Bump the actions group across 1 directory with 9 updates #516

dependabot · 2025-02-17T02:34:37Z

Bumps the actions group with 9 updates in the / directory:

Package	From	To
actions/checkout	`4.1.7`	`4.2.2`
docker/setup-buildx-action	`3.6.1`	`3.9.0`
docker/login-action	`3.2.0`	`3.3.0`
actions/upload-artifact	`4.3.6`	`4.6.0`
actions/dependency-review-action	`4.3.4`	`4.5.0`
actions/setup-go	`5.0.2`	`5.3.0`
golangci/golangci-lint-action	`6.1.1`	`6.5.0`
github/codeql-action	`3.26.12`	`3.28.9`
aquasecurity/trivy-action	`0.24.0`	`0.29.0`

Updates actions/checkout from 4.1.7 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.9.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

f7ce87c Merge pull request #404 from docker/dependabot/npm_and_yarn/docker/actions-to...
aa1e2a0 chore: update generated content
673e008 build(deps): bump @docker/actions-toolkit from 0.53.0 to 0.54.0
ba31df4 Merge pull request #402 from docker/dependabot/npm_and_yarn/docker/actions-to...
5475af1 chore: update generated content
acacad9 build(deps): bump @docker/actions-toolkit from 0.48.0 to 0.53.0
6a25f98 Merge pull request #396 from crazy-max/bake-v6
ca1af17 update bake-action to v6
6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
8d5e074 chore: update generated content
Additional commits viewable in compare view

Updates docker/login-action from 3.2.0 to 3.3.0

Release notes

Sourced from docker/login-action's releases.

v3.3.0

Bump @docker/actions-toolkit from 0.24.0 to 0.35.0 in docker/login-action#754

Bump https-proxy-agent from 7.0.4 to 7.0.5 in docker/login-action#741

Bump braces from 3.0.2 to 3.0.3 in docker/login-action#730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

Commits

9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2fa130c chore: update generated content
5e87b2a build(deps): bump https-proxy-agent
e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
9af18aa chore: update generated content
668190a switch to Docker exec
be5150d build(deps): bump @docker/actions-toolkit from 0.24.0 to 0.35.0
e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
793c19c build(deps): bump docker/bake-action from 4 to 5
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.6 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

... (truncated)

Commits

65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in actions/dependency-review-action#844

Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in actions/dependency-review-action#847

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/dependency-review-action#849

Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in actions/dependency-review-action#850

fix: add summary comment on failure when warn-only: true by @ebickle in actions/dependency-review-action#827

Prepare for 4.5.0 release by @Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

@ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

Commits

3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
d6807b6 updating generated code
c89b41f addressing lint issues
eee97d8 incrementing project version
9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
2fc8e23 Using cross-spawn safe version
fb86db2 fix: resolve race conditions in async core.group calls
0a198ab fix: replace integer failureCount with boolean
fc499fc Merge branch 'main' into fix/comment-warn-only
Additional commits viewable in compare view

Updates actions/setup-go from 5.0.2 to 5.3.0

Release notes

Sourced from actions/setup-go's releases.

v5.3.0

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in actions/setup-go#531

Configure Dependabot settings by @HarithaVattikuti in actions/setup-go#530

Document update - permission section by @HarithaVattikuti in actions/setup-go#533

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-go#534

New Contributors

@Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

f111f33 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#534)
3d10edb Add new permission section (#533)
43e1389 Configure Dependabot settings (#530)
f81f022 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531)
3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.1.1 to 6.5.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.5.0

What's Changed

Changes

feat: verify with the JSONSchema by default by @ldez in golangci/golangci-lint-action#1171

Dependencies

build(deps): bump @octokit/request-error from 5.1.0 to 5.1.1 by @dependabot in golangci/golangci-lint-action#1169

build(deps): bump @octokit/endpoint from 9.0.5 to 9.0.6 by @dependabot in golangci/golangci-lint-action#1170

Full Changelog: golangci/golangci-lint-action@v6.4.1...v6.5.0

v6.4.1

What's Changed

Changes

fix: use config arg for verify by @ldez in golangci/golangci-lint-action#1168

Full Changelog: golangci/golangci-lint-action@v6.4.0...v6.4.1

v6.4.0

What's Changed

Changes

chore: extract patch related code by @ldez in golangci/golangci-lint-action#1166

feat: add an option to verify with the JSONSchema by @ldez in golangci/golangci-lint-action#1167

Full Changelog: golangci/golangci-lint-action@v6.3.3...v6.4.0

v6.3.3

What's Changed

Changes

fix: go.mod parsing by @ldez in golangci/golangci-lint-action#1165

Full Changelog: golangci/golangci-lint-action@v6.3.2...v6.3.3

v6.3.2

What's Changed

Changes

fix: path patch by @ldez in golangci/golangci-lint-action#1162

... (truncated)

Commits

2226d7c 6.5.0
8d744d5 feat: verify with the JSONSchema by default (#1171)
0e58f8e build(deps): bump @octokit/endpoint from 9.0.5 to 9.0.6 (#1170)
6a3fb76 build(deps): bump @octokit/request-error from 5.1.0 to 5.1.1 (#1169)
696fa5c chore: clean workflows
80284ed chore: use ubuntu-22.04-arm
818ec4d 6.4.1
1c50240 fix: use config arg for verify (#1168)
0adbc47 6.4.0
f7463c5 feat: add an option to verify with the JSONSchema (#1167)
Additional commits viewable in compare view

Updates github/codeql-action from 3.26.12 to 3.28.9

Release notes

Sourced from github/codeql-action's releases.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

... (truncated)

