Bump the actions group across 1 directory with 12 updates

[dependabot]

Bumps the actions group with 12 updates in the / directory:

Package	From	To
helm/chart-testing-action	2.6.1	2.7.0
helm/chart-releaser-action	1.6.0	1.7.0
actions/setup-go	5.1.0	5.2.0
docker/setup-qemu-action	3.2.0	3.3.0
docker/setup-buildx-action	3.7.1	3.8.0
actions/upload-artifact	4.4.3	4.6.0
actions/dependency-review-action	4.3.5	4.5.0
golangci/golangci-lint-action	6.1.1	6.2.0
goreleaser/goreleaser-action	6.0.0	6.1.0
rajatjindal/krew-release-bot	0.0.46	0.0.47
github/codeql-action	3.27.0	3.28.1
aquasecurity/trivy-action	0.28.0	0.29.0

Updates helm/chart-testing-action from 2.6.1 to 2.7.0

Release notes

Sourced from helm/chart-testing-action's releases.

v2.7.0

For ct change see https://github.com/helm/chart-testing/releases/tag/v3.12.0

What's Changed

• docs: update all version references to latest versions by @​froblesmartin in helm/chart-testing-action#141
• update ct to v3.11.0 / yamlint to 1.33.0 / yamale to 4.0.4 / add e2e test by @​cpanato in helm/chart-testing-action#144
• use ct 3.12.0 as default by @​cpanato in helm/chart-testing-action#165
• clean up and fix cr action next release by @​cpanato in helm/chart-testing-action#166

New Contributors

• @​froblesmartin made their first contribution in helm/chart-testing-action#141

Full Changelog: helm/chart-testing-action@v2.6.1...v2.7.0

Commits

• 0d28d31 clean up and fix cr action next release (#166)
• ef3072d use ct 3.12.0 as default (#165)
• 66b7521 Bump the actions group across 1 directory with 3 updates (#164)
• 5aa1c68 Bump actions/setup-python from 5.1.0 to 5.1.1 in the actions group (#154)
• 9c98eaa Bump actions/checkout in the actions group across 1 directory (#152)
• 4f62db1 Bump actions/checkout from 4.1.4 to 4.1.5 in the actions group (#147)
• 16c6be3 update ct to v3.11.0 / yamlint to 1.33.0 / yamale to 4.0.4 / add e2e test (#144)
• af96d80 docs: update all version references to latest versions (#141)
• dbd7bf1 Bump sigstore/cosign-installer from 3.3.0 to 3.5.0 in the actions group (#143)
• df9dfa7 Bump the actions group with 1 update (#138)
• Additional commits viewable in compare view

Updates helm/chart-releaser-action from 1.6.0 to 1.7.0

Release notes

Sourced from helm/chart-releaser-action's releases.

v1.7.0

For cr changes see https://github.com/helm/chart-releaser/releases/tag/v1.7.0

What's Changed

• Add --skip-upload input with latest helm/chart-releaser-action by @​acuD1 in helm/chart-releaser-action#143
• Update checkout action to v4 tag in README.md by @​maarten-blokker in helm/chart-releaser-action#187
• Fix indention by @​3schwartz in helm/chart-releaser-action#203
• update cr to v1.7.0 by @​cpanato in helm/chart-releaser-action#220

New Contributors

• @​acuD1 made their first contribution in helm/chart-releaser-action#143
• @​maarten-blokker made their first contribution in helm/chart-releaser-action#187
• @​3schwartz made their first contribution in helm/chart-releaser-action#203

Full Changelog: helm/chart-releaser-action@v1...v1.7.0

Commits

• cae68fe update cr to v1.7.0 (#220)
• d1e09fd Fix indention (#203)
• 653ba94 Bump actions/checkout in the actions group across 1 directory (#201)
• 45af99f Bump actions/checkout from 4.1.4 to 4.1.5 in the actions group (#192)
• 95930dc Update checkout action to v4 tag in README.md (#187)
• 0eba7f5 Bump actions/checkout from 4.1.3 to 4.1.4 in the actions group (#190)
• 09492f4 Bump actions/checkout from 4.1.2 to 4.1.3 in the actions group (#189)
• 13fe82a Bump the actions group with 1 update (#182)
• 6203d70 Add --skip-upload input with latest helm/chart-releaser-action (#143)
• See full diff in compare view

Updates actions/setup-go from 5.1.0 to 5.2.0

Release notes

Sourced from actions/setup-go's releases.

v5.2.0

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-go#496

New Contributors

• @​Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

Commits

• 3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
• See full diff in compare view

Updates docker/setup-qemu-action from 3.2.0 to 3.3.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.3.0

• Add cache-image input to enable/disable caching of binfmt image by @​crazy-max in docker/setup-qemu-action#130
• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172
• Bump @​docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

