-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update: bump the gh-actions-packages group across 1 directory with 9 updates #391
Closed
dependabot
wants to merge
1
commit into
dev
from
dependabot/github_actions/dev/gh-actions-packages-7180a38edf
Closed
update: bump the gh-actions-packages group across 1 directory with 9 updates #391
dependabot
wants to merge
1
commit into
dev
from
dependabot/github_actions/dev/gh-actions-packages-7180a38edf
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…updates Bumps the gh-actions-packages group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.15` | `3.26.12` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.2.0` | | [snok/install-poetry](https://github.com/snok/install-poetry) | `1.3.4` | `1.4.1` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2837.0` | `12.2875.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.0` | `0.17.3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.5.0` | `3.7.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.5.0` | `6.9.0` | | [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) | `1.1.52` | `1.1.53` | Updates `actions/checkout` from 4.1.7 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@692973e...eef6144) Updates `github/codeql-action` from 3.25.15 to 3.26.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@afb54ba...c36620d) Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@39cd149...f677139) Updates `snok/install-poetry` from 1.3.4 to 1.4.1 - [Release notes](https://github.com/snok/install-poetry/releases) - [Commits](snok/install-poetry@93ada01...76e04a9) Updates `bridgecrewio/checkov-action` from 12.2837.0 to 12.2875.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@f34d0f0...14667c6) Updates `anchore/sbom-action` from 0.17.0 to 0.17.3 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@d94f46e...f5e124a) Updates `docker/setup-buildx-action` from 3.5.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@aa33708...c47758b) Updates `docker/build-push-action` from 6.5.0 to 6.9.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@5176d81...4f58ea7) Updates `MishaKav/pytest-coverage-comment` from 1.1.52 to 1.1.53 - [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases) - [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md) - [Commits](MishaKav/pytest-coverage-comment@fa1c641...8188282) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: snok/install-poetry dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: MishaKav/pytest-coverage-comment dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
labels
Oct 11, 2024
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issues.github/workflows/.reusable-sast.yml
OpenSSF ScorecardScorecard details
Scanned Manifest Files.github/workflows/.reusable-build.yml.github/workflows/.reusable-compliance.yml.github/workflows/.reusable-docs.yml.github/workflows/.reusable-integration-test.yml.github/workflows/.reusable-sast.yml
.github/workflows/.reusable-sca.yml.github/workflows/.reusable-unit-test.yml
.github/workflows/semgrep.yml |
Coverage Report
|
Superseded by #393. |
dependabot
bot
deleted the
dependabot/github_actions/dev/gh-actions-packages-7180a38edf
branch
October 14, 2024 21:47
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the gh-actions-packages group with 9 updates in the / directory:
4.1.7
4.2.1
3.25.15
3.26.12
5.1.1
5.2.0
1.3.4
1.4.1
12.2837.0
12.2875.0
0.17.0
0.17.3
3.5.0
3.7.1
6.5.0
6.9.0
1.1.52
1.1.53
Updates
actions/checkout
from 4.1.7 to 4.2.1Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
eef6144
Prepare 4.2.1 release (#1925)6b42224
Add workflow file for publishing releases to immutable action package (#1919)de5a000
Check out other refs/* by commit if provided, fall back to ref (#1924)d632683
Prepare 4.2.0 release (#1878)6d193bf
Bump braces from 3.0.2 to 3.0.3 (#1777)db0cee9
Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)b684943
Add Ref and Commit outputs (#1180)2d7d9f7
Provide explanation for where user email came from (#1869)9a9194f
Bump docker/build-push-action from 5.3.0 to 6.5.0 (#1832)dd960bd
Bump docker/login-action in the minor-actions-dependencies group (#1831)Updates
github/codeql-action
from 3.25.15 to 3.26.12Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
c36620d
Merge pull request #2529 from github/update-v3.26.12-c9a70ff45570aecb
Update changelog for v3.26.12c9a70ff
Merge pull request #2526 from github/henrymercer/check-zstd-on-pathd65a176
Rebuildbf2e624
Update src/tar.ts56d1975
Merge pull request #2489 from github/redsun82/rust7cf65a5
Merge pull request #2518 from github/dependabot/npm_and_yarn/npm-88156698cd8a56dd2
Update to@actions/core
1.11.11532671
Update default bundle to 2.19.1 (#2519)64871a8
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1Updates
actions/setup-python
from 5.1.1 to 5.2.0Release notes
Sourced from actions/setup-python's releases.
