infra: bump redhat-plumbers-in-action/differential-shellcheck from 4 to 5

[dependabot]

Bumps redhat-plumbers-in-action/differential-shellcheck from 4 to 5.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v5.0.0

What's Changed

Breaking

• drop: ignored-codes input 🚫 (#290) @​jamacku
• drop: shell-scripts input 🚫 (#288) @​jamacku

New

• Show more context for ShellCheck defects and fixes in console output 💾 (#300) @​jamacku
• Add support for subdirectory scanning 📁 (#294) @​jamacku
• Add Statistics of defect severities 📊 (#233) @​jamacku
• Show scanned files in console by default 📜 (#285) @​jamacku

Bug Fixes

• Fix autodetection of shell scripts in DEBUG mode 🥝 (#299) @​jamacku
• Always gather defect statistics 📉 (#298) @​jamacku
• Fix count of scanned files in job Summary when running on push event 🔢 (#297) @​jamacku
• Set correct version of ShellCheck in SARIF 🥥 (#296) @​jamacku
• fix: detection of changed files that might cause failure on some paths 🍭 (#286) @​jamacku

Maintenance

• Make the version of the used GHA more visible 👀 (#320) @​jamacku
• Update csutils (csdiff and csgrep) to 3.0.4 (#319) @​jamacku
• Update csutils (csdiff) to 3.0.3 (#293) @​jamacku

Documentation

• Improve documentation examples and update feature showcase 📷 (#301) @​jamacku
• Add section documenting VS Code integration 👩‍💻 (#311) @​jamacku
• doc: Explain format of path list options (#310) @​VladimirSlavik

Automation and CI changes

• Monthly dependabot updates 🤖 (#274) @​jamacku

Dependency Updates

• build(deps): bump fedora from 61f921e to 6fc00f8 (#312) @​dependabot
• build(deps): bump actions/checkout from 3.6.0 to 4.1.0 (#318) @​dependabot
• build(deps): bump docker/build-push-action from 4.1.1 to 5.0.0 (#317) @​dependabot
• build(deps): bump docker/login-action from 2.2.0 to 3.0.0 (#316) @​dependabot
• build(deps): bump docker/setup-buildx-action from 2.10.0 to 3.0.0 (#315) @​dependabot
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#314) @​dependabot

... (truncated)

Changelog

Sourced from redhat-plumbers-in-action/differential-shellcheck's changelog.

Changelog

Next release

v5.5.1

• Include git-lfs in image to avoid issues with projects using it
• Improve debugging of Differential ShellCheck

v5.5.0

• Fail when running in a shallow git repository
• Make SARIF file more compact to allow for more findings to be uploaded to GitHub
• Improve debugging of Differential ShellCheck
• Use Fedora 41 as base image & update ShellCheck to 0.10.0
• Update csutils (csdiff) to 3.5.0

v5.4.0

• Native support for merge_group trigger event

v5.3.1

• Update csutils (csdiff) to 3.4.0
  • HTML output now uses HTML5 and CSS

v5.3.0

• Add support for different display engines (csgrep, sarif-fmt)
• Update csutils (csdiff) to 3.3.0
  • csdiff: match findings by line content without spaces if available
  • csgrep --hash-v1: match csdiff/v1 fingerprint prefix
  • sarif: initial implementation of csdiff/v1 fingerprints
  • sarif: add descriptions for ShellCheck rules

v5.2.0

• Provide html output with detected defects
• Allow specifying WORK_DIR for intermediate files
• Update csutils (csdiff) to 3.2.2
  • propagate the imp flag as level in the SARIF format
  • propagate endLine/endColumn in the JSON and SARIF formats

v5.1.2

• Fix curl Argument list too long by using a payload.json file - by @​mpoberezhniy
• Container images now based on Fedora 40
• Update csutils (csdiff) to 3.2.1

v5.1.0

... (truncated)

Commits

• 5fa026e v5.5.1
• 5be744b test: fix tests
• 7aba0c1 build: include git-lfs in image
• ca4bc89 debug: improve debugging of git issues
• f7211b8 debug: improve debug of differential scanning issues
• 24b2c11 v5.5.0
• 1d0149d feat: improve debugging
• 6327b37 Remove hardcoded github.com references in the code
• 4c4dd5f feat: fail when running in a shallow git repository
• 06c922a feat: Make SARIF file more compact to allow for more findings to be uploaded ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)