Commits

• 53851d1 Merge pull request #187 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 7066b90 chore: update generated content
• 7559081 build(deps): bump @​docker/actions-toolkit from 0.35.0 to 0.49.0
• 08d11eb Merge pull request #172 from docker/dependabot/npm_and_yarn/actions/core-1.11.1
• e53506f chore: update generated content
• 610b442 build(deps): bump @​actions/core from 1.10.1 to 1.11.1
• 58a19f8 Merge pull request #182 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
• 49a12c4 Merge pull request #180 from docker/dependabot/github_actions/codecov/codecov...
• 2b8ac83 ci: fix deprecated input for codecov-action
• fdbeaac Merge pull request #130 from crazy-max/cache-image
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.7.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

• Make cloud prefix optional to download buildx if driver is cloud by @​crazy-max in docker/setup-buildx-action#390
• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370
• Bump @​docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

Commits

• 6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
• 8d5e074 chore: update generated content
• 7199e57 make cloud prefix optional to download buildx if driver is cloud
• db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
• 043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 686da90 chore: update generated content
• a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
• 4dcdbce build(deps): bump @​docker/actions-toolkit from 0.39.0 to 0.48.0
• 1a8ac74 ci: fix deprecated input for codecov-action
• e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.3 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578
• @​bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits

• 65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
• 0207619 move files back to satisfy licensed ci
• 1ecca81 licensed cache updates
• 9742269 Expose env vars to controll concurrency and timeout
• 6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
• c40c16d add new artifact-digest output
• 735efb4 bump @​actions/artifact from 2.1.11 to 2.2.0
• 184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
• b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
• See full diff in compare view

Updates actions/dependency-review-action from 4.3.5 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in actions/dependency-review-action#844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in actions/dependency-review-action#847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in actions/dependency-review-action#849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in actions/dependency-review-action#850
• fix: add summary comment on failure when warn-only: true by @​ebickle in actions/dependency-review-action#827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

• @​ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

Commits

• 3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
• d6807b6 updating generated code
• c89b41f addressing lint issues
• eee97d8 incrementing project version
• 9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
• 9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
• 2fc8e23 Using cross-spawn safe version
• fb86db2 fix: resolve race conditions in async core.group calls
• 0a198ab fix: replace integer failureCount with boolean
• fc499fc Merge branch 'main' into fix/comment-warn-only
• Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.1.1 to 6.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.2.0

What's Changed

Changes

• chore: use new build tag syntax by @​alexandear in golangci/golangci-lint-action#1133
• feat: support linux arm64 public preview by @​ldez in golangci/golangci-lint-action#1144

Documentation

• docs: update local development instructions by @​dmitris in golangci/golangci-lint-action#1125

Dependencies

• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1112
• build(deps): bump the dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1113
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1114
• build(deps): bump @​types/node from 22.7.4 to 22.7.5 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1115
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1117
• build(deps): bump @​types/node from 22.7.5 to 22.7.7 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1118
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1119
• build(deps): bump @​types/node from 22.7.7 to 22.8.1 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1120
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1122
• build(deps): bump the dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1123
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1126
• build(deps): bump @​types/node from 22.8.7 to 22.9.0 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1127
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1128
• build(deps): bump @​types/node from 22.9.0 to 22.9.3 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1130
• build(deps): bump @​types/node from 22.9.3 to 22.10.1 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1131
• build(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates by @​dependabot in golangci/golangci-lint-action#1132
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1134
• build(deps): bump @​actions/cache from 3.3.0 to 4.0.0 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1135
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1136
• build(deps): bump @​types/node from 22.10.1 to 22.10.2 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1137
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1138
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1139
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1141
• build(deps): bump @​types/node from 22.10.2 to 22.10.5 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1142
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1143

New Contributors

• @​dmitris made their first contribution in golangci/golangci-lint-action#1125
• @​alexandear made their first contribution in golangci/golangci-lint-action#1133

Full Changelog: golangci/golangci-lint-action@v6.1.1...v6.2.0

Commits

• ec5d184 feat: support linux arm64 public preview (#1144)
• a0297a1 build(deps-dev): bump the dev-dependencies group with 3 updates (#1143)
• 58eda26 build(deps): bump @​types/node from 22.10.2 to 22.10.5 in the dependencies gro...
• 44c2434 build(deps-dev): bump the dev-dependencies group with 2 updates (#1141)
• 2f13b80 build(deps-dev): bump the dev-dependencies group with 2 updates (#1139)
• 1ac3686 build(deps-dev): bump the dev-dependencies group with 2 updates (#1138)
• 9937fdf build(deps): bump @​types/node from 22.10.1 to 22.10.2 in the dependencies gro...
• cb60b26 build(deps-dev): bump the dev-dependencies group with 2 updates (#1136)
• 774c35b build(deps): bump @​actions/cache from 3.3.0 to 4.0.0 in the dependencies grou...
• 7ce5487 build(deps-dev): bump the dev-dependencies group with 3 updates (#1134)
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.0.0 to 6.1.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.1.0

What's Changed

• chore(deps): bump braces from 3.0.2 to 3.0.3 by @​dependabot in goreleaser/goreleaser-action#467
• chore(deps): bump docker/bake-action from 4 to 5 by @​dependabot in goreleaser/goreleaser-action#468
• chore(deps): bump semver from 7.6.2 to 7.6.3 by @​dependabot in goreleaser/goreleaser-action#470
• chore(deps): bump @​actions/http-client from 2.2.1 to 2.2.2 by @​dependabot in goreleaser/goreleaser-action#473
• chore(deps): bump @​actions/http-client from 2.2.2 to 2.2.3 by @​dependabot in goreleaser/goreleaser-action#474
• chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @​dependabot in goreleaser/goreleaser-action#475
• chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in goreleaser/goreleaser-action#478
• docs: bump upload-artifact version by @​dunglas in goreleaser/goreleaser-action#479
• chore: update generated content by @​crazy-max in goreleaser/goreleaser-action#480

New Contributors

• @​dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

Commits

• 9ed2f89 chore: update generated content (#480)
• cf63508 docs: bump upload-artifact version (#479)
• f7623f3 chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#478)
• 006a7a4 chore: update
• e4066e6 chore(deps): bump micromatch from 4.0.5 to 4.0.8 (#475)
• 22f558e chore(deps): bump @​actions/http-client from 2.2.2 to 2.2.3 (#474)
• 6e33108 chore(deps): bump @​actions/http-client from 2.2.1 to 2.2.2 (#473)
• 7ca6450 chore(deps): bump semver from 7.6.2 to 7.6.3 (#470)
• d33b6f6 chore(deps): bump docker/bake-action from 4 to 5 (#468)
• 85d0b9d chore(deps): bump braces from 3.0.2 to 3.0.3 (#467)
• See full diff in compare view

Updates rajatjindal/krew-release-bot from 0.0.46 to 0.0.47

Release notes

Sourced from rajatjindal/krew-release-bot's releases.

Release v0.0.47

What's Changed

• fix: wrap the go version in single quotation by @​sonbui00 in rajatjindal/krew-release-bot#73
• fix(action): allow main ref when krew release bot action is triggered by @​rajatjindal in rajatjindal/krew-release-bot#80

New Contributors

• @​sonbui00 made their first contribution in rajatjindal/krew-release-bot#73

Full Changelog: rajatjindal/krew-release-bot@v0.0.46...v0.0.47

Commits

• 3d9faef fix(action): allow main ref when krew release bot action is triggered (#80)
• ad6e92e fix: wrap the go version in single quotation (#73)
• See full diff in compare view

Updates github/codeql-action from 3.27.0 to 3.28.1

Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
• Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #2655
• Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
• Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #2655
• Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

• Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

• Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

• Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits

• b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
• bb999b4 Update changelog for v3.28.1
• ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
• 4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
• a05a7eb Fix PR number in changenote
• 8d2753b Add public changelog blog post link
• e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
• b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
• 1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
• fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.28.0 to 0.29.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.29.0

What's Changed

• feat: Allow skipping setup by @​rvesse in aquasecurity/trivy-action#414
• Fix oras command not found in "Update Trivy Cache" action by @​Tiryoh in aquasecurity/trivy-action#413
• Update README.md by @​simar7 in aquasecurity/trivy-action#420
• feat: add token for setup-trivy by @​DmitriyLewen in aquasecurity/trivy-action#421
• fix: bump setup-trivy and add new contrib directory path info by @​DmitriyLewen in aquasecurity/trivy-action#424
• docs: remove ignore-unfixed from IaC scan example by @​nikpivkin in aquasecurity/trivy-action#429
• chore(deps): Bump trivy to v0.57.1 by @​simar7 in aquasecurity/trivy-action#434

New Contributors

• @​rvesse made their first contribution in aquasecurity/trivy-action#414
• @​Tiryoh made their first contribution in aquasecurity/trivy-action#413

Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0

Commits

• 18f2510 chore(deps): Bump trivy to v0.57.1 (#434)
• 93941ce docs: remove ignore-unfixed from IaC scan example (#429)
• d2a392a fix: bump setup-trivy and add new contrib directory path info (#424)
• ee89346 feat: add token for setup-trivy (#421)
• cf990b1 Update README.md (#420)
• bff40be docs: Fix oras command not found (#413)
• fc1500a feat: Allow skipping setup (#414)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• `@dependabot show ignore conditi...

Description has been truncated

[dependabot]

The following labels could not be found: area/dependency, release-note-none, ok-to-test.