build(deps): Bump the actions group across 1 directory with 12 updates #120

dependabot · 2024-10-25T09:29:07Z

Bumps the actions group with 12 updates in the / directory:

Package	From	To
actions/checkout	`4.1.7`	`4.2.2`
actions/setup-go	`5.0.2`	`5.1.0`
golangci/golangci-lint-action	`6.1.0`	`6.1.1`
reviewdog/action-actionlint	`1.54.0`	`1.57.0`
sigstore/cosign-installer	`3.6.0`	`3.7.0`
theupdateframework/tuf-on-ci	`0.12.0`	`0.13.0`
actions/upload-artifact	`4.3.6`	`4.4.3`
actions/setup-node	`4.0.3`	`4.1.0`
actions/setup-java	`4.2.2`	`4.5.0`
google-github-actions/auth	`2.1.4`	`2.1.6`
anchore/sbom-action	`0.17.1`	`0.17.5`
actions/cache	`4.0.2`	`4.1.2`

Updates actions/checkout from 4.1.7 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates actions/setup-go from 5.0.2 to 5.1.0

Release notes

Sourced from actions/setup-go's releases.

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
49582f6 Add workflow file for publishing releases to immutable action package
b26d402 fix: add arch to cache key (#493)
See full diff in compare view

Updates golangci/golangci-lint-action from 6.1.0 to 6.1.1

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.1.1

What's Changed

Changes

fix: clean go install output by @ldez in golangci/golangci-lint-action#1102

Documentation

docs: update README.md to use golangci-lint v1.60 by @dunglas in golangci/golangci-lint-action#1087

Dependencies

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1082

build(deps): bump @types/node from 22.0.0 to 22.1.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1083

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1084

build(deps): bump @types/node from 22.1.0 to 22.2.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1085

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1088

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1093

build(deps): bump the dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1089

build(deps): bump the dependencies group across 1 directory with 2 updates by @dependabot in golangci/golangci-lint-action#1096

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1097

build(deps): bump @types/node from 22.5.1 to 22.5.2 in the dependencies group by @dependabot in golangci/golangci-lint-action#1098

build(deps): bump @types/node from 22.5.2 to 22.5.4 in the dependencies group by @dependabot in golangci/golangci-lint-action#1100

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1099

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1103

build(deps): bump @types/node from 22.5.4 to 22.5.5 in the dependencies group by @dependabot in golangci/golangci-lint-action#1104

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1105

build(deps): bump @types/node from 22.5.5 to 22.7.4 in the dependencies group by @dependabot in golangci/golangci-lint-action#1109

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1108

New Contributors

@dunglas made their first contribution in golangci/golangci-lint-action#1087

Full Changelog: golangci/golangci-lint-action@v6.1.0...v6.1.1

Commits

971e284 build(deps-dev): bump the dev-dependencies group with 3 updates (#1108)
bbe7eb5 build(deps): bump @types/node from 22.5.5 to 22.7.4 in the dependencies group...
ebae5ce build(deps-dev): bump the dev-dependencies group with 3 updates (#1105)
06c3f3a build(deps): bump @types/node from 22.5.4 to 22.5.5 in the dependencies group...
56689d8 build(deps-dev): bump the dev-dependencies group with 3 updates (#1103)
c7bab6f fix: clean go install output (#1102)
33f56cc build(deps-dev): bump the dev-dependencies group with 3 updates (#1099)
e954224 build(deps): bump @types/node from 22.5.2 to 22.5.4 in the dependencies group...
68de804 build(deps): bump @types/node from 22.5.1 to 22.5.2 in the dependencies group...
22a3756 build(deps-dev): bump the dev-dependencies group with 2 updates (#1097)
Additional commits viewable in compare view

Updates reviewdog/action-actionlint from 1.54.0 to 1.57.0

Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.57.0

v1.57.0: PR #144 - chore(deps): update actionlint to 1.7.3

Release v1.56.0

v1.56.0: PR #141 - chore(deps): update actionlint to 1.7.2

Release v1.55.0

v1.55.0: PR #140 - chore(deps): update reviewdog to 0.20.2

Commits

7eeec1d bump v1.57.0
5382349 Merge branch 'main' into releases/v1
053981c Merge pull request #144 from reviewdog/depup/actionlint
c9fe0dc chore(deps): update actionlint to 1.7.3
15a7a47 bump v1.56.0
a46f3c8 Merge branch 'main' into releases/v1
0d91f4e Merge pull request #141 from reviewdog/depup/actionlint
fa360de chore(deps): update actionlint to 1.7.2
05c9d7b bump v1.55.0
c698e45 Merge branch 'main' into releases/v1
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.6.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

dc72c7d bump for latest cosign v2.4.1 release (#173)
08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
See full diff in compare view

