chore(deps): bump the github-actions group across 1 directory with 7 updates #183

dependabot · 2024-07-30T12:31:30Z

Bumps the github-actions group with 7 updates in the / directory:

Package	From	To
actions/checkout	`4.1.2`	`4.1.7`
actions/setup-node	`4.0.2`	`4.0.3`
github/codeql-action	`3.25.1`	`3.25.15`
actions/dependency-review-action	`4.2.5`	`4.3.4`
docker/setup-buildx-action	`3.3.0`	`3.6.1`
docker/login-action	`3.1.0`	`3.3.0`
docker/build-push-action	`5.3.0`	`6.5.0`

Updates actions/checkout from 4.1.2 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

What's Changed

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Full Changelog: actions/checkout@v4.1.3...v4.1.4

v4.1.3

What's Changed

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

Changelog

Sourced from actions/checkout's changelog.

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

Commits

692973e Prepare 4.1.7 release (#1775)
6ccd57f Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
b17fe1e Handle hidden refs (#1774)
b80ff79 Bump actions/checkout from 3 to 4 (#1697)
b1ec302 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
a5ac7e5 Update for 4.1.6 release (#1733)
24ed1a3 Check platform for extension (#1732)
44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@users.norepl...
8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
Additional commits viewable in compare view

Updates actions/setup-node from 4.0.2 to 4.0.3

Release notes

Sourced from actions/setup-node's releases.

v4.0.3

What's Changed

Bug fixes:

Fix macos latest check failures by @HarithaVattikuti in actions/setup-node#1041

Documentation changes:

Documentation update to update default Node version to 20 by @bengreeley in actions/setup-node#949

Dependency updates:

Bump undici from 5.26.5 to 5.28.3 by @dependabot in actions/setup-node#965

Bump braces from 3.0.2 to 3.0.3 and other dependency updates by @dependabot in actions/setup-node#1087

New Contributors

@bengreeley made their first contribution in actions/setup-node#949

@HarithaVattikuti made their first contribution in actions/setup-node#1041

Full Changelog: actions/setup-node@v4...v4.0.3

Commits

1e60f62 Bump braces from 3.0.2 to 3.0.3 (#1087)
eff380d Fix macos latest check failures (#1041)
c2ac33f Bump undici from 5.26.5 to 5.28.3 (#965)
25b062c Update README.md to update default Node version to 20 (#949)
See full diff in compare view

Updates github/codeql-action from 3.25.1 to 3.25.15

Changelog

Sourced from github/codeql-action's changelog.

Commits

afb54ba Merge pull request #2391 from github/update-v3.25.15-4b1d7da10
57a4b22 Update changelog for v3.25.15
4b1d7da Merge pull request #2385 from github/update-bundle/codeql-bundle-v2.18.1
97e8f69 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1
f8e94f9 Merge pull request #2389 from github/mergeback/v3.25.14-to-main-5cf07d8b
9e375a8 Update checked-in dependencies
02d73d0 Update changelog and version after v3.25.14
5cf07d8 Merge pull request #2388 from github/update-v3.25.14-1b214db07
ecab108 Update changelog for v3.25.14
1b214db Merge pull request #2387 from github/aibaars/remove-set-secret
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.2.5 to 4.3.4

Release notes

Sourced from actions/dependency-review-action's releases.

v4.3.4

What's Changed

Include all added dependencies in scorecard entries by @elireisman in actions/dependency-review-action#783

Update SPDX Expression Parsing by @febuiles in actions/dependency-review-action#719

This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765

use the v3 version of the deps.dev API by @josieang in actions/dependency-review-action#741

PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @am-stead in actions/dependency-review-action#773

fix show-openssf-scorecard-levels input by @ramann in actions/dependency-review-action#776

Updates to the contribution guidelines by @jonjanego in actions/dependency-review-action#778

Create issue templates by @jonjanego in actions/dependency-review-action#777

Fix the max comment length issue by @jhutchings1 and @elireisman in actions/dependency-review-action#767

Bump project version to 4.3.3 in prep for a release by @elireisman in actions/dependency-review-action#781

New Contributors

@josieang made their first contribution in actions/dependency-review-action#741

@am-stead made their first contribution in actions/dependency-review-action#773

@ramann made their first contribution in actions/dependency-review-action#776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

What's Changed

Fix package-url parsing for allow-dependencies-licenses by @juxtin in actions/dependency-review-action#761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See actions/dependency-review-action#753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

New Features

The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

Fix action variable name for scorecard by @lukehinds in actions/dependency-review-action#735

Fix extra https:// in summary by @jhutchings1 in actions/dependency-review-action#748

Bump typescript from 5.3.3 to 5.4.5 by @dependabot in actions/dependency-review-action#744

Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in actions/dependency-review-action#737

Show denied packages with red X by @juxtin in actions/dependency-review-action#750

deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in actions/dependency-review-action#733

... (truncated)

Commits

5a2ce3f Merge pull request #791 from actions/juxtin/update-version
ac6a6ad Prepare even more for v4.3.4
3e2b917 Merge pull request #790 from actions/juxtin/update-version
d9ab9c8 Update version in package.json
8c152c7 Merge pull request #769 from actions/dependabot/npm_and_yarn/zod-3.23.8
0085d30 Update dist
08b5bf2 Bump zod from 3.22.4 to 3.23.8
986fce9 Merge pull request #784 from actions/dependabot/npm_and_yarn/got-14.4.1
28743f8 Merge pull request #719 from actions/change-spdx-parser
d6f34c3 Merge pull request #789 from actions/dependabot/npm_and_yarn/braces-3.0.3
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.3.0 to 3.6.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.6.1

Check for malformed docker context by @crazy-max in docker/setup-buildx-action#347

Full Changelog: docker/setup-buildx-action@v3.6.0...v3.6.1

v3.6.0

Create temp docker context if default one has TLS data loaded before creating a container builder by @crazy-max in docker/setup-buildx-action#341

Full Changelog: docker/setup-buildx-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-buildx-action#340 docker/setup-buildx-action#344 docker/setup-buildx-action#345

Full Changelog: docker/setup-buildx-action@v3.4.0...v3.5.0

v3.4.0

Throw error message instead of exit code by @crazy-max in docker/setup-buildx-action#315

Bump @docker/actions-toolkit from 0.20.0 to 0.31.0 in docker/setup-buildx-action#321 docker/setup-buildx-action#338

Bump braces from 3.0.2 to 3.0.3 in docker/setup-buildx-action#329

Bump undici from 5.28.3 to 5.28.4 in docker/setup-buildx-action#312

Bump uuid from 9.0.1 to 10.0.0 in docker/setup-buildx-action#326

Full Changelog: docker/setup-buildx-action@v3.3.0...v3.4.0

Commits

988b5a0 Merge pull request #347 from crazy-max/skip-malformed-context
2c21562 chore: update generated content
3382292 check for malformed docker context
3d68780 Merge pull request #341 from crazy-max/docker-context-tls
d069e98 chore: update generated content
8b850f8 create docker context if default one has TLS data loaded
aa33708 Merge pull request #345 from docker/dependabot/npm_and_yarn/docker/actions-to...
2d99e34 chore: update generated content
4dab436 build(deps): bump @docker/actions-toolkit from 0.34.0 to 0.35.0
49a04d6 Merge pull request #344 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates docker/login-action from 3.1.0 to 3.3.0

Release notes

Sourced from docker/login-action's releases.

v3.3.0

Bump @docker/actions-toolkit from 0.24.0 to 0.35.0 in docker/login-action#754

Bump https-proxy-agent from 7.0.4 to 7.0.5 in docker/login-action#741

Bump braces from 3.0.2 to 3.0.3 in docker/login-action#730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

v3.2.0

Improve missing username/password by @Frankkkkk in docker/login-action#706

Bump @docker/actions-toolkit from 0.18.0 to 0.24.0 in docker/login-action#715 docker/login-action#721

Bump aws-sdk-dependencies to 3.583.0 in docker/login-action#720

Bump undici from 5.28.3 to 5.28.4 in docker/login-action#694

Full Changelog: docker/login-action@v3.1.0...v3.2.0

Commits

9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2fa130c chore: update generated content
5e87b2a build(deps): bump https-proxy-agent
e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
9af18aa chore: update generated content
668190a switch to Docker exec
be5150d build(deps): bump @docker/actions-toolkit from 0.24.0 to 0.35.0
e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
793c19c build(deps): bump docker/bake-action from 4 to 5
Additional commits viewable in compare view

Updates docker/build-push-action from 5.3.0 to 6.5.0

Release notes

Sourced from docker/build-push-action's releases.

v6.5.0

Bump @docker/actions-toolkit from 0.33.0 to 0.35.0 in docker/build-push-action#1186 docker/build-push-action#1191

Full Changelog: docker/build-push-action@v6.4.1...v6.5.0

v6.4.1

revert "Set repository and ghtoken attributes for GitHub Actions cache backend" by @crazy-max in docker/build-push-action#1183

Full Changelog: docker/build-push-action@v6.4.0...v6.4.1

v6.4.0

Set repository and ghtoken attributes for GitHub Actions cache backend by @crazy-max in docker/build-push-action#1133

Bump @docker/actions-toolkit from 0.31.0 to 0.33.0 in docker/build-push-action#1179

