chore(deps): bump the gha group across 1 directory with 6 updates #428

dependabot · 2024-07-15T07:02:28Z

Bumps the gha group with 6 updates in the / directory:

Package	From	To
actions/setup-go	`4`	`5`
docker/build-push-action	`5`	`6`
aquasecurity/trivy-action	`0.16.0`	`0.24.0`
actions/cache	`3`	`4`
docker/login-action	`2`	`3`
goreleaser/goreleaser-action	`5`	`6`

Updates actions/setup-go from 4 to 5

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

Fix hosted tool cache usage on windows by @galargh in actions/setup-go#411

Improve documentation regarding dependencies caching by @artemgavrilov in actions/setup-go#417

New Contributors

@galargh made their first contribution in actions/setup-go#411

@artemgavrilov made their first contribution in actions/setup-go#417

@chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: actions/setup-go@v4...v5.0.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

Remove implicit dependencies by @nikolai-laevskii in actions/setup-go#378

Update action.yml by @mkelly in actions/setup-go#379

Added a description that go-version should be specified as a string type by @n3xem in actions/setup-go#367

Add note about YAML parsing versions by @dmitry-shibanov in actions/setup-go#382

Automatic update of configuration files from 05/23/2023 by @github-actions in actions/setup-go#377

Bump tough-cookie and @azure/ms-rest-js by @dependabot in actions/setup-go#392

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-go#397

Bump semver from 6.3.0 to 6.3.1 by @dependabot in actions/setup-go#396

New Contributors

@mkelly made their first contribution in actions/setup-go#379

@n3xem made their first contribution in actions/setup-go#367

Full Changelog: actions/setup-go@v4...v4.1.0

v4.0.1

What's Changed

Update documentation for v4 by @dsame in actions/setup-go#354

Fix glob bug in the package.json scripts section by @IvanZosimov in actions/setup-go#359

Bump xml2js dependency by @dmitry-shibanov in actions/setup-go#370

Bump @actions/cache dependency to v3.2.1 by @nikolai-laevskii in actions/setup-go#374

New Contributors

@nikolai-laevskii made their first contribution in actions/setup-go#374

Full Changelog: actions/setup-go@v4...v4.0.1

Commits

0a12ed9 Bump braces from 3.0.2 to 3.0.3 (#487)
4ab57d7 Fix versions check failure (#479)
cdcb360 Remove the description of the old go.mod specification (#458)
99176a8 Update README.md with V5 release notes (#459)
be1aa11 Bump undici from 5.28.2 to 5.28.3 (#465)
6c1fd22 docs: bump actions/setup-go to v5 (#449)
0c52d54 Update dependencies for node20 (#445)
bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
3d65fa5 feat: bump to use actions/checkout@v4
8a505c9 feat: bump to use node20 runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 5 to 6

Release notes

Sourced from docker/build-push-action's releases.

v6.0.0

Export build record and generate build summary by @crazy-max in docker/build-push-action#1120

Bump @docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138

Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_NO_SUMMARY: true environment variable in your workflow.

Full Changelog: docker/build-push-action@v5.4.0...v6.0.0

v5.4.0

Show builder information before building by @crazy-max in docker/build-push-action#1128

Handle attestations correctly with provenance and sbom inputs by @crazy-max in docker/build-push-action#1086

Bump @docker/actions-toolkit from 0.19.0 to 0.24.0 in docker/build-push-action#1088 docker/build-push-action#1105 docker/build-push-action#1121 docker/build-push-action#1127

Bump undici from 5.28.3 to 5.28.4 in docker/build-push-action#1090

Full Changelog: docker/build-push-action@v5.3.0...v5.4.0

v5.3.0

Bump @docker/actions-toolkit from 0.18.0 to 0.19.0 in docker/build-push-action#1080

Full Changelog: docker/build-push-action@v5.2.0...v5.3.0

v5.2.0

Disable quotes detection for outputs input by @crazy-max in docker/build-push-action#1074

Warn about ignored inputs by @favonia in docker/build-push-action#1019

Bump @docker/actions-toolkit from 0.14.0 to 0.18.0 in docker/build-push-action#1070

Bump undici from 5.26.3 to 5.28.3 in docker/build-push-action#1057

Full Changelog: docker/build-push-action@v5.1.0...v5.2.0

v5.1.0

Add annotations input by @crazy-max in docker/build-push-action#992

Add secret-envs input by @elias-lundgren in docker/build-push-action#980

Bump @babel/traverse from 7.17.3 to 7.23.2 in docker/build-push-action#991

Bump @docker/actions-toolkit from 0.13.0-rc.1 to 0.14.0 in docker/build-push-action#990 docker/build-push-action#1006

Full Changelog: docker/build-push-action@v5.0.0...v5.1.0

Commits

1a16264 Merge pull request #1172 from crazy-max/build-export-disable
9eea548 chore: update generated content
11c2faa rename DOCKER_BUILD_EXPORT_RETENTION_DAYS to DOCKER_BUILD_RECORD_RETENTION_DAYS
de2365a opt to disable build record upload
bca5082 Merge pull request #1173 from crazy-max/build-summary-env-change
e7aab40 chore: update generated content
63eb759 switch DOCKER_BUILD_SUMMARY_DISABLE to DOCKER_BUILD_SUMMARY
53ec486 Merge pull request #1171 from docker/dependabot/npm_and_yarn/docker/actions-t...
fe9d9f1 chore: update generated content
ad37ba1 chore(deps): Bump @docker/actions-toolkit from 0.30.0 to 0.31.0
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.16.0 to 0.24.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.24.0

What's Changed

Upgrade trivy to v0.53.0 by @Dr-DevOps in aquasecurity/trivy-action#369

Full Changelog: aquasecurity/trivy-action@0.23.0...0.24.0

v0.23.0

What's Changed

Upgrade trivy to v0.52.2 by @Dr-DevOps in aquasecurity/trivy-action#367

Full Changelog: aquasecurity/trivy-action@0.22.0...0.23.0

v0.22.0

What's Changed

chore(docs): Reference the use of a pinned version by @simar7 in aquasecurity/trivy-action#356

Upgrade trivy to v0.52.0 by @Keralin in aquasecurity/trivy-action#364

New Contributors

@Keralin made their first contribution in aquasecurity/trivy-action#364

Full Changelog: aquasecurity/trivy-action@0.21.0...0.22.0

v0.21.0

What's Changed

bump trivy version to v0.51.2 by @Dr-DevOps in aquasecurity/trivy-action#360

New Contributors

@Dr-DevOps made their first contribution in aquasecurity/trivy-action#360

Full Changelog: aquasecurity/trivy-action@0.20.0...0.21.0

v0.20.0

What's Changed

Make 'hide-progress' input working again by @uridium in aquasecurity/trivy-action#323

feat(image): add --docker-host option for GH Action users by @calinmarina in aquasecurity/trivy-action#267

Browse Trivy reports without GitHub Advanced Security license by @uridium in aquasecurity/trivy-action#328

Fix docker host bug by @admiralAwkbar in aquasecurity/trivy-action#329

Bump trivy version to v0.50.2 by @pdefreitas in aquasecurity/trivy-action#341

update tests by @nikpivkin in aquasecurity/trivy-action#334

bump trivy version to v0.51.1 by @simar7 in aquasecurity/trivy-action#353

New Contributors

@uridium made their first contribution in aquasecurity/trivy-action#323

@calinmarina made their first contribution in aquasecurity/trivy-action#267

@admiralAwkbar made their first contribution in aquasecurity/trivy-action#329

@pdefreitas made their first contribution in aquasecurity/trivy-action#341

Full Changelog: aquasecurity/trivy-action@0.19.0...0.20.0

... (truncated)

Commits

6e7b7d1 Upgrade trivy to v0.53.0 (#369)
7c2007b Upgrade trivy to v0.52.2 (#367)
595be6a Upgrade trivy to v0.52.0 (#364)
841fb37 chore(docs): Reference the use of a pinned version (#356)
fd25fed bump trivy version to v0.51.2 (#360)
b2933f5 bump trivy version to v0.51.1 (#353)
b2cd5ff Update bump-trivy.yaml
6f8c237 update tests (#334)
7088d18 Revert "fix: 🐛 allow trivy-config and other options to be used together (#338)"
ee6a4f5 fix: 🐛 allow trivy-config and other options to be used together (#338)
Additional commits viewable in compare view

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

Update action to node20 by @takost in actions/cache#1284

feat: save-always flag by @to-s in actions/cache#1242

New Contributors

@takost made their first contribution in actions/cache#1284

@to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

Cache v3.3.3 by @robherley in actions/cache#1302

New Contributors

@robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

Fixed readme with new segment timeout values by @kotewar in actions/cache#1133

Readme fixes by @kotewar in actions/cache#1134

Updated description of the lookup-only input for main action by @kotewar in actions/cache#1130

Change two new actions mention as quoted text by @bishal-pdMSFT in actions/cache#1131

Update Cross-OS Caching tips by @pdotl in actions/cache#1122

Bazel example (Take #2️⃣) by @vorburger in actions/cache#1132

Remove actions to add new PRs and issues to a project board by @jorendorff in actions/cache#1187

Consume latest toolkit and fix dangling promise bug by @chkimes in actions/cache#1217

Bump action version to 3.3.2 by @bethanyj28 in actions/cache#1236

New Contributors

@vorburger made their first contribution in actions/cache#1132

@jorendorff made their first contribution in actions/cache#1187

@chkimes made their first contribution in actions/cache#1217

@bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

Reduced download segment size to 128 MB and timeout to 10 minutes by @kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

Bug: Permission is missing in cache delete example by @kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

4.0.0

Updated minimum runner version support from node 12 -> node 20

3.3.3

Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378

Additional audit fixes of npm package(s)

3.3.2

Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

Added option to lookup cache without downloading it.

3.2.6

Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

Added option to fail job on cache miss.

3.2.3

Support cross os caching on Windows as an opt-in feature.

Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

... (truncated)

Commits

0c45773 Merge pull request #1327 from cdce8p/fix-fail-on-cache-miss
8a55f83 Add test case for process exit
3884cac Bump version
e29dad3 Fix fail-on-cache-miss not working
ab5e6d0 Merge pull request #1341 from bethanyj28/main
89c7d86 licensed cache
d2c84da update @actions/cache
37e7d4e Merge pull request #1340 from actions/bethanyj28/update-publish-flow
a18323f add release action
a2ed59d Merge pull request #1305 from actions/yacaovsnc/update_examples
Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/login-action#593

Bump @actions/core from 1.10.0 to 1.10.1 in docker/login-action#598

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599

Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556

Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Switch to actions-toolkit implementation by @crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363

Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354

Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378

Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509

Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

Ensure AWS temp credentials are redacted in workflow logs by @crazy-max (#275)

Bump @actions/core from 1.6.0 to 1.10.0 (#252 #292)

Bump @aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)

Bump @aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits

0d4c9c5 Merge pull request #722 from crazy-max/update-readme
b29e14f add contributing section to README
218a70c Merge pull request #721 from docker/dependabot/npm_and_yarn/docker/actions-to...
b820080 build(deps): bump @docker/actions-toolkit from 0.23.0 to 0.24.0
27530a9 Merge pull request #720 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
d072a60 chore: update generated content
7c627b5 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
787cfc6 Merge pull request #694 from docker/dependabot/npm_and_yarn/undici-5.28.4
8e66e91 chore: update generated content
5ba5e97 build(deps): bump undici from 5.28.3 to 5.28.4
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 5 to 6

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.0.0

[!WARNING] This is a breaking change!

Follow the instructions here to upgrade!

What's Changed

feat!: use "~> v2" as default by @caarlos0 in goreleaser/goreleaser-action#463

Full Changelog: goreleaser/goreleaser-action@v5...v6.0.0

v5.1.0

Important

This version changes the default behavior of latest to ~> v1.