Commits
f677139
Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)2bd53f9
Documentation update for caching poetry dependencies (#908)80b49d3
fix: add arch to cache key (#896)036a523
Fix: Add.zip
extension to Windows package downloads forExpand-Archive
C...04c1311
Fix display of emojis in contributors doc (#899)cb68456
Updated@iarna/toml
version to 3.0.0 (#912)Updates
snok/install-poetry
from 1.3.4 to 1.4.1Release notes
Sourced from snok/install-poetry's releases.
Commits
76e04a9
Usepython3
instead ofpython
972a0e7
docs: Fix trailing whitespace929c2d5
Improve cache Poetry install instructionsd80b6da
chore: Disable shellcheck via actionlintee581f3
chore: Correct python version to fix test matrix98e97e2
feat: support with plugins0a8188c
Removecurl
dependency (#153)a7f4164
chore: Update dependencies and add pre-commit hook9849dc5
Add virtualenvs-path to the Install Poetry step4e96961
chore(deps): bump actions/cache from 3 to 4Updates
bridgecrewio/checkov-action
from 12.2837.0 to 12.2875.0Commits
14667c6
Bump checkov container version to 3.2.2574dda818
Bump checkov container version to 3.2.256d0e41ab
Bump checkov container version to 3.2.2556aa9bec
Bump checkov container version to 3.2.25415c964c
Bump checkov container version to 3.2.2532fbe614
Bump checkov container version to 3.2.25208a0f07
Bump checkov container version to 3.2.2516f49ab0
Bump checkov container version to 3.2.2506429623
Bump checkov container version to 3.2.249330d6e0
Bump checkov container version to 3.2.248Updates
anchore/sbom-action
from 0.17.0 to 0.17.3Release notes
Sourced from anchore/sbom-action's releases.
Commits
f5e124a
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)eff08d0
chore: configure changelog-ignore label (#499)18f9bde
chore: remove snapshot tests; fix deprecation errors for outdated packages (#...2e87236
add release docs (#500)4a914bc
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#497)8cb9966
chore(deps): update Syft to v1.14.0 (#498)beb779b
Update README to include bit about permissions near the top (#496)87b3137
chore(deps): update Syft to v1.13.0 (#488)5cc1a40
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#495)dbef896
add awaiting response management (#494)Updates
docker/setup-buildx-action
from 3.5.0 to 3.7.1Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
c47758b
Merge pull request #369 from crazy-max/revert-crypto8fea382
chore: update generated content2874e98
switch back to uuid package8026d2b
Merge pull request #362 from docker/dependabot/npm_and_yarn/docker/actions-to...e51aab5
chore: update generated contentfd7390e
build(deps): bump@docker/actions-toolkit
from 0.35.0 to 0.39.0910a304
Merge pull request #366 from crazy-max/remove-uuid3623ee4
chore: update generated contente0e5ecf
remove uuid package and switch to crypto5334dd0
Merge pull request #363 from crazy-max/set-buildkitd-flags-optinUpdates
docker/build-push-action
from 6.5.0 to 6.9.0Release notes
Sourced from docker/build-push-action's releases.
Commits
4f58ea7
Merge pull request #1234 from docker/dependabot/npm_and_yarn/docker/actions-t...49b5ea6
chore: update generated content13c9fdd
chore(deps): Bump@docker/actions-toolkit
from 0.38.0 to 0.39.0e44afff
Merge pull request #1232 from docker/dependabot/npm_and_yarn/path-to-regexp-6...67ebad3
chore(deps): Bump path-to-regexp from 6.2.2 to 6.3.032945a3
Merge pull request #1230 from docker/dependabot/npm_and_yarn/docker/actions-t...e0fe9cf
chore: update generated content8f1ff6b
chore(deps): Bump@docker/actions-toolkit
from 0.37.1 to 0.38.05cd11c3
Merge pull request #1211 from crazy-max/summary-info-message0aba704
chore: update generated contentUpdates
MishaKav/pytest-coverage-comment
from 1.1.52 to 1.1.53Release notes
Sourced from MishaKav/pytest-coverage-comment's releases.
Changelog
Sourced from MishaKav/pytest-coverage-comment's changelog.
... (truncated)
Commits
8188282
Skipping full covered files from xml (#187)e8eba13
Bump schneegans/dynamic-badges-action from 1.6.0 to 1.7.0 (#176)049ad47
Bump actions/checkout from 3 to 4 (#175)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions