chore: bump the all group across 1 directory with 15 updates #1141

dependabot · 2025-03-31T03:23:17Z

Bumps the all group with 15 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.10.4`	`2.11.0`
github/codeql-action	`3.28.9`	`3.28.13`
actions/setup-node	`4.2.0`	`4.3.0`
actions/cache	`4.2.0`	`4.2.3`
actions/setup-go	`5.3.0`	`5.4.0`
docker/setup-buildx-action	`3.9.0`	`3.10.0`
crazy-max/ghaction-github-runtime	`3.0.0`	`3.1.0`
actions/upload-artifact	`4.6.0`	`4.6.2`
actions/download-artifact	`4.1.8`	`4.2.1`
peter-evans/create-pull-request	`7.0.6`	`7.0.8`
docker/login-action	`3.3.0`	`3.4.0`
aquasecurity/trivy-action	`0.29.0`	`0.30.0`
ossf/scorecard-action	`2.4.0`	`2.4.1`
golangci/golangci-lint-action	`6.3.1`	`7.0.0`
codecov/codecov-action	`5.3.1`	`5.4.0`

Updates step-security/harden-runner from 2.10.4 to 2.11.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.11.0

What's Changed

Release v2.11.0 in #498 Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

Commits

4d991eb Merge pull request #498 from step-security/rc-18
4ea872f Update README.md
65d6f6e Add workflows
1034c9a Update package-lock.json
ab221e2 Update agent
7cb6c2f Update agent
See full diff in compare view

Updates github/codeql-action from 3.28.9 to 3.28.13

Release notes

Sourced from github/codeql-action's releases.

v3.28.13

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.13 - 24 Mar 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.12

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.12 - 19 Mar 2025

Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.

Update default CodeQL bundle version to 2.20.7. #2810

See the full CHANGELOG.md for more information.

v3.28.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

Update default CodeQL bundle version to 2.20.6. #2793

See the full CHANGELOG.md for more information.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.13 - 24 Mar 2025

No user facing changes.

3.28.12 - 19 Mar 2025

Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.

Update default CodeQL bundle version to 2.20.7. #2810

3.28.11 - 07 Mar 2025

Update default CodeQL bundle version to 2.20.6. #2793

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

... (truncated)

Commits

1b549b9 Merge pull request #2819 from github/update-v3.28.13-e0ea14102
82630c8 Update changelog for v3.28.13
e0ea141 Merge pull request #2818 from github/cklin/empty-pr-diff-range
b361a91 Diff-informed analysis: fix empty PR handling
bd1d9ab Merge pull request #2816 from github/cklin/overlay-file-list
b98ae6c Add overlay-database-utils tests
9825184 Add getFileOidsUnderPath() tests
ac67cff Merge pull request #2817 from github/cklin/default-setup-diff-informed
9c674ba build: refresh js files
d109dd5 Detect PR branches for Default Setup
Additional commits viewable in compare view

Updates actions/setup-node from 4.2.0 to 4.3.0

Release notes

Sourced from actions/setup-node's releases.

v4.3.0

What's Changed

Dependency updates

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-node#1200

Upgrade @action/cache from 4.0.0 to 4.0.2 by @gowridurgad in actions/setup-node#1251

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/setup-node#1203

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot in actions/setup-node#1220

New Contributors

@gowridurgad made their first contribution in actions/setup-node#1251

Full Changelog: actions/setup-node@v4...v4.3.0

Commits

cdca736 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#1220)
22c0e74 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1203)
a7c2d94 actions/cache upgrade (#1251)
8026329 Bump @actions/glob from 0.4.0 to 0.5.0 (#1200)
See full diff in compare view

Updates actions/cache from 4.2.0 to 4.2.3

Release notes

Sourced from actions/cache's releases.

v4.2.3

What's Changed

Update to use @actions/cache 4.0.3 package & prepare for new release by @salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

@salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.2 by @robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

docs: GitHub is spelled incorrectly in caching-strategies.md by @janco-absa in actions/cache#1526

docs: Make the "always save prime numbers" example more clear by @Tobbe in actions/cache#1525

Update force deletion docs due a recent deprecation by @sebbalex in actions/cache#1500

Bump @actions/cache to v4.0.1 by @robherley in actions/cache#1554

New Contributors

@janco-absa made their first contribution in actions/cache#1526

@Tobbe made their first contribution in actions/cache#1525

@sebbalex made their first contribution in actions/cache#1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

... (truncated)

Commits

5a3ec84 Merge pull request #1577 from salmanmkc/salmanmkc/4-test
7de2102 Update releases.md
76d40dd Update to use the latest version of the cache package to obfuscate the SAS
76dd5eb update cache with main
8c80c27 new package
45cfd0e updates
edd449b updated cache with latest changes
0576707 latest test before pr
3105dc9 update
9450d42 mask
Additional commits viewable in compare view

Updates actions/setup-go from 5.3.0 to 5.4.0

Release notes

Sourced from actions/setup-go's releases.

v5.4.0

What's Changed

Dependency updates :

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in actions/setup-go#535

Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in actions/setup-go#536

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/setup-go#568

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-go#541

New Contributors

@aparnajyothi-y made their first contribution in actions/setup-go#568

Full Changelog: actions/setup-go@v5...v5.4.0

Commits

0aaccfd Bump undici from 5.28.4 to 5.28.5 (#541)
c4c1141 upgrade actions/cache to 4.0.2 (#568)
5a083d0 Bump eslint-config-prettier from 8.10.0 to 10.0.1 (#536)
1d82324 Bump semver from 7.6.0 to 7.6.3 (#535)
See full diff in compare view

Updates docker/setup-buildx-action from 3.9.0 to 3.10.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

Commits

b5ca514 Merge pull request #408 from docker/dependabot/npm_and_yarn/docker/actions-to...
1418a4e chore: update generated content
93acf83 build(deps): bump @docker/actions-toolkit from 0.54.0 to 0.56.0
See full diff in compare view

Updates crazy-max/ghaction-github-runtime from 3.0.0 to 3.1.0

Release notes

Sourced from crazy-max/ghaction-github-runtime's releases.

v3.1.0

Bump @actions/core from 1.10.0 to 1.11.1 in crazy-max/ghaction-github-runtime#58

Bump braces from 3.0.2 to 3.0.3 in crazy-max/ghaction-github-runtime#54

Bump cross-spawn from 7.0.3 to 7.0.6 in crazy-max/ghaction-github-runtime#59

Bump ip from 2.0.0 to 2.0.1 in crazy-max/ghaction-github-runtime#50

Bump micromatch from 4.0.5 to 4.0.8 in crazy-max/ghaction-github-runtime#55

Bump tar from 6.1.14 to 6.2.1 in crazy-max/ghaction-github-runtime#51

Full Changelog: crazy-max/ghaction-github-runtime@v3.0.0...v3.1.0

Commits

3cb05d8 Merge pull request #58 from crazy-max/dependabot/npm_and_yarn/actions/core-1....
ef7a149 chore: update generated content
5bfe170 Merge pull request #55 from crazy-max/dependabot/npm_and_yarn/micromatch-4.0.8
58529df Merge pull request #59 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.6
ac1af5a Merge pull request #60 from crazy-max/gha-perms
8ae9a9b ci: set contents read as default workflow permissions
22db7e4 new year
24046ff Bump cross-spawn from 7.0.3 to 7.0.6
c068fc9 Bump @actions/core from 1.10.0 to 1.11.1
0d73af4 Bump micromatch from 4.0.5 to 4.0.8
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.0 to 4.6.2

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.2

What's Changed

Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @salmanmkc in actions/upload-artifact#685

New Contributors

@salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Commits

ea165f8 Merge pull request #685 from salmanmkc/salmanmkc/3-new-upload-artifacts-release
0839620 Prepare for new release of actions/upload-artifact with new toolkit cache ver...
4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
See full diff in compare view

Updates actions/download-artifact from 4.1.8 to 4.2.1

Release notes

Sourced from actions/download-artifact's releases.

v4.2.1

What's Changed

Add unit tests by @GhadimiR in actions/download-artifact#392

Fix bug introduced in 4.2.0 by @GhadimiR in actions/download-artifact#391

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

What's Changed

Update README.md by @lkfortuna in actions/download-artifact#384

Bump artifact version, do digest check by @GhadimiR in actions/download-artifact#383

New Contributors

@lkfortuna made their first contribution in actions/download-artifact#384

@GhadimiR made their first contribution in actions/download-artifact#383

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

v4.1.9

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/download-artifact#354

docs: small migration fix by @froblesmartin in actions/download-artifact#370

Update MIGRATION.md by @andyfeller in actions/download-artifact#372

Update artifact package to 2.2.2 by @yacaovsnc in actions/download-artifact#380

New Contributors

@Jcambass made their first contribution in actions/download-artifact#354

@froblesmartin made their first contribution in actions/download-artifact#370

@andyfeller made their first contribution in actions/download-artifact#372

@yacaovsnc made their first contribution in actions/download-artifact#380

Full Changelog: actions/download-artifact@v4.1.8...v4.1.9

Commits

95815c3 Merge pull request #391 from GhadimiR/main
278fca4 Move log statements
6890984 Merge branch 'main' into main
f9415c0 Run unit tests in CI
76a6eb5 Merge pull request #392 from GhadimiR/add_unit_tests
a2426d7 Merge branch 'main' into add_unit_tests
3ffa694 lint
53f6aa5 Add extra assertion to download single artifact test
b456700 lint
9eab798 Configure tsconfig
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.6 to 7.0.8

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.8

What's Changed

build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 by @dependabot in peter-evans/create-pull-request#3751

build(deps-dev): bump eslint-import-resolver-typescript from 3.8.1 to 3.8.3 by @dependabot in peter-evans/create-pull-request#3752

build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 by @dependabot in peter-evans/create-pull-request#3753

build(deps-dev): bump prettier from 3.5.1 to 3.5.2 by @dependabot in peter-evans/create-pull-request#3754

fix: suppress output for some git operations by @peter-evans in peter-evans/create-pull-request#3776

Full Changelog: peter-evans/create-pull-request@v7.0.7...v7.0.8

Create Pull Request v7.0.7

⚙️ Fixes an issue with commit signing where modifications to the same file in multiple commits squash into the first commit.

What's Changed

build(deps): bump @octokit/core from 6.1.2 to 6.1.3 by @dependabot in peter-evans/create-pull-request#3593

build(deps-dev): bump @types/node from 18.19.68 to 18.19.70 by @dependabot in peter-evans/create-pull-request#3594

Update distribution by @actions-bot in peter-evans/create-pull-request#3603

build(deps-dev): bump typescript from 5.7.2 to 5.7.3 by @dependabot in peter-evans/create-pull-request#3610

build(deps): bump octokit dependencies by @peter-evans in peter-evans/create-pull-request#3618

docs: add workflow tip for showing message via workflow command by @ybiquitous in peter-evans/create-pull-request#3626

build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by @dependabot in peter-evans/create-pull-request#3628

build(deps): bump node-fetch-native from 1.6.4 to 1.6.6 by @dependabot in peter-evans/create-pull-request#3627

build(deps-dev): bump undici from 6.21.0 to 6.21.1 by @dependabot in peter-evans/create-pull-request#3630

build(deps-dev): bump @types/node from 18.19.70 to 18.19.71 by @dependabot in peter-evans/create-pull-request#3629

Update distribution by @actions-bot in peter-evans/create-pull-request#3647

build(deps-dev): bump @types/node from 18.19.71 to 18.19.74 by @dependabot in peter-evans/create-pull-request#3657

build(deps-dev): bump @types/node from 18.19.74 to 18.19.75 by @dependabot in peter-evans/create-pull-request#3663

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.3.0 to 13.3.1 by @dependabot in peter-evans/create-pull-request#3670

build(deps-dev): bump prettier from 3.4.2 to 3.5.0 by @dependabot in peter-evans/create-pull-request#3671

Update distribution by @actions-bot in peter-evans/create-pull-request#3680

build(deps): bump @octokit/request-error from 6.1.6 to 6.1.7 by @dependabot in peter-evans/create-pull-request#3685

build(deps): bump @octokit/plugin-paginate-rest from 11.4.0 to 11.4.1 by @dependabot in peter-evans/create-pull-request#3688

build(deps): bump @octokit/endpoint from 10.1.2 to 10.1.3 by @dependabot in peter-evans/create-pull-request#3700

Update distribution by @actions-bot in peter-evans/create-pull-request#3691

build(deps-dev): bump prettier from 3.5.0 to 3.5.1 by @dependabot in peter-evans/create-pull-request#3709

build(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 3.8.1 by @dependabot in peter-evans/create-pull-request#3710

build(deps): bump @octokit/plugin-paginate-rest from 11.4.1 to 11.4.2 by @dependabot in peter-evans/create-pull-request#3713

build(deps-dev): bump @types/node from 18.19.75 to 18.19.76 by @dependabot in peter-evans/create-pull-request#3712

build(deps): bump @octokit/core from 6.1.3 to 6.1.4 by @dependabot in peter-evans/create-pull-request#3711

Update distribution by @actions-bot in peter-evans/create-pull-request#3736

Use showFileAtRefBase64 to read per-commit file contents by @grahamc in peter-evans/create-pull-request#3744

New Contributors

@ybiquitous made their first contribution in peter-evans/create-pull-request#3626

@grahamc made their first contribution in peter-evans/create-pull-request#3744

Full Changelog: peter-evans/create-pull-request@v7.0.6...v7.0.7

Commits

271a8d0 fix: suppress output for some git operations (#3776)
6f7efd1 test: update cpr-example-command
13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754)
63e5829 build(deps): bump @octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753)
a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752)
b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751)
dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744)
367180c ci: remove testv5 cmd
25575a1 build: update distribution (#3736)
a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711)
Additional commits viewable in compare view

Updates docker/login-action from 3.3.0 to 3.4.0

Release notes

Sourced from docker/login-action's releases.

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

Commits

74a5d14 Merge pull request #856 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
2f4f00e chore: update generated content
67c1845 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
3d4cc89 Merge pull request #844 from graysonpike/master
6cc823a Merge pull request #823 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d94e792 chore: update generated content
033db0d Merge pull request #812 from docker/dependabot/github_actions/codecov/codecov...
09c2ae9 build(deps): bump https-proxy-agent
ba56f00 ci: update deprecated input for codecov-action
75bf9a7 Merge pull request #858 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.29.0 to 0.30.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.30.0

What's Changed

fix: Update default trivy version in README by @derrix060 in aquasecurity/trivy-action#444

fix: typo in description of an input for action.yaml by @yutatokoi in aquasecurity/trivy-action#452

Improve README/SBOM by @AB-xdev in aquasecurity/trivy-action#439

chore: bump trivy to v0.60.0 by @nikpivkin in aquasecurity/trivy-action#453

New Contributors

@derrix060 made their first contribution in aquasecurity/trivy-action#444

@yutatokoi made their first contribution in aquasecurity/trivy-action#452

@AB-xdev made their first contribution in aquasecurity/trivy-action#439

Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0

Commits

6c175e9 chore: bump trivy to v0.60.0 (#453)
53e8848 Improve README/SBOM (#439)
ef1b561 fix: typo in description of an input for action.yaml (#452)
a11da62 fix: Update default trivy version in README (#444)
See full diff in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.1

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.1

What's Changed

This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.

Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.

use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in ossf/scorecard-action#1423

Some errors were made into annotations to make them more visible

Make default branch error more prominent by @jsoref in ossf/scorecard-action#1459

There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.

add input for specifying --file-mode by @spencerschrock in ossf/scorecard-action#1509

The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

🌱 publish docker images to GitHub Container Registry by @spencerschrock in ossf/scorecard-action#1453

Docs

Installation docs update by @JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

@JeremiahAHoward made their first contribution in ossf/scorecard-action#1416

@jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

Commits

f49aabe bump docker to ghcr v2.4.1 (#1478)
30a595b 🌱 Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (#1515)
69ae593 omit vcs info from build (#1514)
6a62a1c add input for specifying --file-mode (#1509)
2722664 🌱 Bump the github-actions group with 2 updates (#1510)
ae0ef31 🌱 Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1512)
3676bbc 🌱 Bump golang from 1.23.6 to 1.24.0...
Description has been truncated

ashnamehrotra · 2025-04-22T14:50:06Z

@dependabot rebase

Bumps the all group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.4` | `2.11.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.9` | `3.28.13` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.2.0` | `4.3.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.3` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.3.0` | `5.4.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.9.0` | `3.10.0` | | [crazy-max/ghaction-github-runtime](https://github.com/crazy-max/ghaction-github-runtime) | `3.0.0` | `3.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.2` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `4.2.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.6` | `7.0.8` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.4.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.29.0` | `0.30.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.3.1` | `7.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.3.1` | `5.4.0` | Updates `step-security/harden-runner` from 2.10.4 to 2.11.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@cb605e5...4d991eb) Updates `github/codeql-action` from 3.28.9 to 3.28.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@9e8d078...1b549b9) Updates `actions/setup-node` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1d0ff46...cdca736) Updates `actions/cache` from 4.2.0 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...5a3ec84) Updates `actions/setup-go` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@f111f33...0aaccfd) Updates `docker/setup-buildx-action` from 3.9.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@f7ce87c...b5ca514) Updates `crazy-max/ghaction-github-runtime` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/crazy-max/ghaction-github-runtime/releases) - [Commits](crazy-max/ghaction-github-runtime@b3a9207...3cb05d8) Updates `actions/upload-artifact` from 4.6.0 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@65c4c4a...ea165f8) Updates `actions/download-artifact` from 4.1.8 to 4.2.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@fa0a91b...95815c3) Updates `peter-evans/create-pull-request` from 7.0.6 to 7.0.8 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@67ccf78...271a8d0) Updates `docker/login-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@9780b0c...74a5d14) Updates `aquasecurity/trivy-action` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@18f2510...6c175e9) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...f49aabe) Updates `golangci/golangci-lint-action` from 6.3.1 to 7.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@2e78893...1481404) Updates `codecov/codecov-action` from 5.3.1 to 5.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@13ce06b...0565863) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: crazy-max/ghaction-github-runtime dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from ashnamehrotra as a code owner March 31, 2025 03:23

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 31, 2025

dependabot bot requested review from pmengelbert and sozercan as code owners March 31, 2025 03:23

dependabot bot force-pushed the dependabot/github_actions/all-c56bb09bf1 branch from 0ae882d to 8702935 Compare April 7, 2025 03:29

dependabot bot force-pushed the dependabot/github_actions/all-c56bb09bf1 branch from 8702935 to cbda93f Compare April 22, 2025 14:53

dependabot bot force-pushed the dependabot/github_actions/all-c56bb09bf1 branch from cbda93f to 32dd467 Compare May 12, 2025 03:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the all group across 1 directory with 15 updates #1141

chore: bump the all group across 1 directory with 15 updates #1141

dependabot bot commented on behalf of github Mar 31, 2025 •

edited

Loading

ashnamehrotra commented Apr 22, 2025

chore: bump the all group across 1 directory with 15 updates #1141

Are you sure you want to change the base?

chore: bump the all group across 1 directory with 15 updates #1141

Conversation

dependabot bot commented on behalf of github Mar 31, 2025 • edited Loading

v2.11.0

What's Changed

v3.28.13

CodeQL Action Changelog

3.28.13 - 24 Mar 2025

v3.28.12

CodeQL Action Changelog

3.28.12 - 19 Mar 2025

v3.28.11

CodeQL Action Changelog

3.28.11 - 07 Mar 2025

v3.28.10

CodeQL Action Changelog

3.28.10 - 21 Feb 2025

CodeQL Action Changelog

[UNRELEASED]

3.28.13 - 24 Mar 2025

3.28.12 - 19 Mar 2025

3.28.11 - 07 Mar 2025

3.28.10 - 21 Feb 2025

3.28.9 - 07 Feb 2025

3.28.8 - 29 Jan 2025

3.28.7 - 29 Jan 2025

3.28.6 - 27 Jan 2025

3.28.5 - 24 Jan 2025

3.28.4 - 23 Jan 2025

v4.3.0

What's Changed

Dependency updates

New Contributors

v4.2.3

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Releases

4.2.3

4.2.2

4.2.1

4.2.0

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

v5.4.0

What's Changed

Dependency updates :

New Contributors

v3.10.0

v3.1.0

v4.6.2

What's Changed

New Contributors

v4.6.1

What's Changed

v4.2.1

What's Changed

v4.2.0

What's Changed

New Contributors

v4.1.9

What's Changed

New Contributors

Create Pull Request v7.0.8

What's Changed

Create Pull Request v7.0.7

What's Changed

New Contributors

v3.4.0

v0.30.0

What's Changed

dependabot bot commented on behalf of github Mar 31, 2025 •

edited

Loading