Updates theupdateframework/tuf-on-ci from 0.12.0 to 0.13.0

Release notes

Sourced from theupdateframework/tuf-on-ci's releases.

v0.13.0

Accept usernames without @ in .tuf-on-ci-sign.ini (#415)

Add workaround for Sigstore root-signing migration (#422)

Dependency updates

Changelog

Sourced from theupdateframework/tuf-on-ci's changelog.

Changelog

Unreleased

v0.13.0

Accept usernames without @ in .tuf-on-ci-sign.ini (#415)

Add workaround for Sigstore root-signing migration (#422)

Dependency updates

v0.12.0

In addition to dependency updates, this release contains one new (experimental) repository feature: Online signed targets. Updating to this version does not require any changes to GitHub workflow files.

The Online signed targets feature (#75) currently has some significant limitations and may be changed in the future, see DELEGATION-MANUAL.md for details.

v0.11.0

This release contains bug fixes, stability fixes and dependency updates.

Updating to this version does not require any changes to GitHub workflow files.

Changes

Increased the number of root rotations allowed in the client unsed by the test workflow (#377)

Versioned root metadata file is now created by the signing event (#352)

Fixes

TUF key ids are now updated only when the repository is successfully imported (#358)

Relative links in published TUF repository state are now correct (#354)

v0.10.0

Release includes several new features. It also fixes an issue with TUF keyids, see issue #292 (note that existing keyids are not automatically made compliant: tuf-on-ci-delegate --force-compliant-keyids can be used in a signing event to make that happen).

GitHub workflows require no changes (but you may want to add a .github/TUF_ON_CI_TEMPLATE/failure.md file, see below).

... (truncated)

Commits

27c49c0 Release v0.13 (#425)
1d84d25 repo: Add workaround for sigstore KMS keyid (#423)
317efea signer: Accept username without @ in config file (#416)
91b0eec build(deps): bump google-github-actions/auth (#412)
a100754 repo: Update pinned requirements (#410)
f7b5e73 repo: Update pinned requirements (#403)
15a5f4b build(deps): bump tox in /build in the build-dependencies group (#406)
See full diff in compare view

Updates actions/upload-artifact from 4.3.6 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Exclude hidden files by default by @joshmgross in actions/upload-artifact#598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

Commits

b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
92b01eb Undo indirect dependency updates from #627
8448086 Merge pull request #627 from actions/robherley/v4.4.2
b1d4642 add explicit relative and absolute symlinks to workflow
d50e660 bump version
aabe6f8 build with @actions/artifact v2.1.11
604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
0150148 paste right core version
a009b25 update licenses
9f6f6f4 update @actions/core and @actions/artifact to latest versions
Additional commits viewable in compare view

Updates actions/setup-node from 4.0.3 to 4.1.0

Release notes

Sourced from actions/setup-node's releases.

v4.1.0

What's Changed

Resolve High Security Alerts by upgrading Dependencies by @aparnajyothi-y in actions/setup-node#1132

Upgrade IA Publish by @Jcambass in actions/setup-node#1134

Revise isGhes logic by @jww3 in actions/setup-node#1148

Add architecture to cache key by @pengx17 in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

@jww3 made their first contribution in actions/setup-node#1148

@pengx17 made their first contribution in actions/setup-node#843

Full Changelog: actions/setup-node@v4...v4.1.0

v4.0.4

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-node#1125

Enhance Windows ARM64 Setup and Update micromatch Dependency by @priyagupta108 in actions/setup-node#1126

Documentation changes:

Documentation update in the README file by @suyashgaonkar in actions/setup-node#1106

Correct invalid 'lts' version string reference by @fulldecent in actions/setup-node#1124

