Skip to content

Commit 0740d28

Browse files
dependabot[bot]dependabot[bot]
authored
deps: bump the production-dependencies group across 1 directory with 17 updates
Bumps the production-dependencies group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `0b1efabc08b657293548b77fb76cc02d26091c7e` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `5.10.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.18.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `3.0.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6.1.0` | `7.2.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `6` | | [actions/labeler](https://github.com/actions/labeler) | `5` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `8.0.0` | | [42ByteLabs/patch-release-me](https://github.com/42bytelabs/patch-release-me) | `0.5.3` | `0.6.4` | | [Andrew-Chen-Wang/github-wiki-action](https://github.com/andrew-chen-wang/github-wiki-action) | `4.4.0` | `5.0.3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) Updates `dtolnay/rust-toolchain` from 56f84321dbccf38fb67ce29ab63e4754056677e0 to 0b1efabc08b657293548b77fb76cc02d26091c7e - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](dtolnay/rust-toolchain@56f8432...0b1efab) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@b5ca514...e468171) Updates `docker/login-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...5e57cd1) Updates `docker/metadata-action` from 5.7.0 to 5.10.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@902fa8e...c299e40) Updates `docker/build-push-action` from 6.15.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@471d1dc...2634353) Updates `actions/attest-build-provenance` from 2.2.3 to 3.0.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@c074443...977bb37) Updates `anchore/scan-action` from 6.1.0 to 7.2.2 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@7c05671...3c9a191) Updates `actions/upload-artifact` from 4 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v6) Updates `actions/labeler` from 5 to 6 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@v5...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `peter-evans/create-pull-request` from 7.0.8 to 8.0.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@271a8d0...98357b1) Updates `42ByteLabs/patch-release-me` from 0.5.3 to 0.6.4 - [Release notes](https://github.com/42bytelabs/patch-release-me/releases) - [Commits](42ByteLabs/patch-release-me@f950db6...ef44b04) Updates `Andrew-Chen-Wang/github-wiki-action` from 4.4.0 to 5.0.3 - [Release notes](https://github.com/andrew-chen-wang/github-wiki-action/releases) - [Commits](Andrew-Chen-Wang/github-wiki-action@50650fc...6448478) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: dtolnay/rust-toolchain dependency-version: 0b1efabc08b657293548b77fb76cc02d26091c7e dependency-type: direct:production dependency-group: production-dependencies - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/metadata-action dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/attest-build-provenance dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: anchore/scan-action dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: 42ByteLabs/patch-release-me dependency-version: 0.6.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: Andrew-Chen-Wang/github-wiki-action dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
1 parent 8f0c1ed commit 0740d28

20 files changed

Lines changed: 51 additions & 51 deletions

.github/workflows/codeql-dynamic.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,19 +39,19 @@ jobs:
3939

4040
steps:
4141
- name: Checkout repository
42-
uses: actions/checkout@v4
42+
uses: actions/checkout@v6
4343

4444
# Initializes the CodeQL tools for scanning.
4545
- name: Initialize CodeQL
46-
uses: github/codeql-action/init@v3
46+
uses: github/codeql-action/init@v4
4747
with:
4848
languages: ${{ matrix.language }}
4949

5050
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5151
- name: Autobuild
52-
uses: github/codeql-action/autobuild@v3
52+
uses: github/codeql-action/autobuild@v4
5353

5454
- name: Perform CodeQL Analysis
55-
uses: github/codeql-action/analyze@v3
55+
uses: github/codeql-action/analyze@v4
5656
with:
5757
category: "/language:${{matrix.language}}"

.github/workflows/codeql-iac.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,13 @@ jobs:
1414

1515
steps:
1616
- name: Checkout repository
17-
uses: actions/checkout@v4
17+
uses: actions/checkout@v6
1818

1919
- name: Initialize and Analyze IaC
2020
id: codeql_iac
2121
uses: advanced-security/codeql-extractor-iac@main
2222

2323
- name: Upload SARIF file
24-
uses: github/codeql-action/upload-sarif@v3
24+
uses: github/codeql-action/upload-sarif@v4
2525
with:
2626
sarif_file: ${{ steps.codeql_iac.outputs.sarif }}

.github/workflows/codeql-packs.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
steps:
1818
- name: "Set Matrix"
1919
id: set-matrix
20-
uses: actions/github-script@v7
20+
uses: actions/github-script@v8
2121
with:
2222
script: |
2323
const packs = '${{ inputs.packs }}'.split(',');
@@ -42,7 +42,7 @@ jobs:
4242

4343
steps:
4444
- name: Checkout repository
45-
uses: actions/checkout@v4
45+
uses: actions/checkout@v6
4646

4747
- name: "Build and Publish CodeQL Packs"
4848
env:

.github/workflows/codeql-ql.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,16 @@ jobs:
1818

1919
steps:
2020
- name: "Checkout repository"
21-
uses: actions/checkout@v4
21+
uses: actions/checkout@v6
2222

2323
- name: "Set up Rust"
24-
uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # v1.85.1
24+
uses: dtolnay/rust-toolchain@0b1efabc08b657293548b77fb76cc02d26091c7e # v1.85.1
2525
with:
2626
toolchain: stable
2727

