From 36d203ed4c30c230bdff6c171c7470c6d678009b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 07:57:24 +0000 Subject: [PATCH] Bump the catch-all group Bumps the catch-all group in /.github/actions/docker-build-image with 3 updates: [anchore/scan-action](https://github.com/anchore/scan-action), [github/codeql-action](https://github.com/github/codeql-action) and [docker/metadata-action](https://github.com/docker/metadata-action). Updates `anchore/scan-action` from 5.2.1 to 5.3.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/f2ba85e044c8f5e5014c9a539328a9c78d3bfa49...869c549e657a088dc0441b08ce4fc0ecdac2bb65) Updates `github/codeql-action` from 3.27.4 to 3.27.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/8e5442c4ef9f78752691e2d8f8d19755c6f78e81...369eb591f429131d6889c46b94e711f089e6ca96) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: catch-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: catch-all - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: catch-all ... Signed-off-by: dependabot[bot] --- .github/actions/docker-build-image/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/docker-build-image/action.yml b/.github/actions/docker-build-image/action.yml index 8e7f7013a..48a629b4b 100644 --- a/.github/actions/docker-build-image/action.yml +++ b/.github/actions/docker-build-image/action.yml @@ -130,7 +130,7 @@ runs: - name: Anchore Scan API Image if: inputs.grype-scan-enabled == 'true' - uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49 # v5.2.1 + uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 id: scan with: fail-build: ${{ inputs.grype-fail-build }} @@ -145,7 +145,7 @@ runs: - name: Upload SARIF Files if: always() && inputs.grype-scan-enabled == 'true' && github.event_name == 'push' - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 continue-on-error: true # do not fail if GHAS is not enabled with: sarif_file: ${{ steps.scan.outputs.sarif }} @@ -153,7 +153,7 @@ runs: - name: Extract metadata for Docker if: env.PUSH_IMAGE == 'true' id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ env.IMAGE_NAME }} labels: |