Bump the dependencies group across 1 directory with 11 updates #158

dependabot · 2024-10-14T05:13:31Z

Bumps the dependencies group with 11 updates in the / directory:

Package	From	To
actions/checkout	`4.1.5`	`4.2.1`
actions/setup-python	`5.1.0`	`5.2.0`
docker/setup-qemu-action	`3.0.0`	`3.2.0`
docker/setup-buildx-action	`3.3.0`	`3.7.1`
sigstore/cosign-installer	`3.5.0`	`3.7.0`
docker/login-action	`3.1.0`	`3.3.0`
docker/build-push-action	`5.3.0`	`6.9.0`
actions/upload-artifact	`4.3.3`	`4.4.3`
codecov/codecov-action	`4.3.1`	`4.6.0`
ossf/scorecard-action	`2.3.1`	`2.4.0`
github/codeql-action	`3.25.3`	`3.26.12`

Updates actions/checkout from 4.1.5 to 4.2.1

Release notes

Sourced from actions/checkout's releases.

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

... (truncated)

Commits

eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
2d7d9f7 Provide explanation for where user email came from (#1869)
9a9194f Bump docker/build-push-action from 5.3.0 to 6.5.0 (#1832)
dd960bd Bump docker/login-action in the minor-actions-dependencies group (#1831)
Additional commits viewable in compare view

Updates actions/setup-python from 5.1.0 to 5.2.0

Release notes

Sourced from actions/setup-python's releases.

v5.2.0

What's Changed

Bug fixes:

Add .zip extension to Windows package downloads for Expand-Archive Compatibility by @priyagupta108 in actions/setup-python#916 This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly.

Add arch to cache key by @Zxilly in actions/setup-python#896 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Documentation changes:

Fix display of emojis in contributors doc by @sciencewhiz in actions/setup-python#899

Documentation update for caching poetry dependencies by @gowridurgad in actions/setup-python#908

Dependency updates:

Bump @iarna/toml version from 2.2.5 to 3.0.0 by @priya-kinthali in actions/setup-python#912

Bump pyinstaller from 3.6 to 5.13.1 by @aparnajyothi-y in actions/setup-python#923

New Contributors

@sciencewhiz made their first contribution in actions/setup-python#899

@priyagupta108 made their first contribution in actions/setup-python#916

@Zxilly made their first contribution in actions/setup-python#896

@aparnajyothi-y made their first contribution in actions/setup-python#923

Full Changelog: actions/setup-python@v5...v5.2.0

v5.1.1

What's Changed

Bug fixes:

fix(ci): update all failing workflows by @mayeut in actions/setup-python#863 This update ensures compatibility and optimal performance of workflows on the latest macOS version.

Documentation changes:

Documentation update for cache by @gowridurgad in actions/setup-python#873

Dependency updates:

Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @dependabot in actions/setup-python#893

New Contributors

@gowridurgad made their first contribution in actions/setup-python#873

Full Changelog: actions/setup-python@v5...v5.1.1

Commits

f677139 Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)
2bd53f9 Documentation update for caching poetry dependencies (#908)
80b49d3 fix: add arch to cache key (#896)
036a523 Fix: Add .zip extension to Windows package downloads for Expand-Archive C...
04c1311 Fix display of emojis in contributors doc (#899)
cb68456 Updated @iarna/toml version to 3.0.0 (#912)
39cd149 Documentation update for cache (#873)
a0d74c0 fix(ci): update all failing workflows (#863)
4eb7dbc Bump braces from 3.0.2 to 3.0.3 (#893)
See full diff in compare view

Updates docker/setup-qemu-action from 3.0.0 to 3.2.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

Set docker.io domain for default binfmt image by @crazy-max in docker/setup-qemu-action#151

Throw error message instead of exit code by @crazy-max in docker/setup-qemu-action#129

Bump @docker/actions-toolkit from 0.12.0 to 0.31.0 in docker/setup-qemu-action#115 docker/setup-qemu-action#128 docker/setup-qemu-action#131 docker/setup-qemu-action#134 docker/setup-qemu-action#149

Bump @babel/traverse from 7.20.13 to 7.23.2 in docker/setup-qemu-action#109

Bump braces from 3.0.2 to 3.0.3 in docker/setup-qemu-action#142

Bump undici from 5.28.2 to 5.28.4 in docker/setup-qemu-action#118 docker/setup-qemu-action#127

Full Changelog: docker/setup-qemu-action@v3.0.0...v3.1.0

Commits

49b3bc8 Merge pull request #155 from docker/dependabot/npm_and_yarn/docker/actions-to...
9dec05b chore: update generated content
73387bc build(deps): bump @docker/actions-toolkit from 0.34.0 to 0.35.0
fcfabe0 Merge pull request #154 from docker/dependabot/npm_and_yarn/docker/actions-to...
948a838 chore: update generated content
31629f6 switch to Docker exec
6ae1d4d build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0
5927c83 Merge pull request #149 from docker/dependabot/npm_and_yarn/docker/actions-to...
32ea29b chore: update generated content
92ac892 build(deps): bump @docker/actions-toolkit from 0.23.0 to 0.31.0
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.3.0 to 3.7.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

v3.6.1

Check for malformed docker context by @crazy-max in docker/setup-buildx-action#347

Full Changelog: docker/setup-buildx-action@v3.6.0...v3.6.1

v3.6.0

Create temp docker context if default one has TLS data loaded before creating a container builder by @crazy-max in docker/setup-buildx-action#341

Full Changelog: docker/setup-buildx-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-buildx-action#340 docker/setup-buildx-action#344 docker/setup-buildx-action#345

Full Changelog: docker/setup-buildx-action@v3.4.0...v3.5.0

v3.4.0

Throw error message instead of exit code by @crazy-max in docker/setup-buildx-action#315

Bump @docker/actions-toolkit from 0.20.0 to 0.31.0 in docker/setup-buildx-action#321 docker/setup-buildx-action#338

Bump braces from 3.0.2 to 3.0.3 in docker/setup-buildx-action#329

Bump undici from 5.28.3 to 5.28.4 in docker/setup-buildx-action#312

Bump uuid from 9.0.1 to 10.0.0 in docker/setup-buildx-action#326

Full Changelog: docker/setup-buildx-action@v3.3.0...v3.4.0

Commits

c47758b Merge pull request #369 from crazy-max/revert-crypto
8fea382 chore: update generated content
2874e98 switch back to uuid package
8026d2b Merge pull request #362 from docker/dependabot/npm_and_yarn/docker/actions-to...
e51aab5 chore: update generated content
fd7390e build(deps): bump @docker/actions-toolkit from 0.35.0 to 0.39.0
910a304 Merge pull request #366 from crazy-max/remove-uuid
3623ee4 chore: update generated content
e0e5ecf remove uuid package and switch to crypto
5334dd0 Merge pull request #363 from crazy-max/set-buildkitd-flags-optin
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.5.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

v3.6.0

What's Changed

Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in sigstore/cosign-installer#161

Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in sigstore/cosign-installer#162

Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in sigstore/cosign-installer#163

Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in sigstore/cosign-installer#164

Bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in sigstore/cosign-installer#165

Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in sigstore/cosign-installer#166

Bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in sigstore/cosign-installer#167

pin public key used for verification by @bobcallaway in sigstore/cosign-installer#169

bump default version to v2.4.0 release by @bobcallaway in sigstore/cosign-installer#168

update readme for new release by @bobcallaway in sigstore/cosign-installer#170

Full Changelog: sigstore/cosign-installer@v3...v3.6.0

Commits

dc72c7d bump for latest cosign v2.4.1 release (#173)
08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
4959ce0 update readme for new release (#170)
45ffe83 bump default version to v2.4.0 release (#168)
7e1d9c1 pin public key used for verification (#169)
cc23fe1 Bump actions/setup-go from 5.0.1 to 5.0.2 (#167)
b235ed9 Bump actions/checkout from 4.1.6 to 4.1.7 (#166)
b49ef6b Bump actions/checkout from 4.1.5 to 4.1.6 (#165)
7a59e5a Bump actions/checkout from 4.1.4 to 4.1.5 (#164)
8d927bd Bump actions/setup-go from 5.0.0 to 5.0.1 (#163)
Additional commits viewable in compare view

Updates docker/login-action from 3.1.0 to 3.3.0

Release notes

Sourced from docker/login-action's releases.

v3.3.0

Bump @docker/actions-toolkit from 0.24.0 to 0.35.0 in docker/login-action#754

Bump https-proxy-agent from 7.0.4 to 7.0.5 in docker/login-action#741

Bump braces from 3.0.2 to 3.0.3 in docker/login-action#730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

v3.2.0

Improve missing username/password by @Frankkkkk in docker/login-action#706

Bump @docker/actions-toolkit from 0.18.0 to 0.24.0 in docker/login-action#715 docker/login-action#721

Bump aws-sdk-dependencies to 3.583.0 in docker/login-action#720

Bump undici from 5.28.3 to 5.28.4 in docker/login-action#694

Full Changelog: docker/login-action@v3.1.0...v3.2.0

Commits

9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2fa130c chore: update generated content
5e87b2a build(deps): bump https-proxy-agent
e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
9af18aa chore: update generated content
668190a switch to Docker exec
be5150d build(deps): bump @docker/actions-toolkit from 0.24.0 to 0.35.0
e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
793c19c build(deps): bump docker/bake-action from 4 to 5
Additional commits viewable in compare view

Updates docker/build-push-action from 5.3.0 to 6.9.0

Release notes

Sourced from docker/build-push-action's releases.

v6.9.0

Bump @docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

Bump @docker/actions-toolkit from 0.37.1 to 0.38.0 in docker/build-push-action#1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

v6.7.0

Print info message for build summary support checks by @crazy-max in docker/build-push-action#1211

Full Changelog: docker/build-push-action@v6.6.1...v6.7.0

v6.6.1

Bump @docker/actions-toolkit from 0.37.0 to 0.37.1 in docker/build-push-action#1205

Full Changelog: docker/build-push-action@v6.6.0...v6.6.1

v6.6.0

Generate GitHub annotations for build checks by @crazy-max in docker/build-push-action#1197

Bump @docker/actions-toolkit from 0.35.0 to 0.37.0 in docker/build-push-action#1196 docker/build-push-action#1198

Full Changelog: docker/build-push-action@v6.5.0...v6.6.0

v6.5.0

Bump @docker/actions-toolkit from 0.33.0 to 0.35.0 in docker/build-push-action#1186 docker/build-push-action#1191

Full Changelog: docker/build-push-action@v6.4.1...v6.5.0

v6.4.1

revert "Set repository and ghtoken attributes for GitHub Actions cache backend" by @crazy-max in docker/build-push-action#1183

Full Changelog: docker/build-push-action@v6.4.0...v6.4.1

v6.4.0

Set repository and ghtoken attributes for GitHub Actions cache backend by @crazy-max in docker/build-push-action#1133

Bump @docker/actions-toolkit from 0.31.0 to 0.33.0 in docker/build-push-action#1179

Full Changelog: docker/build-push-action@v6.3.0...v6.4.0

v6.3.0

DOCKER_BUILD_RECORD_UPLOAD environment variable to enable/disable build record upload by @crazy-max in docker/build-push-action#1172

DOCKER_BUILD_NO_SUMMARY has been deprecated. Set DOCKER_BUILD_SUMMARY to false instead by @crazy-max in docker/build-push-action#1170 docker/build-push-action#1173

Bump @docker/actions-toolkit from 0.28.0 to 0.31.0 in docker/build-push-action#1171 docker/build-push-action#1159 docker/build-push-action#1169

Full Changelog: docker/build-push-action@v6.2.0...v6.3.0

... (truncated)

Commits

4f58ea7 Merge pull request #1234 from docker/dependabot/npm_and_yarn/docker/actions-t...
49b5ea6 chore: update generated content
13c9fdd chore(deps): Bump @docker/actions-toolkit from 0.38.0 to 0.39.0
e44afff Merge pull request #1232 from docker/dependabot/npm_and_yarn/path-to-regexp-6...
67ebad3 chore(deps): Bump path-to-regexp from 6.2.2 to 6.3.0
32945a3 Merge pull request #1230 from docker/dependabot/npm_and_yarn/docker/actions-t...
e0fe9cf chore: update generated content
8f1ff6b chore(deps): Bump @docker/actions-toolkit from 0.37.1 to 0.38.0
5cd11c3 Merge pull request #1211 from crazy-max/summary-info-message
0aba704 chore: update generated content
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.3 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Exclude hidden files by default by @joshmgross in actions/upload-artifact#598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

What's Changed

Revert to @actions/artifact 2.1.8 by @robherley in actions/upload-artifact#594

Full Changelog: actions/upload-artifact@v4...v4.3.6

v4.3.5

What's Changed

Bump @actions/artifact to v2.1.9 by @robherley in actions/upload-artifact#588

... (truncated)

Commits

b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
92b01eb Undo indirect dependency updates from #627
8448086 Merge pull request #627 from actions/robherley/v4.4.2
b1d4642 add explicit relative and absolute symlinks to workflow
d50e660 bump version
aabe6f8 build with @actions/artifact v2.1.11
604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
0150148 paste right core version
a009b25 update licenses
9f6f6f4 update @actions/core and @actions/artifact to latest versions
Additional commits viewable in compare view

Updates codecov/codecov-action from 4.3.1 to 4.6.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.6.0

What's Changed

build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in codecov/codecov-action#1481

build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in codecov/codecov-action#1480

build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 by @dependabot in codecov/codecov-action#1479

build(deps-dev): bump @typescript-eslint/parser from 7.13.0 to 7.13.1 by @dependabot in codecov/codecov-action#1485

