chore(deps): bump brace-expansion from 1.1.12 to 1.1.13

Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.13.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -4,8 +4,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
     labels:
       - "kind/dependencies"
       - "bot"
@@ -13,8 +11,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
     versioning-strategy: "increase"
     allow:
       - dependency-type: "production"

.github/upx-releases.json

@@ -302,27 +302,6 @@
       "https://github.com/upx/upx/releases/download/v4.0.0/upx-4.0.0-win64.zip"
     ]
   },
-  "edge": {
-    "id": 293545149,
-    "tag_name": "v5.1.1",
-    "html_url": "https://github.com/upx/upx/releases/tag/v5.1.1",
-    "assets": [
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-amd64_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-arm64_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-arm_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-armeb_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-dos.zip",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-i386_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-mips_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-mipsel_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-powerpc64le_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-powerpc_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-riscv64_linux.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-src.tar.xz",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-win32.zip",
-      "https://github.com/upx/upx/releases/download/v5.1.1/upx-5.1.1-win64.zip"
-    ]
-  },
   "v3.99": {
     "id": 81217748,
     "tag_name": "v3.99",

.github/workflows/ci.yml

@@ -4,6 +4,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
@@ -17,6 +18,8 @@ on:
     tags:
       - 'v*'
   pull_request:
+    paths-ignore:
+      - '.github/upx-releases.json'
 
 jobs:
   ci:
@@ -33,7 +36,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
         name: Download files
         shell: bash
@@ -70,7 +73,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
         name: UPX
         uses: ./

.github/workflows/labels.yml

@@ -4,6 +4,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
@@ -23,14 +24,16 @@ jobs:
   labeler:
     runs-on: ubuntu-latest
     permissions:
-      contents: read # same as global permissions
-      issues: write # required to update labels
+      # same as global permissions
+      contents: read
+      # required to update labels
+      issues: write
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
         name: Run Labeler
-        uses: crazy-max/ghaction-github-labeler@548a7c3603594ec17c819e1239f281a3b801ab4d # v6.0.0
+        uses: crazy-max/ghaction-github-labeler@v5
         with:
           dry-run: ${{ github.event_name == 'pull_request' }}

.github/workflows/test.yml

@@ -4,6 +4,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
@@ -13,6 +14,8 @@ on:
       - 'master'
       - 'releases/v*'
   pull_request:
+    paths-ignore:
+      - '.github/upx-releases.json'
 
 jobs:
   test:
@@ -20,16 +23,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
         name: Test
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@v6
         with:
           source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/upx-releases-json.yml

@@ -4,6 +4,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
@@ -15,19 +16,23 @@ on:
     branches:
       - 'master'
   pull_request:
+    paths-ignore:
+      - '.github/upx-releases.json'
 
 jobs:
   generate:
-    uses: crazy-max/.github/.github/workflows/releases-json.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
+    uses: crazy-max/.github/.github/workflows/releases-json.yml@fa6141aedf23596fb8bdcceab9cce8dadaa31bd9
     with:
       repository: upx/upx
       artifact_name: upx-releases-json
       filename: upx-releases.json
+    secrets: inherit
 
   open-pr:
     runs-on: ubuntu-22.04
     if: github.event_name != 'pull_request'
     permissions:
+      # required to create PR
       contents: write
       pull-requests: write
     needs:
@@ -35,10 +40,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
         name: Download
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@v4
         with:
           name: upx-releases-json
           path: .github
@@ -48,7 +53,7 @@ jobs:
           git add -A .
       -
         name: Create PR
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f  # v7.0.5
         with:
           base: master
           branch: bot/upx-releases-json

.github/workflows/validate.yml

@@ -4,6 +4,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
@@ -20,15 +21,15 @@ jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
+      targets: ${{ steps.generate.outputs.targets }}
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
       -
-        name: Generate matrix
+        name: List targets
         id: generate
-        uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action/subaction/list-targets@v6
         with:
           target: validate
 
@@ -39,10 +40,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
       -
         name: Validate
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}

.github/workflows/zizmor.yml

@@ -1,27 +0,0 @@
-name: zizmor
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - 'releases/v*'
-  pull_request:
-
-jobs:
-  run:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@bbd31df64ee0f097a02f12495f541f9236f18c46 # v1.2.0
-    permissions:
-      contents: read
-      security-events: write
-    with:
-      min-severity: medium
-      min-confidence: medium
-      persona: pedantic

.github/zizmor.yml

@@ -1,4 +0,0 @@
-# https://docs.zizmor.sh/configuration/
-rules:
-  secrets-outside-env:
-    disable: true

yarn.lock

@@ -1142,12 +1142,12 @@ __metadata:
   linkType: hard
 
 "brace-expansion@npm:^1.1.7":
-  version: 1.1.12
-  resolution: "brace-expansion@npm:1.1.12"
+  version: 1.1.13
+  resolution: "brace-expansion@npm:1.1.13"
   dependencies:
     balanced-match: "npm:^1.0.0"
     concat-map: "npm:0.0.1"
-  checksum: 10/12cb6d6310629e3048cadb003e1aca4d8c9bb5c67c3c321bafdd7e7a50155de081f78ea3e0ed92ecc75a9015e784f301efc8132383132f4f7904ad1ac529c562
+  checksum: 10/b5f4329fdbe9d2e25fa250c8f866ebd054ba946179426e99b86dcccddabdb1d481f0e40ee5430032e62a7d0a6c2837605ace6783d015aa1d65d85ca72154d936
   languageName: node
   linkType: hard