build(deps): bump the ci group with 4 updates #4460

dependabot · 2023-12-11T01:03:58Z

Bumps the ci group with 4 updates: korthout/backport-action, actions/setup-go, google-github-actions/setup-gcloud and anchore/sbom-action.

Updates korthout/backport-action from 2.1.1 to 2.2.0

Release notes

Sourced from korthout/backport-action's releases.

Backport-action v2.2.0

What's Changed

This release introduces a new experimental input that you can use to configure experimental features. We encourage everyone to try them out and share feedback.

As a first experimental feature, this release adds detect_merge_method. When enabled, it cherry-picks the resulting commits based on the detected merge method. Give it a try if you're using the Squash and merge or Rebase and merge merge method for your pull requests, and please report any issues you encounter.

To enable merge method detection add the following to your backport workflow:
using: korthout/backport-action@v2
with:
  experimental: >
    {
      "detect_merge_method": true
    }
A special shoutout and heartfelt thanks to @jschmid1 for their outstanding contribution to the detect_merge_method feature!

Detect squash and rebase merge methods by @jschmid1 in korthout/backport-action#399

Documentation

Avoid loop in backport by comment usage example by @jschmid1 in korthout/backport-action#400

Align event type in usage example by @chillleader in korthout/backport-action#401

Updated Dependencies

build(deps): bump @types/dedent from 0.7.1 to 0.7.2 by @dependabot in korthout/backport-action#396

New Contributors

@chillleader made their first contribution in korthout/backport-action#401

Full Changelog: korthout/backport-action@v2.1.0...v2.2.0

Commits

b982d29 dist: release 2.2.0
32e3a3b dist: build new artifacts
13b24fe Merge pull request #399 from jschmid1/feat/respect-squash-and-rebase-merges
1e95a33 fix: reverse found commits for range
4735b06 fix: check commits to cherry pick for merges
68c7aff fix: remove surrounding quotes from shas
995cf04 fix: store fetched refs indefinitely
a34b7c2 refactor: remove unused function
3b378cd feat: warn about unknown experimental input
493766a docs: describe merge_commit_sha
Additional commits viewable in compare view

Updates actions/setup-go from 4.1.0 to 5.0.0

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

Fix hosted tool cache usage on windows by @galargh in actions/setup-go#411

Improve documentation regarding dependencies caching by @artemgavrilov in actions/setup-go#417

New Contributors

@galargh made their first contribution in actions/setup-go#411

@artemgavrilov made their first contribution in actions/setup-go#417

@chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: actions/setup-go@v4...v5.0.0

Commits

0c52d54 Update dependencies for node20 (#445)
bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
3d65fa5 feat: bump to use actions/checkout@v4
8a505c9 feat: bump to use node20 runtime
883490d Merge pull request #417 from artemgavrilov/main
d45ebba Rephrase sentence
317c661 Replace wildcards term with globs.
f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
8018234 Improve documentation regarding dependencies cachin
d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
Additional commits viewable in compare view

Updates google-github-actions/setup-gcloud from 1.1.1 to 2.0.0

Release notes

Sourced from google-github-actions/setup-gcloud's releases.

v2.0.0

⚠️ This version requires Node 20 or later!

What's Changed

dependabot: only do security updates by @sethvargo in google-github-actions/setup-gcloud#643

update all deps by @sethvargo in google-github-actions/setup-gcloud#644

Update deps to Node 20 by @sethvargo in google-github-actions/setup-gcloud#653

Upgrade setup-cloud-sdk package by @sethvargo in google-github-actions/setup-gcloud#656

Add CI for release branches by @sethvargo in google-github-actions/setup-gcloud#661

Update and drop unnecessary deps by @sethvargo in google-github-actions/setup-gcloud#662

Release: v2.0.0 by @google-github-actions-bot in google-github-actions/setup-gcloud#664

Full Changelog: google-github-actions/setup-gcloud@v1...v2.0.0

Commits

8251968 Release: v2.0.0 (#664)
c2599db Update and drop unnecessary deps (#662)
7c7fdb0 Add CI for release branches (#661)
63496e6 Upgrade setup-cloud-sdk package (#656)
602747f Update deps to Node 20 (#653)
080181a update all deps (#644)
827c57d dependabot: only do security updates (#643)
See full diff in compare view

Updates anchore/sbom-action from 0.15.0 to 0.15.1

Release notes

Sourced from anchore/sbom-action's releases.

v0.15.1

Changes in v0.15.1

chore(deps): update Syft to v0.98.0 (#431) [anchore-actions-token-generator]

Add config input (#430) [eyakubovich]

chore: pin and upgrade gh actions (#429) [willmurphyscode]

Commits

5ecf649 chore(deps): update Syft to v0.98.0 (#431)
a4126e6 Add config input (#430)
9d0277c chore: pin and upgrade gh actions (#429)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 4 updates: [korthout/backport-action](https://github.com/korthout/backport-action), [actions/setup-go](https://github.com/actions/setup-go), [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `korthout/backport-action` from 2.1.1 to 2.2.0 - [Release notes](https://github.com/korthout/backport-action/releases) - [Commits](korthout/backport-action@08bafb3...b982d29) Updates `actions/setup-go` from 4.1.0 to 5.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@93397be...0c52d54) Updates `google-github-actions/setup-gcloud` from 1.1.1 to 2.0.0 - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](google-github-actions/setup-gcloud@e30db14...8251968) Updates `anchore/sbom-action` from 0.15.0 to 0.15.1 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@fd74a6f...5ecf649) --- updated-dependencies: - dependency-name: korthout/backport-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: google-github-actions/setup-gcloud dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added area/ci CI related issues and pull requests dependencies Pull requests that update a dependency labels Dec 11, 2023

stefanprodan approved these changes Dec 11, 2023

View reviewed changes

stefanprodan merged commit b742799 into main Dec 11, 2023
11 checks passed

stefanprodan deleted the dependabot/github_actions/ci-4046e4e628 branch December 11, 2023 07:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the ci group with 4 updates #4460

build(deps): bump the ci group with 4 updates #4460

dependabot bot commented on behalf of github Dec 11, 2023

build(deps): bump the ci group with 4 updates #4460

build(deps): bump the ci group with 4 updates #4460

Conversation

dependabot bot commented on behalf of github Dec 11, 2023

Backport-action v2.2.0

What's Changed

Documentation

Updated Dependencies

New Contributors

v5.0.0

What's Changed

New Contributors

v2.0.0

What's Changed

v0.15.1

Changes in v0.15.1