update: bump the gh-actions-packages group with 6 updates

Bumps the gh-actions-packages group with 6 updates: | Package | From | To | | --- | --- | --- | | [snok/container-retention-policy](https://github.com/snok/container-retention-policy) | `2.1.3` | `2.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.22.7` | `3.24.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3.1.3` | `4.0.0` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2580.0` | `12.2659.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.14.3` | `0.15.8` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.4` | `4.0.1` | Updates `snok/container-retention-policy` from 2.1.3 to 2.2.1 - [Release notes](https://github.com/snok/container-retention-policy/releases) - [Commits](snok/container-retention-policy@3d27e6a...b56f4ff) Updates `github/codeql-action` from 2.22.7 to 3.24.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2.22.7...e8893c5) Updates `actions/dependency-review-action` from 3.1.3 to 4.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@7bbfa03...4901385) Updates `bridgecrewio/checkov-action` from 12.2580.0 to 12.2659.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@558f721...45a758f) Updates `anchore/sbom-action` from 0.14.3 to 0.15.8 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@78fc58e...b6a39da) Updates `codecov/codecov-action` from 3.1.4 to 4.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@eaaf4be...e0b68c6) --- updated-dependencies: - dependency-name: snok/container-retention-policy dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
semgr8ns · Feb 4, 2024 · 06f2507 · 06f2507
1 parent 56f739e
commit 06f2507
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 16 deletions.
diff --git a/.github/workflows/.reusable-cleanup-registry.yml b/.github/workflows/.reusable-cleanup-registry.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Cleanup test images
-        uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
+        uses: snok/container-retention-policy@b56f4ff7539c1f94f01e5dc726671cd619aa8072 # v2.2.1
         with:
           image-names: semgr8s-test
           cut-off: three weeks ago UTC+1
@@ -19,7 +19,7 @@ jobs:
           org-name: sse-secure-systems
           token: ${{ secrets.GHCR_PAT }}
       - name: Cleanup dangling images without tag
-        uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
+        uses: snok/container-retention-policy@b56f4ff7539c1f94f01e5dc726671cd619aa8072 # v2.2.1
         with:
           image-names: semgr8s*
           untagged-only: true
@@ -29,7 +29,7 @@ jobs:
           org-name: sse-secure-systems
           token: ${{ secrets.GHCR_PAT }}
       - name: Cleanup all images
-        uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
+        uses: snok/container-retention-policy@b56f4ff7539c1f94f01e5dc726671cd619aa8072 # v2.2.1
         with:
           image-names: semgr8s
           skip-tags: master, develop, v*, sha256-*

diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml
@@ -33,7 +33,7 @@ jobs:
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
           publish_results: ${{ github.ref_name == 'master' }}
       - name: Upload
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         with:
           sarif_file: results.sarif
 
@@ -51,7 +51,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Review
-        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
+        uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
         with:
           comment-summary-in-pr: always
 

diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml
@@ -36,7 +36,7 @@ jobs:
         run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         with:
           sarif_file: 'bandit-results.sarif'
 
@@ -75,20 +75,20 @@ jobs:
         shell: bash
       - name: Scan
         if: inputs.output == 'table'
-        uses: bridgecrewio/checkov-action@558f721c4bd65a6fc59b02448ffc792eb721cb9b # v12.2580.0
+        uses: bridgecrewio/checkov-action@45a758f823d6c9027d27d14aa326720d8c92607c # v12.2659.0
         with:
           output_format: cli
           soft_fail: false
       - name: Scan
         if: inputs.output == 'sarif'
-        uses: bridgecrewio/checkov-action@558f721c4bd65a6fc59b02448ffc792eb721cb9b # v12.2580.0
+        uses: bridgecrewio/checkov-action@45a758f823d6c9027d27d14aa326720d8c92607c # v12.2659.0
         with:
           output_file_path: console,checkov-results.sarif
           output_format: cli,sarif
           soft_fail: true
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         with:
           sarif_file: checkov-results.sarif
 
@@ -105,11 +105,11 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+      uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
       with:
         languages: 'python'
     - name: Analyze
-      uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+      uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
 
   hadolint:
     runs-on: ubuntu-latest
@@ -138,7 +138,7 @@ jobs:
           no-fail: true
           output-file: hadolint-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'hadolint-results.sarif'
@@ -170,7 +170,7 @@ jobs:
           format: sarif
           output-file: kubelinter-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'kubelinter-results.sarif'
@@ -211,7 +211,7 @@ jobs:
         if: inputs.output == 'sarif'
         run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0
       - name: Upload
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         if: inputs.output == 'sarif'
         with:
           sarif_file: semgrep-results.sarif

diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml
@@ -93,7 +93,7 @@ jobs:
           username: ${{ inputs.repo_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run
-        uses: anchore/sbom-action@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+        uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
         with:
           image: ${{ inputs.image }}
           format: cyclonedx-json

diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml
@@ -24,6 +24,6 @@ jobs:
       - name: Test
         run: pytest --cov=semgr8s --cov-report=xml tests/
       - name: Upload
-        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1
         with:
           file: coverage.xml