Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade: [dependabot] - bump anchore/scan-action from 3 to 4 (#1236)
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/scan-action/releases">anchore/scan-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <h2>New in scan-action v4.0.0</h2> <ul> <li>Update Grype to v0.79.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/338">#338</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>Download Grype on Windows (<a href="https://redirect.github.com/anchore/scan-action/issues/336">#336</a>) [<a href="https://github.com/willmurphyscode">willmurphyscode</a>] (<a href="https://redirect.github.com/anchore/scan-action/issues/315">#315</a>) [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>Bump Node to v20 (<a href="https://redirect.github.com/anchore/scan-action/issues/295">#295</a>) [<a href="https://github.com/ViacheslavKudinov">ViacheslavKudinov</a>]</li> </ul> <h2>v3.6.4</h2> <h2>New in scan-action v3.6.4</h2> <ul> <li>Update Grype to v0.74.4 (<a href="https://redirect.github.com/anchore/scan-action/issues/279">#279</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> <h2>v3.6.3</h2> <h2>New in scan-action v3.6.3</h2> <ul> <li>chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (<a href="https://redirect.github.com/anchore/scan-action/issues/278">#278</a>) [<a href="https://github.com/spiffcs">spiffcs</a>]</li> </ul> <h2>v3.6.2</h2> <h2>New in scan-action v3.6.2</h2> <ul> <li>chore(deps): update Grype to v0.74.3 (<a href="https://redirect.github.com/anchore/scan-action/issues/275">#275</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> <h2>v3.6.1</h2> <h2>New in scan-action v3.6.1</h2> <ul> <li>chore(deps): update Grype to v0.74.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/272">#272</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps-dev): bump prettier from 3.2.2 to 3.2.4 (<a href="https://redirect.github.com/anchore/scan-action/issues/270">#270</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v3.6.0</h2> <h2>New in scan-action v3.6.0</h2> <ul> <li>chore(deps): update Grype to v0.74.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/271">#271</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps-dev): bump prettier from 3.1.1 to 3.2.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/268">#268</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v3.5.0</h2> <h2>New in scan-action v3.5.0</h2> <ul> <li>chore(deps): update Grype to v0.74.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/267">#267</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps): bump <code>@actions/core</code> from 1.10.0 to 1.10.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/262">#262</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v3.4.0</h2> <h2>New in scan-action v3.4.0</h2> <ul> <li>chore(deps-dev): bump tslib from 2.5.0 to 2.6.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/258">#258</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps-dev): bump <code>@vercel/ncc</code> from 0.36.1 to 0.38.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/261">#261</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps): update Grype to v0.73.5 (<a href="https://redirect.github.com/anchore/scan-action/issues/264">#264</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>Add support for the <code>--vex</code> flag (<a href="https://redirect.github.com/anchore/scan-action/issues/254">#254</a>) [<a href="https://github.com/ferozsalam">ferozsalam</a>]</li> </ul> <h2>v3.3.8</h2> <h2>New in scan-action v3.3.8</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anchore/scan-action/blob/main/CHANGELOG.md">anchore/scan-action's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <h2>Version 2.0.2 - 2020-11-11</h2> <ul> <li>Update <code>actions/core</code> to use version <code>1.2.6</code> [(Issue <a href="https://redirect.github.com/anchore/scan-action/issues/71">#71</a>)](<a href="https://redirect.github.com/anchore/scan-action/issues/71">anchore/scan-action#71</a>)</li> </ul> <h2>Version 2.0.1 - 2020-02-11</h2> <p>Fixes:</p> <ul> <li>Removes unnecessary constraint in deduplication for SARIF reporting</li> <li>Allows defining and referencing the location of the SARIF report file</li> <li>Fixes multiple instances where undefined items in the reporting would break scanning</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/scan-action/commit/64a33b277ea7a1215a3c142735a1091341939ff5"><code>64a33b2</code></a> chore(deps): update Grype to v0.80.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/358">#358</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/062ce86e75ff5dabcab335f301fe1fe11dcfe5b3"><code>062ce86</code></a> chore(deps-dev): bump better-npm-audit from 3.7.3 to 3.8.3 (<a href="https://redirect.github.com/anchore/scan-action/issues/356">#356</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/bc9adf64917dd9444d6cf4dd68620c34ca3a5f69"><code>bc9adf6</code></a> chore(deps): update Grype to v0.79.6 (<a href="https://redirect.github.com/anchore/scan-action/issues/352">#352</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/f291c69db4c4db6eb38694a9d88c29391cafc353"><code>f291c69</code></a> Update slack to discourse (<a href="https://redirect.github.com/anchore/scan-action/issues/354">#354</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/1c54040fd60369971478676dff1152ff09b0e5c0"><code>1c54040</code></a> docs: grype-version parameter (<a href="https://redirect.github.com/anchore/scan-action/issues/319">#319</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/a695a7349ea068b3d1169df9c51b06a05190c2cb"><code>a695a73</code></a> chore(deps-dev): bump husky from 9.1.3 to 9.1.4 (<a href="https://redirect.github.com/anchore/scan-action/issues/351">#351</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/7e0a8e43cd7acb500d2dfe84eb32decbfa0f76cd"><code>7e0a8e4</code></a> chore(deps-dev): bump eslint from 9.7.0 to 9.8.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/349">#349</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/391f03b4940cbfdbde3d8f33be5b032272caf430"><code>391f03b</code></a> chore(deps-dev): bump husky from 9.1.1 to 9.1.3 (<a href="https://redirect.github.com/anchore/scan-action/issues/350">#350</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/3dd8c8b98f45410802f0f15772672139c94e9d77"><code>3dd8c8b</code></a> docs: CODE_OF_CONDUCT.md (<a href="https://redirect.github.com/anchore/scan-action/issues/343">#343</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/acd87be43ea41fa567e49ded46c8536c8ad74cba"><code>acd87be</code></a> chore(deps-dev): bump husky from 9.0.11 to 9.1.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/345">#345</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/scan-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/scan-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com>
- Loading branch information