Skip to content

Commit aebed9f

Browse files
ci(deps): bump the actions-routine group with 8 updates (#31)
Bumps the actions-routine group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.35.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.3.1...de0fac2) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.6.0...a309ff8) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...043fb46) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.3.0...3e5f45b) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3.7.0...4907a6d) Updates `actions/attest-build-provenance` from 2.4.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v2.4.0...a2bbfa2) Updates `github/codeql-action` from 3.35.2 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.35.2...95e58e9) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 6fa8257 commit aebed9f

3 files changed

Lines changed: 13 additions & 13 deletions

File tree

.github/workflows/build.yaml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -151,10 +151,10 @@ jobs:
151151
needs: [verify-commits]
152152
steps:
153153
- name: Checkout code
154-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
154+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
155155

156156
- name: Set up Python
157-
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
157+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
158158
with:
159159
python-version: '3.12'
160160

@@ -514,10 +514,10 @@ jobs:
514514
packages: write
515515
steps:
516516
- name: Checkout code
517-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
517+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
518518

519519
- name: Set up Python
520-
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
520+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
521521
with:
522522
python-version: '3.12'
523523

@@ -552,7 +552,7 @@ jobs:
552552
# Always upload the assembled document so the `grype` scan job can
553553
# download it via actions/download-artifact@v4 regardless of event.
554554
- name: Upload OpenVEX document artifact
555-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
555+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
556556
with:
557557
name: openvex
558558
path: vex.openvex.json
@@ -562,7 +562,7 @@ jobs:
562562
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
563563

564564
- name: Log in to GHCR (for cosign attest)
565-
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
565+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
566566
with:
567567
registry: ghcr.io
568568
username: ${{ github.actor }}
@@ -591,7 +591,7 @@ jobs:
591591
# the attestation links to the release tag.
592592
- name: Attest OpenVEX build provenance
593593
if: github.event_name == 'release'
594-
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
594+
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
595595
id: attest-vex
596596
with:
597597
subject-path: vex.openvex.json
@@ -610,7 +610,7 @@ jobs:
610610
611611
- name: Upload OpenVEX bundle artifact (release)
612612
if: github.event_name == 'release'
613-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
613+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
614614
with:
615615
name: openvex-bundle
616616
path: vex.openvex.json.bundle
@@ -798,7 +798,7 @@ jobs:
798798
# push + release events — PR events have no document to consume.
799799
- name: Download OpenVEX document
800800
if: github.event_name != 'pull_request'
801-
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
801+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
802802
with:
803803
name: openvex
804804
path: ./vex
@@ -841,14 +841,14 @@ jobs:
841841
842842
- name: Upload Grype SARIF to Code Scanning
843843
if: always()
844-
uses: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2
844+
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
845845
with:
846846
sarif_file: grype-${{ github.event_name }}-${{ matrix.variant.name }}.sarif
847847
category: grype-${{ github.event_name }}-${{ matrix.variant.name }}
848848

849849
- name: Upload Grype SARIF artifact
850850
if: always()
851-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
851+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
852852
with:
853853
name: ${{ github.event_name == 'release' && format('grype-release-{0}', matrix.variant.name) || format('grype-{0}-{1}-{2}', github.event_name, matrix.variant.name, github.run_number) }}
854854
path: grype-${{ github.event_name }}-${{ matrix.variant.name }}.sarif

.github/workflows/calm-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ jobs:
9797
HBS
9898
9999
- name: Set up Node.js
100-
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
100+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
101101
with:
102102
node-version: '20'
103103

.github/workflows/calm.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ jobs:
177177
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
178178

179179
- name: Set up Node.js
180-
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
180+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
181181
with:
182182
node-version: ${{ inputs.node-version }}
183183

0 commit comments

Comments
 (0)