Bump the actions group across 1 directory with 9 updates #513

dependabot · 2025-02-03T02:27:27Z

Bumps the actions group with 9 updates in the / directory:

Package	From	To
actions/checkout	`4.1.7`	`4.2.2`
docker/setup-buildx-action	`3.6.1`	`3.8.0`
docker/login-action	`3.2.0`	`3.3.0`
actions/upload-artifact	`4.3.6`	`4.6.0`
actions/dependency-review-action	`4.3.4`	`4.5.0`
actions/setup-go	`5.0.2`	`5.3.0`
golangci/golangci-lint-action	`6.1.1`	`6.2.0`
github/codeql-action	`3.26.12`	`3.28.8`
aquasecurity/trivy-action	`0.24.0`	`0.29.0`

Updates actions/checkout from 4.1.7 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
8d5e074 chore: update generated content
7199e57 make cloud prefix optional to download buildx if driver is cloud
db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
686da90 chore: update generated content
a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
4dcdbce build(deps): bump @docker/actions-toolkit from 0.39.0 to 0.48.0
1a8ac74 ci: fix deprecated input for codecov-action
e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
Additional commits viewable in compare view

Updates docker/login-action from 3.2.0 to 3.3.0

Release notes

Sourced from docker/login-action's releases.

v3.3.0

Bump @docker/actions-toolkit from 0.24.0 to 0.35.0 in docker/login-action#754

Bump https-proxy-agent from 7.0.4 to 7.0.5 in docker/login-action#741

Bump braces from 3.0.2 to 3.0.3 in docker/login-action#730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

Commits

9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2fa130c chore: update generated content
5e87b2a build(deps): bump https-proxy-agent
e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
9af18aa chore: update generated content
668190a switch to Docker exec
be5150d build(deps): bump @docker/actions-toolkit from 0.24.0 to 0.35.0
e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
793c19c build(deps): bump docker/bake-action from 4 to 5
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.6 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

... (truncated)

Commits

65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in actions/dependency-review-action#844

Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in actions/dependency-review-action#847

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/dependency-review-action#849

Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in actions/dependency-review-action#850

fix: add summary comment on failure when warn-only: true by @ebickle in actions/dependency-review-action#827

Prepare for 4.5.0 release by @Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

@ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

Commits

3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
d6807b6 updating generated code
c89b41f addressing lint issues
eee97d8 incrementing project version
9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
2fc8e23 Using cross-spawn safe version
fb86db2 fix: resolve race conditions in async core.group calls
0a198ab fix: replace integer failureCount with boolean
fc499fc Merge branch 'main' into fix/comment-warn-only
Additional commits viewable in compare view

Updates actions/setup-go from 5.0.2 to 5.3.0

Release notes

Sourced from actions/setup-go's releases.

v5.3.0

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in actions/setup-go#531

Configure Dependabot settings by @HarithaVattikuti in actions/setup-go#530

Document update - permission section by @HarithaVattikuti in actions/setup-go#533

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-go#534

New Contributors

@Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

f111f33 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#534)
3d10edb Add new permission section (#533)
43e1389 Configure Dependabot settings (#530)
f81f022 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531)
3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.1.1 to 6.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.2.0

What's Changed

Changes

chore: use new build tag syntax by @alexandear in golangci/golangci-lint-action#1133

feat: support linux arm64 public preview by @ldez in golangci/golangci-lint-action#1144

Documentation

docs: update local development instructions by @dmitris in golangci/golangci-lint-action#1125

Dependencies

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1112

build(deps): bump the dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1113

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1114

build(deps): bump @types/node from 22.7.4 to 22.7.5 in the dependencies group by @dependabot in golangci/golangci-lint-action#1115

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1117

build(deps): bump @types/node from 22.7.5 to 22.7.7 in the dependencies group by @dependabot in golangci/golangci-lint-action#1118

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1119

build(deps): bump @types/node from 22.7.7 to 22.8.1 in the dependencies group by @dependabot in golangci/golangci-lint-action#1120

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1122

build(deps): bump the dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1123

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1126

build(deps): bump @types/node from 22.8.7 to 22.9.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1127

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1128

build(deps): bump @types/node from 22.9.0 to 22.9.3 in the dependencies group by @dependabot in golangci/golangci-lint-action#1130

build(deps): bump @types/node from 22.9.3 to 22.10.1 in the dependencies group by @dependabot in golangci/golangci-lint-action#1131

build(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates by @dependabot in golangci/golangci-lint-action#1132

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1134

build(deps): bump @actions/cache from 3.3.0 to 4.0.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1135

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1136

build(deps): bump @types/node from 22.10.1 to 22.10.2 in the dependencies group by @dependabot in golangci/golangci-lint-action#1137

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1138

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1139

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1141

build(deps): bump @types/node from 22.10.2 to 22.10.5 in the dependencies group by @dependabot in golangci/golangci-lint-action#1142

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1143

New Contributors

@dmitris made their first contribution in golangci/golangci-lint-action#1125

@alexandear made their first contribution in golangci/golangci-lint-action#1133

Full Changelog: golangci/golangci-lint-action@v6.1.1...v6.2.0

Commits

ec5d184 feat: support linux arm64 public preview (#1144)
a0297a1 build(deps-dev): bump the dev-dependencies group with 3 updates (#1143)
58eda26 build(deps): bump @types/node from 22.10.2 to 22.10.5 in the dependencies gro...
44c2434 build(deps-dev): bump the dev-dependencies group with 2 updates (#1141)
2f13b80 build(deps-dev): bump the dev-dependencies group with 2 updates (#1139)
1ac3686 build(deps-dev): bump the dev-dependencies group with 2 updates (#1138)
9937fdf build(deps): bump @types/node from 22.10.1 to 22.10.2 in the dependencies gro...
cb60b26 build(deps-dev): bump the dev-dependencies group with 2 updates (#1136)
774c35b build(deps): bump @actions/cache from 3.3.0 to 4.0.0 in the dependencies grou...
7ce5487 build(deps-dev): bump the dev-dependencies group with 3 updates (#1134)
Additional commits viewable in compare view

Updates github/codeql-action from 3.26.12 to 3.28.8

Release notes

Sourced from github/codeql-action's releases.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

... (truncated)

Commits

dd74661 Merge pull request #2746 from github/update-v3.28.8-a91a3f767
3210a3c Fix Kotlin version in changelog
72f9d02 Update changelog for v3.28.8
a91a3f7 Merge pull request #2744 from github/igfoo/kot2.1.10
c520fb5 Merge pull request #2745 from github/mergeback/v3.28.7-to-main-6e545590
3879c57 Add changelog entry
0c21937 Run "npm run build"
5a61bf0 Kotlin: The 2.20.3 release supports Kotlin 2.1.10.
163d119 Update checked-in dependencies
bcf5cec Update changelog and version after v3.28.7
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.24.0 to 0.29.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.29.0

What's Changed

feat: Allow skipping setup by @rvesse in aquasecurity/trivy-action#414

Fix oras command not found in "Update Trivy Cache" action by @Tiryoh in aquasecurity/trivy-action#413

Update README.md by @simar7 in aquasecurity/trivy-action#420

feat: add token for setup-trivy by @DmitriyLewen in aquasecurity/trivy-action#421

fix: bump setup-trivy and add new contrib direc...
Description has been truncated

Bumps the actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.2` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `3.8.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.6` | `4.6.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.5.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.3.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.1` | `6.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.26.12` | `3.28.8` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.24.0` | `0.29.0` | Updates `actions/checkout` from 4.1.7 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.7...11bd719) Updates `docker/setup-buildx-action` from 3.6.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@988b5a0...6524bf6) Updates `docker/login-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@0d4c9c5...9780b0c) Updates `actions/upload-artifact` from 4.3.6 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.6...65c4c4a) Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@5a2ce3f...3b139cf) Updates `actions/setup-go` from 5.0.2 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...f111f33) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@971e284...ec5d184) Updates `github/codeql-action` from 3.26.12 to 3.28.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c36620d...dd74661) Updates `aquasecurity/trivy-action` from 0.24.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@6e7b7d1...18f2510) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-02-03T02:27:28Z

The following labels could not be found: area/dependency, release-note-none, ok-to-test.

dependabot bot mentioned this pull request Feb 3, 2025

Bump the actions group across 1 directory with 9 updates #511

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 9 updates #513

Bump the actions group across 1 directory with 9 updates #513

dependabot bot commented on behalf of github Feb 3, 2025

dependabot bot commented on behalf of github Feb 3, 2025

Bump the actions group across 1 directory with 9 updates #513

Are you sure you want to change the base?

Bump the actions group across 1 directory with 9 updates #513

Conversation

dependabot bot commented on behalf of github Feb 3, 2025

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v3.8.0

v3.7.1

v3.7.0

v3.3.0

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

What's Changed

New Contributors

v4.4.0

Notice: Breaking Changes ⚠️

v4.5.0

What's Changed

New Contributors

v4.4.0

What's Changed

v4.3.5

What's Changed

New Contributors

v5.3.0

What's Changed

New Contributors

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

New Contributors

v6.2.0

What's Changed

Changes

Documentation

Dependencies

New Contributors

v3.28.8

CodeQL Action Changelog

3.28.8 - 29 Jan 2025

v3.28.7

CodeQL Action Changelog

3.28.7 - 29 Jan 2025

v3.28.6

CodeQL Action Changelog

3.28.6 - 27 Jan 2025

v3.28.5

CodeQL Action Changelog

3.28.5 - 24 Jan 2025

v3.28.4

CodeQL Action Changelog