The next major of this action (v6), will change this to ~> v2, and will be launched together with GoReleaser v2.

What's Changed

docs: bump actions to latest major by @crazy-max in goreleaser/goreleaser-action#435

chore(deps): bump docker/bake-action from 3 to 4 by @dependabot in goreleaser/goreleaser-action#436

chore(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in goreleaser/goreleaser-action#437

chore(deps): bump actions/setup-go from 4 to 5 by @dependabot in goreleaser/goreleaser-action#443

chore(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in goreleaser/goreleaser-action#444

Delete .kodiak.toml by @vedantmgoyal9 in goreleaser/goreleaser-action#446

chore(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in goreleaser/goreleaser-action#448

chore(deps): bump ip from 2.0.0 to 2.0.1 by @dependabot in goreleaser/goreleaser-action#450

Upgrade setup-go action version in README by @kishaningithub in goreleaser/goreleaser-action#455

chore(deps): bump tar from 6.1.14 to 6.2.1 by @dependabot in goreleaser/goreleaser-action#456

chore: use corepack to install yarn by @crazy-max in goreleaser/goreleaser-action#458

feat: lock this major version of the action to use '~> v1' as 'latest' by @caarlos0 in goreleaser/goreleaser-action#461

chore(deps): bump semver from 7.6.0 to 7.6.2 by @dependabot in goreleaser/goreleaser-action#462

chore(deps): bump @actions/http-client from 2.2.0 to 2.2.1 by @dependabot in goreleaser/goreleaser-action#451

New Contributors

@vedantmgoyal9 made their first contribution in goreleaser/goreleaser-action#446

Full Changelog: goreleaser/goreleaser-action@v5.0.0...v5.1.0

Commits

286f3b1 ci: fix tests
beac410 ci: update workflow and .goreleaser.yml
18bbabc feat!: use "~> v2" as default (#463)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gha group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `4` | `5` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `6` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.16.0` | `0.24.0` | | [actions/cache](https://github.com/actions/cache) | `3` | `4` | | [docker/login-action](https://github.com/docker/login-action) | `2` | `3` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5` | `6` | Updates `actions/setup-go` from 4 to 5 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) Updates `docker/build-push-action` from 5 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v5...v6) Updates `aquasecurity/trivy-action` from 0.16.0 to 0.24.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.16.0...0.24.0) Updates `actions/cache` from 3 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) Updates `goreleaser/goreleaser-action` from 5 to 6 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from a team as a code owner July 15, 2024 07:02

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 15, 2024

dependabot bot mentioned this pull request Jul 15, 2024

chore(deps): bump the gha group across 1 directory with 6 updates #421

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gha group across 1 directory with 6 updates #428

chore(deps): bump the gha group across 1 directory with 6 updates #428

dependabot bot commented on behalf of github Jul 15, 2024 •

edited

Loading

chore(deps): bump the gha group across 1 directory with 6 updates #428

Are you sure you want to change the base?

chore(deps): bump the gha group across 1 directory with 6 updates #428

Conversation

dependabot bot commented on behalf of github Jul 15, 2024 • edited Loading

v5.0.0

What's Changed

New Contributors

v4.1.0

What's Changed

New Contributors

v4.0.1

What's Changed

New Contributors

v6.0.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v0.24.0

What's Changed

v0.23.0

What's Changed

v0.22.0

What's Changed

New Contributors

v0.21.0

What's Changed

New Contributors

v0.20.0

What's Changed

New Contributors

v4.0.0

What's Changed

New Contributors

v3.3.3

What's Changed

New Contributors

v3.3.2

What's Changed

New Contributors

v3.3.1

What's Changed

v3.3.0

What's Changed

Releases

4.0.2

4.0.1

4.0.0

3.3.3

3.3.2

3.3.1

3.3.0

3.2.6

3.2.5

3.2.4

3.2.3

3.2.2

v3.0.0

v2.2.0

v2.1.0

v6.0.0

What's Changed

v5.1.0

Important

What's Changed

New Contributors

dependabot bot commented on behalf of github Jul 15, 2024 •

edited

Loading