New Contributors

@suyashgaonkar made their first contribution in actions/setup-node#1106

@priyagupta108 made their first contribution in actions/setup-node#1126

@Jcambass made their first contribution in actions/setup-node#1125

@fulldecent made their first contribution in actions/setup-node#1124

Full Changelog: actions/setup-node@v4...v4.0.4

Commits

39370e3 fix: add arch to cached path (#843)
abb238b Revise isGhes logic (#1148)
aca7b64 Merge pull request #1134 from actions/Jcambass-patch-1
88de2a3 Resolve High Security Alerts by upgrading Dependencies (#1132)
0a44ba7 Correct version string (#1124)
d6ebc7b Upgrade IA Publish
97ca147 Merge pull request #1125 from actions/add-is-release-workflow
aa363de Create publish-immutable-action.yml
1c7b2db Fix: windows arm64 setup (#1126)
26961cf Documentation update in the README file (#1106)
See full diff in compare view

Updates actions/setup-java from 4.2.2 to 4.5.0

Release notes

Sourced from actions/setup-java's releases.

v4.5.0

What's Changed

Upgrade IA Publish by @Jcambass in #686

Bug fixes:

Improve archive extraction on windows runners without powershell core and Update micromatch dependency by @priyagupta108 in #689

Update workflows for GraalVM and Version Enhancements by @mahabaleshwars in #699

Refine isGhes logic by @jww3 in #697

New Contributors:

@priyagupta108 made their first contribution in actions/setup-java#689

@jww3 made their first contribution in actions/setup-java#697

Full Changelog: actions/setup-java@v4...v4.5.0

v4.4.0

What's Changed

Add-ons :

Add support for Oracle GraalVM by @fniephaus in actions/setup-java#501
steps:
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: 'graalvm'
     java-version: '21'
Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-java#684

Bug fixes :

Add architecture to cache key by @Zxilly in actions/setup-java#664 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Resolve check failures by @aparnajyothi-y in actions/setup-java#687

New Contributors

@Jcambass made their first contribution in actions/setup-java#684

@Zxilly made their first contribution in actions/setup-java#664

Full Changelog: actions/setup-java@v4...v4.4.0

v4.3.0

What's Changed

... (truncated)

Commits

8df1039 Refine isGhes logic (#697)
870c199 Update workflows for GraalVM and Version Enhancements (#699)
83a06ff Fix Windows archives extraction issue (#689)
292cc14 Merge pull request #686 from actions/Jcambass-patch-1
b36c23c check-dist-failure-fix (#687)
40b9536 fix: add arch to cache key (#664)
0a40ce6 Add support for Oracle GraalVM (#501)
68b1d5a Upgrade IA Publish
bcfbca5 Merge pull request #684 from actions/Jcambass-patch-1
78eae79 Add workflow file for publishing releases to immutable action package
Additional commits viewable in compare view

Updates google-github-actions/auth from 2.1.4 to 2.1.6

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.6

What's Changed

Recommend gcloud storage over gsutil by @sethvargo in google-github-actions/auth#438

Add missing log line by @sethvargo in google-github-actions/auth#448

Release: v2.1.6 by @google-github-actions-bot in google-github-actions/auth#449

Full Changelog: google-github-actions/auth@v2.1.5...v2.1.6

v2.1.5

What's Changed

Document ID Token lifetimes by @sethvargo in google-github-actions/auth#433

fix !project_id error message typo by @seth-acuitymd in google-github-actions/auth#435

Update deps by @sethvargo in google-github-actions/auth#436

Release: v2.1.5 by @google-github-actions-bot in google-github-actions/auth#437

New Contributors

@seth-acuitymd made their first contribution in google-github-actions/auth#435

Full Changelog: google-github-actions/auth@v2.1.4...v2.1.5

Commits

8254fb7 Release: v2.1.6 (#449)
d1b27fe Add missing log line (#448)
c8788cc Recommend gcloud storage over gsutil (#438)
62cf5bd Release: v2.1.5 (#437)
0a94a84 Update deps (#436)
699582e fix !project_id error message typo (#435)
6384b34 Document ID Token lifetimes (#433)
See full diff in compare view

Updates anchore/sbom-action from 0.17.1 to 0.17.5

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.5

Changes in v0.17.5

chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

v0.17.4

Changes in v0.17.4

chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

v0.17.3

Changes in v0.17.3

chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

v0.17.2

Changes in v0.17.2

Update Syft to v1.11.1 (#485) [anchore-actions-token-generator]

Commits

1ca97d9 chore(deps): update Syft to v1.14.2 (#503)
8d0a650 chore(deps): update Syft to v1.14.1 (#502)
f5e124a chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)
eff08d0 chore: configure changelog-ignore label (#499)
18f9bde chore: remove snapshot tests; fix deprecation errors for outdated packages (#...
2e87236 add release docs (#500)
4a914bc chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#497)
8cb9966 chore(deps): update Syft to v1.14.0 (#498)
beb779b Update README to include bit about permissions near the top (#496)
87b3137 chore(deps): update Syft to v1.13.0 (#488)
Additional commits viewable in compare view

Updates actions/cache from 4.0.2 to 4.1.2

Release notes

Sourced from actions/cache's releases.

v4.1.2

What's Changed

Add Bun example by @idleberg in actions/cache#1456

Revise isGhes logic by @jww3 in actions/cache#1474

Bump braces from ...
Description has been truncated

Bumps the actions group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.1.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.1.1` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.54.0` | `1.57.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.7.0` | | [theupdateframework/tuf-on-ci](https://github.com/theupdateframework/tuf-on-ci) | `0.12.0` | `0.13.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.6` | `4.4.3` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.3` | `4.1.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.2.2` | `4.5.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.4` | `2.1.6` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.1` | `0.17.5` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` | Updates `actions/checkout` from 4.1.7 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@692973e...11bd719) Updates `actions/setup-go` from 5.0.2 to 5.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...41dfa10) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.1.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@aaa42aa...971e284) Updates `reviewdog/action-actionlint` from 1.54.0 to 1.57.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](reviewdog/action-actionlint@4f8f996...7eeec1d) Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...dc72c7d) Updates `theupdateframework/tuf-on-ci` from 0.12.0 to 0.13.0 - [Release notes](https://github.com/theupdateframework/tuf-on-ci/releases) - [Changelog](https://github.com/theupdateframework/tuf-on-ci/blob/main/docs/CHANGELOG.md) - [Commits](theupdateframework/tuf-on-ci@89d2dad...27c49c0) Updates `actions/upload-artifact` from 4.3.6 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@834a144...b4b15b8) Updates `actions/setup-node` from 4.0.3 to 4.1.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1e60f62...39370e3) Updates `actions/setup-java` from 4.2.2 to 4.5.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@6a0805f...8df1039) Updates `google-github-actions/auth` from 2.1.4 to 2.1.6 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@f112390...8254fb7) Updates `anchore/sbom-action` from 0.17.1 to 0.17.5 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@ab9d16d...1ca97d9) Updates `actions/cache` from 4.0.2 to 4.1.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...6849a64) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: reviewdog/action-actionlint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: theupdateframework/tuf-on-ci dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-10-30T09:54:18Z

Superseded by #121.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 25, 2024

dependabot bot closed this Oct 30, 2024

dependabot bot deleted the dependabot/github_actions/actions-da11ba869b branch October 30, 2024 09:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump the actions group across 1 directory with 12 updates #120

build(deps): Bump the actions group across 1 directory with 12 updates #120

dependabot bot commented on behalf of github Oct 25, 2024 •

edited

Loading

dependabot bot commented on behalf of github Oct 30, 2024

build(deps): Bump the actions group across 1 directory with 12 updates #120

build(deps): Bump the actions group across 1 directory with 12 updates #120

Conversation

dependabot bot commented on behalf of github Oct 25, 2024 • edited Loading

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v5.1.0

What's Changed

New Contributors

v6.1.1

What's Changed

Changes

Documentation

Dependencies

New Contributors

Release v1.57.0

Release v1.56.0

Release v1.55.0

v3.7.0

What's Changed

v0.13.0

Changelog

Unreleased

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

What's Changed

New Contributors

v4.4.0

Notice: Breaking Changes ⚠️

What's Changed

v4.1.0

What's Changed

New Contributors

v4.0.4

What's Changed

Documentation changes:

New Contributors

v4.5.0

What's Changed

Bug fixes:

New Contributors:

v4.4.0

What's Changed

New Contributors

v4.3.0

v2.1.6

What's Changed

v2.1.5

What's Changed

New Contributors

v0.17.5

Changes in v0.17.5

v0.17.4

Changes in v0.17.4

v0.17.3

dependabot bot commented on behalf of github Oct 25, 2024 •

edited

Loading