-
Notifications
You must be signed in to change notification settings - Fork 641
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the actions-all group with 9 updates #953
Bump the actions-all group with 9 updates #953
Conversation
Bumps the actions-all group with 9 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.7.1` | `2.10.1` | | [actions/checkout](https://github.com/actions/checkout) | `3.6.0` | `4.1.7` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.25.5` | `3.26.7` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `2.5.1` | `4.3.4` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.0.6` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.3` | `4.4.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.0.2` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6` | `7` | | [jacobtomlinson/gha-find-replace](https://github.com/jacobtomlinson/gha-find-replace) | `2` | `3` | Updates `step-security/harden-runner` from 2.7.1 to 2.10.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@a4aa98b...91182cc) Updates `actions/checkout` from 3.6.0 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3.6.0...v4.1.7) Updates `github/codeql-action` from 2.25.5 to 3.26.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d05fceb...8214744) Updates `actions/dependency-review-action` from 2.5.1 to 4.3.4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@0efb1d1...5a2ce3f) Updates `ossf/scorecard-action` from 2.0.6 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@99c5375...62b2cac) Updates `actions/upload-artifact` from 3.1.3 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@a8a3f3a...5076954) Updates `actions/setup-go` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...0a12ed9) Updates `peter-evans/create-pull-request` from 6 to 7 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v6...v7) Updates `jacobtomlinson/gha-find-replace` from 2 to 3 - [Release notes](https://github.com/jacobtomlinson/gha-find-replace/releases) - [Commits](jacobtomlinson/gha-find-replace@v2...v3) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: jacobtomlinson/gha-find-replace dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all ... Signed-off-by: dependabot[bot] <[email protected]>
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/ok-to-test |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dependabot[bot], wangzhen127 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Bumps the actions-all group with 9 updates:
2.7.1
2.10.1
3.6.0
4.1.7
2.25.5
3.26.7
2.5.1
4.3.4
2.0.6
2.4.0
3.1.3
4.4.0
5.0.1
5.0.2
6
7
2
3
Updates
step-security/harden-runner
from 2.7.1 to 2.10.1Release notes
Sourced from step-security/harden-runner's releases.
... (truncated)
Commits
91182cc
Merge pull request #463 from step-security/rc-1459ec1c6
Update agent1d23703
Merge pull request #461 from step-security/varunsh-coder-patch-1b03bdda
Update README.md3d8dd68
Update README.md446798f
Merge pull request #455 from step-security/rc-12f0d3b1e
Update agentb7880a2
update distdade49e
Merge pull request #456 from h0x0er/arm-supportd6248be
bump enterprise agent versionUpdates
actions/checkout
from 3.6.0 to 4.1.7Release notes
Sourced from actions/checkout's releases.
... (truncated)
Commits
692973e
Prepare 4.1.7 release (#1775)6ccd57f
Pin actions/checkout's own workflows to a known, good, stable version. (#1776)b17fe1e
Handle hidden refs (#1774)b80ff79
Bump actions/checkout from 3 to 4 (#1697)b1ec302
Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)a5ac7e5
Update for 4.1.6 release (#1733)24ed1a3
Check platform for extension (#1732)44c2b7a
README: Suggestuser.email
to be `41898282+github-actions[bot]@users
.norepl...8459bc0
Bump actions/upload-artifact from 2 to 4 (#1695)3f603f6
Bump actions/setup-node from 1 to 4 (#1696)Updates
github/codeql-action
from 2.25.5 to 3.26.7Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
8214744
Merge pull request #2478 from github/update-v3.26.7-4a01ec798a3b3e07
Update changelog for v3.26.74a01ec7
Merge pull request #2474 from github/aeisenberg/always-upload-eslint-sarif762dbae
Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.40d0f998
Always upload eslint.sarife817992
Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif49021ad
Merge pull request #2472 from rvermeulen/rvermeulen/update-release-branch-authz56b8418
Ignore suppressed alertsf824adb
Merge branch 'main' into rvermeulen/update-release-branch-authz8d9ed0b
Add changelog noteUpdates
actions/dependency-review-action
from 2.5.1 to 4.3.4Release notes
Sourced from actions/dependency-review-action's releases.
