-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Bump the github-actions group across 1 directory with 6 updates #177
base: main
Are you sure you want to change the base?
🌱 Bump the github-actions group across 1 directory with 6 updates #177
Conversation
Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.7.1` | `3.8.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.1.1` | `5.1.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.9` | `3.28.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `5.3.0` | `6.0.0` | | [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `1.9.1` | `1.9.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.5.0` | Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@c47758b...6524bf6) Updates `codecov/codecov-action` from 5.1.1 to 5.1.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@7f8b4b4...1e68e06) Updates `github/codeql-action` from 3.27.9 to 3.28.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@df409f7...48ab28a) Updates `anchore/scan-action` from 5.3.0 to 6.0.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](anchore/scan-action@869c549...abae793) Updates `google/osv-scanner-action` from 1.9.1 to 1.9.2 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@v1.9.1...v1.9.2) Updates `actions/upload-artifact` from 4.4.3 to 4.5.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...6f51ac0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google/osv-scanner-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Bumps the github-actions group with 6 updates in the / directory:
3.7.1
3.8.0
5.1.1
5.1.2
3.27.9
3.28.0
5.3.0
6.0.0
1.9.1
1.9.2
4.4.3
4.5.0
Updates
docker/setup-buildx-action
from 3.7.1 to 3.8.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
6524bf6
Merge pull request #390 from crazy-max/buildx-cloud-latest8d5e074
chore: update generated content7199e57
make cloud prefix optional to download buildx if driver is clouddb63cee
Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...043ebe1
Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...686da90
chore: update generated contenta3d7487
Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.64dcdbce
build(deps): bump@docker/actions-toolkit
from 0.39.0 to 0.48.01a8ac74
ci: fix deprecated input for codecov-actione827ebe
build(deps): bump cross-spawn from 7.0.3 to 7.0.6Updates
codecov/codecov-action
from 5.1.1 to 5.1.2Release notes
Sourced from codecov/codecov-action's releases.
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
1e68e06
chore(release): 5.1.2 (#1727)277db52
fix: update statment (#1726)c77245a
fix: update action script (#1725)9b01a34
fix: prevent oidc on tokenless due to permissioning (#1724)47e0552
chore(release): wrapper-0.0.31 (#1723)34ef570
Put quotes around${{ inputs.token }}
inaction.yml
(#1721)d93fc22
build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#1722)5c93f7a
Remove mistake from options table (#1718)2c97106
build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#1717)Updates
github/codeql-action
from 3.27.9 to 3.28.0Release notes
Sourced from github/codeql-action's releases.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
48ab28a
Merge pull request #2662 from github/update-v3.28.0-d01b25e644946b76
Update changelog for v3.28.0d01b25e
Merge pull request #2660 from github/henrymercer/fix-error-file-on-path7d6d36c
Add changelog noteb58f447
Use@actions/io
to locate binaries64cc90b
Merge pull request #2653 from github/dependabot/npm_and_yarn/npm-61c837125ed8f8eca
Merge branch 'main' into dependabot/npm_and_yarn/npm-61c837125e562042d
Merge pull request #2655 from github/aeisenberg/deprecate-2.14beed6ff
Change codeql version used in test5f0a4d3
Bump the minimum supported version of CodeQL to 2.15.5Updates
anchore/scan-action
from 5.3.0 to 6.0.0Release notes
Sourced from anchore/scan-action's releases.
Commits
abae793
chore(deps): update Grype to v0.86.1 (#416)f02232c
chore: exclude dev-deps from release drafter (#415)763018a
feat: add support for cyclonedx and cyclonedx-json output-formats (#396)e374579
chore(deps-dev): bump lint-staged from 15.2.10 to 15.2.11 (#414)e90bc67
chore(deps): bump@actions/cache
from 3.3.0 to 4.0.0 (#412)028cd8f
feat: add output-file option, default to random directory output in temp (#346)6e00665
chore(deps): update Grype to v0.86.0 (#413)15fee38
chore(deps-dev): bump eslint from 9.15.0 to 9.16.0 (#410)c4c24ec
chore(deps-dev): bump prettier from 3.3.3 to 3.4.2 (#411)Updates
google/osv-scanner-action
from 1.9.1 to 1.9.2Release notes
Sourced from google/osv-scanner-action's releases.
Commits
764c918
Merge pull request #53 from google/update-to-v1.9.2af3118a
Update unified workflow example to point to v1.9.2 reusable workflowse994fd8
Update reusable workflows to point to v1.9.2 actionsf8115f2
Update actions to use v1.9.2 osv-scanner imageUpdates
actions/upload-artifact
from 4.4.3 to 4.5.0Release notes
Sourced from actions/upload-artifact's releases.
Commits
6f51ac0
Merge pull request #656 from bdehamer/bdehamer/artifact-digestc40c16d
add new artifact-digest output735efb4
bump@actions/artifact
from 2.1.11 to 2.2.0184d73b
Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-actionb4a0a98
Merge branch 'main' into fix/deprecated-nodejs-usage-in-actionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions