chore(deps): bump the actions-deps group with 6 updates [#patch] #96

dependabot · 2024-12-01T13:58:19Z

Bumps the actions-deps group with 6 updates:

Package	From	To
docker/metadata-action	`5.5.1`	`5.6.1`
quay/clair-action	`0.0.10`	`0.0.11`
docker/build-push-action	`6.9.0`	`6.10.0`
actions/attest-build-provenance	`1.4.3`	`1.4.4`
tj-actions/changed-files	`45.0.3`	`45.0.4`
jaxxstorm/action-install-gh-release	`1.12.0`	`1.14.0`

Updates docker/metadata-action from 5.5.1 to 5.6.1

Release notes

Sourced from docker/metadata-action's releases.

v5.6.1

Fix GitHub API request fallback for commit date by @crazy-max in docker/metadata-action#478

Revert to default commit SHA length of 7 by @crazy-max in docker/metadata-action#480

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Add commit_date global expression by @trim21 in docker/metadata-action#471 docker/metadata-action#475

Increase short commit sha length to 12 for uniqueness by @crazy-max in docker/metadata-action#467

Bump @actions/core from 1.10.1 to 1.11.1 docker/metadata-action#460

Bump @docker/actions-toolkit from 0.16.1 to 0.44.0 docker/metadata-action#391 docker/metadata-action#399 docker/metadata-action#413 docker/metadata-action#441

Bump braces from 3.0.2 to 3.0.3 docker/metadata-action#424

Bump cross-spawn from 7.0.3 to 7.0.5 docker/metadata-action#474

Bump csv-parse from 5.5.5 to 5.5.6 docker/metadata-action#412

Bump moment-timezone from 0.5.44 to 0.5.46 docker/metadata-action#383 docker/metadata-action#470 docker/metadata-action#459

Bump path-to-regexp from 6.2.2 to 6.3.0 docker/metadata-action#454

Bump semver from 7.6.0 to 7.6.3 docker/metadata-action#400 docker/metadata-action#411 docker/metadata-action#440

Bump undici from 5.26.3 to 5.28.4 docker/metadata-action#386 docker/metadata-action#402

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

Commits

369eb59 Merge pull request #480 from crazy-max/back-to-sha-7
7d870ce chore: update generated content
e44a9cd back to commit sha length of 7
8cb0002 Merge pull request #478 from crazy-max/commit-date-request
e01ddd3 chore: update generated content
861d98a commiter_date: fix github api request fallback
359e915 Merge pull request #475 from crazy-max/commit-date-changes
0c395eb commit_date: code cleanup and readme updates
1156622 Merge pull request #474 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.5
95ea8d0 chore(deps): Bump cross-spawn from 7.0.3 to 7.0.5
Additional commits viewable in compare view

Updates quay/clair-action from 0.0.10 to 0.0.11

Commits

3c05ed0 chore: bump Dockerfile to v0.0.11
0e0e589 cli: add command to convert Vulnerability Reports
9e090be chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.1
0abe3f9 cmd: change dir and binary name
ec74d1c chore(deps): bump github.com/quay/claircore from 1.5.32 to 1.5.33
a0f201a chore(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5
ba5aa54 chore(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11
See full diff in compare view

Updates docker/build-push-action from 6.9.0 to 6.10.0

Release notes

Sourced from docker/build-push-action's releases.

v6.10.0

Add call input to set method for evaluating build by @crazy-max in docker/build-push-action#1265

Bump @actions/core from 1.10.1 to 1.11.1 in docker/build-push-action#1238

Bump @docker/actions-toolkit from 0.39.0 to 0.46.0 in docker/build-push-action#1268

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/build-push-action#1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

Commits

48aba3b Merge pull request #1268 from docker/dependabot/npm_and_yarn/docker/actions-t...
678328c chore: update generated content
cdf0a37 chore(deps): Bump @docker/actions-toolkit from 0.39.0 to 0.46.0
d719b79 Merge pull request #1238 from docker/dependabot/npm_and_yarn/actions/core-1.11.1
c333dfd chore: update generated content
6b56a4c chore(deps): Bump @actions/core from 1.10.1 to 1.11.1
92fb0d7 Merge pull request #1259 from docker/dependabot/github_actions/codecov/codeco...
40532c5 ci: fix deprecated input for codecov-action
70dd953 Merge pull request #1267 from crazy-max/fix-allow
41b4e80 Merge pull request #1261 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.4.3 to 1.4.4

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.4.4

What's Changed

Bump predicate action from 1.1.3 to 1.1.4 by @bdehamer in actions/attest-build-provenance#310

Bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in actions/attest-build-provenance#275

Bump @actions/attest from 1.4.2 to 1.5.0 by @bdehamer in actions/attest-build-provenance#309

Fix SLSA provenance bug related to workflow_ref OIDC token claims containing the "@" symbol in the tag name (actions/toolkit#1863)

Full Changelog: actions/attest-build-provenance@v1.4.3...v1.4.4

Commits

ef24412 bump predicate from 1.1.3 to 1.1.4 (#310)
36fa7d0 bump @actions/attest from 1.4.2 to 1.5.0 (#309)
390c0bb Bump @types/node from 22.8.1 to 22.8.7 in the npm-development group (#305)
21da615 Bump the npm-development group with 3 updates (#299)
0704961 Bump actions/publish-immutable-action in the actions-minor group (#298)
d01b070 Bump the npm-development group with 3 updates (#278)
b1d65e4 Add workflow file for publishing releases to immutable action package (#277)
3a27694 Bump @actions/core from 1.10.1 to 1.11.1 (#275)
dff1ae6 prevent e2e workflows on forks (#272)
e5892d0 Bump the npm-development group with 3 updates (#263)
Additional commits viewable in compare view

Updates tj-actions/changed-files from 45.0.3 to 45.0.4

Release notes

Sourced from tj-actions/changed-files's releases.

v45.0.4

What's Changed

Upgraded to v45.0.3 by @tj-actions-bot in tj-actions/changed-files#2308

fix(deps): update dependency @actions/core to v1.11.1 by @renovate in tj-actions/changed-files#2309

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2310

chore(deps): update dependency @types/node to v22.7.5 by @renovate in tj-actions/changed-files#2312

chore(deps): update dependency typescript to v5.6.3 by @renovate in tj-actions/changed-files#2313

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2315

skip: step for dependabot PRs by @jackton1 in tj-actions/changed-files#2317

feat: prevent ignore files warning by @jackton1 in tj-actions/changed-files#2318

chore(deps): update dependency @types/node to v22.7.6 by @renovate in tj-actions/changed-files#2321

chore(deps): update dependency @types/lodash to v4.17.11 by @renovate in tj-actions/changed-files#2322

chore(deps): update dependency @types/node to v22.7.7 by @renovate in tj-actions/changed-files#2323

chore(deps): update dependency @types/lodash to v4.17.12 by @renovate in tj-actions/changed-files#2324

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2325

chore(deps): update dependency @types/node to v22.7.8 by @renovate in tj-actions/changed-files#2327

chore(deps): update dependency @types/jest to v29.5.14 by @renovate in tj-actions/changed-files#2328

chore(deps): update dependency @types/node to v22.7.9 by @renovate in tj-actions/changed-files#2329

chore(deps): update actions/setup-node action to v4.1.0 by @renovate in tj-actions/changed-files#2330

chore(deps): update dependency @types/node to v22.8.0 by @renovate in tj-actions/changed-files#2331

chore(deps): update dependency @types/node to v22.8.1 by @renovate in tj-actions/changed-files#2332

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2333

chore(deps): update dependency @types/node to v22.8.2 by @renovate in tj-actions/changed-files#2334

chore(deps): update dependency @types/node to v22.8.4 by @renovate in tj-actions/changed-files#2335

chore(deps): update dependency @types/lodash to v4.17.13 by @renovate in tj-actions/changed-files#2336

chore(deps): update dependency @types/node to v22.8.5 by @renovate in tj-actions/changed-files#2337

chore(deps): update dependency @types/node to v22.8.6 by @renovate in tj-actions/changed-files#2338

chore(deps): update dependency @types/node to v22.8.7 by @renovate in tj-actions/changed-files#2339

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2340

chore(deps): update dependency @types/node to v22.9.0 by @renovate in tj-actions/changed-files#2341

chore(deps): update dependency eslint-plugin-jest to v28.9.0 by @renovate in tj-actions/changed-files#2342

Full Changelog: tj-actions/changed-files@v45...v45.0.4

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

45.0.4 - (2024-11-05)

🚀 Features

Prevent ignore files warning (#2318) (1f772e9) - (Tonye Jack)

🐛 Bug Fixes

deps: Update dependency @actions/core to v1.11.1 (4d0aab9) - (renovate[bot])

➕ Add

Added missing changes and modified dist assets. (9d7201d) - (GitHub Action)

Added missing changes and modified dist assets. (0104c75) - (GitHub Action)

📝 Other

Step for dependabot PRs (#2317) (684c5e6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

deps: Update dependency eslint-plugin-jest to v28.9.0 (4edd678) - (renovate[bot])

deps: Update dependency @types/node to v22.9.0 (f082558) - (renovate[bot])

deps: Lock file maintenance (92c02a0) - (renovate[bot])

deps: Update dependency @types/node to v22.8.7 (b702211) - (renovate[bot])

deps: Update dependency @types/node to v22.8.6 (435fd74) - (renovate[bot])

deps: Update dependency @types/node to v22.8.5 (0626fa3) - (renovate[bot])

deps: Update dependency @types/lodash to v4.17.13 (8817a79) - (renovate[bot])

deps: Update dependency @types/node to v22.8.4 (5417491) - (renovate[bot])

deps: Update dependency @types/node to v22.8.2 (84ef162) - (renovate[bot])

deps: Lock file maintenance (b672a51) - (renovate[bot])

deps: Update dependency @types/node to v22.8.1 (678cdc2) - (renovate[bot])

deps: Update dependency @types/node to v22.8.0 (27b7bbb) - (renovate[bot])

deps: Update actions/setup-node action to v4.1.0 (8361072) - (renovate[bot])

deps: Update dependency @types/node to v22.7.9 (21acf46) - (renovate[bot])

deps: Update dependency @types/jest to v29.5.14 (f356b3c) - (renovate[bot])

deps: Update dependency @types/node to v22.7.8 (66275de) - (renovate[bot])

deps: Lock file maintenance (a16702b) - (renovate[bot])

deps: Update dependency @types/lodash to v4.17.12 (aa11897) - (renovate[bot])

deps: Update dependency @types/node to v22.7.7 (6513fe1) - (renovate[bot])

deps: Update dependency @types/lodash to v4.17.11 (45e0c78) - (renovate[bot])

deps: Update dependency @types/node to v22.7.6 (a949a83) - (renovate[bot])

deps: Lock file maintenance (f93ff33) - (renovate[bot])

deps: Update dependency typescript to v5.6.3 (729c704) - (renovate[bot])

deps: Update dependency @types/node to v22.7.5 (2009d44) - (renovate[bot])

deps: Lock file maintenance (b693fc2) - (renovate[bot])

... (truncated)

Commits

4edd678 chore(deps): update dependency eslint-plugin-jest to v28.9.0
f082558 chore(deps): update dependency @types/node to v22.9.0
92c02a0 chore(deps): lock file maintenance
b702211 chore(deps): update dependency @types/node to v22.8.7
435fd74 chore(deps): update dependency @types/node to v22.8.6
0626fa3 chore(deps): update dependency @types/node to v22.8.5
8817a79 chore(deps): update dependency @types/lodash to v4.17.13
5417491 chore(deps): update dependency @types/node to v22.8.4
84ef162 chore(deps): update dependency @types/node to v22.8.2
b672a51 chore(deps): lock file maintenance
Additional commits viewable in compare view

Updates jaxxstorm/action-install-gh-release from 1.12.0 to 1.14.0

Release notes

Sourced from jaxxstorm/action-install-gh-release's releases.

v1.14.0

What's Changed

feat: support xz by @t3hmrman in jaxxstorm/action-install-gh-release#108

Full Changelog: jaxxstorm/action-install-gh-release@v1...v1.14.0

v1.13.0

What's Changed

Add aarch64 as a known alternative to arm64 by @Dr-Emann in jaxxstorm/action-install-gh-release#83

Turn on renovate best practice preset by @gberche-orange in jaxxstorm/action-install-gh-release#77

feat: allow configurable project names by @t3hmrman in jaxxstorm/action-install-gh-release#94

feat: enhance asset name handling and matching logic in main.js by @jaxxstorm in jaxxstorm/action-install-gh-release#96

chore(deps): update actions/checkout action to v4 by @renovate in jaxxstorm/action-install-gh-release#66

chore(deps): update dependency @types/node to ^20.8.8 by @renovate in jaxxstorm/action-install-gh-release#95

chore(deps): update dependency @types/node to ^20.17.6 by @renovate in jaxxstorm/action-install-gh-release#98

fix(deps): update dependency eslint to v9.14.0 by @renovate in jaxxstorm/action-install-gh-release#100

Install latest prerelease assets by @pchalamet in jaxxstorm/action-install-gh-release#92

Bump semver from 6.3.0 to 6.3.1 by @dependabot in jaxxstorm/action-install-gh-release#97

chore(deps): update actions/checkout digest to 11bd719 by @renovate in jaxxstorm/action-install-gh-release#101

update npm deps by @jaxxstorm in jaxxstorm/action-install-gh-release#105

chore(deps): update actions/checkout action to v4 by @renovate in jaxxstorm/action-install-gh-release#104

New Contributors

@Dr-Emann made their first contribution in jaxxstorm/action-install-gh-release#83

@gberche-orange made their first contribution in jaxxstorm/action-install-gh-release#77

@t3hmrman made their first contribution in jaxxstorm/action-install-gh-release#94

@pchalamet made their first contribution in jaxxstorm/action-install-gh-release#92

Full Changelog: jaxxstorm/action-install-gh-release@v1...v1.13.0

Commits

cd6b2b7 Merge pull request #108 from t3hmrman/feat=support-xz
512e8ca feat: support xz, refactor post download setup
7f2440a Merge pull request #104 from jaxxstorm/renovate/actions-checkout-4.x
cab2da8 Merge pull request #105 from jaxxstorm/dep_upd
66c24c6 update npm deps
363def8 Merge pull request #101 from jaxxstorm/renovate/actions-checkout-digest
19f5b40 chore(deps): update actions/checkout action to v4
f4c7d37 Merge pull request #97 from jaxxstorm/dependabot/npm_and_yarn/semver-6.3.1
97ca0c8 Merge pull request #92 from MagnusOpera/feature/prerelease
cbf139e Merge pull request #100 from jaxxstorm/renovate/eslint-monorepo
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions-deps group with 6 updates: | Package | From | To | | --- | --- | --- | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.6.1` | | [quay/clair-action](https://github.com/quay/clair-action) | `0.0.10` | `0.0.11` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.9.0` | `6.10.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.4.3` | `1.4.4` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.3` | `45.0.4` | | [jaxxstorm/action-install-gh-release](https://github.com/jaxxstorm/action-install-gh-release) | `1.12.0` | `1.14.0` | Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...369eb59) Updates `quay/clair-action` from 0.0.10 to 0.0.11 - [Release notes](https://github.com/quay/clair-action/releases) - [Commits](quay/clair-action@171b9f2...3c05ed0) Updates `docker/build-push-action` from 6.9.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4f58ea7...48aba3b) Updates `actions/attest-build-provenance` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@1c608d1...ef24412) Updates `tj-actions/changed-files` from 45.0.3 to 45.0.4 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@c3a1bb2...4edd678) Updates `jaxxstorm/action-install-gh-release` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/jaxxstorm/action-install-gh-release/releases) - [Commits](jaxxstorm/action-install-gh-release@25d5e2d...cd6b2b7) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: quay/clair-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: jaxxstorm/action-install-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from notdodo as a code owner December 1, 2024 13:58

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 1, 2024

notdodo changed the title ~~chore(deps): bump the actions-deps group with 6 updates~~ chore(deps): bump the actions-deps group with 6 updates [#patch] Dec 1, 2024

notdodo approved these changes Dec 1, 2024

View reviewed changes

notdodo merged commit 50b619a into main Dec 1, 2024
4 checks passed

notdodo deleted the dependabot/github_actions/actions-deps-b230e00c12 branch December 1, 2024 13:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the actions-deps group with 6 updates [#patch] #96

chore(deps): bump the actions-deps group with 6 updates [#patch] #96

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the actions-deps group with 6 updates [#patch] #96

chore(deps): bump the actions-deps group with 6 updates [#patch] #96

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2024

v5.6.1

v5.6.0

v6.10.0

v1.4.4

What's Changed

v45.0.4

What's Changed

Changelog

45.0.4 - (2024-11-05)

🚀 Features

🐛 Bug Fixes

➕ Add

📝 Other

⚙️ Miscellaneous Tasks

v1.14.0

What's Changed

v1.13.0

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants