Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3606

Merged
merged 1 commit into from
May 2, 2024
Merged

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3606

merged 1 commit into from
May 2, 2024

Conversation

hashicorp-tsccr[bot]
Copy link
Contributor

Bumping GitHub Actions version to latest TSCCR release.

  • changes in .github/workflows/cdktf-provider-docs-rollout.yml
    • bump slackapi/slack-github-action from v1.25.0 to v1.26.0 (release notes)
  • changes in .github/workflows/docker.yml
    • bump docker/setup-buildx-action from v3.2.0 to v3.3.0 (release notes)
  • changes in .github/workflows/integration.yml
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
  • changes in .github/workflows/provider-integration.yml
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
  • changes in .github/workflows/release.yml
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump slackapi/slack-github-action from v1.25.0 to v1.26.0 (release notes)
  • changes in .github/workflows/release_next.yml
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump slackapi/slack-github-action from v1.25.0 to v1.26.0 (release notes)
  • changes in .github/workflows/yarn-upgrade.yml
    • bump actions/upload-artifact from v4.3.1 to v4.3.2 (release notes)
    • bump actions/download-artifact from v4.1.4 to v4.1.5 (release notes)
    • bump peter-evans/create-pull-request from v6.0.2 to v6.0.4 (release notes)
    • bump peter-evans/create-pull-request from v6.0.2 to v6.0.4 (release notes)
    • bump peter-evans/create-pull-request from v6.0.2 to v6.0.4 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/8874027391

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

Please reach out to #team-prodsec if you have any questions.

@hashicorp-tsccr hashicorp-tsccr bot added the dependencies Auto-pinning label Apr 29, 2024
@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner April 29, 2024 06:07
@hashicorp-tsccr hashicorp-tsccr bot added the security Auto-pinning label Apr 29, 2024
@hashicorp-tsccr hashicorp-tsccr bot requested review from mutahhir and DanielMSchmidt and removed request for a team April 29, 2024 06:07
@ansgarm ansgarm force-pushed the tsccr-auto-pinning/trusted/2024-04-29 branch from f3c77a3 to da18a2c Compare April 29, 2024 07:26
@ansgarm ansgarm force-pushed the tsccr-auto-pinning/trusted/2024-04-29 branch from da18a2c to b791a19 Compare April 29, 2024 07:38
@xiehan xiehan merged commit 4c5c608 into main May 2, 2024
430 checks passed
@xiehan xiehan deleted the tsccr-auto-pinning/trusted/2024-04-29 branch May 2, 2024 13:19
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 2, 2024

I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ansgarm ansgarm ansgarm approved these changes

@mutahhir mutahhir Awaiting requested review from mutahhir mutahhir is a code owner automatically assigned from hashicorp/cdktf

@DanielMSchmidt DanielMSchmidt Awaiting requested review from DanielMSchmidt DanielMSchmidt is a code owner automatically assigned from hashicorp/cdktf

Assignees
No one assigned
Labels
dependencies Auto-pinning security Auto-pinning
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ansgarm @xiehan