chore(deps): bump zircote/adrscope from e6384bf222c179d4083e1003b17154e48fc0f914 to 3f5aac04eb6eb13e461566e750760501ec7b4698

[dependabot]

Bumps zircote/adrscope from e6384bf222c179d4083e1003b17154e48fc0f914 to 3f5aac04eb6eb13e461566e750760501ec7b4698.

Changelog

Sourced from zircote/adrscope's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

• [Docs]: Add comprehensive dependencies reference documentation

  • Complete catalog of all external dependencies with purposes
  • Version constraints and update policy
  • Supply chain security information
  • Dependency graph visualization

• [Attested Delivery]: Release pipeline now attaches SLSA build provenance and a CycloneDX SBOM attestation to every platform binary, and fail-closed verifies every attestation before the GitHub Release is published

• [Publish Workflow]: crates.io publishing via OIDC Trusted Publishing, with SLSA provenance attested against the exact .crate bytes the registry serves

• [Homebrew Workflow]: Formula in zircote/homebrew-tap is regenerated automatically on release (source-built formula)

• [CI]: pin-check job asserts every workflow uses: reference is pinned to a full 40-char commit SHA

• [SECURITY.md]: Documents how to verify release artifact attestations

• [LICENSE]: Add MIT license text

Changed

• [Deps]: Update pulldown-cmark from 0.13.0 to 0.13.1 (patch release)
• [Release Artifacts]: Binaries are now published as bare executables named adrscope-{version}-{platform} (e.g. adrscope-0.4.0-linux-amd64) instead of target-triple tar.gz/zip archives
• [Action]: Downloads the new artifact naming and fail-closed verifies the binary's attestation before use; falls back to legacy archives for releases <= 0.3.0
• [Crate Packaging]: Cargo.toml include allowlist keeps repo-internal files out of the published crate

28aebca (feat(release): adopt attested delivery pipeline)

[0.3.0] - 2026-01-15

Changed

• [Action]: Move action.yml to repository root for GitHub Marketplace publishing
• [Docs]: Add prominent GitHub Action section to README with examples
• [Docs]: Add Marketplace badge and Homebrew installation instructions

... (truncated)

Commits

• 3f5aac0 ci: bump zircote/.github/.github/workflows/pin-check.yml from e8f0dbde068cc07...
• de063e7 ci: bump rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5 (#88)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Superseded by #130.