... (truncated)
Commits
5a2ce3f
Merge pull request #791 from actions/juxtin/update-versionac6a6ad
Prepare even more for v4.3.43e2b917
Merge pull request #790 from actions/juxtin/update-versiond9ab9c8
Update version in package.json8c152c7
Merge pull request #769 from actions/dependabot/npm_and_yarn/zod-3.23.80085d30
Update dist08b5bf2
Bump zod from 3.22.4 to 3.23.8986fce9
Merge pull request #784 from actions/dependabot/npm_and_yarn/got-14.4.128743f8
Merge pull request #719 from actions/change-spdx-parserd6f34c3
Merge pull request #789 from actions/dependabot/npm_and_yarn/braces-3.0.3Updates
ossf/scorecard-action
from 2.0.6 to 2.4.0Release notes
Sourced from ossf/scorecard-action's releases.
... (truncated)
Commits
62b2cac
bump docker tag to v2.4.0 for release (#1414)c09630c
lower license score alert threshold to 9 (#1411)cf8594c
🌱 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)de5fcb9
🌱 Bump the github-actions group with 2 updates (#1412)a46b90b
bump scorecard to v5.0.0 release (#1410)9fc518d
🌱 Bump golang in the docker-images group (#1407)a8eaa1b
🌱 Bump the github-actions group with 2 updates (#1408)873d5fd
🌱 Bump the github-actions group across 1 directory with 2 updates (#...54cc1fe
🌱 Bump the docker-images group with 2 updates (#1401)82bcb91
🌱 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)Updates
actions/upload-artifact
from 3.1.3 to 4.4.0Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
5076954
Merge pull request #598 from actions/joshmgross/exclude-hidden-filesd52396a
Add a warning about enablinginclude-hidden-files
710f362
Remove "merged" frominclude-hidden-files
input description3b315f2
npm run release
again 🙂3be2180
Remove another trailing comma453e8d0
Update glob license0a398c1
npm run release
a0c40cf
Update to latest@actions/glob
and fix testsacb59e4
lint
cb6558b
Exclude hidden files by defaultUpdates
actions/setup-go
from 5.0.1 to 5.0.2Release notes
Sourced from actions/setup-go's releases.
Commits
0a12ed9
Bump braces from 3.0.2 to 3.0.3 (#487)4ab57d7
Fix versions check failure (#479)Updates
peter-evans/create-pull-request
from 6 to 7Release notes
Sourced from peter-evans/create-pull-request's releases.
... (truncated)
Commits
2f38cd2
fix: support submodules when commit signing (#3354)7a8aeac
build(deps-dev): bump eslint from 8.57.0 to 8.57.1 (#3344)d39d596
build(deps-dev): bump@types/jest
from 29.5.12 to 29.5.13 (#3343)f6f978f
docs: correct suggestion for bot setup (#3342)6cd32fd
fix: disable abbreviated commit shas in diff (#3337)d121e62
fix: disable diff detection for renames and copies (#3330)f4d66f4
build(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#3319)488c869
build(deps-dev): bump@types/node
from 18.19.48 to 18.19.50 (#3320)5354f85
docs: update readme8867c4a
fix: handle ambiguous argument failure on diff stat (#3312)Updates
jacobtomlinson/gha-find-replace
from 2 to 3Release notes
Sourced from jacobtomlinson/gha-find-replace's releases.
Commits
099c88f
Fix action.yml: Bump to 3.0.2 (#64)843224e
Added unit tests. (#61)3a8ed85
Update documentation with fixes for common problems (#57)208a500
Updated elgohr/Publish-Docker-Github-Action to a supported version (v5) (#54)a51bbcd
Enable replace value to be an empty string (#53)4d085e8
Bump to 3.0.161acce0
Update with v3f5f4ad7
Deprecated set-output (#51)657b0d1
replaced Docker Hub by GHCR (#40)b767296
Add example of pushing changes back (#36)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.De...
Description has been truncated