Skip to content

ci(deps): bump the all group across 1 directory with 7 updates #7505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 8, 2025
Merged

ci(deps): bump the all group across 1 directory with 7 updates #7505

merged 2 commits into from
Jul 8, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 24, 2025
edited
Loading

Bumps the all group with 7 updates in the / directory:

Package From To
docker/setup-buildx-action 3.10.0 3.11.1
docker/build-push-action 6.16.0 6.18.0
securego/gosec 2.22.4 2.22.5
checkmarx/kics-github-action 2.1.7 2.1.10
svenstaro/upload-release-action 2.9.0 2.10.0
aquasecurity/trivy-action 0.30.0 0.31.0
anchore/scan-action 6.2.0 6.3.0

Updates docker/setup-buildx-action from 3.10.0 to 3.11.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.11.1

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

Commits
  • e468171 Merge pull request #429 from crazy-max/fix-keep-state
  • a3e7502 chore: update generated content
  • b145473 fix keep-state not being respected
  • 18ce135 Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 0e198e9 chore: update generated content
  • 05f3f3a build(deps): bump @​docker/actions-toolkit from 0.61.0 to 0.62.1
  • 6229134 Merge pull request #427 from crazy-max/keep-state
  • c6f6a07 chore: update generated content
  • 6c5e29d skip builder creation if one already exists with the same name
  • 548b297 ci: keep-state check
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6.16.0 to 6.18.0

Release notes

Sourced from docker/build-push-action's releases.

v6.18.0

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

Commits
  • 2634353 Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • c0432d2 chore: update generated content
  • 0bb1f27 set builder driver and endpoint attributes for dbc summary support
  • 5f9dbf9 chore(deps): Bump @​docker/actions-toolkit from 0.61.0 to 0.62.1
  • 0788c44 Merge pull request #1375 from crazy-max/remove-gcr
  • aa179ca e2e: remove GCR
  • 1dc7386 Merge pull request #1364 from crazy-max/history-export-cmd
  • 9c9803f chore: update generated content
  • db1f6c4 DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export
  • 721e8c7 Bump @​docker/actions-toolkit from 0.59.0 to 0.61.0
  • See full diff in compare view

Updates securego/gosec from 2.22.4 to 2.22.5

Release notes

Sourced from securego/gosec's releases.

v2.22.5

Changelog

  • d2d3ae66bd8d340b78b5142b6fe610691783c2fe Switch back go.mod to minimum 1.23.0
  • 1e7ed06b152a8a835f64c0c2a0f4ef7b83434ae8 Update dependencies
  • 1bef91a07f24a9853461be9d3f13df7ee0dfc44c Update go version 1.24.4 and 1.23.10 in CI
  • 621702f13a80eed1b8e60d1fa35b128d622832cb chore(deps): update all dependencies
  • 017d1d655c299165954ba3c6d99bdb86319ecb6a G201/G202: add checks for injection into sql.Conn methods
  • 67f63d47819d2766119d7f5df1cc898e6d985516 chore(deps): update module google.golang.org/api to v0.235.0
  • b4eabb1b18f22ef42f267d416701e57e82394e14 chore(deps): update module google.golang.org/api to v0.234.0
  • 52a80ff4bdb2e571227a1cfaab461a430e0d8800 chore(deps): update module google.golang.org/api to v0.233.0
  • e2a95069d97743102fc5988eef8bd1a118c9b79c chore(deps): update module google.golang.org/api to v0.232.0
Commits
  • d2d3ae6 Switch back go.mod to minimum 1.23.0
  • 1e7ed06 Update dependencies
  • 1bef91a Update go version 1.24.4 and 1.23.10 in CI
  • 621702f chore(deps): update all dependencies
  • 017d1d6 G201/G202: add checks for injection into sql.Conn methods
  • 67f63d4 chore(deps): update module google.golang.org/api to v0.235.0
  • b4eabb1 chore(deps): update module google.golang.org/api to v0.234.0
  • 52a80ff chore(deps): update module google.golang.org/api to v0.233.0
  • e2a9506 chore(deps): update module google.golang.org/api to v0.232.0
  • See full diff in compare view

