Bump zizmorcore/zizmor-action from 0.3.0 to 0.5.0

[dependabot]

Bumps zizmorcore/zizmor-action from 0.3.0 to 0.5.0.

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.0

What's Changed

• Expose output-file as an output when advanced-security: true by @​unlobito in zizmorcore/zizmor-action#87

New Contributors

• @​unlobito made their first contribution in zizmorcore/zizmor-action#87

Full Changelog: zizmorcore/zizmor-action@v0.4.1...v0.5.0

v0.4.1

This version fixes an error in the 0.4.0 release that prevented non-relative use of the action.

What's Changed

• Fix version file path by @​woodruffw in zizmorcore/zizmor-action#83

Full Changelog: zizmorcore/zizmor-action@v0.4.0...v0.4.1

v0.4.0

This new version of zizmor-action brings two major changes:

• The new fail-on-no-inputs option can be used to control whether zizmor-action fails if no inputs were collected by zizmor. The default remains true, reflecting the pre-existing behavior.

• The action's use of the official zizmor Docker images is now fully hash-checked internally, preventing accidental or malicious modification to the images. This also means that subsequent releases of zizmor will induce a release of this action, rather than the action always picking up the latest version by default.

What's Changed

• docs: extended permissions required for internal repos by @​AntoineSebert in zizmorcore/zizmor-action#61
• docs: clarify description of "token" to indicate it is only used for online audits by @​rmuir in zizmorcore/zizmor-action#63
• Hash-check zizmor Docker images by @​woodruffw in zizmorcore/zizmor-action#68
• Add fail-on-no-inputs option by @​woodruffw in zizmorcore/zizmor-action#67

New Contributors

• @​AntoineSebert made their first contribution in zizmorcore/zizmor-action#61
• @​rmuir made their first contribution in zizmorcore/zizmor-action#63

Full Changelog: zizmorcore/zizmor-action@v0.3.0...v0.4.0

Commits

• 0dce257 chore(deps): bump peter-evans/create-pull-request (#88)
• fb94974 Expose output-file as an output when advanced-security: true (#87)
• 867562a chore(deps): bump the github-actions group with 2 updates (#85)
• 7462f07 Bump pins in README (#84)
• 1356984 Fix version file path (#83)
• 72469cf Bump pins in README (#80)
• 3aa7e2f Add fail-on-no-inputs tests (#79)
• 92fc377 Sync zizmor versions (#78)
• 5aff8ef Add fail-on-no-inputs option (#67)
• 4d497b9 Sync zizmor versions (#75)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)