From 778e731b89eb17cc211f62d5fa37f18f93d6bc0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:41:01 +0100 Subject: [PATCH] Bump the catch-all group in /.github/actions/docker-build-image with 3 updates (#821) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Domenico Sibilio --- .github/actions/docker-build-image/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/docker-build-image/action.yml b/.github/actions/docker-build-image/action.yml index 8e7f7013a..48a629b4b 100644 --- a/.github/actions/docker-build-image/action.yml +++ b/.github/actions/docker-build-image/action.yml @@ -130,7 +130,7 @@ runs: - name: Anchore Scan API Image if: inputs.grype-scan-enabled == 'true' - uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49 # v5.2.1 + uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 id: scan with: fail-build: ${{ inputs.grype-fail-build }} @@ -145,7 +145,7 @@ runs: - name: Upload SARIF Files if: always() && inputs.grype-scan-enabled == 'true' && github.event_name == 'push' - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 continue-on-error: true # do not fail if GHAS is not enabled with: sarif_file: ${{ steps.scan.outputs.sarif }} @@ -153,7 +153,7 @@ runs: - name: Extract metadata for Docker if: env.PUSH_IMAGE == 'true' id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ env.IMAGE_NAME }} labels: |