https://github.com/defenseunicorns/zarf/pull/2439)
- ci: fix revive image ref in lint workflow by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2436](https://github.com/defenseunicorns/zarf/pull/2436)
- fix: filter on running pods when finding an image for injector pod by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2415](https://github.com/defenseunicorns/zarf/pull/2415)
- fix: readme dead links by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2442](https://github.com/defenseunicorns/zarf/pull/2442)
- fix: differential package create with non local sources by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2444](https://github.com/defenseunicorns/zarf/pull/2444)
- refactor: move variables into separate package by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2414](https://github.com/defenseunicorns/zarf/pull/2414)
- ci: add top level workflow permission to commitlint by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2449](https://github.com/defenseunicorns/zarf/pull/2449)
- ci: remove unused env var from codeql workflow by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2450](https://github.com/defenseunicorns/zarf/pull/2450)
- chore: cleanup root level files and add SPDX check for Go files by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2431](https://github.com/defenseunicorns/zarf/pull/2431)
- feat: config to enable resilient registry by
[@&#8203;Michael-Kruggel](https://github.com/Michael-Kruggel) in
[https://github.com/defenseunicorns/zarf/pull/2440](https://github.com/defenseunicorns/zarf/pull/2440)
- docs: init package clarity and cleanup by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2447](https://github.com/defenseunicorns/zarf/pull/2447)
- ci: compare cves to main by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2448](https://github.com/defenseunicorns/zarf/pull/2448)
- test: unpin version in bigbang extension test by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2459](https://github.com/defenseunicorns/zarf/pull/2459)
- fix: broken schema from unexpanded embedded variables by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2458](https://github.com/defenseunicorns/zarf/pull/2458)
- fix: error on create if an index sha is used by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2429](https://github.com/defenseunicorns/zarf/pull/2429)

#### New Contributors

- [@&#8203;Michael-Kruggel](https://github.com/Michael-Kruggel) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2440](https://github.com/defenseunicorns/zarf/pull/2440)

**Full Changelog**:
zarf-dev/zarf@v0.33.0...v0.33.1

###
[`v0.33.0`](https://github.com/defenseunicorns/zarf/releases/tag/v0.33.0)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.6...v0.33.0)

#### What's Changed

- fix: update deprecated syft packages command to syft scan by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2399](https://github.com/defenseunicorns/zarf/pull/2399)
- chore: move helpers to defenseunicorns/pkg by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2402](https://github.com/defenseunicorns/zarf/pull/2402)
- fix(deps): update github.com/anchore/clio digest to
[`fb5fc4c`](https://github.com/defenseunicorns/zarf/commit/fb5fc4c) by
[@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2366](https://github.com/defenseunicorns/zarf/pull/2366)
- feat(tools): add yq by
[@&#8203;zachariahmiller](https://github.com/zachariahmiller) in
[https://github.com/defenseunicorns/zarf/pull/2406](https://github.com/defenseunicorns/zarf/pull/2406)
- chore: switch to use oci lib in defenseunicorns/pkg by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[https://github.com/defenseunicorns/zarf/pull/2404](https://github.com/defenseunicorns/zarf/pull/2404)
- fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1
by [@&#8203;renovate](https://github.com/renovate) in
[https://github.com/defenseunicorns/zarf/pull/2411](https://github.com/defenseunicorns/zarf/pull/2411)
- fix: use env var for PR title in commitlint workflow to prevent
untrusted script injection by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2418](https://github.com/defenseunicorns/zarf/pull/2418)
- fix: use default GITHUB_TOKEN for ossf/scorecard-action by
[@&#8203;bburky](https://github.com/bburky) in
[https://github.com/defenseunicorns/zarf/pull/2416](https://github.com/defenseunicorns/zarf/pull/2416)
- fix: remove duplicate logic for writing image layers to disk
concurrently by [@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2409](https://github.com/defenseunicorns/zarf/pull/2409)
- feat: add option to skip cosign lookup during find images by
[@&#8203;Racer159](https://github.com/Racer159) in
[https://github.com/defenseunicorns/zarf/pull/2427](https://github.com/defenseunicorns/zarf/pull/2427)
- feat: allow chart deploy overrides ALPHA by
[@&#8203;naveensrinivasan](https://github.com/naveensrinivasan) in
[https://github.com/defenseunicorns/zarf/pull/2403](https://github.com/defenseunicorns/zarf/pull/2403)
- chore: update pull_request_template.md by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2428](https://github.com/defenseunicorns/zarf/pull/2428)
- ci: pin k3s image version in k3d github action by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[https://github.com/defenseunicorns/zarf/pull/2430](https://github.com/defenseunicorns/zarf/pull/2430)
- feat(docs): port docs to starlight by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[https://github.com/defenseunicorns/zarf/pull/2315](https://github.com/defenseunicorns/zarf/pull/2315)