Full Changelog: docker/build-push-action@v6.3.0...v6.4.0

v6.3.0

DOCKER_BUILD_RECORD_UPLOAD environment variable to enable/disable build record upload by @crazy-max in docker/build-push-action#1172

DOCKER_BUILD_NO_SUMMARY has been deprecated. Set DOCKER_BUILD_SUMMARY to false instead by @crazy-max in docker/build-push-action#1170 docker/build-push-action#1173

Bump @docker/actions-toolkit from 0.28.0 to 0.31.0 in docker/build-push-action#1171 docker/build-push-action#1159 docker/build-push-action#1169

Full Changelog: docker/build-push-action@v6.2.0...v6.3.0

v6.2.0

Use default retention days for build export artifact by @crazy-max in docker/build-push-action#1153

Bump @docker/actions-toolkit from 0.27.0 to 0.28.0 in docker/build-push-action#1158

Full Changelog: docker/build-push-action@v6.1.0...v6.2.0

v6.1.0

Bump @docker/actions-toolkit from 0.26.2 to 0.27.0 in docker/build-push-action#1149

Full Changelog: docker/build-push-action@v6.0.2...v6.1.0

v6.0.2

Bump @docker/actions-toolkit from 0.26.1 to 0.26.2 in docker/build-push-action#1147

Full Changelog: docker/build-push-action@v6.0.1...v6.0.2

v6.0.1

Bump @docker/actions-toolkit from 0.26.0 to 0.26.1 in docker/build-push-action#1142

Full Changelog: docker/build-push-action@v6.0.0...v6.0.1

v6.0.0

Export build record and generate build summary by @crazy-max in docker/build-push-action#1120

Bump @docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138

Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE]

... (truncated)

Commits

5176d81 Merge pull request #1191 from docker/dependabot/npm_and_yarn/docker/actions-t...
ec10ae8 chore: update generated content
597e8fc chore(deps): Bump @docker/actions-toolkit from 0.34.0 to 0.35.0
e050dfa Merge pull request #1186 from docker/dependabot/npm_and_yarn/docker/actions-t...
d1fcdb6 chore: update generated content
a6067b9 chore(deps): Bump @docker/actions-toolkit from 0.33.0 to 0.34.0
1ca370b Merge pull request #1183 from crazy-max/revert-gha-cache-to
2c95ebe chore: update generated content
d189d0e Revert "set repository and ghtoken attributes for gha cache type"
a254f8c Merge pull request #1179 from docker/dependabot/npm_and_yarn/docker/actions-t...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.2` | `4.1.7` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.2` | `4.0.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.1` | `3.25.15` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.2.5` | `4.3.4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.3.0` | `3.6.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.1.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `6.5.0` | Updates `actions/checkout` from 4.1.2 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.2...v4.1.7) Updates `actions/setup-node` from 4.0.2 to 4.0.3 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4.0.2...v4.0.3) Updates `github/codeql-action` from 3.25.1 to 3.25.15 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.25.1...v3.25.15) Updates `actions/dependency-review-action` from 4.2.5 to 4.3.4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v4.2.5...v4.3.4) Updates `docker/setup-buildx-action` from 3.3.0 to 3.6.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.3.0...v3.6.1) Updates `docker/login-action` from 3.1.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3.1.0...v3.3.0) Updates `docker/build-push-action` from 5.3.0 to 6.5.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v5.3.0...v6.5.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from MM25Zamanian as a code owner July 30, 2024 12:31

dependabot bot added ci Work that improves the continuous integration. maintenance Generic maintenance tasks. priority-low Nice addition, maybe... someday... labels Jul 30, 2024

dependabot bot mentioned this pull request Jul 30, 2024

chore(deps): bump the github-actions group across 1 directory with 7 updates #180

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 7 updates #183

chore(deps): bump the github-actions group across 1 directory with 7 updates #183

dependabot bot commented on behalf of github Jul 30, 2024 •

edited

Loading

chore(deps): bump the github-actions group across 1 directory with 7 updates #183

Are you sure you want to change the base?

chore(deps): bump the github-actions group across 1 directory with 7 updates #183

Conversation

dependabot bot commented on behalf of github Jul 30, 2024 • edited Loading

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

v4.1.4

What's Changed

v4.1.3

What's Changed

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.0.3

What's Changed

Bug fixes:

Documentation changes:

Dependency updates:

New Contributors

v4.3.4

What's Changed

Notes for v4.3.3

What's Changed

New Contributors

v4.3.2

What's Changed

v4.3.1

What's Changed

v4.3.0

New Features

What's Changed

v3.6.1

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v6.5.0

v6.4.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.2

v6.0.1

v6.0.0

dependabot bot commented on behalf of github Jul 30, 2024 •

edited

Loading