update action versions in README.md#575
Merged
spiffcs merged 5 commits intoanchore:mainfrom Feb 4, 2026
Merged
Conversation
Contributor
pen-pal
commented
Jan 19, 2026
pen-pal
commented
- bump docker/setup-buildx-action from v2 to v3
- bump docker/build-push-action from v4 to v6
- bump anchore/scan-action from v6 to v7
- bump actions/checkout from v4.1.1 to v6.0.1
- bump github/codeql-action/upload-sarif from v3 to v4
- bump docker/setup-buildx-action from v2 to v3 - bump docker/build-push-action from v4 to v6 - bump anchore/scan-action from v6 to v7 - bump actions/checkout from v4.1.1 to v6.0.1 - bump github/codeql-action/upload-sarif from v3 to v4 Signed-off-by: Manish Khadka <61139563+pen-pal@users.noreply.github.com>
kzantow
reviewed
Feb 4, 2026
README.md
Outdated
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | ||
| with: | ||
| persist-credentials: false |
Contributor
There was a problem hiding this comment.
Why is this persist-credentials option added? It isn't needed for scan-action. I think we should only update the versions, and might as well get rid of the SHA for checkout, just use v6 or whatever is the latest
Contributor
There was a problem hiding this comment.
This option has been removed nice catch @kzantow
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* main: (21 commits) chore(deps): bump @actions/cache from 5.0.3 to 5.0.5 (anchore#592) chore(deps): bump @actions/tool-cache from 3.0.0 to 3.0.1 (anchore#593) chore(deps): update Grype to v0.107.1 (anchore#594) feat: add option to specify one or more grype config files (anchore#589) chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (anchore#590) chore(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 (anchore#587) chore(deps): update Grype to v0.107.0 (anchore#588) chore(deps-dev): bump prettier from 3.8.0 to 3.8.1 (anchore#584) chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (anchore#585) chore(deps-dev): bump tar from 7.5.6 to 7.5.7 (anchore#586) chore(deps): update Grype to v0.106.0 (anchore#583) chore(deps): bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 (anchore#582) chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (anchore#581) chore(deps): bump lodash from 4.17.21 to 4.17.23 (anchore#580) chore: tweak release drafter author and husky (anchore#579) chore: update release drafter permissions (anchore#578) chore: update release drafter to include appropriate dependencies (anchore#577) chore(deps): bump @actions/tool-cache from 2.0.2 to 3.0.0 (anchore#567) chore(deps): bump @actions/cache from 5.0.1 to 5.0.2 (anchore#568) chore(deps): bump @actions/core from 2.0.1 to 2.0.2 (anchore#569) ... Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
spiffcs
approved these changes
Feb 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.