#### New Contributors

- [@&#8203;zachariahmiller](https://github.com/zachariahmiller) made
their first contribution in
[https://github.com/defenseunicorns/zarf/pull/2406](https://github.com/defenseunicorns/zarf/pull/2406)
- [@&#8203;bburky](https://github.com/bburky) made their first
contribution in
[https://github.com/defenseunicorns/zarf/pull/2416](https://github.com/defenseunicorns/zarf/pull/2416)

**Full Changelog**:
zarf-dev/zarf@v0.32.6...v0.33.0

###
[`v0.32.6`](https://github.com/defenseunicorns/zarf/releases/tag/v0.32.6)

[Compare
Source](https://github.com/defenseunicorns/zarf/compare/v0.32.5...v0.32.6)

#### \[0.32.6] - 2024-03-22

> trying out some different release note generators, formatting may vary
for a few releases while we figure out what works best
~[@&#8203;Noxsios](https://github.com/Noxsios)

##### 🚀 Features

- \[**ALPHA**] feat: package generation ALPHA by
[@&#8203;andrewg-xyz](https://github.com/andrewg-xyz) in
[#&#8203;2269](https://github.com/defenseunicorns/zarf/pull/2269)
- *(lib)* feat(lib): configurable log file location by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2380](https://github.com/defenseunicorns/zarf/pull/2380)
- \[**BREAKING**] feat!: filter package components with strategy
interface by [@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2321](https://github.com/defenseunicorns/zarf/pull/2321)

##### 🐛 Bug Fixes

- fix: refactor create stages into separate lib by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2223](https://github.com/defenseunicorns/zarf/pull/2223)
- fix: handle registry caBundle as a multiline string by
[@&#8203;AbrohamLincoln](https://github.com/AbrohamLincoln) in
[#&#8203;2381](https://github.com/defenseunicorns/zarf/pull/2381)
- *(regression)* fix: populate `p.sbomViewFiles` on `deploy` and
`mirror` by [@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2386](https://github.com/defenseunicorns/zarf/pull/2386)
- fix: allow absolute paths for differential packages by
[@&#8203;AustinAbro321](https://github.com/AustinAbro321) in
[#&#8203;2397](https://github.com/defenseunicorns/zarf/pull/2397)
- fix: hotfix skeleton publish by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2398](https://github.com/defenseunicorns/zarf/pull/2398)

##### 🚜 Refactor

- refactor: split helpers/exec libs by
[@&#8203;Racer159](https://github.com/Racer159) in
[#&#8203;2379](https://github.com/defenseunicorns/zarf/pull/2379)

##### 🧪 Testing

- test: data injection flake by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2361](https://github.com/defenseunicorns/zarf/pull/2361)

##### ⚙️ Miscellaneous Tasks

- ci: add commitlint workflow and update contributing guide by
[@&#8203;lucasrod16](https://github.com/lucasrod16) in
[#&#8203;2391](https://github.com/defenseunicorns/zarf/pull/2391)

##### 🛡️ Security

- *(release)* build: create PRs on `homebrew-tap` by
[@&#8203;Noxsios](https://github.com/Noxsios) in
[#&#8203;2385](https://github.com/defenseunicorns/zarf/pull/2385)

**Full Changelog**:
zarf-dev/zarf@v0.32.5...v0.32.6

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.6`](https://github.com/github/codeql-action/compare/v3.25.5...v3.25.6)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.25.5...v3.25.6)

###
[`v3.25.5`](https://github.com/github/codeql-action/compare/v3.25.4...v3.25.5)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.25.4...v3.25.5)

###
[`v3.25.4`](https://github.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.25.3...v3.25.4)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.1.0`](https://github.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)

[Compare
Source](https://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)

#### Important

This version changes the default behavior of `latest` to `~> v1`.

The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.

#### What's Changed

- docs: bump actions to latest major by
[@&#8203;crazy-max](https://github.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/435](https://github.com/goreleaser/goreleaser-action/pull/435)
- chore(deps): bump docker/bake-action from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/436](https://github.com/goreleaser/goreleaser-action/pull/436)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/437](https://github.com/goreleaser/goreleaser-action/pull/437)
- chore(deps): bump actions/setup-go from 4 to 5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/443](https://github.com/goreleaser/goreleaser-action/pull/443)
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/444](https://github.com/goreleaser/goreleaser-action/pull/444)
- Delete .kodiak.toml by
[@&#8203;vedantmgoyal9](https://github.com/vedantmgoyal9) in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://github.com/goreleaser/goreleaser-action/pull/446)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/448](https://github.com/goreleaser/goreleaser-action/pull/448)
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/450](https://github.com/goreleaser/goreleaser-action/pull/450)
- Upgrade setup-go action version in README by
[@&#8203;kishaningithub](https://github.com/kishaningithub) in
[https://github.com/goreleaser/goreleaser-action/pull/455](https://github.com/goreleaser/goreleaser-action/pull/455)
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/456](https://github.com/goreleaser/goreleaser-action/pull/456)
- chore: use corepack to install yarn by
[@&#8203;crazy-max](https://github.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/458](https://github.com/goreleaser/goreleaser-action/pull/458)
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@&#8203;caarlos0](https://github.com/caarlos0) in
[https://github.com/goreleaser/goreleaser-action/pull/461](https://github.com/goreleaser/goreleaser-action/pull/461)
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/462](https://github.com/goreleaser/goreleaser-action/pull/462)
- chore(deps): bump
[@&#8203;actions/http-client](https://github.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/451](https://github.com/goreleaser/goreleaser-action/pull/451)

#### New Contributors

- [@&#8203;vedantmgoyal9](https://github.com/vedantmgoyal9) made their
first contribution in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://github.com/goreleaser/goreleaser-action/pull/446)

**Full Changelog**:
goreleaser/goreleaser-action@v5.0.0...v5.1.0

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.3.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.3.3)

[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)

> \[!NOTE]\
> There is no v2.3.2 release as a step was skipped in the release
process. This was fixed and re-released under the v2.3.3 tag

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1366](https://github.com/ossf/scorecard-action/pull/1366)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1374](https://github.com/ossf/scorecard-action/pull/1374)
- 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1377](https://github.com/ossf/scorecard-action/pull/1377)

For a full changelist of what these include, see the
[v5.0.0-rc1](https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1)
and
[v5.0.0-rc2](https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2)
release notes.

##### Documentation

- 📖 Move token discussion out of main README. by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1279](https://github.com/ossf/scorecard-action/pull/1279)
- 📖 link to `ossf/scorecard` workflow instead of maintaining an
example by [@&#8203;spencerschrock](https://github.com/spencerschrock)
in
[https://github.com/ossf/scorecard-action/pull/1352](https://github.com/ossf/scorecard-action/pull/1352)
- 📖 update api links to new scorecard.dev site by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1376](https://github.com/ossf/scorecard-action/pull/1376)

**Full Changelog**:
ossf/scorecard-action@v2.3.1...v2.3.3

###
[`v2.3.2`](https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInN1cHBvcnQtZGVwcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

.github/actions/golang/action.yaml

@@ -4,6 +4,6 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         go-version: 1.21.x

.github/actions/install-tools/action.yaml

@@ -6,7 +6,7 @@ runs:
   steps:
     - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
-    - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
+    - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash

.github/actions/zarf/action.yaml

@@ -7,4 +7,4 @@ runs:
     - uses: defenseunicorns/setup-zarf@main
       with:
         # renovate: datasource=github-tags depName=defenseunicorns/zarf
-        version: v0.32.5
+        version: v0.33.2

.github/workflows/release.yaml

@@ -104,15 +104,15 @@ jobs:
 
       - name: Get Brew tap repo token
         id: brew-tap-token
-        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+        uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
         with:
           app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
           owner: defenseunicorns
           repositories: homebrew-tap
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
         with:
           distribution: goreleaser
           version: latest

.github/workflows/scan-codeql.yaml

@@ -45,7 +45,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -54,6 +54,6 @@ jobs:
 
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scorecard.yaml

@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -45,6 +45,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif