wetransform · stempler · Mar 26, 2024 · Mar 26, 2024
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -2,7 +2,7 @@
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
   extends: [ // default presets see https://docs.renovatebot.com/presets-default/
     "config:recommended",
-    "helpers:pinGitHubActionDigestsToSemver",
+    // "helpers:pinGitHubActionDigestsToSemver",
     "security:openssf-scorecard",
     ":disableDependencyDashboard",
     ":disableRateLimiting",
@@ -15,12 +15,12 @@
     "renovate/{{updateType}}",
   ],
   packageRules: [
-    {
+    /*{
       description: "Ignore frequent renovate updates",
       enabled: false,
       matchPackageNames: ["renovatebot/github-action"],
       matchUpdateTypes: ["patch"],
-    },
+    },*/
     {
       description: "Update renovatebot/github-action minor updates on Sundays",
       matchPackageNames: ["renovatebot/github-action"],
@@ -30,9 +30,9 @@
     {
       description: "Update to action dependencies use fix commits to trigger a release",
       matchFileNames: ["action.yml"],
-      // semanticCommitType: "fix",
+      semanticCommitType: "fix",
       // extends: [":semanticCommitType(fix)"]
-      extends: [":semanticCommitTypeAll(fix)"]
+      // extends: [":semanticCommitTypeAll(fix)"]
     },
   ],
   prBodyTemplate: "{{{table}}}{{{notes}}}{{{changelogs}}}",
@@ -73,5 +73,5 @@ semver-coerced\
 {{/if}}"
     },
   ],
-  separateMinorPatch: false,
+  separateMinorPatch: true,
 }
diff --git a/action.yml b/action.yml
@@ -52,7 +52,7 @@ runs:
 
       # https://github.com/aquasecurity/trivy-action
     - name: Scan Docker image for critical vulnerabilities
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       if: "${{ inputs.junit-test-output != '' || inputs.create-test-report }}"
       with:
         image-ref: '${{ inputs.image-ref }}'
@@ -77,7 +77,7 @@ runs:
           echo "REPORT_FILENAME=$VALID_FILENAME" >> $GITHUB_ENV
 
     - name: Create vulnerability report as HTML
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       with:
         image-ref: '${{ inputs.image-ref }}'
         scan-type: "${{ inputs.image-ref != '' && 'image' || 'fs' }}"
@@ -97,7 +97,7 @@ runs:
       run: |
         cp ${GITHUB_ACTION_PATH}/summary.tpl ./trivy-summary.tpl
     - name: Create summary on vulnerabilities
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       with:
         image-ref: '${{ inputs.image-ref }}'
         scan-type: "${{ inputs.image-ref != '' && 'image' || 'fs' }}"