Skip to content

build(dependencies): bump the github-actions group with 6 updates #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(dependencies): bump the github-actions group with 6 updates #214

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 24, 2025
edited
Loading

Bumps the github-actions group with 6 updates:

Package From To
atlassian/gajira-create efc6ccbf894ad3f93f0fe588ca46c170340518a2 1c54357fdde9dab6273a0e26d67cb175ffffe498
step-security/harden-runner 2.7.0 2.12.1
actions/checkout 4.1.1 4.2.2
wearefrank/ci-cd-templates 1.4.2 2.0.2
actions/setup-node 4.0.2 4.4.0
actions/download-artifact 4.1.2 4.3.0

Updates atlassian/gajira-create from efc6ccbf894ad3f93f0fe588ca46c170340518a2 to 1c54357fdde9dab6273a0e26d67cb175ffffe498

Commits

Updates step-security/harden-runner from 2.7.0 to 2.12.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.12.1

What's Changed

  • Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
  • Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

v2.12.0

What's Changed

  1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

  2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

v2.11.1

What's Changed

Full Changelog: step-security/harden-runner@v2...v2.11.1

v2.11.0

What's Changed

Release v2.11.0 in #498 Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

v2.10.2

What's Changed

  1. Fixes low-severity command injection weaknesses The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

... (truncated)

Commits
  • 002fdce Merge pull request #544 from step-security/rc-21
  • 2489e3f Merge branch 'main' into rc-21
  • 75dd441 Merge pull request #555 from step-security/dependabot/github_actions/step-sec...
  • 4381ace Bump step-security/publish-unit-test-result-action from 2.19.0 to 2.20.0
  • a9da90b Merge pull request #553 from h0x0er/feat/container-workflows
  • a60ef21 update
  • 4ad512f Merge branch 'rc-21' into feat/container-workflows
  • 6b41a39 fixed test case
  • fa70c45 update agent
  • eb47845 self-hosted: refactored block-policy apply logic
  • Additional commits viewable in compare view

Updates actions/checkout from 4.1.1 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

... (truncated)

Commits

Updates wearefrank/ci-cd-templates from 1.4.2 to 2.0.2

Release notes

Sourced from wearefrank/ci-cd-templates's releases.

v2.0.2

2.0.2 (2025-05-20)

🤖 Build System

  • dependencies: lock soapui-testrunner action to commit hash (cec7d4d)

v2.0.1

2.0.1 (2025-05-20)

🧑‍💻 Code Refactoring

  • soapui-runner configurable testreport artifact name (8e19477)

v2.0.0

2.0.0 (2025-04-11)

⚠ BREAKING CHANGES

  • docker-release-generic inputs 'dockerhub-username' and 'dockerhub-password' renamed to 'registry-username' and 'registry-token'. Default registry changed from DockerHub to GitHub Packages. To get the old behavior, set 'registry-prefix: docker.io'.

🍕 Features

  • support pushing Docker images to GitHub image registry (#55) (dcc2ebd)
Changelog

Sourced from wearefrank/ci-cd-templates's changelog.

conventional commits semantic versioning

2.0.2 (2025-05-20)

🤖 Build System

  • dependencies: lock soapui-testrunner action to commit hash (cec7d4d)

2.0.1 (2025-05-20)

🧑‍💻 Code Refactoring

  • soapui-runner configurable testreport artifact name (8e19477)

2.0.0 (2025-04-11)

⚠ BREAKING CHANGES

  • docker-release-generic inputs 'dockerhub-username' and 'dockerhub-password' renamed to 'registry-username' and 'registry-token'. Default registry changed from DockerHub to GitHub Packages. To get the old behavior, set 'registry-prefix: docker.io'.

🍕 Features

  • support pushing Docker images to GitHub image registry (#55) (dcc2ebd)

1.4.2 (2025-04-04)

🤖 Build System

  • dependencies: lock soapui-testrunner action call to comit sha (b645321)

1.4.1 (2025-04-04)

🐛 Bug Fixes

  • command to show loaded docker images uses "docker ps" instead of "docker images" (a39ff21)
  • image-name is unintentionally required while not needed when image-id is provided (979e2d0)
  • soapui testrunner action PROJECT_DIR and REPORTS_DIR eval vars due to GHA adding invisible quotes (b9c0de3)

1.4.0 (2025-01-28)

🍕 Features

  • ff version bumper workflow cleans up superseded PR's and branches (9e8bac0)

🐛 Bug Fixes

  • ff version bumper format PR title with conventional commit tag instead of using the branch name (6b4996c)

🤖 Build System

... (truncated)

Commits
  • 692c637 chore(patch): release 2.0.2 [skip ci]
  • cec7d4d build(dependencies): lock soapui-testrunner action to commit hash
  • 8c99870 chore(patch): release 2.0.1 [skip ci]
  • de0a7db Merge pull request #57 from wearefrank/soapui-runner-artifact-name
  • 4e6de8c soapui-testrunner main
  • 43327e8 switch soapui runner action to branch version
  • 8e19477 refactor: soapui-runner configurable testreport artifact name
  • 2f83b83 chore(major): release 2.0.0 [skip ci]
  • dcc2ebd feat: support pushing Docker images to GitHub image registry (#55)
  • See full diff in compare view

Updates actions/setup-node from 4.0.2 to 4.4.0

Release notes

Sourced from actions/setup-node's releases.

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

v4.3.0

What's Changed

Dependency updates

New Contributors

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

What's Changed

... (truncated)

Commits

Updates actions/download-artifact from 4.1.2 to 4.3.0

Release notes

Sourced from actions/download-artifact's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.2.1...v4.3.0

v4.2.1

What's Changed

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

v4.1.9

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.1.8...v4.1.9

v4.1.8

What's Changed

... (truncated)

Commits
  • d3f86a1 Merge pull request #404 from actions/robherley/v4.3.0
  • fc02353 prep for v4.3.0 release
  • 7745437 Merge pull request #402 from actions/joshmgross/download-by-id-example
  • 84fc7a0 Remove path filters from Check dist workflow
  • 67f2bc3 Fix workflow example for downloading by artifact ID
  • 8ea3c2c Merge pull request #401 from actions/download-by-id
  • d219c63 add supporting unit tests for artifact downloads with ids
  • 54124fb revert getArtifact() changes - for now we have to list and filter by artifa...
  • b83057b bundle
  • 171183c use the same artifactClient.getArtifact structure as seen above in `isSingl...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 24, 2025
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-c563da647b branch 2 times, most recently from 51cc9f4 to 07ef1fc Compare July 14, 2025 14:06
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-c563da647b branch from 07ef1fc to 8d76cbf Compare August 11, 2025 16:20
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-c563da647b branch from 8d76cbf to 9a77e3e Compare September 22, 2025 11:48
@dependabot
build(dependencies): bump the github-actions group with 6 updates
d821c97 
Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [atlassian/gajira-create](https://github.com/atlassian/gajira-create) | `efc6ccbf894ad3f93f0fe588ca46c170340518a2` | `1c54357fdde9dab6273a0e26d67cb175ffffe498` |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.7.0` | `2.12.1` |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.2.2` |
| [wearefrank/ci-cd-templates](https://github.com/wearefrank/ci-cd-templates) | `1.4.2` | `2.0.2` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.0.2` | `4.4.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.2` | `4.3.0` |


Updates `atlassian/gajira-create` from efc6ccbf894ad3f93f0fe588ca46c170340518a2 to 1c54357fdde9dab6273a0e26d67cb175ffffe498
- [Release notes](https://github.com/atlassian/gajira-create/releases)
- [Commits](atlassian/gajira-create@efc6ccb...1c54357)

Updates `step-security/harden-runner` from 2.7.0 to 2.12.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@63c24ba...002fdce)

Updates `actions/checkout` from 4.1.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.1.1...11bd719)

Updates `wearefrank/ci-cd-templates` from 1.4.2 to 2.0.2
- [Release notes](https://github.com/wearefrank/ci-cd-templates/releases)
- [Changelog](https://github.com/wearefrank/ci-cd-templates/blob/main/CHANGELOG.md)
- [Commits](wearefrank/ci-cd-templates@6d9d643...692c637)

Updates `actions/setup-node` from 4.0.2 to 4.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@60edb5d...49933ea)

Updates `actions/download-artifact` from 4.1.2 to 4.3.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4.1.2...d3f86a1)

---
updated-dependencies:
- dependency-name: atlassian/gajira-create
  dependency-version: 1c54357fdde9dab6273a0e26d67cb175ffffe498
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: step-security/harden-runner
  dependency-version: 2.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: 4.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: wearefrank/ci-cd-templates
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-c563da647b branch from 9a77e3e to d821c97 Compare October 13, 2025 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants