chore: sept 2024 omnibus (#467)

* chore: omnibus updates for sept 2024

- fix: dependency hashes for GVM 22 on several platforms
- chore: run ci on macos x86 and arm
- chore: issue binary map entries for GVM `24.0.2` / JDK `22.0.2`

Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump husky from 9.1.4 to 9.1.6

Bumps [husky](https://github.com/typicode/husky) from 9.1.4 to 9.1.6.
- [Release notes](https://github.com/typicode/husky/releases)
- [Commits](typicode/husky@v9.1.4...v9.1.6)

---
updated-dependencies:
- dependency-name: husky
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump @commitlint/cli from 19.3.0 to 19.5.0

Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 19.3.0 to 19.5.0.
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.5.0/@commitlint/cli)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump actions/upload-artifact from 4.3.3 to 4.4.0

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@6546280...5076954)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump advanced-security/maven-dependency-submission-action

Bumps [advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action) from 4.0.3 to 4.1.1.
- [Release notes](https://github.com/advanced-security/maven-dependency-submission-action/releases)
- [Commits](advanced-security/maven-dependency-submission-action@5d0f901...4f64dda)

---
updated-dependencies:
- dependency-name: advanced-security/maven-dependency-submission-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump actions/checkout from 4.1.6 to 4.1.7

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@a5ac7e5...692973e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@dc50aa9...62b2cac)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump actions/jekyll-build-pages from 1.0.12 to 1.0.13

Bumps [actions/jekyll-build-pages](https://github.com/actions/jekyll-build-pages) from 1.0.12 to 1.0.13.
- [Release notes](https://github.com/actions/jekyll-build-pages/releases)
- [Commits](actions/jekyll-build-pages@b178f93...44a6e6b)

---
updated-dependencies:
- dependency-name: actions/jekyll-build-pages
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore: npm dep fixups

Signed-off-by: Sam Gammon <sam@elide.ventures>

* fix: precommit update

Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump prettier-plugin-java from 2.6.0 to 2.6.4

Bumps [prettier-plugin-java](https://github.com/jhipster/prettier-java) from 2.6.0 to 2.6.4.
- [Release notes](https://github.com/jhipster/prettier-java/releases)
- [Changelog](https://github.com/jhipster/prettier-java/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jhipster/prettier-java/compare/prettier-plugin-java@2.6.0...prettier-plugin-java@2.6.4)

---
updated-dependencies:
- dependency-name: prettier-plugin-java
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sam Gammon <sam@elide.ventures>

* chore(deps): bump braces in the npm_and_yarn group

Bumps the npm_and_yarn group with 1 update: [braces](https://github.com/micromatch/braces).

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

---------

Signed-off-by: Sam Gammon <sam@elide.ventures>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.bazelci/presubmit.yml

@@ -1,6 +1,9 @@
 matrix:
-  bazel_version: ["7.0.0"]
-  platform: ["macos", "macos_arm64", "ubuntu2004"]
+  bazel_version: ["7.0.0", "7.3.1"]
+  platform:
+    - ubuntu2004
+    - macos
+    - macos_arm64
 
 validate_config: 1
 buildifier: latest

.bazelversion

@@ -1 +1 @@
-7.0.0
+7.3.1

.github/workflows/check.buildifier.yml

@@ -37,7 +37,7 @@ jobs:
         uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: buildifier
         continue-on-error: true
         run: bazel run --enable_bzlmod //.github/workflows:buildifier.check

.github/workflows/check.codeql.yml

@@ -44,7 +44,7 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout repository
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Initialize CodeQL
         uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:

.github/workflows/check.lint-yaml.yml

@@ -63,7 +63,7 @@ jobs:
           allowed-endpoints: >
             github.com:443
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Lint: YAML"
         uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
         with:
@@ -90,7 +90,7 @@ jobs:
           allowed-endpoints: >
             github.com:443
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Lint: YAML"
         uses: karancode/yamllint-github-action@0a904064817924fc6fb449a32f67f25bfacc48ae # master
         with:

.github/workflows/check.scorecards.yml

@@ -24,18 +24,18 @@ jobs:
         with:
           egress-policy: audit
       - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/deploy.docs.yml

@@ -33,11 +33,11 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Setup: Pages"
         uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
       - name: "Build: Jekyll"
-        uses: actions/jekyll-build-pages@b178f9334b208360999a0a57b523613563698c66 # v1.0.12
+        uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1.0.13
         with:
           source: ./docs
           destination: ./_site

.github/workflows/module.build.yml

@@ -138,7 +138,7 @@ jobs:
             releases.bazel.build:443
             remote.buildbuddy.io:443
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
         if: ${{ contains(inputs.runner, 'windows') }}
@@ -394,7 +394,7 @@ jobs:
             repo1.maven.org:443
             maven.pkg.st:443
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
         if: ${{ contains(inputs.runner, 'windows') }}

.github/workflows/on.pr.yml

@@ -36,10 +36,10 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Report: Dependency Graph"
         continue-on-error: true
-        uses: advanced-security/maven-dependency-submission-action@5d0f9011b55d6268922128af45275986303459c3 # v4.0.3
+        uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d # v4.1.1
 
   dependency-review:
     name: "Dependency Review"
@@ -54,7 +54,7 @@ jobs:
         with:
           egress-policy: audit
       - name: "Checkout Repository"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Dependency Review"
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
         with:
@@ -71,27 +71,32 @@ jobs:
       matrix:
         runner: [ubuntu-latest]
         main: [true]
-        label: ["Ubuntu"]
+        label: ["Ubuntu amd64"]
         labs: [false]
         flags: ["--config=linux"]
-        testlabel: ["Ubuntu"]
         coverage: [false]
         include:
           # Bazel 7
           - runner: ubuntu-latest
-            label: Ubuntu
+            label: Ubuntu amd64
             labs: false
             main: true
             coverage: false
             flags: --config=linux
           - runner: macos-latest
-            label: macOS
+            label: macOS arm64
+            labs: false
+            main: true
+            coverage: true
+            flags: --config=mac
+          - runner: macos-13
+            label: macOS amd64
             labs: false
             main: true
             coverage: true
             flags: --config=mac
           - runner: windows-2022
-            label: Windows
+            label: Windows amd64
             labs: false
             main: true
             coverage: false

.github/workflows/on.push.yml

@@ -34,10 +34,10 @@ jobs:
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: "Report: Dependency Graph"
         continue-on-error: true
-        uses: advanced-security/maven-dependency-submission-action@5d0f9011b55d6268922128af45275986303459c3 # v4.0.3
+        uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d # v4.1.1
 
   build:
     name: "Build (${{ matrix.label }})"

.husky/commit-msg

@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 pnpm exec commitlint --edit ${1}

.husky/pre-commit

@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 pnpm exec lint-staged