chore(deps): update github-actions #741
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
a32c663
to
82b5bc7
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
3 times, most recently
from
5942ab2
to
ab81296
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
3c569df
to
b325c6d
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
b325c6d
to
39f398a
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
9716e3e
to
5db7606
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
5db7606
to
0db7abb
Compare
Signed-off-by: Mend Renovate <bot@renovateapp.com>
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
0db7abb
to
a9d879f
Compare
laurentsimon
approved these changes
Mar 22, 2024
ramonpetgrave64
pushed a commit
to ramonpetgrave64/slsa-verifier
that referenced
this pull request
Apr 10, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: slsa-framework/slsa-verifier@v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v3.1.0->v3.1.5v3.8.1->v3.8.2v2.22.1->v2.24.8v2.3.0->v2.3.1v1.9.0->v1.10.0v2.4.0->v2.4.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/dependency-review-action (actions/dependency-review-action)
v3.1.5: 3.1.5Compare Source
What's Changed
per_pagewhen requesting diff by @hmaurer in https://github.com/actions/dependency-review-action/pull/649Full Changelog: actions/dependency-review-action@v3.1.4...v3.1.5
v3.1.4: 3.1.4Compare Source
What's Changed
Fixed a bug with severity filtering when using the
allow_ghsasoption: https://github.com/actions/dependency-review-action/pull/623.Updates dependencies:
action/pull/620
Full Changelog: actions/dependency-review-action@v3...v3.1.4
v3.1.3: 3.1.3Compare Source
What's Changed
Full Changelog: actions/dependency-review-action@v3...v3.1.3
v3.1.2: 3.1.2Compare Source
What's Changed
Full Changelog: actions/dependency-review-action@v3...v3.1.2
v3.1.1: 3.1.1Compare Source
What's Changed
octokit,@actions/githubandtypescript.Full Changelog: actions/dependency-review-action@v3.1.0...v3.1.1
actions/setup-node (actions/setup-node)
v3.8.2Compare Source
What's Changed
Full Changelog: actions/setup-node@v3...v3.8.2
github/codeql-action (github/codeql-action)
v2.24.8Compare Source
v2.24.7Compare Source
v2.24.6Compare Source
v2.24.5Compare Source
v2.24.4Compare Source
v2.24.3Compare Source
v2.24.2Compare Source
v2.24.1Compare Source
v2.24.0Compare Source
v2.23.2Compare Source
v2.23.1Compare Source
v2.23.0Compare Source
v2.22.12Compare Source
v2.22.11Compare Source
v2.22.10Compare Source
v2.22.9Compare Source
v2.22.8Compare Source
v2.22.7Compare Source
v2.22.6Compare Source
v2.22.5Compare Source
v2.22.4Compare Source
v2.22.3Compare Source
v2.22.2Compare Source
ossf/scorecard-action (ossf/scorecard-action)
v2.3.1Compare Source
What's Changed
Full Changelog: ossf/scorecard-action@v2.3.0...v2.3.1
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)
v1.10.0Compare Source
Release [v1.10.0] includes bug fixes and new features.
See the full change list.
v1.10.0: TUF fix
v1.10.0: Gradle Builder
repository root (#2727)
v1.10.0: Go Builder
go-version-fileinput was fixed so that it can find thego.modfile(#2661)
v1.10.0: Container Generator
provenance-repositoryinput was added to allow reading provenance froma different container repository than the image itself (#2956)
v1.9.1Compare Source
This is an un-finalized release.
See the CHANGELOG for details.
slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)
v2.4.1Compare Source
What's Changed
New Contributors
Full Changelog: v2.4.0...v2.4.1
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.