deps: bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates in the / directory:

Package	From	To
dtolnay/rust-toolchain	56f84321dbccf38fb67ce29ab63e4754056677e0	b3b07ba8b418998c39fb20f53e8b695cdcc8de1b
docker/setup-buildx-action	3.10.0	3.11.1
docker/build-push-action	6.15.0	6.18.0
actions/attest-build-provenance	2.2.3	2.4.0
anchore/scan-action	6.1.0	6.3.0
42ByteLabs/patch-release-me	0.5.3	0.6.1
Andrew-Chen-Wang/github-wiki-action	4.4.0	5.0.1

Updates dtolnay/rust-toolchain from 56f84321dbccf38fb67ce29ab63e4754056677e0 to b3b07ba8b418998c39fb20f53e8b695cdcc8de1b

Commits

• b3b07ba Merge pull request #152 from dtolnay/trailingwhitespace
• 6ff96e9 Clean up trailing whitespace from PR 145
• 3038d43 Merge pull request #151 from dtolnay/winrustup
• d69c8f6 Use rustup.rs advertised download URLs
• c9b8f05 Merge pull request #149 from dtolnay/wincargohome
• eceb16e Respect pre-existing CARGO_HOME on Windows
• 449259c Merge pull request #150 from dtolnay/githubpath
• f36efba Fix GITHUB_PATH
• 3d21cbb Merge pull request #148 from dtolnay/backslash
• 802126c Consistently use backslash directories on Windows
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.10.0 to 3.11.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.11.1

• Fix keep-state not being respected by @​crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

• Keep BuildKit state support by @​crazy-max in docker/setup-buildx-action#427
• Remove aliases created when installing by default by @​hashhar in docker/setup-buildx-action#139
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

Commits

• e468171 Merge pull request #429 from crazy-max/fix-keep-state
• a3e7502 chore: update generated content
• b145473 fix keep-state not being respected
• 18ce135 Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 0e198e9 chore: update generated content
• 05f3f3a build(deps): bump @​docker/actions-toolkit from 0.61.0 to 0.62.1
• 6229134 Merge pull request #427 from crazy-max/keep-state
• c6f6a07 chore: update generated content
• 6c5e29d skip builder creation if one already exists with the same name
• 548b297 ci: keep-state check
• Additional commits viewable in compare view

Updates docker/build-push-action from 6.15.0 to 6.18.0

Release notes

Sourced from docker/build-push-action's releases.

v6.18.0

• Bump @​docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

• Bump @​docker/actions-toolkit from 0.59.0 to 0.61.0 by @​crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

• Handle no default attestations env var by @​crazy-max in docker/build-push-action#1343
• Only print secret keys in build summary output by @​crazy-max in docker/build-push-action#1353
• Bump @​docker/actions-toolkit from 0.56.0 to 0.59.0 in docker/build-push-action#1352

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

Commits

• 2634353 Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-t...
• c0432d2 chore: update generated content
• 0bb1f27 set builder driver and endpoint attributes for dbc summary support
• 5f9dbf9 chore(deps): Bump @​docker/actions-toolkit from 0.61.0 to 0.62.1
• 0788c44 Merge pull request #1375 from crazy-max/remove-gcr
• aa179ca e2e: remove GCR
• 1dc7386 Merge pull request #1364 from crazy-max/history-export-cmd
• 9c9803f chore: update generated content
• db1f6c4 DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export
• 721e8c7 Bump @​docker/actions-toolkit from 0.59.0 to 0.61.0
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 2.2.3 to 2.4.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.4.0

What's Changed

• Bump undici from 5.28.5 to 5.29.0 by @​dependabot in actions/attest-build-provenance#633
• Bump actions/attest from 2.3.0 to 2.4.0 by @​bdehamer in actions/attest-build-provenance#654
  • Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run

Full Changelog: actions/attest-build-provenance@v2.3.0...v2.4.0

v2.3.0

What's Changed

• Bump actions/attest from 2.2.1 to 2.3.0 by @​bdehamer in actions/attest-build-provenance#615
  • Updates @sigstore/oci from 0.4.0 to 0.5.0

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

Commits

• e8998f9 bump actions/attest from 2.3.0 to 2.4.0 (#654)
• 11c67f2 Bump the npm-development group across 1 directory with 6 updates (#649)
• 39cb715 Bump the npm-development group across 1 directory with 7 updates (#641)
• 7d91c40 Bump undici from 5.28.5 to 5.29.0 (#633)
• d848170 Bump super-linter/super-linter in the actions-minor group (#640)
• 0ca36ea Bump the npm-development group with 7 updates (#582)
• d82e7cd offboard from eslint in superlinter (#618)
• db473fd bump actions/attest from 2.2.1 to 2.3.0 (#615)
• d3b713a Bump the actions-minor group with 2 updates (#566)
• e042adb Bump the npm-development group with 4 updates (#567)
• Additional commits viewable in compare view

Updates anchore/scan-action from 6.1.0 to 6.3.0

Release notes

Sourced from anchore/scan-action's releases.

v6.3.0

New in scan-action v6.3.0

• Update Grype to v0.94.0 (#470)

v6.2.0

New in scan-action v6.2.0

• feat: update Scan action to use grype db v6 (#462) [spiffcs]

Commits

• be7a22d chore(deps): update Grype to v0.94.0 (#470)
• 77f24ed chore: remove npm audit from workflow (#475)
• 251fd2c chore(deps-dev): bump eslint from 9.25.1 to 9.26.0 (#465)
• 98d9c29 Fix issue with missing permissions directive in example workflow (#466)
• 52d195a chore(deps): update Grype to v0.92.0 (#464)
• 16d8e06 chore(deps-dev): bump lint-staged from 15.5.1 to 16.0.0 (#468)
• 2c901ab Scan action grype db v6 (#462)
• 39c42ea chore(deps-dev): bump lint-staged from 15.5.0 to 15.5.1 (#458)
• eec251a chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (#457)
• c8820f3 chore(deps-dev): bump eslint from 9.24.0 to 9.25.1 (#460)
• Additional commits viewable in compare view

Updates 42ByteLabs/patch-release-me from 0.5.3 to 0.6.1

Release notes

Sourced from 42ByteLabs/patch-release-me's releases.

v0.6.1

What's Changed

• deps: bump the production-dependencies group with 2 updates by @​dependabot in 42ByteLabs/patch-release-me#102
• deps: bump tokio from 1.45.0 to 1.45.1 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#104
• deps: bump 42ByteLabs/.github from 0.11 to 0.12 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#103
• deps: bump clap from 4.5.38 to 4.5.39 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#105
• Add Rust Binaries for release by @​GeekMasher in 42ByteLabs/patch-release-me#106
• feat(version): v0.6.1 by @​GeekMasher in 42ByteLabs/patch-release-me#107

Full Changelog: 42ByteLabs/patch-release-me@0.6.0...0.6.1

v0.6.0

What's Changed

• deps: bump clap from 4.5.36 to 4.5.37 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#97
• feat: Update defaults.yml to exclude additional directories from processing by @​GeekMasher in 42ByteLabs/patch-release-me#98
• feat: Update bumping support and add Sync by @​GeekMasher in 42ByteLabs/patch-release-me#99
• feat: Update interactive mode to fix issues by @​GeekMasher in 42ByteLabs/patch-release-me#100
• feat(version): v0.6.0 by @​GeekMasher in 42ByteLabs/patch-release-me#101

Full Changelog: 42ByteLabs/patch-release-me@0.5.5...0.6.0

v0.5.5

What's Changed

• deps: bump the production-dependencies group with 2 updates by @​dependabot in 42ByteLabs/patch-release-me#94
• feat: Update CLI interface and logging output by @​GeekMasher in 42ByteLabs/patch-release-me#95
• feat(version): 0.5.5 by @​GeekMasher in 42ByteLabs/patch-release-me#96

Full Changelog: 42ByteLabs/patch-release-me@0.5.4...0.5.5

v0.5.4

What's Changed

• deps: bump the production-dependencies group with 3 updates by @​dependabot in 42ByteLabs/patch-release-me#86
• deps: bump the production-dependencies group with 3 updates by @​dependabot in 42ByteLabs/patch-release-me#87
• deps: bump the production-dependencies group with 3 updates by @​dependabot in 42ByteLabs/patch-release-me#88
• deps: bump log from 0.4.26 to 0.4.27 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#89
• deps: bump clap from 4.5.32 to 4.5.34 in the production-dependencies group by @​dependabot in 42ByteLabs/patch-release-me#90
• deps: bump the production-dependencies group with 3 updates by @​dependabot in 42ByteLabs/patch-release-me#91
• feat: Add GitHub Actions support by @​GeekMasher in 42ByteLabs/patch-release-me#92
• v0.5.4 by @​GeekMasher in 42ByteLabs/patch-release-me#93

Full Changelog: 42ByteLabs/patch-release-me@0.5.3...0.5.4

Changelog

Sourced from 42ByteLabs/patch-release-me's changelog.

name: "patch-release-me" version: "0.6.1" repository: "42ByteLabs/patch-release-me"

ecosystems:

• Rust

locations:

• name: "Actions Docs" paths:
  • 'README.md'
  • '.github/workflows/*.yml'
  • 'actions/Dockerfile' patterns:

  Actions

  • '{repository}@{version}'

  Containers

  • 'ghcr.io/{repository}:{version}'

Commits

• 9ff3c04 fix(ci): Update release.yml
• 747f5db feat(version): v0.6.1
• 31d78f0 fix(ci): Update release permission
• c52a808 fix(ci): Update release tag
• f03676b feat(ci): Add Rust binaries for release
• de60bd5 deps: bump clap in the production-dependencies group
• fb7f511 deps: bump 42ByteLabs/.github in the production-dependencies group
• 97419e3 deps: bump tokio in the production-dependencies group
• 1c41c31 fix(ci): Update build permissions
• 4780218 deps: bump the production-dependencies group with 2 updates
• Additional commits viewable in compare view

Updates Andrew-Chen-Wang/github-wiki-action from 4.4.0 to 5.0.1

Release notes

Sourced from Andrew-Chen-Wang/github-wiki-action's releases.

v5.0.1 Important fix

Hi all, thank you to @​jrfnl for his quick fix in Andrew-Chen-Wang/github-wiki-action#82

Full Changelog: Andrew-Chen-Wang/github-wiki-action@v5.0.0...v5.0.1

v5.0.0

What's Changed

• Add in-source to in-wiki link transformer for v5 by @​jcbhmr in Andrew-Chen-Wang/github-wiki-action#73
• Match links with anchors by @​chinatsu in Andrew-Chen-Wang/github-wiki-action#79
• Add "disable-empty-commits" option by @​jrfnl in Andrew-Chen-Wang/github-wiki-action#81

New Contributors

• @​chinatsu made their first contribution in Andrew-Chen-Wang/github-wiki-action#79
• @​jrfnl made their first contribution in Andrew-Chen-Wang/github-wiki-action#81

Full Changelog: Andrew-Chen-Wang/github-wiki-action@v4...v4.5.0

Commits

• 2c80c13 Fix "disable-empty-commits" (#82)
• 7ee32e8 Add "disable-empty-commits" option (#81)
• b7e552d Match links with anchors (#79)
• 86138cb Merge pull request #73 from Andrew-Chen-Wang/revert-72-revert-68-in-source-to...
• 9cdf862 Revert "Revert "Add in-source to in-wiki link transformer""
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/dtolnay/rust-toolchain	b3b07ba8b418998c39fb20f53e8b695cdcc8de1b	🟢 6.2	Details Check Score Reason Code-Review ⚠️ 1 Found 2/19 approved changesets -- score normalized to 1 Maintained 🟢 10 17 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/actions/attest-build-provenance	e8998f949152b193b063cb0ec769d69d929409be	Unknown	Unknown
actions/docker/build-push-action	263435318d21b8e681c14492fe198d362a7d2c83	🟢 5.7	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 28 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
actions/docker/setup-buildx-action	e468171a9de216ec08956ac3ada2f0791b6bd435	🟢 5.2	Details Check Score Reason Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
actions/anchore/scan-action	be7a22da4f22dde446c4c4c099887ff5b256526c	🟢 6.4	Details Check Score Reason Maintained 🟢 9 11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
actions/docker/build-push-action	263435318d21b8e681c14492fe198d362a7d2c83	🟢 5.7	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 28 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
actions/docker/setup-buildx-action	e468171a9de216ec08956ac3ada2f0791b6bd435	🟢 5.2	Details Check Score Reason Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
actions/42ByteLabs/patch-release-me	9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a	Unknown	Unknown
actions/Andrew-Chen-Wang/github-wiki-action	2c80c13ee98aa43683bd77973ef4916e2eedf817	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/codeql-ql.yml
• .github/workflows/container-publish.yml
• .github/workflows/container-security.yml
• .github/workflows/release.yml
• .github/workflows/self-wiki.yml

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/dtolnay/rust-toolchain	b3b07ba8b418998c39fb20f53e8b695cdcc8de1b	🟢 6.2	Details Check Score Reason Code-Review ⚠️ 1 Found 2/19 approved changesets -- score normalized to 1 Maintained 🟢 10 17 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 3 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/actions/attest-build-provenance	e8998f949152b193b063cb0ec769d69d929409be	Unknown	Unknown
actions/docker/build-push-action	263435318d21b8e681c14492fe198d362a7d2c83	🟢 5.7	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 28 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
actions/docker/setup-buildx-action	e468171a9de216ec08956ac3ada2f0791b6bd435	🟢 5.2	Details Check Score Reason Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
actions/anchore/scan-action	be7a22da4f22dde446c4c4c099887ff5b256526c	🟢 6.4	Details Check Score Reason Maintained 🟢 9 11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
actions/docker/build-push-action	263435318d21b8e681c14492fe198d362a7d2c83	🟢 5.7	Details Check Score Reason Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 28 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
actions/docker/setup-buildx-action	e468171a9de216ec08956ac3ada2f0791b6bd435	🟢 5.2	Details Check Score Reason Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
actions/42ByteLabs/patch-release-me	9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a	Unknown	Unknown
actions/Andrew-Chen-Wang/github-wiki-action	2c80c13ee98aa43683bd77973ef4916e2eedf817	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/codeql-ql.yml
• .github/workflows/container-publish.yml
• .github/workflows/container-security.yml
• .github/workflows/release.yml
• .github/workflows/self-wiki.yml

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.