Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: bump the gh-actions-packages group across 1 directory with 5 updates #1874

Closed
wants to merge 1 commit into from
Closed

update: bump the gh-actions-packages group across 1 directory with 5 updates #1874

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 16, 2025
edited
Loading

Bumps the gh-actions-packages group with 5 updates in the / directory:

Package From To
mikefarah/yq 4.44.6 4.45.1
docker/build-push-action 6.10.0 6.12.0
github/codeql-action 3.27.9 3.28.1
securego/gosec 2.21.4 2.22.0
stackrox/kube-linter-action 1.0.5 1.0.6

Updates mikefarah/yq from 4.44.6 to 4.45.1

Release notes

Sourced from mikefarah/yq's releases.

v4.45.1 - Create parent directories when --split-exp is used!

  • Create parent directories when --split-exp is used, Thanks @​rudo-thomas
  • Bumped dependencies
Changelog

Sourced from mikefarah/yq's changelog.

4.45.1:

  • Create parent directories when --split-exp is used, Thanks @​rudo-thomas
  • Bumped dependencies

4.44.6:

4.44.5:

  • Fixing release pipeline

4.44.4:

  • Format comments with a gray foreground (Thanks @​gabe565)
  • Fixed handling of nulls with sort_by expressions #2164
  • Force no color output when NO_COLOR env presents (Thanks @​narqo)
  • Fixed array subtraction update bug #2159
  • Fixed index out of range error
  • Can traverse straight from parent operator (parent.blah)
  • Bumped dependencies

4.44.3:

  • Fixed upper-case file extension detection, Thanks @​ryenus (#2121)
  • Log printing follow no-colors flag #2082
  • Skip and warn when interpolating strings and theres a unclosed bracket #2083
  • Fixed CSV content starting with # issue #2076
  • Bumped dependencies

4.44.2:

  • Handle numbers with underscores #2039
  • Unique now works on maps and arrays #2068
  • Added support for short hand splat with env[] expression #2071, as well as many other operators (split,select,eval,pick..)
  • Bumped dependencies

4.44.1:

4.43.1:

... (truncated)

Commits
  • 8bf425b Bumping version
  • f755755 Updated release notes
  • 0f390b2 Bumping goccy
  • 31ad7fb Bump github.com/magiconair/properties from 1.8.7 to 1.8.9
  • 566cf82 Bump github.com/goccy/go-json from 0.10.3 to 0.10.4
  • 2c9f833 Bump github.com/elliotchance/orderedmap from 1.7.0 to 1.7.1
  • c02d44d Bump golang.org/x/net from 0.32.0 to 0.33.0
  • f73c862 feat: Create parent directories if --split-exp is used.
  • 294a170 Bumping version
  • See full diff in compare view

Updates docker/build-push-action from 6.10.0 to 6.12.0

Release notes

Sourced from docker/build-push-action's releases.

v6.12.0

Full Changelog: docker/build-push-action@v6.11.0...v6.12.0

v6.11.0

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

Commits
  • 67a2d40 Merge pull request #1300 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 0b1b1c9 chore: update generated content
  • b6a7c2c chore(deps): Bump @​docker/actions-toolkit from 0.49.0 to 0.51.0
  • 31ca4e5 Merge pull request #1296 from crazy-max/bake-v6
  • e613db9 update bake-action to v6
  • b32b51a Merge pull request #1281 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 594bf46 Merge pull request #1294 from crazy-max/fix-e2e
  • fd37bd5 ci(e2e): fix setup docker config
  • e6478a2 chore: update generated content
  • 78785bd chore(deps): Bump @​docker/actions-toolkit from 0.46.0 to 0.49.0
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.27.9 to 3.28.1

Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

  • Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
  • Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

  • Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits
  • b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
  • bb999b4 Update changelog for v3.28.1
  • ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
  • 4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
  • a05a7eb Fix PR number in changenote
  • 8d2753b Add public changelog blog post link
  • e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
  • b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
  • 1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
  • fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
  • Additional commits viewable in compare view

Updates securego/gosec from 2.21.4 to 2.22.0

Release notes

Sourced from securego/gosec's releases.

v2.22.0

Changelog

  • e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 Update what message for G104 (#1282)
  • 534689b08f588e88a89ffe20eddfdc28c6eeb86e chore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#1281)
  • eb95db1c7689fe5191547206ea06ed422e49eb89 chore(deps): update all dependencies (#1280)
  • 6c6da403f0d52380bb13ea8245eee31f02b952c2 chore(deps): update all dependencies (#1279)
  • b12f51f7d688ab7f51c543813efbb984d466adab Simplify sortIssues implementation (#1277)
  • 54c2185ae643b8df64395652c6e4abbbe9ef1ebc Enable testifylint and fix up lint issues (#1276)
  • 36c81ed69b2279f562bbd511a3bdec49ee488816 Refactor AppendError to check for build.NoGoError (#1273)
  • 9a2d74ffe0740284dfc13d5b2101eeaa4a64f48d chore(deps): update module golang.org/x/net to v0.33.0 [security] (#1275)
  • 4c5ad914f3005ad3a45841bd14e5ab7edfc17846 Update README.md (#1274)
  • e21b4d42cf52504b3ab4384ddaa640e75bc9aac0 Rule documentation updates (#1272)
  • 92de0ee7a2bef8688cdef8744c1e408064eb7683 Replace old golang.org links with new go.dev (#1271)
  • 4fda076e5d8dabc819b30b73f34a50f5ffe19a0f Refactor AppendError to use strings.Contains (#1270)
  • b01f49e3668456e9ec552b6ddc5ff3a41511a071 Simplify Analyzer.ignore by reducing nesting (#1269)
  • b62cc3316d652d3b15d5b76538cf26c968baba87 Improve capitalization in AI API flags descriptions (#1267)
  • bc77d16301725b9d97bd3f4a7b216d83e3c30c64 Remove unused golint dependency (#1266)
  • ef1a35faf9f24e25ff6ccb977083ad56456cbc01 Simplify tests by using GinkgoT().TempDir() (#1265)
  • 09b914371ececcf6e010f570551ec311c7848e12 Documentation on adding new rules and analyzers (#1262)
  • 1bd92a8e30a87a62cff3d792365f7e983c3c9291 chore(deps): update all dependencies (#1268)
  • ca55eca3def12baad606a310b13b35168debde4f Update to go 1.22.10 and 1.23.4 versions (#1264)
  • 329cad89ee05f29dc8ce797823a10960e558cf03 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#1263)
  • 08beb25d41bef7c8a9ecab2df84dddf4d486ed17 chore(deps): update all dependencies (#1261)
  • d566be274ef93dea133cb063f1dba82c7476a5a9 chore(deps): update module github.com/onsi/gomega to v1.36.0 (#1259)
  • 8c602d0bc45e4a76d2a6079cfa0fa5a88a381ebe fix: revive.redefines-builtin-id lint warnings (#1257)
  • 399e835157aa69a09b4a8d1c14f9afcc203621ae Fix typos in comments and fields
  • 229cf63a09e595e1ddbff532ee64e9826822912f Remove the decryption funtions/methods from G407 check
  • 699cb55eb33630404307a1f99d73cd3ea4181135 Upate go to version 1.23.3 and 1.22.9
  • 9b13cd5ab4766d62429eaadb27a5d662db123222 Fix G115 false positive when going from parsed uint to larger int
  • 08ea2a57db99b9758f1aa4982fadfa5778b672f4 chore(deps): update all dependencies
  • 44156135bfd39b347ec01d2d69b27e50b26f2344 chore(deps): update all dependencies
  • 3274716ce3ce24652ee4476152be9324817f2d91 chore(deps): update all dependencies
  • 1fb6a46eed71931cdac97753cf64c0f1dd73122f chore(deps): update all dependencies
  • d2c92ed7b3bb812e0d8d9295c3034588cc779edf chore(deps): update all dependencies
  • 4fd98728a74b56a1381ec494624c42ae53d2515c Update go version to 1.23.2 and 1.22.8
  • 1501618b90fccbe51cb283a4b21496a0ba86c311 chore(deps): update module google.golang.org/api to v0.201.0
  • 7d33bc1991ba1c97d8ebce9b0d1231acffbbf6ed chore(deps): update all dependencies
  • bd8b4b4ece209d24dfc86bb15c708182b091a4de chore(deps): update all dependencies
  • 1216c9b96b9c5beaa43590ad7b3c689352266567 Fix the cosign step to authenticate with the container registry
  • 50d1b4ae6b4970ef1446f4671a22ea1d30ea99b8 chore(deps): update module google.golang.org/api to v0.199.0
  • c0ba7c7a74f811c56b33b5905b0524e34acbbf0f Update the gosec to v2.21.4 in the Github action
  • a3299ce10ca6f800a292567bdd5e89cbb04babce Add the version into goreleaser config
Commits

Updates stackrox/kube-linter-action from 1.0.5 to 1.0.6

Release notes

Sourced from stackrox/kube-linter-action's releases.

v1.0.6

What's Changed

New Contributors

Full Changelog: stackrox/kube-linter-action@v1...v1.0.6

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
update: bump the gh-actions-packages group across 1 directory with 5 …
21008e2 
…updates

Bumps the gh-actions-packages group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mikefarah/yq](https://github.com/mikefarah/yq) | `4.44.6` | `4.45.1` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.10.0` | `6.12.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.27.9` | `3.28.1` |
| [securego/gosec](https://github.com/securego/gosec) | `2.21.4` | `2.22.0` |
| [stackrox/kube-linter-action](https://github.com/stackrox/kube-linter-action) | `1.0.5` | `1.0.6` |



Updates `mikefarah/yq` from 4.44.6 to 4.45.1
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@4839dbb...8bf425b)

Updates `docker/build-push-action` from 6.10.0 to 6.12.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@48aba3b...67a2d40)

Updates `github/codeql-action` from 3.27.9 to 3.28.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@df409f7...b6a472f)

Updates `securego/gosec` from 2.21.4 to 2.22.0
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@d4617f5...e0cca6f)

Updates `stackrox/kube-linter-action` from 1.0.5 to 1.0.6
- [Release notes](https://github.com/stackrox/kube-linter-action/releases)
- [Commits](stackrox/kube-linter-action@5792edc...15786ee)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: securego/gosec
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: stackrox/kube-linter-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jan 16, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 17, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 17, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/develop/gh-actions-packages-d98b8a69f8 branch January 17, 2025 03:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants