-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update github-actions #741
Merged
laurentsimon
merged 1 commit into
slsa-framework:main
from
renovate-bot:renovate/github-actions
Mar 22, 2024
Merged
chore(deps): update github-actions #741
laurentsimon
merged 1 commit into
slsa-framework:main
from
renovate-bot:renovate/github-actions
Mar 22, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
February 2, 2024 21:10
a32c663
to
82b5bc7
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
3 times, most recently
from
February 15, 2024 15:42
5942ab2
to
ab81296
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
February 23, 2024 12:17
3c569df
to
b325c6d
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
March 1, 2024 10:43
b325c6d
to
39f398a
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
March 18, 2024 20:29
9716e3e
to
5db7606
Compare
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
March 20, 2024 23:18
5db7606
to
0db7abb
Compare
Signed-off-by: Mend Renovate <bot@renovateapp.com>
renovate-bot
force-pushed
the
renovate/github-actions
branch
from
March 21, 2024 15:49
0db7abb
to
a9d879f
Compare
laurentsimon
approved these changes
Mar 22, 2024
ramonpetgrave64
pushed a commit
to ramonpetgrave64/slsa-verifier
that referenced
this pull request
Apr 10, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.1.0` -> `v3.1.5` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | patch | `v3.8.1` -> `v3.8.2` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.22.1` -> `v2.24.8` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.3.0` -> `v2.3.1` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.9.0` -> `v1.10.0` | | [slsa-framework/slsa-verifier](https://togithub.com/slsa-framework/slsa-verifier) | action | patch | `v2.4.0` -> `v2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.1.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.5): 3.1.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.4...v3.1.5) #### What's Changed - Smaller `per_page` when requesting diff by [@​hmaurer](https://togithub.com/hmaurer) in [https://github.com/actions/dependency-review-action/pull/649](https://togithub.com/actions/dependency-review-action/pull/649) - Update dependencies: - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.10.0 to 6.13.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/630](https://togithub.com/actions/dependency-review-action/pull/630) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/629](https://togithub.com/actions/dependency-review-action/pull/629) - Bump [@​types/jest](https://togithub.com/types/jest) from 29.5.8 to 29.5.11 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/637](https://togithub.com/actions/dependency-review-action/pull/637) - Bump nodemon from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/636](https://togithub.com/actions/dependency-review-action/pull/636) - Replace pip -> pypi in PURL examples by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/638](https://togithub.com/actions/dependency-review-action/pull/638) - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.12.0 to 6.15.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/644](https://togithub.com/actions/dependency-review-action/pull/644) - Bump eslint from 8.53.0 to 8.56.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/640](https://togithub.com/actions/dependency-review-action/pull/640) - Bump [@​typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) from 6.13.1 to 6.16.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/645](https://togithub.com/actions/dependency-review-action/pull/645) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/646](https://togithub.com/actions/dependency-review-action/pull/646) **Full Changelog**: actions/dependency-review-action@v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.4): 3.1.4 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.3...v3.1.4) #### What's Changed - Fixed a [bug](https://togithub.com/actions/dependency-review-action/issues/618) with severity filtering when using the `allow_ghsas` option: [https://github.com/actions/dependency-review-action/pull/623](https://togithub.com/actions/dependency-review-action/pull/623). - Updates dependencies: - Bump [@​types/node](https://togithub.com/types/node) from 16.18.61 to 16.18.62 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/619](https://togithub.com/actions/dependency-review-action/pull/619) action/pull/620 - Bump [@​typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin) from 6.11.0 to 6.12.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/625](https://togithub.com/actions/dependency-review-action/pull/625) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/624](https://togithub.com/actions/dependency-review-action/pull/624) **Full Changelog**: actions/dependency-review-action@v3...v3.1.4 ### [`v3.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.3): 3.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.2...v3.1.3) #### What's Changed - Fixes purl "version must be percent-encoded" by [@​theztefan](https://togithub.com/theztefan) in [https://github.com/actions/dependency-review-action/pull/617](https://togithub.com/actions/dependency-review-action/pull/617) **Full Changelog**: actions/dependency-review-action@v3...v3.1.3 ### [`v3.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.2): 3.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.1...v3.1.2) #### What's Changed - Fix a regression for setups using self-hosted runners behind HTTP proxies:[@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/611](https://togithub.com/actions/dependency-review-action/pull/611) **Full Changelog**: actions/dependency-review-action@v3...v3.1.2 ### [`v3.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.1.1): 3.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.0...v3.1.1) #### What's Changed - Update a bunch of dependencies, including major version upgrades for `octokit`, `@actions/github` and `typescript`. **Full Changelog**: actions/dependency-review-action@v3.1.0...v3.1.1 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: actions/setup-node@v3...v3.8.2 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1282](https://togithub.com/ossf/scorecard-action/pull/1282) - Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the [v4.13.1](https://togithub.com/ossf/scorecard/releases/tag/v4.13.1) release notes **Full Changelog**: ossf/scorecard-action@v2.3.0...v2.3.1 </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.10.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v1100) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.1...v1.10.0) Release \[v1.10.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0). ##### v1.10.0: TUF fix - The cosign TUF roots were fixed ([#​3350](https://togithub.com/slsa-framework/slsa-github-generator/issues/3350)). More details [here](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid). ##### v1.10.0: Gradle Builder - The Gradle Builder was fixed when the project root is the same as the repository root ([#​2727](https://togithub.com/slsa-framework/slsa-github-generator/issues/2727)) ##### v1.10.0: Go Builder - The `go-version-file` input was fixed so that it can find the `go.mod` file ([#​2661](https://togithub.com/slsa-framework/slsa-github-generator/issues/2661)) ##### v1.10.0: Container Generator - A new `provenance-repository` input was added to allow reading provenance from a different container repository than the image itself ([#​2956](https://togithub.com/slsa-framework/slsa-github-generator/issues/2956)) ### [`v1.9.1`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.1) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.9.1) **This is an un-finalized release.** See the [CHANGELOG](./CHANGELOG.md) for details. </details> <details> <summary>slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)</summary> ### [`v2.4.1`](https://togithub.com/slsa-framework/slsa-verifier/releases/tag/v2.4.1) [Compare Source](https://togithub.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1) #### What's Changed - Fix a verification issue when verifying npm's publish attestations - Low severity GHSA-r2xv-vpr2-42m9. This part of the code remains *experimental*. #### New Contributors - [@​trishankatdatadog](https://togithub.com/trishankatdatadog) made their first contribution in [https://github.com/slsa-framework/slsa-verifier/pull/702](https://togithub.com/slsa-framework/slsa-verifier/pull/702) **Full Changelog**: slsa-framework/slsa-verifier@v2.4.0...v2.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v3.1.0
->v3.1.5
v3.8.1
->v3.8.2
v2.22.1
->v2.24.8
v2.3.0
->v2.3.1
v1.9.0
->v1.10.0
v2.4.0
->v2.4.1
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/dependency-review-action (actions/dependency-review-action)
v3.1.5
: 3.1.5Compare Source
What's Changed
per_page
when requesting diff by @hmaurer in https://github.com/actions/dependency-review-action/pull/649Full Changelog: actions/dependency-review-action@v3.1.4...v3.1.5
v3.1.4
: 3.1.4Compare Source
What's Changed
Fixed a bug with severity filtering when using the
allow_ghsas
option: https://github.com/actions/dependency-review-action/pull/623.Updates dependencies:
action/pull/620
Full Changelog: actions/dependency-review-action@v3...v3.1.4
v3.1.3
: 3.1.3Compare Source
What's Changed
Full Changelog: actions/dependency-review-action@v3...v3.1.3
v3.1.2
: 3.1.2Compare Source
What's Changed
Full Changelog: actions/dependency-review-action@v3...v3.1.2
v3.1.1
: 3.1.1Compare Source
What's Changed
octokit
,@actions/github
andtypescript
.Full Changelog: actions/dependency-review-action@v3.1.0...v3.1.1
actions/setup-node (actions/setup-node)
v3.8.2
Compare Source
What's Changed
Full Changelog: actions/setup-node@v3...v3.8.2
github/codeql-action (github/codeql-action)
v2.24.8
Compare Source
v2.24.7
Compare Source
v2.24.6
Compare Source
v2.24.5
Compare Source
v2.24.4
Compare Source
v2.24.3
Compare Source
v2.24.2
Compare Source
v2.24.1
Compare Source
v2.24.0
Compare Source
v2.23.2
Compare Source
v2.23.1
Compare Source
v2.23.0
Compare Source
v2.22.12
Compare Source
v2.22.11
Compare Source
v2.22.10
Compare Source
v2.22.9
Compare Source
v2.22.8
Compare Source
v2.22.7
Compare Source
v2.22.6
Compare Source
v2.22.5
Compare Source
v2.22.4
Compare Source
v2.22.3
Compare Source
v2.22.2
Compare Source
ossf/scorecard-action (ossf/scorecard-action)
v2.3.1
Compare Source
What's Changed
Full Changelog: ossf/scorecard-action@v2.3.0...v2.3.1
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)
v1.10.0
Compare Source
Release [v1.10.0] includes bug fixes and new features.
See the full change list.
v1.10.0: TUF fix
v1.10.0: Gradle Builder
repository root (#2727)
v1.10.0: Go Builder
go-version-file
input was fixed so that it can find thego.mod
file(#2661)
v1.10.0: Container Generator
provenance-repository
input was added to allow reading provenance froma different container repository than the image itself (#2956)
v1.9.1
Compare Source
This is an un-finalized release.
See the CHANGELOG for details.
slsa-framework/slsa-verifier (slsa-framework/slsa-verifier)
v2.4.1
Compare Source
What's Changed
New Contributors
Full Changelog: v2.4.0...v2.4.1
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.