ci(deps): bump the all group across 1 directory with 17 updates #7373

dependabot · 2025-03-04T23:39:42Z

Bumps the all group with 17 updates in the / directory:

Package	From	To
actions/checkout	`4.1.1`	`4.2.2`
peter-evans/create-pull-request	`6.1.0`	`7.0.8`
thollander/actions-comment-pull-request	`b07c7f86be67002023e6cb13f57df3f21cdd3411`	`e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa`
actions/upload-artifact	`4.6.0`	`4.6.1`
docker/setup-buildx-action	`3.4.0`	`3.10.0`
actions/cache	`4.2.0`	`4.2.2`
docker/build-push-action	`6.4.1`	`6.15.0`
actions/setup-python	`4`	`5`
golangci/golangci-lint-action	`6.1.0`	`6.5.0`
securego/gosec	`2.20.0`	`2.22.1`
github/codeql-action	`2bbafcdd7fbf96243689e764c2f15d9735164f33`	`80f993039571a6de66594ecaa432875a6942e8e0`
checkmarx/kics-github-action	`2.1.4`	`2.1.5`
docker/setup-qemu-action	`3.1.0`	`3.6.0`
docker/metadata-action	`5.5.1`	`5.7.0`
goreleaser/goreleaser-action	`5.1.0`	`6.2.1`
aquasecurity/trivy-action	`0.24.0`	`0.29.0`
anchore/scan-action	`4.1.0`	`6.1.0`

Updates actions/checkout from 4.1.1 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 6.1.0 to 7.0.8

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.8

What's Changed

build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 by @dependabot in peter-evans/create-pull-request#3751

build(deps-dev): bump eslint-import-resolver-typescript from 3.8.1 to 3.8.3 by @dependabot in peter-evans/create-pull-request#3752

build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 by @dependabot in peter-evans/create-pull-request#3753

build(deps-dev): bump prettier from 3.5.1 to 3.5.2 by @dependabot in peter-evans/create-pull-request#3754

fix: suppress output for some git operations by @peter-evans in peter-evans/create-pull-request#3776

Full Changelog: peter-evans/create-pull-request@v7.0.7...v7.0.8

Create Pull Request v7.0.7

⚙️ Fixes an issue with commit signing where modifications to the same file in multiple commits squash into the first commit.

What's Changed

build(deps): bump @octokit/core from 6.1.2 to 6.1.3 by @dependabot in peter-evans/create-pull-request#3593

build(deps-dev): bump @types/node from 18.19.68 to 18.19.70 by @dependabot in peter-evans/create-pull-request#3594

Update distribution by @actions-bot in peter-evans/create-pull-request#3603

build(deps-dev): bump typescript from 5.7.2 to 5.7.3 by @dependabot in peter-evans/create-pull-request#3610

build(deps): bump octokit dependencies by @peter-evans in peter-evans/create-pull-request#3618

docs: add workflow tip for showing message via workflow command by @ybiquitous in peter-evans/create-pull-request#3626

build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by @dependabot in peter-evans/create-pull-request#3628

build(deps): bump node-fetch-native from 1.6.4 to 1.6.6 by @dependabot in peter-evans/create-pull-request#3627

build(deps-dev): bump undici from 6.21.0 to 6.21.1 by @dependabot in peter-evans/create-pull-request#3630

build(deps-dev): bump @types/node from 18.19.70 to 18.19.71 by @dependabot in peter-evans/create-pull-request#3629

Update distribution by @actions-bot in peter-evans/create-pull-request#3647

build(deps-dev): bump @types/node from 18.19.71 to 18.19.74 by @dependabot in peter-evans/create-pull-request#3657

build(deps-dev): bump @types/node from 18.19.74 to 18.19.75 by @dependabot in peter-evans/create-pull-request#3663

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.3.0 to 13.3.1 by @dependabot in peter-evans/create-pull-request#3670

build(deps-dev): bump prettier from 3.4.2 to 3.5.0 by @dependabot in peter-evans/create-pull-request#3671

Update distribution by @actions-bot in peter-evans/create-pull-request#3680

build(deps): bump @octokit/request-error from 6.1.6 to 6.1.7 by @dependabot in peter-evans/create-pull-request#3685

build(deps): bump @octokit/plugin-paginate-rest from 11.4.0 to 11.4.1 by @dependabot in peter-evans/create-pull-request#3688

build(deps): bump @octokit/endpoint from 10.1.2 to 10.1.3 by @dependabot in peter-evans/create-pull-request#3700

Update distribution by @actions-bot in peter-evans/create-pull-request#3691

build(deps-dev): bump prettier from 3.5.0 to 3.5.1 by @dependabot in peter-evans/create-pull-request#3709

build(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 3.8.1 by @dependabot in peter-evans/create-pull-request#3710

build(deps): bump @octokit/plugin-paginate-rest from 11.4.1 to 11.4.2 by @dependabot in peter-evans/create-pull-request#3713

build(deps-dev): bump @types/node from 18.19.75 to 18.19.76 by @dependabot in peter-evans/create-pull-request#3712

build(deps): bump @octokit/core from 6.1.3 to 6.1.4 by @dependabot in peter-evans/create-pull-request#3711

Update distribution by @actions-bot in peter-evans/create-pull-request#3736

Use showFileAtRefBase64 to read per-commit file contents by @grahamc in peter-evans/create-pull-request#3744

New Contributors

@ybiquitous made their first contribution in peter-evans/create-pull-request#3626

@grahamc made their first contribution in peter-evans/create-pull-request#3744

Full Changelog: peter-evans/create-pull-request@v7.0.6...v7.0.7

Create Pull Request v7.0.6

... (truncated)

Commits

271a8d0 fix: suppress output for some git operations (#3776)
6f7efd1 test: update cpr-example-command
13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754)
63e5829 build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753)
a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752)
b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751)
dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744)
367180c ci: remove testv5 cmd
25575a1 build: update distribution (#3736)
a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711)
Additional commits viewable in compare view

Updates thollander/actions-comment-pull-request from b07c7f86be67002023e6cb13f57df3f21cdd3411 to e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa

Commits

e4a76dd Merge pull request #411 from thollander/docs/fix-filepath
e703e74 Merge pull request #408 from thollander/dependabot/npm_and_yarn/types/node-22...
460ec66 docs: fix filePath in readme
24bffb9 Merge pull request #410 from thollander/chore/release-3.0.1
5fd7012 chore: release 3.0.1
a38b001 Merge pull request #409 from thollander/fix/wrong-var-renaming
a11fbfe fix: some wrong variables renaming
ddf65fc chore(deps-dev): bump @types/node from 22.7.5 to 22.8.6
cb13519 Merge pull request #300 from thollander/dependabot/npm_and_yarn/actions/githu...
38af97b chore(deps): bump @actions/github from 5.1.1 to 6.0.0
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.0 to 4.6.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Commits

4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
See full diff in compare view

Updates docker/setup-buildx-action from 3.4.0 to 3.10.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

v3.6.1

Check for malformed docker context by @crazy-max in docker/setup-buildx-action#347

Full Changelog: docker/setup-buildx-action@v3.6.0...v3.6.1

v3.6.0

Create temp docker context if default one has TLS data loaded before creating a container builder by @crazy-max in docker/setup-buildx-action#341

Full Changelog: docker/setup-buildx-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-buildx-action#340 docker/setup-buildx-action#344 docker/setup-buildx-action#345

Full Changelog: docker/setup-buildx-action@v3.4.0...v3.5.0

Commits

b5ca514 Merge pull request #408 from docker/dependabot/npm_and_yarn/docker/actions-to...
1418a4e chore: update generated content
93acf83 build(deps): bump @docker/actions-toolkit from 0.54.0 to 0.56.0
f7ce87c Merge pull request #404 from docker/dependabot/npm_and_yarn/docker/actions-to...
aa1e2a0 chore: update generated content
673e008 build(deps): bump @docker/actions-toolkit from 0.53.0 to 0.54.0
ba31df4 Merge pull request #402 from docker/dependabot/npm_and_yarn/docker/actions-to...
5475af1 chore: update generated content
acacad9 build(deps): bump @docker/actions-toolkit from 0.48.0 to 0.53.0
6a25f98 Merge pull request #396 from crazy-max/bake-v6
Additional commits viewable in compare view

Updates actions/cache from 4.2.0 to 4.2.2

Release notes

Sourced from actions/cache's releases.

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.2 by @robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

docs: GitHub is spelled incorrectly in caching-strategies.md by @janco-absa in actions/cache#1526

docs: Make the "always save prime numbers" example more clear by @Tobbe in actions/cache#1525

Update force deletion docs due a recent deprecation by @sebbalex in actions/cache#1500

Bump @actions/cache to v4.0.1 by @robherley in actions/cache#1554

New Contributors

@janco-absa made their first contribution in actions/cache#1526

@Tobbe made their first contribution in actions/cache#1525

@sebbalex made their first contribution in actions/cache#1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

4.0.0

Updated minimum runner version support from node 12 -> node 20

... (truncated)

Commits

d4323d4 Merge pull request #1560 from actions/robherley/v4.2.2
da26677 bump @actions/cache to v4.0.2, prep for v4.2.2 release
7921ae2 Merge pull request #1557 from actions/robherley/ia-workflow-released
3937731 Update publish-immutable-actions.yml
0c907a7 Merge pull request #1554 from actions/robherley/v4.2.1
710893c bump @actions/cache to v4.0.1
9fa7e61 Update force deletion docs due a recent deprecation (#1500)
36f1e14 docs: Make the "always save prime numbers" example more clear (#1525)
53aa38c Correct GitHub Spelling in caching-strategies.md (#1526)
See full diff in compare view

Updates docker/build-push-action from 6.4.1 to 6.15.0

Release notes

Sourced from docker/build-push-action's releases.

v6.15.0

Bump @docker/actions-toolkit from 0.55.0 to 0.56.0 in docker/build-push-action#1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

v6.14.0

Bump @docker/actions-toolkit from 0.53.0 to 0.55.0 in docker/build-push-action#1324

Full Changelog: docker/build-push-action@v6.13.0...v6.14.0

v6.13.0

Bump @docker/actions-toolkit from 0.51.0 to 0.53.0 in docker/build-push-action#1308

Full Changelog: docker/build-push-action@v6.12.0...v6.13.0

v6.12.0

Bump @docker/actions-toolkit from 0.49.0 to 0.51.0 in docker/build-push-action#1300

Full Changelog: docker/build-push-action@v6.11.0...v6.12.0

v6.11.0

Handlebar defaultContext support for build-contexts input by @crazy-max in docker/build-push-action#1283

Bump @docker/actions-toolkit from 0.46.0 to 0.49.0 in docker/build-push-action#1281

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

v6.10.0

Add call input to set method for evaluating build by @crazy-max in docker/build-push-action#1265

Bump @actions/core from 1.10.1 to 1.11.1 in docker/build-push-action#1238

Bump @docker/actions-toolkit from 0.39.0 to 0.46.0 in docker/build-push-action#1268

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/build-push-action#1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

v6.9.0

Bump @docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

Bump @docker/actions-toolkit from 0.37.1 to 0.38.0 in docker/build-push-action#1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

v6.7.0

Print info message for build summary support checks by @crazy-max in docker/build-push-action#1211

Full Changelog: docker/build-push-action@v6.6.1...v6.7.0

... (truncated)

Commits

471d1dc Merge pull request #1330 from docker/dependabot/npm_and_yarn/docker/actions-t...
b89ff0a chore: update generated content
1e3ae3a chore(deps): Bump @docker/actions-toolkit from 0.55.0 to 0.56.0
b16f42f Merge pull request #1325 from crazy-max/buildx-edge
dc0fea5 ci: update buildx to edge and buildkit to latest
0adf995 Merge pull request #1324 from docker/dependabot/npm_and_yarn/docker/actions-t...
d88cd28 chore: update generated content
3d09a6b chore(deps): Bump @docker/actions-toolkit from 0.53.0 to 0.55.0
ca877d9 Merge pull request #1308 from docker/dependabot/npm_and_yarn/docker/actions-t...
d2fe919 chore: update generated content
Additional commits viewable in compare view

Updates actions/setup-python from 4 to 5

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
Besides, the release contains such changes as:

Trim python version when reading from file by @FerranPares in actions/setup-python#628

Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724

Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723

Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743

advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729

Examples now use checkout@v4 by @simonw in actions/setup-python#738

Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761

New Contributors

@FerranPares made their first contribution in actions/setup-python#628

@timfel made their first contribution in actions/setup-python#694

@jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: actions/setup-python@v4...v4.8.0

v4.7.1

What's Changed

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-python#702

Add range validation for toml files by @dmitry-shibanov in actions/setup-python#726

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).
      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table> 

... (truncated)

Commits

4237552 Improve Advanced Usage examples (#645)
709bfa5 Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)
ceb20b2 Bump @actions/http-client from 2.2.1 to 2.2.3 (#1020)
0dc2d2c Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1014)
feb9c6e Bump urllib3 from 1.25.9 to 1.26.19 in /tests/data (#895)
d0b4fc4 Bump undici from 5.28.4 to 5.28.5 (#1012)
e3dfaac Configure Dependabot settings (#1008)
b8cf3eb Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1007)
1928ae6 Update README.md (#1009)
3fddbee Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 (#985)
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.1.0 to 6.5.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.5.0

What's Changed

Changes

feat: verify with the JSONSchema by default by @ldez in golangci/golangci-lint-action#1171

Dependencies

build(deps): bump @octokit/request-error from 5.1.0 to 5.1.1 by @dependabot in golangci/golangci-lint-action#1169

build(deps): bump @octokit/endpoint from 9.0.5 to 9.0.6 by @dependabot in golangci/golangci-lint-action#1170

Full Changelog: golangci/golangci-lint-action@v6.4.1...v6.5.0

v6.4.1
Description has been truncated

Bumps the all group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.2.2` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6.1.0` | `7.0.8` | | [thollander/actions-comment-pull-request](https://github.com/thollander/actions-comment-pull-request) | `b07c7f86be67002023e6cb13f57df3f21cdd3411` | `e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.4.0` | `3.10.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.2` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.4.1` | `6.15.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.5.0` | | [securego/gosec](https://github.com/securego/gosec) | `2.20.0` | `2.22.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2bbafcdd7fbf96243689e764c2f15d9735164f33` | `80f993039571a6de66594ecaa432875a6942e8e0` | | [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.4` | `2.1.5` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.1.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.7.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.1.0` | `6.2.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.24.0` | `0.29.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `4.1.0` | `6.1.0` | Updates `actions/checkout` from 4.1.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...11bd719) Updates `peter-evans/create-pull-request` from 6.1.0 to 7.0.8 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@c5a7806...271a8d0) Updates `thollander/actions-comment-pull-request` from b07c7f86be67002023e6cb13f57df3f21cdd3411 to e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa - [Release notes](https://github.com/thollander/actions-comment-pull-request/releases) - [Commits](thollander/actions-comment-pull-request@b07c7f8...e4a76dd) Updates `actions/upload-artifact` from 4.6.0 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@65c4c4a...4cec3d8) Updates `docker/setup-buildx-action` from 3.4.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.4.0...b5ca514) Updates `actions/cache` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...d4323d4) Updates `docker/build-push-action` from 6.4.1 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.4.1...471d1dc) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.5.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...2226d7c) Updates `securego/gosec` from 2.20.0 to 2.22.1 - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@6fbd381...43fee88) Updates `github/codeql-action` from 2bbafcdd7fbf96243689e764c2f15d9735164f33 to 80f993039571a6de66594ecaa432875a6942e8e0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@2bbafcd...80f9930) Updates `checkmarx/kics-github-action` from 2.1.4 to 2.1.5 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@5a6152e...3246fb4) Updates `docker/setup-qemu-action` from 3.1.0 to 3.6.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@5927c83...2910929) Updates `docker/metadata-action` from 5.5.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...902fa8e) Updates `goreleaser/goreleaser-action` from 5.1.0 to 6.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@5742e2a...90a3faa) Updates `aquasecurity/trivy-action` from 0.24.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@6e7b7d1...18f2510) Updates `anchore/scan-action` from 4.1.0 to 6.1.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@d43cc1d...7c05671) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: thollander/actions-comment-pull-request dependency-type: direct:production dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production dependency-group: all - dependency-name: checkmarx/kics-github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-03-06T10:50:18Z

KICS version: v2.1.5

	Category	Results
	CRITICAL	0
	HIGH	0
	MEDIUM	0
	LOW	0
	INFO	0
	TRACE	0
	TOTAL	0

Metric	Values
Files scanned	1
Files parsed	1
Files failed to scan	0
Total executed queries	47
Queries failed to execute	0
Execution time	0

…kmarx#7373) * ci(deps): bump the all group across 1 directory with 17 updates Bumps the all group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.2.2` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6.1.0` | `7.0.8` | | [thollander/actions-comment-pull-request](https://github.com/thollander/actions-comment-pull-request) | `b07c7f86be67002023e6cb13f57df3f21cdd3411` | `e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.4.0` | `3.10.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.2` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.4.1` | `6.15.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.5.0` | | [securego/gosec](https://github.com/securego/gosec) | `2.20.0` | `2.22.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2bbafcdd7fbf96243689e764c2f15d9735164f33` | `80f993039571a6de66594ecaa432875a6942e8e0` | | [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.4` | `2.1.5` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.1.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.7.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.1.0` | `6.2.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.24.0` | `0.29.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `4.1.0` | `6.1.0` | Updates `actions/checkout` from 4.1.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...11bd719) Updates `peter-evans/create-pull-request` from 6.1.0 to 7.0.8 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@c5a7806...271a8d0) Updates `thollander/actions-comment-pull-request` from b07c7f86be67002023e6cb13f57df3f21cdd3411 to e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa - [Release notes](https://github.com/thollander/actions-comment-pull-request/releases) - [Commits](thollander/actions-comment-pull-request@b07c7f8...e4a76dd) Updates `actions/upload-artifact` from 4.6.0 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@65c4c4a...4cec3d8) Updates `docker/setup-buildx-action` from 3.4.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.4.0...b5ca514) Updates `actions/cache` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...d4323d4) Updates `docker/build-push-action` from 6.4.1 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.4.1...471d1dc) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.5.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...2226d7c) Updates `securego/gosec` from 2.20.0 to 2.22.1 - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@6fbd381...43fee88) Updates `github/codeql-action` from 2bbafcdd7fbf96243689e764c2f15d9735164f33 to 80f993039571a6de66594ecaa432875a6942e8e0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@2bbafcd...80f9930) Updates `checkmarx/kics-github-action` from 2.1.4 to 2.1.5 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@5a6152e...3246fb4) Updates `docker/setup-qemu-action` from 3.1.0 to 3.6.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@5927c83...2910929) Updates `docker/metadata-action` from 5.5.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...902fa8e) Updates `goreleaser/goreleaser-action` from 5.1.0 to 6.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@5742e2a...90a3faa) Updates `aquasecurity/trivy-action` from 0.24.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@6e7b7d1...18f2510) Updates `anchore/scan-action` from 4.1.0 to 6.1.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@d43cc1d...7c05671) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: thollander/actions-comment-pull-request dependency-type: direct:production dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production dependency-group: all - dependency-name: checkmarx/kics-github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * revert golangci-lint version from 6.5 to 6.1 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Artur Ribeiro <153724638+ArturRibeiro-CX@users.noreply.github.com> Co-authored-by: ArturRibeiro-CX <artur.ribeiro@checkmarx.com>

dependabot bot requested a review from a team as a code owner March 4, 2025 23:39

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 4, 2025

dependabot bot mentioned this pull request Mar 4, 2025

ci(deps): bump the all group across 1 directory with 17 updates #7371

Closed

github-actions bot added the docker Docker query label Mar 4, 2025

dependabot bot force-pushed the dependabot/github_actions/all-2d83333c1b branch from d268592 to 06e0317 Compare March 5, 2025 23:33

Merge branch 'master' into dependabot/github_actions/all-2d83333c1b

2fbcdde

revert golangci-lint version from 6.5 to 6.1

4ec664f

cx-artur-ribeiro self-assigned this Mar 6, 2025

cx-artur-ribeiro approved these changes Mar 6, 2025

View reviewed changes

cx-rui-araujo approved these changes Mar 6, 2025

View reviewed changes

cx-artur-ribeiro merged commit ff65470 into master Mar 6, 2025
26 checks passed

cx-artur-ribeiro deleted the dependabot/github_actions/all-2d83333c1b branch March 6, 2025 11:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci(deps): bump the all group across 1 directory with 17 updates #7373

ci(deps): bump the all group across 1 directory with 17 updates #7373

Uh oh!

dependabot bot commented on behalf of github Mar 4, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Mar 6, 2025

Uh oh!

Uh oh!

Uh oh!

ci(deps): bump the all group across 1 directory with 17 updates #7373

ci(deps): bump the all group across 1 directory with 17 updates #7373

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

Create Pull Request v7.0.8

What's Changed

Create Pull Request v7.0.7

What's Changed

New Contributors

Create Pull Request v7.0.6

v4.6.1

What's Changed

v3.10.0

v3.9.0

v3.8.0

v3.7.1

v3.7.0

v3.6.1

v3.6.0

v3.5.0

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Releases

4.2.2

4.2.1

4.2.0

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

4.0.0

v6.15.0

v6.14.0

v6.13.0

v6.12.0

v6.11.0

v6.10.0

v6.9.0

v6.8.0

v6.7.0

v5.0.0

What's Changed

v4.8.0

What's Changed

New Contributors

v4.7.1

What's Changed

dependabot bot commented on behalf of github Mar 4, 2025 •

edited

Loading