build(deps-dev): bump @semantic-release/github from 10.0.6 to 10.3.3

[dependabot]

Bumps @semantic-release/github from 10.0.6 to 10.3.3.

Release notes

Sourced from @​semantic-release/github's releases.

v10.3.3

10.3.3 (2024-09-05)

Bug Fixes

• Revert: feat: verify OAuth scopes of classic GitHub PATs (#915) (990bd73)

v10.3.2

10.3.2 (2024-09-04)

Bug Fixes

• missing "PullRequest".canBeRebased field on GHES graphql api (#913) (4393578)

v10.3.1

10.3.1 (2024-09-03)

Bug Fixes

• max_node_limit_exceeded error when fetching associatedPRs (#912) (bb806af)

v10.3.0

10.3.0 (2024-09-02)

Features

• allow conditional skip on success and fail comments (#874) (e097d1c)

v10.2.0

10.2.0 (2024-09-02)

Features

• verify OAuth scopes of classic GitHub PATs (#897) (be071a2)

v10.1.7

10.1.7 (2024-08-20)

Bug Fixes

• ignore case when checking for repo rename (#903) (2b1b9b6), closes #901

v10.1.6

10.1.6 (2024-08-15)

... (truncated)

Commits

• 990bd73 fix: Revert: feat: verify OAuth scopes of classic GitHub PATs (#915)
• 4393578 fix: missing "PullRequest".canBeRebased field on GHES graphql api (#913)
• bb806af fix: max_node_limit_exceeded error when fetching associatedPRs (#912)
• e097d1c feat: allow conditional skip on success and fail comments (#874)
• be071a2 feat: verify OAuth scopes of classic GitHub PATs (#897)
• 8061687 chore(deps): lock file maintenance (#909)
• 81ae6eb chore(deps): update npm to v10.8.3 (#908)
• 9b15219 chore(deps): lock file maintenance (#906)
• 2b1b9b6 fix: ignore case when checking for repo rename (#903)
• f9e5774 chore(deps): lock file maintenance (#900)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@semantic-release/github	^10.3.3	🟢 7.3	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/@semantic-release/github	10.3.3	🟢 7.3	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

package.json

• @semantic-release/github@^10.3.3
• @semantic-release/github@^10.0.2

yarn.lock

• @semantic-release/[email protected]

[dependabot]

Superseded by #50.