-
Notifications
You must be signed in to change notification settings - Fork 0
⬆️ gha: Bump the github-actions group across 1 directory with 8 updates #14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
⬆️ gha: Bump the github-actions group across 1 directory with 8 updates #14
Conversation
Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.0` | `2.12.1` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.6.0` | `4.7.1` | | [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) | `5.3.0` | `5.3.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.2` | `2.3.2` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.16` | `3.29.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.4.0` | `5.5.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.1.0` | `4.2.1` | Updates `step-security/harden-runner` from 2.12.0 to 2.12.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@0634a26...002fdce) Updates `actions/dependency-review-action` from 4.6.0 to 4.7.1 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@ce3cf95...da24556) Updates `mikepenz/release-changelog-builder-action` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/mikepenz/release-changelog-builder-action/releases) - [Commits](mikepenz/release-changelog-builder-action@e92187b...5fb6e51) Updates `softprops/action-gh-release` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@da05d55...72f2c25) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@f49aabe...05b42c6) Updates `github/codeql-action` from 3.28.16 to 3.29.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...ce28f5b) Updates `actions/setup-go` from 5.4.0 to 5.5.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0aaccfd...d35c59a) Updates `aws-actions/configure-aws-credentials` from 4.1.0 to 4.2.1 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@ececac1...b475783) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 4.7.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: mikepenz/release-changelog-builder-action dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 3.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 4.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Join our Discord community for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
💰 Infracost reportMonthly estimate generatedEstimate details (includes details of unsupported resources)
|
Bumps the github-actions group with 8 updates in the / directory:
2.12.0
2.12.1
4.6.0
4.7.1
5.3.0
5.3.1
2.2.2
2.3.2
2.4.1
2.4.2
3.28.16
3.29.0
5.4.0
5.5.0
4.1.0
4.2.1
Updates
step-security/harden-runner
from 2.12.0 to 2.12.1Release notes
Sourced from step-security/harden-runner's releases.
Commits
002fdce
Merge pull request #544 from step-security/rc-212489e3f
Merge branch 'main' into rc-2175dd441
Merge pull request #555 from step-security/dependabot/github_actions/step-sec...4381ace
Bump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0a9da90b
Merge pull request #553 from h0x0er/feat/container-workflowsa60ef21
update4ad512f
Merge branch 'rc-21' into feat/container-workflows6b41a39
fixed test casefa70c45
update agenteb47845
self-hosted: refactored block-policy apply logicUpdates
actions/dependency-review-action
from 4.6.0 to 4.7.1Release notes
Sourced from actions/dependency-review-action's releases.
Commits
da24556
Merge pull request #933 from actions/dangoor/471-release9af0caf
Bump version number for 4.7.1d8f2df2
Merge pull request #932 from actions/907-disallow-expression6e9307a
Discard allow list entries that are not SPDX IDs8805179
Merge pull request #930 from actions/889-allow-no-license014300b
Update build34486f3
Check namespaces when excluding license checks9b155d6
Update buildf199659
Allowing dependencies works with no licenses38ecb5b
Merge pull request #929 from actions/dangoor/4.7-releaseUpdates
mikepenz/release-changelog-builder-action
from 5.3.0 to 5.3.1Release notes
Sourced from mikepenz/release-changelog-builder-action's releases.
Commits
5fb6e51
Merge pull request #1455 from mikepenz/develop9d52499
Merge pull request #1454 from mikepenz/feature/upgrade_dependenciesb55ec16
- recompile6d4d8e2
- upgrade dependencies to their latest versione7741f7
Merge pull request #1453 from mikepenz/fix/1452a46e860
- fix README for giteaUpdates
softprops/action-gh-release
from 2.2.2 to 2.3.2Release notes
Sourced from softprops/action-gh-release's releases.
Changelog
Sourced from softprops/action-gh-release's changelog.
