Bump oracle/macaron from 0.23.0 to 0.24.0

[dependabot]

Bumps oracle/macaron from 0.23.0 to 0.24.0.

Release notes

Sourced from oracle/macaron's releases.

v0.24.0 (2026-04-24)

Feat

• improve Macaron's GitHub Actions reports (#1376)
• add license filtering with compliance check (#1379)
• add support for uv build tool (#1350)
• improve source code detection using malware insights on obfuscation (#1378)
• extend build command information in buildspec (#1308)

Changelog

Sourced from oracle/macaron's changelog.

v0.24.0 (2026-04-24)

Feat

• improve Macaron's GitHub Actions reports (#1376)
• add license filtering with compliance check (#1379)
• add support for uv build tool (#1350)
• improve source code detection using malware insights on obfuscation (#1378)
• extend build command information in buildspec (#1308)

v0.23.0 (2026-03-31)

Feat

• add more inputs to Macaron Action and improve GitHub Action analysis (#1339)
• change dockerfile generation for Python rebuild to always default to standard build command (#1336)
• adjusted max_download_size to 30MB (#1337)

Fix

• improve URL validation to avoid unexpected redirects (#1344)
• allow parsing of github expressions containing non-breaking-space characters, and allow dataflow analysis to fail (#1340)
• improve has_binary flag condition for Python buildspec generation (#1333)

v0.22.0 (2026-02-25)

Feat

• prepare metadata for Macaron Action to publish on Marketplace (#1315)
• add the JSON schema for the default Macaron buildspec (#1314)

v0.21.0 (2026-02-23)

Feat

• validate buildspec dockerfile (#1280)
• improve buildspec and dockerfile generation (#1279)
• include has_binaries flag in build spec (#1278)
• infer chronologically likeliest setuptools version (#1260)
• prepare Macaron GitHub Action to publish on GitHub Marketplace (#1259)
• add new dataflow analysis, replacing existing analysis for GitHub Actions (#1229)
• add support to use inferred build tools and to extract tool-specific build dependency information (#1256)

Fix

• gen-build-spec: remove the default -Dmaven.test.skip=true mvn option from the default spec (#1301)
• gen-build-spec: handle errors gracefully when build tool is not supported (#1303)
• handle GitHub Actions job needs field case-insensitively in analysis. (#1305)
• add the missing provenance asset links to the reports (#1271)
• use --output option for Macaron Python Package (#1266)

... (truncated)

Commits

• 4ddb55e bump: release 0.23.0 → 0.24.0
• 0574478 feat: improve Macaron's GitHub Actions reports (#1376)
• ac7be91 feat: add license filtering with compliance check (#1379)
• ee0c010 chore: suppress pylint's cyclic import errors (#1384)
• 62a4b26 chore(deps): exclude GHSA-vfmq-68hx-4jfw temporarily (#1381)
• 18a806a feat: add support for uv build tool (#1350)
• b3a61b9 build: make the Docker image building reproducible by using Macaron’s pinned ...
• 7618d0d feat: improve source code detection using malware insights on obfuscation (#1...
• e31cecb feat!: extend build command information in buildspec (#1308)
• 452c9c5 chore: add a new Makefile target simple-index which builds all distribution...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)