chore: bump the all group across 1 directory with 12 updates by dependabot[bot] · Pull Request #171 · nilekhc/gatekeeper

dependabot · 2024-06-10T02:18:50Z

Bumps the all group with 12 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.7.0`	`2.8.1`
actions/checkout	`4.1.2`	`4.1.6`
actions/setup-go	`5.0.0`	`5.0.1`
github/codeql-action	`3.24.7`	`3.25.8`
actions/upload-artifact	`3.1.2`	`4.3.3`
actions/dependency-review-action	`4.1.3`	`4.3.3`
peter-evans/create-pull-request	`6.0.2`	`6.0.5`
golang/govulncheck-action	`1.0.2`	`1.0.3`
ossf/scorecard-action	`2.3.1`	`2.3.3`
codecov/codecov-action	`4.1.0`	`4.4.1`
actions/cache	`4.0.1`	`4.0.2`
peaceiris/actions-gh-pages	`3.9.3`	`4.0.0`

Updates step-security/harden-runner from 2.7.0 to 2.8.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.8.1

What's Changed

Bug fix: Update isGitHubHosted implementation by @varunsh-coder in step-security/harden-runner#425 The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.

Full Changelog: step-security/harden-runner@v2...v2.8.1

v2.8.0

What's Changed

Release v2.8.0 by @h0x0er and @varunsh-coder in step-security/harden-runner#416 This release includes:

File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.

Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

What's Changed

Release v2.7.1 by @varunsh-coder, @h0x0er, @ashishkurmi in step-security/harden-runner#397 This release:

Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners

Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project

Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

Commits

17d0e2b Merge pull request #425 from step-security/rc-9
bb112d0 Update isGitHubHosted implementation
f4f3f44 Merge pull request #407 from step-security/dependabot/github_actions/actions/...
7a946b5 Bump actions/dependency-review-action from 3.1.3 to 4.3.2
75a01c2 Merge pull request #417 from step-security/dependabot/github_actions/step-sec...
53413f1 Bump step-security/harden-runner from 2.7.1 to 2.8.0
f086349 Merge pull request #416 from step-security/rc-8
b9c325d Update image
808a771 Add info about file and process events
7171429 Update agent
Additional commits viewable in compare view

Updates actions/checkout from 4.1.2 to 4.1.6

Release notes

Sourced from actions/checkout's releases.

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

What's Changed

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Full Changelog: actions/checkout@v4.1.3...v4.1.4

v4.1.3

What's Changed

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

... (truncated)

Commits

a5ac7e5 Update for 4.1.6 release (#1733)
24ed1a3 Check platform for extension (#1732)
44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@users.norepl...
8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
fd084cd Bump github/codeql-action from 2 to 3 (#1694)
9c1e94e Update NPM dependencies (#1703)
0ad4b8f Prep Release v4.1.4 (#1704)
43045ae Disable extensions.worktreeConfig when disabling sparse-checkout (#1692)
37b0821 Bump the minor-actions-dependencies group with 2 updates (#1693)
Additional commits viewable in compare view

Updates actions/setup-go from 5.0.0 to 5.0.1

Release notes

Sourced from actions/setup-go's releases.

v5.0.1

What's Changed

Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @dependabot , @HarithaVattikuti in actions/setup-go#465

Update documentation with latest V5 release notes by @ab in actions/setup-go#459

Update version documentation by @178inaba in actions/setup-go#458

Documentation update of actions/setup-go to v5 by @chenrui333 in actions/setup-go#449

New Contributors

@ab made their first contribution in actions/setup-go#459

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

Commits

cdcb360 Remove the description of the old go.mod specification (#458)
99176a8 Update README.md with V5 release notes (#459)
be1aa11 Bump undici from 5.28.2 to 5.28.3 (#465)
6c1fd22 docs: bump actions/setup-go to v5 (#449)
See full diff in compare view

Updates github/codeql-action from 3.24.7 to 3.25.8

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.8 - 04 Jun 2024

Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273

Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274

The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

Update default CodeQL bundle version to 2.17.1. #2247

Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235

Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

... (truncated)

Commits

2e230e8 Merge pull request #2323 from github/update-v3.25.8-18b06dd1d
66ad891 Update changelog for v3.25.8
18b06dd Merge pull request #2322 from github/dependabot/npm_and_yarn/npm-10d82c2911
200dd0c Update checked-in dependencies
2bb35ea bump the npm group with 4 updates
9c15e42 Merge pull request #2321 from github/update-bundle/codeql-bundle-v2.17.4
98e7922 Merge branch 'main' into update-bundle/codeql-bundle-v2.17.4
440350b Add changelog note
d4fcc8b Update default bundle to codeql-bundle-v2.17.4
add199b Merge pull request #2320 from github/angelapwen/use-linked-in-tests
Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.2 to 4.3.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.3

What's Changed

updating @actions/artifact dependency to v2.1.6 by @eggyhead in actions/upload-artifact#565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

What's Changed

Update release-new-action-version.yml by @konradpabjan in actions/upload-artifact#516

Minor fix to the migration readme by @andrewakim in actions/upload-artifact#523

Update readme with v3/v2/v1 deprecation notice by @robherley in actions/upload-artifact#561

updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @eggyhead in actions/upload-artifact#562

New Contributors

@andrewakim made their first contribution in actions/upload-artifact#523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

v4.3.1

Bump @actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

Reorganize upload code in prep for merge logic & add more tests by @robherley in actions/upload-artifact#504

Add sub-action to merge artifacts by @robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

Ability to overwrite an Artifact by @robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

Add migrations docs by @robherley in actions/upload-artifact#482

Update README.md by @samuelwine in actions/upload-artifact#492

Support artifact-url output by @konradpabjan in actions/upload-artifact#496

Update readme to reflect new 500 artifact per job limit by @robherley in actions/upload-artifact#497

New Contributors

@samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

... (truncated)

Commits

6546280 updating package version
c004fb4 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
90aba49 updating toolkit artifact dependency to 2.1.6
b06cde3 Merge pull request #563 from actions/eggyhead/release-4.3.2
1746f4a Revert "updating to release 4.3.2"
31685d0 updating to release 4.3.2
18bf333 Merge pull request #562 from actions/eggyhead/update-artifact-v215
dac413b update package lock version
bb3b4a3 updating package version
3e3da83 updating artifact and core dependencies
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.1.3 to 4.3.3

Release notes

Sourced from actions/dependency-review-action's releases.

Notes for v4.3.3

What's Changed

Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765

use the v3 version of the deps.dev API by @josieang in actions/dependency-review-action#741

PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @am-stead in actions/dependency-review-action#773

fix show-openssf-scorecard-levels input by @ramann in actions/dependency-review-action#776

Updates to the contribution guidelines by @jonjanego in actions/dependency-review-action#778

Create issue templates by @jonjanego in actions/dependency-review-action#777

Fix the max comment length issue by @jhutchings1 and @elireisman in actions/dependency-review-action#767

Bump project version to 4.3.3 in prep for a release by @elireisman in actions/dependency-review-action#781

New Contributors

@josieang made their first contribution in actions/dependency-review-action#741

@am-stead made their first contribution in actions/dependency-review-action#773

@ramann made their first contribution in actions/dependency-review-action#776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

What's Changed

Fix package-url parsing for allow-dependencies-licenses by @juxtin in actions/dependency-review-action#761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See actions/dependency-review-action#753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

New Features

The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

Fix action variable name for scorecard by @lukehinds in actions/dependency-review-action#735

Fix extra https:// in summary by @jhutchings1 in actions/dependency-review-action#748

Bump typescript from 5.3.3 to 5.4.5 by @dependabot in actions/dependency-review-action#744

Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in actions/dependency-review-action#737

Show denied packages with red X by @juxtin in actions/dependency-review-action#750

deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in actions/dependency-review-action#733

New Contributors

@bteng22 made their first contribution in actions/dependency-review-action#733

@lukehinds made their first contribution in actions/dependency-review-action#735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

4.2.5

... (truncated)

Commits

72eb03d Merge pull request #781 from actions/release-v4.3.3
137d8b4 bump to version v4.3.3
e6b618e Merge pull request #767 from actions/max-comment-length
3c42649 fix ws for linter
8e6ea8d update packaging
1b3d277 post-review: add PR comment full summary test case
220872c Update src/main.ts
087d0f8 repackage to update dist
4531204 whitespace
df1ca89 appease linter
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 6.0.2 to 6.0.5

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v6.0.5

⚙️ Fixes an issue with proxy support for users that run self-hosted behind a proxy.

What's Changed

fix: update proxy support to follow octokit change to fetch api by @peter-evans in peter-evans/create-pull-request#2867

Full Changelog: peter-evans/create-pull-request@v6.0.4...v6.0.5

Create Pull Request v6.0.4

⚡ Improves performance in some cases for very large git repositories.

What's Changed

perf: limit the fetch depth of pr branch by @peter-evans in peter-evans/create-pull-request#2857

Full Changelog: peter-evans/create-pull-request@v6.0.3...v6.0.4

Create Pull Request v6.0.3

⚡ Improves performance of the push-to-fork feature.

What's Changed

build(deps-dev): bump @types/node from 18.19.23 to 18.19.25 by @dependabot in peter-evans/create-pull-request#2826

build(deps-dev): bump @types/node from 18.19.25 to 18.19.26 by @dependabot in peter-evans/create-pull-request#2831

build(deps-dev): bump @types/node from 18.19.26 to 18.19.28 by @dependabot in peter-evans/create-pull-request#2836

build(deps-dev): bump @types/node from 18.19.28 to 18.19.31 by @dependabot in peter-evans/create-pull-request#2842

fix: drop unnecessary fetch with unshallow on push-to-fork by @peter-evans in peter-evans/create-pull-request#2849

Full Changelog: peter-evans/create-pull-request@v6.0.2...v6.0.3

Commits

6d6857d fix: update proxy support to follow octokit change to fetch api (#2867)
9153d83 perf: limit the fetch depth of pr branch (#2857)
c55203c fix: drop unnecessary fetch with unshallow on push-to-fork (#2849)
6ce4eca build(deps-dev): bump @types/node from 18.19.28 to 18.19.31 (#2842)
36ef0ed build(deps-dev): bump @types/node from 18.19.26 to 18.19.28 (#2836)
8500972 build(deps-dev): bump @types/node from 18.19.25 to 18.19.26 (#2831)
bda5ade build(deps-dev): bump @types/node from 18.19.23 to 18.19.25 (#2826)
See full diff in compare view

Updates golang/govulncheck-action from 1.0.2 to 1.0.3

Release notes

Sourced from golang/govulncheck-action's releases.

v1.0.3

Add inputs for specifying the output format and optional output file. This can be used, for instance, to save govulncheck SARIF output to a file that users can then upload to Github code scanning.

Commits

dd0578b all: provide options to specify action output
See full diff in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.3.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @spencerschrock in ossf/scorecard-action#1366

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @spencerschrock in ossf/scorecard-action#1374

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

📖 Move token discussion out of main README. by @spencerschrock in ossf/scorecard-action#1279

📖 link to ossf/scorecard workflow instead of maintaining an example by @spencerschrock in ossf/scorecard-action#1352

📖 update api links to new scorecard.dev site by @spencerschrock in ossf/scorecard-action#1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

Commits

dc50aa9 🌱 Bump docker tag for v2.3.3 release (#1368)
8ff5700 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
8ba5e73 update api links to new scorecard.dev site (#1376)
92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
6c55905 🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
09bb953 🌱 Bump distroless/base in the docker-images group (#1372)
1511e13 🌱 Bump the github-actions group across 1 directory with 6 updates (#...
df66cd8 🌱 Bump the docker-images group with 2 updates (#1370)
fad9a3c 🌱 Bump distroless/base in the docker-images group (#1364)
1e01a30 🌱 Bump the github-actions group with 3 updates (#1365)
Additional commits viewable in compare view

Updates codecov/codecov-action from 4.1.0 to 4.4.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.4.1

What's Changed

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in codecov/codecov-action#1427

fix: prevent xlarge from running on forks by @thomasrockhu-codecov in codecov/codecov-action#1432

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in codecov/codecov-action#1439

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in codecov/codecov-action#1438

fix: isPullRequestFromFork returns false for any PR by @shahar-h in codecov/codecov-action#1437

chore(release): 4.4.1 by @thomasrockhu-codecov in codecov/codecov-action#1441

New Contributors

@shahar-h made their first contribution in codecov/codecov-action#1437

Full Changelog: codecov/codecov-action@v4.4.0...v4.4.1

What's Changed

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in codecov/codecov-action#1427

fix: prevent xlarge from running on forks by @thomasrockhu-codecov in codecov/codecov-action#1432

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in codecov/codecov-action#1439

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in codecov/codecov-action#1438

fix: isPullRequestFromFork returns false for any PR by @shahar-h in codecov/codecov-action#1437

chore(release): 4.4.1 by @thomasrockhu-codecov in codecov/codecov-action#1441

New Contributors

@shahar-h made their first contribution in codecov/codecov-action#1437

Full Changelog: codecov/codecov-action@v4.4.0...v4.4.1

v4.4.0

What's Changed

chore: Clarify isPullRequestFromFork by @jsoref in codecov/codecov-action#1411

build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in codecov/codecov-action#1423

build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in codecov/codecov-action#1421

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in codecov/codecov-action#1420

feat: remove GPG and run on spawn by @thomasrockhu-codecov in codecov/codecov-action#1426

build(deps-dev): bump @typescript-eslint/parser from 7.8.0 to 7.9.0 by @dependabot in codecov/codecov-action#1428

chore(release): 4.4.0 by @thomasrockhu-codecov in codecov/codecov-action#1430

Full Changelog: codecov/codecov-action@v4.3.1...v4.4.0

v4.3.1

What's Changed

build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by @dependabot in codecov/codecov-action#1370

fix: more verbose log message when failing to import pgp key by @ReenigneArcher in codecov/codecov-action#1371

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.6.0 to 7.7.0 by @dependabot in codecov/codecov-action#1374

build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.7.0 by @dependabot in codecov/codecov-action#1375

build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in codecov/codecov-action#1382

build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in codecov/codecov-action#1381

build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in codecov/codecov-action#1380

build(deps-dev): bump @typescript-eslint/parser from 7.7.0 to 7.7.1 by @dependabot in codecov/codecov-action#1384

... (truncated)

Commits

Bumps the all group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.7.0` | `2.8.1` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.2` | `4.1.6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.0` | `5.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.7` | `3.25.8` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.2` | `4.3.3` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.1.3` | `4.3.3` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6.0.2` | `6.0.5` | | [golang/govulncheck-action](https://github.com/golang/govulncheck-action) | `1.0.2` | `1.0.3` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.1.0` | `4.4.1` | | [actions/cache](https://github.com/actions/cache) | `4.0.1` | `4.0.2` | | [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `3.9.3` | `4.0.0` | Updates `step-security/harden-runner` from 2.7.0 to 2.8.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@63c24ba...17d0e2b) Updates `actions/checkout` from 4.1.2 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...a5ac7e5) Updates `actions/setup-go` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0c52d54...cdcb360) Updates `github/codeql-action` from 3.24.7 to 3.25.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3ab4101...2e230e8) Updates `actions/upload-artifact` from 3.1.2 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3.1.2...6546280) Updates `actions/dependency-review-action` from 4.1.3 to 4.3.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@9129d7d...72eb03d) Updates `peter-evans/create-pull-request` from 6.0.2 to 6.0.5 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@70a41ab...6d6857d) Updates `golang/govulncheck-action` from 1.0.2 to 1.0.3 - [Release notes](https://github.com/golang/govulncheck-action/releases) - [Commits](golang/govulncheck-action@3a32958...dd0578b) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) Updates `codecov/codecov-action` from 4.1.0 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@54bcd87...125fc84) Updates `actions/cache` from 4.0.1 to 4.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@ab5e6d0...0c45773) Updates `peaceiris/actions-gh-pages` from 3.9.3 to 4.0.0 - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](peaceiris/actions-gh-pages@373f7f2...4f9cc66) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang/govulncheck-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-06-17T02:50:19Z

Superseded by #174.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 10, 2024

dependabot bot closed this Jun 17, 2024

dependabot bot deleted the dependabot/github_actions/all-07fe94541c branch June 17, 2024 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the all group across 1 directory with 12 updates#171

chore: bump the all group across 1 directory with 12 updates#171
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/all-07fe94541c

dependabot bot commented on behalf of github Jun 10, 2024 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jun 17, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jun 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.8.1

What's Changed

v2.8.0

What's Changed

v2.7.1

What's Changed

v4.1.6

What's Changed

v4.1.5

What's Changed

v4.1.4

What's Changed

v4.1.3

What's Changed

Changelog

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v5.0.1

What's Changed

New Contributors

CodeQL Action Changelog

[UNRELEASED]

3.25.8 - 04 Jun 2024

3.25.7 - 31 May 2024

3.25.6 - 20 May 2024

3.25.5 - 13 May 2024

3.25.4 - 08 May 2024

3.25.3 - 25 Apr 2024

3.25.2 - 22 Apr 2024

3.25.1 - 17 Apr 2024

3.25.0 - 15 Apr 2024

v4.3.3

What's Changed

v4.3.2

What's Changed

New Contributors

v4.3.1

v4.3.0

What's Changed

v4.2.0

What's Changed

v4.1.0

What's Changed

New Contributors

v4.0.0

Notes for v4.3.3

What's Changed

New Contributors

v4.3.2

What's Changed

v4.3.1

What's Changed

v4.3.0

New Features

What's Changed

New Contributors

4.2.5

Create Pull Request v6.0.5

What's Changed

Create Pull Request v6.0.4

What's Changed

Create Pull Request v6.0.3

What's Changed

v1.0.3

v2.3.3

What's Changed

Documentation

dependabot bot commented on behalf of github Jun 10, 2024 •

edited

Loading