Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #130

Merged
merged 1 commit into from
Jan 3, 2025
Merged

chore(deps): update github-actions #130

merged 1 commit into from
Jan 3, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 1, 2025

This PR contains the following updates:

Package Type Update Change
actions/upload-artifact action minor v4.4.3 -> v4.5.0
github/codeql-action action minor v3.27.4 -> v3.28.0
miracum/.github action patch v1.12.10 -> v1.12.12

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.5.0

Compare Source

github/codeql-action (github/codeql-action)

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024
  • Bump the minimum CodeQL bundle version to 2.15.5. #​2655
  • Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

v3.27.5

Compare Source

miracum/.github (miracum/.github)

v1.12.12

Compare Source

Miscellaneous Chores
  • deps: update oxsecurity/megalinter action to v8.3.0 (#​99) (abfae50)

v1.12.11

Compare Source

Miscellaneous Chores

Configuration

📅 Schedule: Branch creation - "* * 1 */3 *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 4 0 0.03s
✅ BASH bash-exec 1 0 0.01s
✅ BASH shellcheck 1 0 0.1s
⚠️ BASH shfmt 1 1 0.01s
✅ DOCKERFILE hadolint 2 0 0.16s
✅ EDITORCONFIG editorconfig-checker 54 0 0.18s
✅ GROOVY npm-groovy-lint 2 0 8.54s
✅ JAVA checkstyle 11 0 5.16s
✅ JSON jsonlint 4 0 0.29s
✅ JSON prettier 4 0 0.79s
✅ JSON v8r 4 0 3.66s
✅ MARKDOWN markdownlint 2 0 0.53s
✅ PYTHON bandit 1 0 1.36s
✅ PYTHON black 1 0 1.41s
✅ PYTHON flake8 1 0 0.65s
✅ PYTHON isort 1 0 0.45s
✅ PYTHON mypy 1 0 8.42s
✅ PYTHON ruff 1 0 0.03s
✅ REPOSITORY checkov yes no 19.09s
✅ REPOSITORY gitleaks yes no 0.25s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY grype yes no 15.7s
✅ REPOSITORY kics yes no 16.21s
✅ REPOSITORY secretlint yes no 0.86s
✅ REPOSITORY syft yes no 2.96s
✅ REPOSITORY trivy yes no 12.1s
✅ REPOSITORY trivy-sbom yes no 0.21s
✅ REPOSITORY trufflehog yes no 3.95s
✅ XML xmllint 1 0 0.02s
✅ YAML prettier 15 0 0.95s
✅ YAML v8r 15 0 15.43s
✅ YAML yamllint 15 0 0.65s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

Trivy image scan report

ghcr.io/miracum/kafka-fhir-to-server:pr-130 (debian 12.8)

No Vulnerabilities found

No Misconfigurations found

Java

8 known vulnerabilities found (CRITICAL: 0 HIGH: 6 MEDIUM: 1 LOW: 1)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-52007 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-52007 HIGH 6.3.23 6.4.0
ch.qos.logback:logback-core CVE-2024-12798 MEDIUM 1.5.11 1.5.13
ch.qos.logback:logback-core CVE-2024-12801 LOW 1.5.11 1.5.13
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 HIGH 10.1.31 11.0.2, 10.1.34, 9.0.98
org.fhir:ucum CVE-2024-55887 HIGH 1.0.8 1.0.9

No Misconfigurations found

@chgl chgl merged commit ca1caa0 into master Jan 3, 2025
16 checks passed
@renovate renovate bot deleted the renovate/github-actions branch January 3, 2025 22:48
miracum-bot pushed a commit that referenced this pull request Jan 3, 2025
@semantic-release-bot
chore(release): 2.2.2 [skip ci]
b610c91 
## [2.2.2](v2.2.1...v2.2.2) (2025-01-03)

### Bug Fixes

* switch to aws s3 sdk for better ceph compatibility ([#134](#134)) ([ae981ff](ae981ff))

### Miscellaneous Chores

* **deps:** refresh pip-compile outputs ([#125](#125)) ([6a6c1c4](6a6c1c4))
* **deps:** update dependency pytest to v8 ([#132](#132)) ([a04e8d9](a04e8d9))
* **deps:** update docker.io/bitnami/kafka:3.9.0 docker digest to 3fb376e ([#127](#127)) ([47a2d10](47a2d10))
* **deps:** update docker.io/library/python:3.13-alpine docker digest to 657dbdb ([#128](#128)) ([9b5ab46](9b5ab46))
* **deps:** update gcr.io/distroless/java21-debian12:nonroot docker digest to 54175aa ([#129](#129)) ([9a859d2](9a859d2))
* **deps:** update github-actions ([#130](#130)) ([ca1caa0](ca1caa0))
@miracum-bot
Copy link

🎉 This PR is included in version 2.2.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miracum-bot @chgl