... (truncated)
Commits
72f2c25
release 2.3.2552dc55
fix: revertfs:readableWebStream
change (#632)f3cad8b
release 2.3.107a2257
fix: fix file closing issue (#629)d5382d3
release 2.3.0a0e2122
feat: migrate from jest to vitest (#626)8836085
chore: replacemime
withmime-types
(#624)8646335
chore: bump node to 20.19.246b2847
chore(deps): bump the npm group across 1 directory with 5 updates (#623)37fd9d0
chore(deps): bump undici from 5.28.5 to 5.29.0 (#621)Updates
ossf/scorecard-action
from 2.4.1 to 2.4.2Release notes
Sourced from ossf/scorecard-action's releases.
Commits
05b42c6
🌱 bump docker to ghcr v2.4.2 (#1548)b225da6
Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (#1550)9399f6f
🌱 Bump the docker-images group across 1 directory with 2 updates (#1...e1daa8c
🌱 Bump the github-actions group across 1 directory with 5 updates (#...9fe6511
🌱 Bump golang.org/x/net from 0.39.0 to 0.40.0 (#1542)25b9cd9
🌱 Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (#1547)18cc9b8
🌱 Bump golang.org/x/net from 0.38.0 to 0.39.0 (#1536)db78142
🌱 Bump the github-actions group with 2 updates (#1538)de386ed
🌱 Bump golang from 1.24.1 to 1.24.2 in the docker-images group (#1534)5b7cedb
🌱 Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (#1537)Updates
github/codeql-action
from 3.28.16 to 3.29.0Release notes
Sourced from github/codeql-action's releases.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
ce28f5b
Merge pull request #2926 from github/update-v3.29.0-e8799281cbc251b7
Update changelog for v3.29.0e879928
Merge pull request #2925 from github/update-bundle/codeql-bundle-v2.22.0efd43b3
Merge branch 'main' into update-bundle/codeql-bundle-v2.22.07cb9b16
Merge pull request #2912 from github/henrymercer/bump-minimum-codeql-2.16.63855117
Add changelog notef5d4e2a
Update default bundle to codeql-bundle-v2.22.022deae8
Update package-lock.jsondf2a830
Merge branch 'main' into henrymercer/bump-minimum-codeql-2.16.6b1e4dc3
Merge pull request #2916 from github/dependabot/npm_and_yarn/npm-5cdccdc43fUpdates
actions/setup-go
from 5.4.0 to 5.5.0Release notes
Sourced from actions/setup-go's releases.
Commits
d35c59a
chore: update discussions url (#527)29694d7
Add manifest validation and improve error handling (#586)78535dd
Bump eslint-plugin-jest from 27.9.0 to 28.11.0 (#537)bb65d88
Bump ts-jest from 29.1.2 to 29.3.2 (#582)7f17e83
Bump@actions/glob
from 0.4.0 to 0.5.0 (#573)dca8468
Update self-hosted environment validation and bump undici version (#556)691cc35
upgrade actions/cache to 4.0.3 (#574)Updates
aws-actions/configure-aws-credentials
from 4.1.0 to 4.2.1Release notes
Sourced from aws-actions/configure-aws-credentials's releases.
Changelog
Sourced from aws-actions/configure-aws-credentials's changelog.
... (truncated)
Commits
b475783
chore(main): release 4.2.1 (#1356)e56e6c4
Merge pull request #1355 from hozzer/mainc0573b2
update distdf9c8fe
fix: prioritize explicit inputs over environment variablese7aeb52
chore: Update dist5188626
chore(deps): bump@aws-sdk/client-sts
from 3.803.0 to 3.808.0 (#1353)a7d7b78
chore: Update diste10de4c
chore(deps-dev): bump@aws-sdk/credential-provider-env
(#1352)85f7c4c
chore(deps-dev): bump@types/node
from 22.15.11 to 22.15.17 (#1351)f24d719
Merge pull request #1331 from aws-actions/release-please--branches--main--com...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions