Skip to content

Commit 66572c4

Browse files
Bump the actions group with 2 updates (#3508)
Bumps the actions group with 2 updates: [chainguard-dev/actions/setup-gitsign](https://github.com/chainguard-dev/actions) and [actions/cache](https://github.com/actions/cache). Updates `chainguard-dev/actions/setup-gitsign` from 1.6.25 to 1.6.26 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chainguard-dev/actions/releases">chainguard-dev/actions/setup-gitsign's releases</a>.</em></p> <blockquote> <h2>v1.6.26</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump actions/checkout from 6.0.3 to 7.0.0 in /release-notes by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/973">chainguard-dev/actions#973</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.23 to 1.6.24 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/972">chainguard-dev/actions#972</a></li> <li>build(deps): bump actions/checkout from 6.0.3 to 7.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/971">chainguard-dev/actions#971</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /wolfi-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/982">chainguard-dev/actions#982</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /release-notes by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/981">chainguard-dev/actions#981</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /inky-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/979">chainguard-dev/actions#979</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /melange-build by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/980">chainguard-dev/actions#980</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /goimports by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/978">chainguard-dev/actions#978</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /gofmt by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/977">chainguard-dev/actions#977</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /git-tag by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/976">chainguard-dev/actions#976</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/975">chainguard-dev/actions#975</a></li> <li>build(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/974">chainguard-dev/actions#974</a></li> <li>group updates for actions when we have patch updates by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/983">chainguard-dev/actions#983</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/actions/compare/v1.6.25...v1.6.26">https://github.com/chainguard-dev/actions/compare/v1.6.25...v1.6.26</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chainguard-dev/actions/commit/f0be69916b439d0fcced2451b23d0f27cd46d545"><code>f0be699</code></a> group updates for actions when we have patch updates (<a href="https://redirect.github.com/chainguard-dev/actions/issues/983">#983</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/9d74f5e8fe1ba0ca5911776327dd19e27bab9bfc"><code>9d74f5e</code></a> build(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/974">#974</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/fc8da5be281347f3883ee3097e7d932e21f074c4"><code>fc8da5b</code></a> build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/975">#975</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/6f62df32d88793c338048c84b15b5b23f04e63c3"><code>6f62df3</code></a> build(deps): bump chainguard-dev/actions in /git-tag (<a href="https://redirect.github.com/chainguard-dev/actions/issues/976">#976</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/9b816d3ffc7761458aab1d719855b366d3eb7468"><code>9b816d3</code></a> build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /gofmt (<a href="https://redirect.github.com/chainguard-dev/actions/issues/977">#977</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/c8cb26319a39958f2c306d76828bb6b5475ebdbd"><code>c8cb263</code></a> build(deps): bump chainguard-dev/actions in /goimports (<a href="https://redirect.github.com/chainguard-dev/actions/issues/978">#978</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/5bac86cb45a447614d1a287a9fddb38e8cc7a404"><code>5bac86c</code></a> build(deps): bump chainguard-dev/actions in /melange-build (<a href="https://redirect.github.com/chainguard-dev/actions/issues/980">#980</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/4580d944267505cc3a494f71afbe44c324df36bd"><code>4580d94</code></a> build(deps): bump chainguard-dev/actions in /inky-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/979">#979</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/71b359fd54ef725563124fe973ada66ccdf71e78"><code>71b359f</code></a> build(deps): bump chainguard-dev/actions in /release-notes (<a href="https://redirect.github.com/chainguard-dev/actions/issues/981">#981</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/fc09e6d9104791291ee8be0e453bdc6584280b5c"><code>fc09e6d</code></a> build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/982">#982</a>)</li> <li>Additional commits viewable in <a href="https://github.com/chainguard-dev/actions/compare/e1c4977ad9cb32b12c5b222ec0134a22bec60bd5...f0be69916b439d0fcced2451b23d0f27cd46d545">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 6.0.0 to 6.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@​actions/cache</code> to v6.1.0 - handle read-only cache access by <a href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1768">actions/cache#1768</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v6...v6.1.0">https://github.com/actions/cache/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE] Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>6.1.0</h3> <ul> <li>Bump <code>@actions/cache</code> to v6.1.0 to pick up <a href="https://redirect.github.com/actions/toolkit/pull/2435">actions/toolkit#2435 Handle cache write error due to read-only token</a></li> <li>Switch redundant &quot;Cache save failed&quot; warning to debug log in save-only</li> </ul> <h3>6.0.0</h3> <ul> <li>Updated <code>@actions/cache</code> to ^6.0.1, <code>@actions/core</code> to ^3.0.1, <code>@actions/exec</code> to ^3.0.0, <code>@actions/io</code> to ^3.0.2</li> <li>Migrated to ESM module system</li> <li>Upgraded Jest to v30 and test infrastructure to be ESM compatible</li> </ul> <h3>5.0.4</h3> <ul> <li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li> <li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li> <li>Bump <code>fast-xml-parser</code> to v5.5.6</li> </ul> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9"><code>55cc834</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1768">#1768</a> from jasongin/readonly-cache</li> <li><a href="https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337"><code>d8cd72f</code></a> Bump <code>@​actions/cache</code> to v6.1.0 - handle cache write error due to RO token</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/2c8a9bd7457de244a408f35966fab2fb45fda9c8...55cc8345863c7cc4c66a329aec7e433d2d1c52a9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 2c6f594 commit 66572c4

3 files changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/autodocs-platform.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
persist-credentials: false
3333

3434
- name: 'Setup gitsign'
35-
uses: chainguard-dev/actions/setup-gitsign@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25
35+
uses: chainguard-dev/actions/setup-gitsign@f0be69916b439d0fcced2451b23d0f27cd46d545 # v1.6.26
3636

3737
- name: Authenticate to Google Cloud
3838
id: auth

.github/workflows/compile-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ jobs:
7474
python-version: '3.10'
7575

7676
- name: Cache Python dependencies
77-
uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
77+
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
7878
with:
7979
path: ~/.cache/pip
8080
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}

.github/workflows/digestabot.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636
release-assets.githubusercontent.com:443
3737
tuf-repo-cdn.sigstore.dev:443
3838
39-
- uses: chainguard-dev/actions/setup-gitsign@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25
39+
- uses: chainguard-dev/actions/setup-gitsign@f0be69916b439d0fcced2451b23d0f27cd46d545 # v1.6.26
4040

4141
- uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1
4242
id: octo-sts

0 commit comments

Comments
 (0)