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 by @dependabot in codecov/codecov-action#1484

build(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @dependabot in codecov/codecov-action#1490

build(deps-dev): bump @typescript-eslint/parser from 7.13.1 to 7.14.1 by @dependabot in codecov/codecov-action#1493

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.13.1 to 7.14.1 by @dependabot in codecov/codecov-action#1492

build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in codecov/codecov-action#1496

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.14.1 to 7.15.0 by @dependabot in codecov/codecov-action#1501

build(deps-dev): bump typescript from 5.5.2 to 5.5.3 by @dependabot in codecov/codecov-action#1500

build(deps-dev): bump @typescript-eslint/parser from 7.14.1 to 7.15.0 by @dependabot in codecov/codecov-action#1499

build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in codecov/codecov-action#1502

build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in codecov/codecov-action#1504

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.15.0 to 7.16.0 by @dependabot in codecov/codecov-action#1503

build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in codecov/codecov-action#1507

build(deps-dev): bump @typescript-eslint/parser from 7.15.0 to 7.16.0 by @dependabot in codecov/codecov-action#1505

build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in codecov/codecov-action#1509

chore(ci): restrict scorecards to codecov/codecov-action by @thomasrockhu-codecov in codecov/codecov-action#1512

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.16.0 to 7.16.1 by @dependabot in

Bumps the dependencies group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.5` | `4.2.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.0` | `5.2.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.0.0` | `3.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.3.0` | `3.7.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.5.0` | `3.7.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.1.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `6.9.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.3` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.3.1` | `4.6.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.3` | `3.26.12` | Updates `actions/checkout` from 4.1.5 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@44c2b7a...eef6144) Updates `actions/setup-python` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@82c7e63...f677139) Updates `docker/setup-qemu-action` from 3.0.0 to 3.2.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@6882732...49b3bc8) Updates `docker/setup-buildx-action` from 3.3.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@d70bba7...c47758b) Updates `sigstore/cosign-installer` from 3.5.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@59acb62...dc72c7d) Updates `docker/login-action` from 3.1.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@e92390c...9780b0c) Updates `docker/build-push-action` from 5.3.0 to 6.9.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@2cdde99...4f58ea7) Updates `actions/upload-artifact` from 4.3.3 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...b4b15b8) Updates `codecov/codecov-action` from 4.3.1 to 4.6.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@5ecb98a...b9fd7d1) Updates `ossf/scorecard-action` from 2.3.1 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...62b2cac) Updates `github/codeql-action` from 3.25.3 to 3.26.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d39d31e...c36620d) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

sonarcloud · 2024-10-14T05:15:53Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

dependabot · 2024-10-21T04:59:31Z

Superseded by #163.

dependabot bot requested a review from matmair as a code owner October 14, 2024 05:13

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 14, 2024

dependabot bot mentioned this pull request Oct 14, 2024

Bump the dependencies group across 1 directory with 11 updates #155

Closed

dependabot bot closed this Oct 21, 2024

dependabot bot deleted the dependabot/github_actions/dependencies-ecb86ef095 branch October 21, 2024 04:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group across 1 directory with 11 updates #158

Bump the dependencies group across 1 directory with 11 updates #158

dependabot bot commented on behalf of github Oct 14, 2024 •

edited

Loading

sonarcloud bot commented Oct 14, 2024

dependabot bot commented on behalf of github Oct 21, 2024

Bump the dependencies group across 1 directory with 11 updates #158

Bump the dependencies group across 1 directory with 11 updates #158

Conversation

dependabot bot commented on behalf of github Oct 14, 2024 • edited Loading

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

Changelog

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v5.2.0

What's Changed

Bug fixes:

Documentation changes:

Dependency updates:

New Contributors

v5.1.1

What's Changed

Bug fixes:

Documentation changes:

Dependency updates:

New Contributors

v3.2.0

v3.1.0

v3.7.1

v3.7.0

v3.6.1

v3.6.0

v3.5.0

v3.4.0

v3.7.0

What's Changed

v3.6.0

What's Changed

v3.3.0

v3.2.0

v6.9.0

v6.8.0

v6.7.0

v6.6.1

v6.6.0

v6.5.0

v6.4.1

v6.4.0

v6.3.0

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

What's Changed

New Contributors

v4.4.0

Notice: Breaking Changes ⚠️

What's Changed

v4.3.6

What's Changed

v4.3.5

What's Changed

v4.6.0

What's Changed

sonarcloud bot commented Oct 14, 2024

Quality Gate passed

dependabot bot commented on behalf of github Oct 14, 2024 •

edited

Loading