Commits

9e8d078 Merge pull request #2757 from github/update-v3.28.9-24e1c2d33
43d9be6 Update changelog for v3.28.9
24e1c2d Merge pull request #2753 from github/update-bundle/codeql-bundle-v2.20.4
57a08c0 Add changelog note
52189d2 Update default bundle to codeql-bundle-v2.20.4
08bc0cf Merge pull request #2751 from github/henrymercer/fix-init-post-without-config
cf7c687 Send init-post status report in absence of config
ad42dbd Merge pull request #2750 from github/dependabot/npm_and_yarn/npm-768bd9b555
a8f5935 Merge pull request #2749 from github/dependabot/github_actions/actions-29d379...
9660df3 Update checked-in dependencies
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.24.0 to 0.29.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.29.0

What's Changed

feat: Allow skipping setup by @rvesse in aquasecurity/trivy-action#414

Fix oras command not found in "Update Trivy Cache" action by @Tiryoh in aquasecurity/trivy-action#413

Update README.md by @simar7 in aquasecurity/trivy-action#420

feat: add token for setup-trivy by @DmitriyLewen in aquasecurity/trivy-action#421

fix: bump setup-trivy and add new contrib directory path info by @DmitriyLewen in aquasecurity/trivy-action#424

docs: remove ignore-unfixed from IaC scan example by @nikpivkin in aquasecurity/trivy-action#429

chore(deps): Bump trivy to v0.57.1 by @simar7 in aquasecurity/trivy-action#434

New Contributors

@rvesse made their first contribution in aquasecurity/trivy-action#414

@Tiryoh made their first contribution in aquasecurity/trivy-action#413

Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0

v0.28.0

What's Changed

chore(deps): bump setup-trivy to v0.2.1 by @DmitriyLewen in aquasecurity/trivy-action#411

Full Changelog: aquasecurity/trivy-action@0.27.0...0.28.0

v0.27.0

What's Changed

ci: use setup-trivy to install Trivy by @DmitriyLewen in aquasecurity/trivy-action#406

chore: update description for scanners and format inputs by @nikpivkin in aquasecurity/trivy-action#407

fix: set envs only when passed by @knqyf263 in aquasecurity/trivy-action#405

Full Changelog: aquasecurity/trivy-action@0.26.0...0.27.0

v0.26.0

What's Changed

docs: add usage info about action/cache for trivy databases by @DmitriyLewen in aquasecurity/trivy-action#397

feat: store artifacts in cache by default by @knqyf263 in aquasecurity/trivy-action#399

Full Changelog: aquasecurity/trivy-action@0.25.0...0.26.0

v0.25.0

What's Changed

fix(Makefile): recursive option typo by @chohner in aquasecurity/trivy-action#371

chore: use checks bundle snapshot from trivy-action by @nikpivkin in aquasecurity/trivy-action#388

Upgrade GitHub actions by @obounaim in aquasecurity/trivy-action#374

ci: sync trivy-checks version 1 by @nikpivkin in aquasecurity/trivy-action#398

feat(trivy): Bump to support v0.56.1 by @simar7 in aquasecurity/trivy-action#387

New Contributors

@chohner made their first contribution in aquasecurity/trivy-action#371

... (truncated)

Commits

Description has been truncated

Bumps the actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.2` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `3.9.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.6` | `4.6.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.5.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.3.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.1` | `6.5.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.26.12` | `3.28.9` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.24.0` | `0.29.0` | Updates `actions/checkout` from 4.1.7 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.7...11bd719) Updates `docker/setup-buildx-action` from 3.6.1 to 3.9.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@988b5a0...f7ce87c) Updates `docker/login-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@0d4c9c5...9780b0c) Updates `actions/upload-artifact` from 4.3.6 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.6...65c4c4a) Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@5a2ce3f...3b139cf) Updates `actions/setup-go` from 5.0.2 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...f111f33) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.5.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@971e284...2226d7c) Updates `github/codeql-action` from 3.26.12 to 3.28.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c36620d...9e8d078) Updates `aquasecurity/trivy-action` from 0.24.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@6e7b7d1...18f2510) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-02-17T02:34:38Z

The following labels could not be found: area/dependency, release-note-none, ok-to-test.

dependabot · 2025-02-24T02:25:43Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot mentioned this pull request Feb 17, 2025

Bump the actions group across 1 directory with 9 updates #515

Closed

dependabot bot closed this Feb 24, 2025

dependabot bot deleted the dependabot/github_actions/actions-eb66ca682e branch February 24, 2025 02:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 9 updates #516

Bump the actions group across 1 directory with 9 updates #516

dependabot bot commented on behalf of github Feb 17, 2025 •

edited

Loading

dependabot bot commented on behalf of github Feb 17, 2025

dependabot bot commented on behalf of github Feb 24, 2025

Bump the actions group across 1 directory with 9 updates #516

Bump the actions group across 1 directory with 9 updates #516

Conversation

dependabot bot commented on behalf of github Feb 17, 2025 • edited Loading

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v3.9.0

v3.8.0

v3.7.1

v3.7.0

v3.3.0

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

What's Changed

New Contributors

v4.4.0

Notice: Breaking Changes ⚠️

v4.5.0

What's Changed

New Contributors

v4.4.0

What's Changed

v4.3.5

What's Changed

New Contributors

v5.3.0

What's Changed

New Contributors

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

New Contributors

v6.5.0

What's Changed

Changes

Dependencies

v6.4.1

What's Changed

Changes

v6.4.0

What's Changed

Changes

v6.3.3

What's Changed

Changes

v6.3.2

What's Changed

Changes

v3.28.9

CodeQL Action Changelog

3.28.9 - 07 Feb 2025

v3.28.8

dependabot bot commented on behalf of github Feb 17, 2025 •

edited

Loading