2828
- name: "Restore cached Cargo"
2929
id: cache-restore
30-
uses: actions/cache/restore@v4
30+
uses: actions/cache/restore@v5
3131
with:
3232
path: |
3333
~/.cargo/bin/
@@ -111,15 +111,15 @@ jobs:
111111
mv updated_sarif.sarif ${{ steps.run_ql.outputs.sarif }}
112112
113113
- name: Upload SARIF file
114-
uses: github/codeql-action/upload-sarif@v3
114+
uses: github/codeql-action/upload-sarif@v4
115115
with:
116116
sarif_file: ${{ steps.run_ql.outputs.sarif }}
117117
category: "/codeql:ql"
118118

119119
- name: Save Cargo / Rust Cache
120120
id: cache-save
121121
if: ${{ github.event_name == 'push' }}
122-
uses: actions/cache/save@v4
122+
uses: actions/cache/save@v5
123123
with:
124124
path: |
125125
~/.cargo/bin/

.github/workflows/container-publish.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -40,20 +40,20 @@ jobs:
4040

4141
steps:
4242
- name: Checkout repository
43-
uses: actions/checkout@v4
43+
uses: actions/checkout@v6
4444

4545
- name: Set up Docker Buildx
46-
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
46+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
4747

4848
- name: Log in to the Container registry
49-
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
49+
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
5050
with:
5151
registry: ${{ env.REGISTRY }}
5252
username: ${{ github.actor }}
5353
password: ${{ secrets.GITHUB_TOKEN }}
5454

5555
- name: Set Container Metadata
56-
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
56+
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051
5757
id: meta
5858
with:
5959
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@@ -67,7 +67,7 @@ jobs:
6767
type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.version }}
6868
6969
- name: Build & Publish Container ${{ env.IMAGE_NAME }}
70-
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
70+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
7171
id: build
7272
with:
7373
file: "${{ inputs.container-file }}"
@@ -87,13 +87,13 @@ jobs:
8787

8888
# Build provenance attestations
8989
- name: Attest Container Image
90-
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
90+
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
9191
with:
9292
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
9393
subject-digest: ${{ steps.build.outputs.digest }}
9494
push-to-registry: true
9595

9696
# - name: Attest Container SBOM
97-
# uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
97+
# uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
9898
# with:
9999
# subject-path:: '*.spdx.json'

.github/workflows/container-security.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,13 @@ jobs:
3535

3636
steps:
3737
- name: Checkout repository
38-
uses: actions/checkout@v4
38+
uses: actions/checkout@v6
3939

4040
- name: Set up Docker Buildx
41-
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
41+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
4242

4343
- name: Build Initial Container
44-
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
44+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
4545
id: build
4646
with:
4747
file: "${{ inputs.container-file }}"
@@ -52,20 +52,20 @@ jobs:
5252

5353
# Scan the image for vulnerabilities
5454
- name: Run the Anchore / Grype scan action
55-
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
55+
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
5656
id: scan
5757
with:
5858
image: localbuild/testimage:latest
5959
only-fixed: true
6060
fail-build: ${{ inputs.scanning-block }}
6161

6262
- name: Upload SARIF artifact
63-
uses: actions/upload-artifact@v4
63+
uses: actions/upload-artifact@v6
6464
with:
6565
name: sarif
6666
path: ${{ steps.scan.outputs.sarif }}
6767

6868
- name: Upload vulnerability report
69-
uses: github/codeql-action/upload-sarif@v3
69+
uses: github/codeql-action/upload-sarif@v4
7070
with:
7171
sarif_file: ${{ steps.scan.outputs.sarif }}

.github/workflows/container.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ jobs:
5858

5959
steps:
6060
- name: "Checkout"
61-
uses: actions/checkout@v4
61+
uses: actions/checkout@v6
6262
- name: "Get and Set version"
6363
id: set-version
6464
env:

.github/workflows/dependency-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
runs-on: ubuntu-latest
2020
steps:
2121
- name: 'Checkout Repository'
22-
uses: actions/checkout@v4
22+
uses: actions/checkout@v6
2323

2424
# [optional] This setup isn't required but if your repository have a configuration,
2525
# we use that versus the centralised config.

.github/workflows/labeler.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
runs-on: ubuntu-latest
1919
steps:
2020
- name: Checkout
21-
uses: actions/checkout@v4
21+
uses: actions/checkout@v6
2222

2323
# Check if the .github/labeler.yml file exists
2424
- name: Check for labeler configuration
@@ -46,7 +46,7 @@ jobs:
4646
4747
fi
4848
49-
- uses: "actions/labeler@v5"
49+
- uses: "actions/labeler@v6"
5050
with:
5151
repo-token: "${{ secrets.GITHUB_TOKEN }}"
5252
configuration-path: "${{ steps.labeler-config.outputs.config }}"

.github/workflows/language-detection-and-assignment.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
steps:
1313
- name: Checkout code
14-
uses: actions/checkout@v4
14+
uses: actions/checkout@v6
1515

1616
- name: Detect languages
1717
id: detect-languages

0 commit comments

Comments
 (0)