From 92c374351c9b27ee8145b6ef94dcbf85b19726a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 12:09:40 +0000 Subject: [PATCH] deps: bump the production-dependencies group with 4 updates Bumps the production-dependencies group with 4 updates: [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [advanced-security/spdx-dependency-submission-action](https://github.com/advanced-security/spdx-dependency-submission-action) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `dtolnay/rust-toolchain` from 0b1efabc08b657293548b77fb76cc02d26091c7e to f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](https://github.com/dtolnay/rust-toolchain/compare/0b1efabc08b657293548b77fb76cc02d26091c7e...f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561) Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f) Updates `advanced-security/spdx-dependency-submission-action` from 0.1.1 to 0.1.2 - [Release notes](https://github.com/advanced-security/spdx-dependency-submission-action/releases) - [Commits](https://github.com/advanced-security/spdx-dependency-submission-action/compare/5530bab9ee4bbe66420ce8280624036c77f89746...f957edbb35161c1f9e33f61026fc86a671c58cae) Updates `actions/attest-build-provenance` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/977bb373ede98d70efdf65b84cb5f73e068dcc2a...00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8) --- updated-dependencies: - dependency-name: dtolnay/rust-toolchain dependency-version: f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 dependency-type: direct:production dependency-group: production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: advanced-security/spdx-dependency-submission-action dependency-version: 0.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: actions/attest-build-provenance dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-ql.yml | 2 +- .github/workflows/container-publish.yml | 8 ++++---- .github/workflows/container-security.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-ql.yml b/.github/workflows/codeql-ql.yml index c8e6973..b806fb4 100644 --- a/.github/workflows/codeql-ql.yml +++ b/.github/workflows/codeql-ql.yml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@v6 - name: "Set up Rust" - uses: dtolnay/rust-toolchain@0b1efabc08b657293548b77fb76cc02d26091c7e # v1.85.1 + uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 # v1.85.1 with: toolchain: stable diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index 1f10156..9456f4b 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to the Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 @@ -80,20 +80,20 @@ jobs: # Upload Software Bill of Materials (SBOM) to GitHub - name: Upload SBOM - uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # v0.1.1 + uses: advanced-security/spdx-dependency-submission-action@f957edbb35161c1f9e33f61026fc86a671c58cae # v0.1.2 with: filePath: '.' filePattern: '*.spdx.json' # Build provenance attestations - name: Attest Container Image - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true # - name: Attest Container SBOM - # uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + # uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 # with: # subject-path:: '*.spdx.json' diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml index 1803d98..56161b7 100644 --- a/.github/workflows/container-security.yml +++ b/.github/workflows/container-security.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Build Initial Container uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0