-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(gha)(deps): bump the github-actions group across 1 directory with 9 updates #225
Merged
jmuelbert
merged 1 commit into
main
from
dependabot/github_actions/github-actions-817744dbcd
Dec 10, 2024
Merged
fix(gha)(deps): bump the github-actions group across 1 directory with 9 updates #225
jmuelbert
merged 1 commit into
main
from
dependabot/github_actions/github-actions-817744dbcd
Dec 10, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… 9 updates Bumps the github-actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.2.0` | `5.3.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.26.10` | `3.27.5` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.5.0` | | [codelytv/pr-size-labeler](https://github.com/codelytv/pr-size-labeler) | `1.10.1` | `1.10.2` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `8.0.0` | `8.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.0` | `4.4.3` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` | | [fsfe/reuse-action](https://github.com/fsfe/reuse-action) | `4.0.0` | `5.0.0` | Updates `actions/checkout` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...11bd719) Updates `actions/setup-python` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@f677139...0b93645) Updates `github/codeql-action` from 3.26.10 to 3.27.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e2b3eaf...f09c1c0) Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@5a2ce3f...3b139cf) Updates `codelytv/pr-size-labeler` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/codelytv/pr-size-labeler/releases) - [Commits](CodelyTV/pr-size-labeler@c7a55a0...1c34223) Updates `oxsecurity/megalinter` from 8.0.0 to 8.3.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@c217fe8...1fc052d) Updates `actions/upload-artifact` from 4.4.0 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5076954...b4b15b8) Updates `actions/cache` from 4.0.2 to 4.1.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...6849a64) Updates `fsfe/reuse-action` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/fsfe/reuse-action/releases) - [Commits](fsfe/reuse-action@3ae3c6b...bb774aa) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codelytv/pr-size-labeler dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: fsfe/reuse-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
labels
Dec 1, 2024
Merging to
|
Dependency ReviewThe following issues were found:
License Issues.github/workflows/reuse-check.yml
OpenSSF ScorecardScorecard details
Scanned Files
|
Here are some friendly prose warnings from
|
jmuelbert
approved these changes
Dec 10, 2024
jmuelbert
deleted the
dependabot/github_actions/github-actions-817744dbcd
branch
December 10, 2024 13:19
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the github-actions group with 9 updates in the / directory:
4.2.0
4.2.2
5.2.0
5.3.0
3.26.10
3.27.5
4.3.4
4.5.0
1.10.1
1.10.2
8.0.0
8.3.0
4.4.0
4.4.3
4.0.2
4.1.2
4.0.0
5.0.0
Updates
actions/checkout
from 4.2.0 to 4.2.2Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
11bd719
Prepare 4.2.2 Release (#1953)e3d2460
Expand unit test coverage (#1946)163217d
url-helper.ts
now leverages well-known environment variables. (#1941)eef6144
Prepare 4.2.1 release (#1925)6b42224
Add workflow file for publishing releases to immutable action package (#1919)de5a000
Check out other refs/* by commit if provided, fall back to ref (#1924)Updates
actions/setup-python
from 5.2.0 to 5.3.0Release notes
Sourced from actions/setup-python's releases.
Commits
0b93645
Enhance workflows: Add macOS 13 support, upgrade publish-action, and update d...9c76e71
Bump pillow from 7.2 to 10.2.0 in /tests/data (#956)f4c5a11
ReviseisGhes
logic (#963)19dfb7b
Bump default versions to latest (#905)e9675cc
Merge pull request #943 from actions/Jcambass-patch-13226af6
Upgrade IA publish70dcb22
Merge pull request #941 from actions/Jcambass-patch-165b48c7
Create publish-immutable-actions.yml29a37be
initial commit (#938)Updates
github/codeql-action
from 3.26.10 to 3.27.5Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
f09c1c0
Merge pull request #2616 from github/update-v3.27.5-a6c8729a567b73ea
Update changelog for v3.27.5a6c8729
Merge pull request #2614 from github/marcogario/per-platform-proxy8f3b487
Start-proxy: Fetch OS specific binarycba5fb5
Merge pull request #2613 from github/dependabot/npm_and_yarn/npm_and_yarn-018...e782c3a
Merge pull request #2612 from github/angelapwen/report-linux-runner-releasedb67881
Update checked-in dependenciesecde4d2
Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn groupe3c67a0
Merge pull request #2610 from github/dependabot/npm_and_yarn/npm-d2ca52e617f9ada54
Telemetry: report OS release for GitHub-hosted Linux runnersUpdates
actions/dependency-review-action
from 4.3.4 to 4.5.0Release notes
Sourced from actions/dependency-review-action's releases.
Commits
3b139cf
Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-released6807b6
updating generated codec89b41f
addressing lint issueseee97d8
incrementing project version9d10182
Merge pull request #827 from ebickle/fix/comment-warn-only9192be9
Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-215382fc8e23
Using cross-spawn safe versionfb86db2
fix: resolve race conditions in async core.group calls0a198ab
fix: replace integer failureCount with booleanfc499fc
Merge branch 'main' into fix/comment-warn-onlyUpdates
codelytv/pr-size-labeler
from 1.10.1 to 1.10.2Release notes
Sourced from codelytv/pr-size-labeler's releases.
Commits
1c34223
make github_token to optional (#87)2f1c419
fix: Comment on PR only if the XL label is new (#83)Updates
oxsecurity/megalinter
from 8.0.0 to 8.3.0Release notes
Sourced from oxsecurity/megalinter's releases.
... (truncated)
Changelog
Sourced from oxsecurity/megalinter's changelog.
... (truncated)
Commits
1fc052d
Release MegaLinter v8.3.0e8a20cd
[automation] Auto-update linters version, help and documentation (#4304)9824f37
Fix Docker mirroring job for release context (#4303)9cb4ec7
[automation] Auto-update linters version, help and documentation (#4299)010c8bd
chore(deps): update dependency sfdx-hardis to v5.7.1 (#4302)1a219e1
chore(deps): update trufflesecurity/trufflehog docker tag to v3.84.1 (#4301)09ab582
Env variable replacement for PRE_COMMIT + command in log (#4298)e33c1c7
retry in case of BLOB_UNKNOWN while downloading vulnerability list (#4300)7f790c0
[automation] Auto-update linters version, help and documentation (#4297)797a3d1
[automation] Auto-update linters version, help and documentation (#4296)Updates
actions/upload-artifact
from 4.4.0 to 4.4.3Release notes
Sourced from actions/upload-artifact's releases.
Commits
b4b15b8
Merge pull request #632 from actions/joshmgross/undo-dependency-changes92b01eb
Undo indirect dependency updates from #6278448086
Merge pull request #627 from actions/robherley/v4.4.2b1d4642
add explicit relative and absolute symlinks to workflowd50e660
bump versionaabe6f8
build with@actions/artifact
v2.1.11604373d
Merge pull request #625 from actions/robherley/artifact-2.1.100150148
paste right core versiona009b25
update licenses9f6f6f4
update@actions/core
and@actions/artifact
to latest versionsUpdates
actions/cache
from 4.0.2 to 4.1.2Release notes
Sourced from actions/cache's releases.
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
6849a64
Release 4.1.2 #14775a1720c
Merge branch 'Link-/prep-4.1.2' of https://github.com/actions/cache into Link...d9fef48
Merge branch 'main' into Link-/prep-4.1.2a50e8d0
Merge branch 'main' into Link-/prep-4.1.2acc9ae5
Merge pull request #1481 from actions/dependabot/github_actions/actions/setup...1ea5f18
Merge branch 'main' into Link-/prep-4.1.2cc679ff
Merge branch 'main' into dependabot/github_actions/actions/setup-node-4366d43d
Merge pull request #1483 from actions/dependabot/github_actions/github/codeql...02bf319
Bump github/codeql-action from 2 to 36f6220b
Merge branch 'main' into dependabot/github_actions/actions/setup-node-4Updates
fsfe/reuse-action
from 4.0.0 to 5.0.0Commits
bb774aa
Merge pull request #35 from carmenbianca/bump-v5b8e23e7
Bump to v537c9187
Merge pull request #33 from AndyScherzinger/chore/noid/toml-v4-doc-updatesb2cec8e
docs: Update examples to use v4 and remove dep5 definitionf15b48b
Merge pull request #34 from bernhardreiter/patch-1618b8e9
Update README.md for new major version of action@v3
->@v4
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remov...Description has been truncated