Updates checkmarx/kics-github-action from 2.1.7 to 2.1.10

Release notes

Sourced from checkmarx/kics-github-action's releases.

v2.1.10

What's Changed

New Contributors

Full Changelog: Checkmarx/kics-github-action@v2.1.9...v2.1.10

v2.1.9

What's Changed

Full Changelog: Checkmarx/kics-github-action@v2.1.8...v2.1.9

v2.1.8

What's Changed

Full Changelog: Checkmarx/kics-github-action@v2.1.7...v2.1.8

Commits

Updates svenstaro/upload-release-action from 2.9.0 to 2.10.0

Release notes

Sourced from svenstaro/upload-release-action's releases.

2.10.0

Adds the ability to disable duplicate check, for lower Github API usage - #142 (thanks @​colinsullivan)

2.9.1

Fixed development + CI, updated dependencies - #137

Changelog

Sourced from svenstaro/upload-release-action's changelog.

Changelog

[2.10.0] - 2025-06-21

  • Adds the ability to disable duplicate check, for lower Github API usage - #142 (thanks @​colinsullivan)

[2.9.1] - 2025-06-21

  • Fixed development + CI, updated dependencies #137

[2.9.0] - 2024-02-22

[2.8.0] - 2024-02-21

  • Bump all deps
  • Update to node 20

[2.7.0] - 2023-07-28

[2.6.1] - 2023-05-31

[2.6.0] - 2023-05-23

  • Add make_latest input parameter. Can be set to false to prevent the created release from being marked as the latest release for the repository #100 (thanks @​brandonkelly)
  • Don't try to upload empty files #102 (thanks @​Loyalsoldier)
  • Bump all deps #105
  • overwrite option also overwrites name and body #106 (thanks @​regevbr)
  • Add promote option to allow prereleases to be promoted #74 (thanks @​regevbr)

[2.5.0] - 2023-02-21

[2.4.1] - 2023-02-01

  • Modernize octokit usage

[2.4.0] - 2023-01-09

  • Update to node 16
  • Bump most dependencies

[2.3.0] - 2022-06-05

  • Now defaults repo_token to ${{ github.token }} and tag to ${{ github.ref }} #69 (thanks @​leighmcculloch)

[2.2.1] - 2020-12-16

  • Added support for the GitHub pagination API for repositories with many releases #36 (thanks @​djpohly)

[2.2.0] - 2020-10-07

  • Add support for ceating a new release in a foreign repository #25 (thanks @​kittaakos)
  • Upgrade all deps

[2.1.1] - 2020-09-25

... (truncated)

Commits
  • ebd922b 2.10.0
  • bddccc1 E2E tests: Add failure scenario testing for uploading the same file twice (#143)
  • d5dd839 Adds the ability to disable duplicate check (#142)
  • 2227fb8 2.9.1
  • 5795980 Code cleanup (#141)
  • b854e89 Add clarification regarding contents permissions
  • 1e49097 readme: bump examples to checkout@v4 (#140)
  • 7f51c7a readme: fix build badge (#139)
  • ed182a6 Separate build and e2e test, since the tests can only run on push and not on ...
  • 7a203f9 Pass "npm run all", locally + in CI (#137)
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.30.0 to 0.31.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.31.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.30.0...0.31.0

Commits

Updates anchore/scan-action from 6.2.0 to 6.3.0

Release notes

Sourced from anchore/scan-action's releases.

v6.3.0

New in scan-action v6.3.0

  • Update Grype to v0.94.0 (#470)
Commits
  • be7a22d chore(deps): update Grype to v0.94.0 (#470)
  • 77f24ed chore: remove npm audit from workflow (#475)
  • 251fd2c chore(deps-dev): bump eslint from 9.25.1 to 9.26.0 (#465)
  • 98d9c29 Fix issue with missing permissions directive in example workflow (#466)
  • 52d195a chore(deps): update Grype to v0.92.0 (#464)
  • 16d8e06 chore(deps-dev): bump lint-staged from 15.5.1 to 16.0.0 (#468)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jun 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner June 24, 2025 02:01
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jun 24, 2025
@github-actions github-actions bot added the docker Docker query label Jun 24, 2025
@dependabot dependabot bot force-pushed the dependabot/github_actions/all-b2ea7790b3 branch from a3dfefe to c4f5540 Compare June 25, 2025 23:51
@cx-artur-ribeiro
Copy link
Contributor

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 26, 2025

Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@cx-artur-ribeiro
Copy link
Contributor

@dependabot recreate

cx-artur-ribeiro
cx-artur-ribeiro previously approved these changes Jun 26, 2025
View reviewed changes
@dependabot dependabot bot force-pushed the dependabot/github_actions/all-b2ea7790b3 branch from c4f5540 to ee5c30d Compare June 26, 2025 22:15
@dependabot dependabot bot force-pushed the dependabot/github_actions/all-b2ea7790b3 branch 2 times, most recently from f416f7a to 3c6ac90 Compare July 1, 2025 23:51
cx-rui-araujo
cx-rui-araujo previously approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@cx-rui-araujo cx-rui-araujo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 7, 2025
edited
Loading

kics-logo

KICS version: v2.1.11

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

@cx-artur-ribeiro
Copy link
Contributor

@dependabot recreate

@cx-artur-ribeiro
Copy link
Contributor

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 8, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@cx-artur-ribeiro cx-artur-ribeiro dismissed stale reviews from cx-rui-araujo and themself via 3ab047b July 8, 2025 15:00
@dependabot
ci(deps): bump the all group across 1 directory with 7 updates
7c2cf9a 
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.16.0` | `6.18.0` |
| [securego/gosec](https://github.com/securego/gosec) | `2.22.4` | `2.22.5` |
| [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.7` | `2.1.10` |
| [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) | `2.9.0` | `2.10.0` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.30.0` | `0.31.0` |
| [anchore/scan-action](https://github.com/anchore/scan-action) | `6.2.0` | `6.3.0` |



Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@b5ca514...e468171)

Updates `docker/build-push-action` from 6.16.0 to 6.18.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@14487ce...2634353)

Updates `securego/gosec` from 2.22.4 to 2.22.5
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@6decf96...d2d3ae6)

Updates `checkmarx/kics-github-action` from 2.1.7 to 2.1.10
- [Release notes](https://github.com/checkmarx/kics-github-action/releases)
- [Commits](Checkmarx/kics-github-action@5373b38...c06a133)

Updates `svenstaro/upload-release-action` from 2.9.0 to 2.10.0
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](svenstaro/upload-release-action@04733e0...ebd922b)

Updates `aquasecurity/trivy-action` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@6c175e9...76071ef)

Updates `anchore/scan-action` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md)
- [Commits](anchore/scan-action@2c901ab...be7a22d)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: docker/build-push-action
  dependency-version: 6.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: securego/gosec
  dependency-version: 2.22.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: checkmarx/kics-github-action
  dependency-version: 2.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: svenstaro/upload-release-action
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: anchore/scan-action
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/all-b2ea7790b3 branch from 3ab047b to 7c2cf9a Compare July 8, 2025 15:06
@cx-artur-ribeiro cx-artur-ribeiro merged commit 2f06bda into master Jul 8, 2025
25 checks passed
@cx-artur-ribeiro cx-artur-ribeiro deleted the dependabot/github_actions/all-b2ea7790b3 branch July 8, 2025 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-rui-araujo cx-rui-araujo cx-rui-araujo approved these changes

@cx-artur-ribeiro cx-artur-ribeiro cx-artur-ribeiro left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file docker Docker query github_actions Pull requests that update Github_actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cx-artur-ribeiro @cx-rui-araujo