Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #176

Merged
merged 1 commit into from
Oct 28, 2024
Merged

chore(deps): update github-actions #176

merged 1 commit into from
Oct 28, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 28, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v4.2.1 -> v4.2.2
github/codeql-action action minor v3.26.13 -> v3.27.0
miracum/.github action patch v1.12.5 -> v1.12.7

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

github/codeql-action (github/codeql-action)

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

miracum/.github (miracum/.github)

v1.12.7

Compare Source

Miscellaneous Chores
  • deps: trivy version update (fc8f379)

v1.12.6

Compare Source

Bug Fixes
Miscellaneous Chores
  • deps: update gcr.io/distroless/python3-debian12:nonroot docker digest to e575731 (#​85) (26fdadd)

Configuration

📅 Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 4 0 0.11s
✅ DOCKERFILE hadolint 2 0 0.1s
✅ EDITORCONFIG editorconfig-checker 67 0 0.26s
✅ GROOVY npm-groovy-lint 2 0 11.26s
✅ JAVA checkstyle 19 0 5.33s
✅ JSON jsonlint 5 0 0.24s
✅ JSON prettier 5 0 1.39s
✅ JSON v8r 5 0 3.63s
✅ MARKDOWN markdownlint 2 0 2.23s
✅ PYTHON bandit 1 0 1.06s
✅ PYTHON black 1 0 2.09s
✅ PYTHON flake8 1 0 0.45s
✅ PYTHON isort 1 0 0.39s
✅ PYTHON mypy 1 0 7.92s
✅ PYTHON ruff 1 0 0.11s
✅ REPOSITORY checkov yes no 22.18s
✅ REPOSITORY gitleaks yes no 0.8s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY grype yes no 14.18s
✅ REPOSITORY kics yes no 6.29s
✅ REPOSITORY secretlint yes no 1.1s
✅ REPOSITORY syft yes no 2.24s
✅ REPOSITORY trivy yes no 7.81s
✅ REPOSITORY trivy-sbom yes no 1.4s
✅ REPOSITORY trufflehog yes no 2.92s
✅ XML xmllint 1 0 0.01s
✅ YAML prettier 17 0 0.89s
✅ YAML yamllint 17 0 0.62s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@github-actions GitHub Actions
Copy link

Code Coverage Report

Overall Project 30.18%

There is no coverage information present for the Files changed

@renovate renovate bot force-pushed the renovate/github-actions branch from 552de7e to 01c2f46 Compare October 28, 2024 17:54
@chgl chgl merged commit 3d6bcf6 into master Oct 28, 2024
9 checks passed
@chgl chgl deleted the renovate/github-actions branch October 28, 2024 17:55
@github-actions GitHub Actions
Copy link

Trivy image scan report

ghcr.io/miracum/fhir-gateway:pr-176 (debian 12.7)

No Vulnerabilities found

No Misconfigurations found

Java

4 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 1 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-45294 HIGH 6.1.2.2 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-45294 HIGH 6.1.2.2 6.3.23
commons-io:commons-io CVE-2024-47554 HIGH 2.11.0 2.14.0
org.springframework:spring-context CVE-2024-38820 MEDIUM 6.1.13 6.1.14, 6.0.25, 5.3.41

No Misconfigurations found

miracum-bot pushed a commit that referenced this pull request Oct 28, 2024
@semantic-release-bot
chore(release): 3.14.0 [skip ci]
d16d60f 
## [3.14.0](v3.13.2...v3.14.0) (2024-10-28)

### Features

* added option to crypto-hash Kafka message keys ([#173](#173)) ([424d7c2](424d7c2))

### Bug Fixes

* **deps:** update dependency net.logstash.logback:logstash-logback-encoder to v8 ([#172](#172)) ([2529633](2529633))

### Miscellaneous Chores

* added errorprone and addressed complaints ([#175](#175)) ([03e5ed5](03e5ed5))
* **deps:** update docker.io/library/postgres docker tag to v17 ([#171](#171)) ([b701416](b701416))
* **deps:** update gcr.io/distroless/java21-debian12:nonroot docker digest to 1316de1 ([#166](#166)) ([085e67b](085e67b))
* **deps:** update github-actions ([#169](#169)) ([419f3e7](419f3e7))
* **deps:** update github-actions ([#176](#176)) ([3d6bcf6](3d6bcf6))
@miracum-bot
Copy link

🎉 This PR is included in version 3.14.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chgl chgl chgl approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miracum-bot @chgl