build(deps): bump the ci group across 1 directory with 8 updates #4833

dependabot · 2024-06-10T01:02:25Z

Bumps the ci group with 8 updates in the / directory:

Package	From	To
actions/checkout	`4.1.5`	`4.1.6`
korthout/backport-action	`2.5.0`	`3.0.2`
Azure/login	`2.1.0`	`2.1.1`
google-github-actions/auth	`2.1.2`	`2.1.3`
docker/login-action	`3.1.0`	`3.2.0`
github/codeql-action	`2.13.4`	`3.25.8`
anchore/sbom-action	`0.15.11`	`0.16.0`
goreleaser/goreleaser-action	`5.1.0`	`6.0.0`

Updates actions/checkout from 4.1.5 to 4.1.6

Release notes

Sourced from actions/checkout's releases.

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

... (truncated)

Commits

a5ac7e5 Update for 4.1.6 release (#1733)
24ed1a3 Check platform for extension (#1732)
See full diff in compare view

Updates korthout/backport-action from 2.5.0 to 3.0.2

Release notes

Sourced from korthout/backport-action's releases.

Backport-action v3.0.2

Fixed

This release fixes a small bug in the draft_commit_conflicts option for the experimental conflict_resolution feature. When encountering conflicts, the backport pull request is opened in draft mode with the conflicts committed. Instructions are provided to resolve these conflicts locally, but these were incorrect. For more details see korthout/backport-action#421.

Checkout draft branch instead of target in suggestion by @korthout in korthout/backport-action#423

Full Changelog: korthout/backport-action@v3.0.1...v3.0.2

Backport-action v3.0.1

Fixed

This release fixes a small bug in the draft_commit_conflicts option for the experimental conflict_resolution feature. When encountering conflicts, the backport pull request is opened in draft mode with the conflicts committed. Instructions are provided to resolve these conflicts locally, but these were incorrect. For more details see #421.

Suggest to fetch and checkout draft pr branch directly by @korthout in korthout/backport-action#422

Full Changelog: korthout/backport-action@v3.0.0...v3.0.1

Backport-action v3.0.0

Changed

[Breaking] Use merge method to cherry-pick by default by @korthout in korthout/backport-action#420

This release changes the default behavior of the action to determine which commits are cherry-picked. While this behavior change doesn't necessarily require changes to your workflow, it warrants a major version bump.

Previously, the action cherry-picked the commits from the pull request. Specifically, those reachable from the pull request's head and not reachable from the pull request's base.

From now on, the action cherry-picks the commits based on the method used to merge the pull request by default.

For "Squash and merge", the action cherry-picks the squashed commit.

For "Rebase and merge", the action cherry-picks the rebased commits.

For "Merged as a merge commit", the action cherry-picks the commits from the pull request.

If you previously used the experimental detect_merge_method input, we suggest you remove it from your workflow. This experimental input has been deprecated and replaced by the cherry_picking input.

If you want to return to the previous behavior, you can set the cherry_picking input to pull_request_head.

This behavior was previously available via the experimental detect_merge_method input, introduced in korthout/backport-action#399. Special thanks go out to @jschmid1 for contributing this feature.

Added

This release also adds two new experimental features. Special shoutouts to @tasso94 and @vermz99 for contributing these!

Allow backporting to a downstream repository by @tasso94 in korthout/backport-action#405

With the experimental downstream_repo and downstream_owner inputs, you can backport to a repository other than where the workflow runs. For example, when you use a fork to maintain the previously released versions. You can also see this as backporting to a remote repository, but we felt it was better described as backporting to a downstream repository. The default behavior remains that the action always backports to the repository in which the workflow runs.

Add conflict_resolution input by @vermz99 in korthout/backport-action#417

With the experimental conflict_resolution input, you can now change how the action will handle conflicts during cherry-picking. Set it to draft_commit_conflicts to create a draft pull request with the first conflict encountered committed to reduce some of the manual efforts in backporting. The default behavior stays like before and can be configured explicitly as fail. In that case, the backport fails when the cherry-pick encounters a conflict.

Updated Dependencies

build(deps): bump undici from 5.28.3 to 5.28.4 by @dependabot in korthout/backport-action#418

... (truncated)

Commits

bd410d3 dist: release 3.0.2
7e34d5f dist: build new artifacts
9237785 Merge pull request #423 from korthout/korthout-fix-draft-checkout
8fef44e fix: checkout branch not target
f73aeb9 dist: release 3.1.0-SNAPSHOT
ecb5bc3 dist: release 3.0.1
c7a7132 dist: build new artifacts
da478f7 Merge pull request #422 from korthout/korthout-fix-draft-conflict-suggestions
863937d fix: fetch and checkout draft pr branch directly
7d390fd dist: release 3.1.0-SNAPSHOT
Additional commits viewable in compare view

Updates Azure/login from 2.1.0 to 2.1.1

Release notes

Sourced from Azure/login's releases.

v2.1.1

What's Changed

Disable information output in Connect-AzAccount by @YanaXu in Azure/login#448

New Contributors

@jiasli made their first contribution in Azure/login#438

@isra-fel made their first contribution in Azure/login#446

Full Changelog: Azure/login@v2.1.0...v2.1.1

Commits

6c25186 prepare release v2.1.1
cb503d8 Disable information output in Connect-AzAccount (#448)
59ce201 Update CODE_OF_CONDUCT.md (#446)
cf8f85d Update azure/CLI@v1 to azure/cli@v2 and azure/powershell@v1 to `azure/p...
19d77c4 Change the trigger for pr check workflow (#435)
See full diff in compare view

Updates google-github-actions/auth from 2.1.2 to 2.1.3

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.3

What's Changed

Security considerations: ids are strings, not integers by @ewjoachim in google-github-actions/auth#400

security: bump undici from 5.28.3 to 5.28.4 by @dependabot in google-github-actions/auth#405

Fix typo by @sethvargo in google-github-actions/auth#408

Switch to using universe helpers by @sethvargo in google-github-actions/auth#410

Add request_reason for plumbing though user-supplied audit information by @sethvargo in google-github-actions/auth#413

Release: v2.1.3 by @google-github-actions-bot in google-github-actions/auth#414

New Contributors

@ewjoachim made their first contribution in google-github-actions/auth#400

Full Changelog: google-github-actions/auth@v2.1.2...v2.1.3

Commits

71fee32 Release: v2.1.3 (#414)
e0122d6 Add request_reason for plumbing though user-supplied audit information (#413)
34baaec Switch to using universe helpers (#410)
8d44d59 Fix typo (#408)
d176447 security: bump undici from 5.28.3 to 5.28.4 (#405)
33e827c Security considerations: ids are strings, not integers (#400)
See full diff in compare view

Updates docker/login-action from 3.1.0 to 3.2.0

Release notes

Sourced from docker/login-action's releases.

v3.2.0

Improve missing username/password by @Frankkkkk in docker/login-action#706

Bump @docker/actions-toolkit from 0.18.0 to 0.24.0 in docker/login-action#715 docker/login-action#721

Bump aws-sdk-dependencies to 3.583.0 in docker/login-action#720

Bump undici from 5.28.3 to 5.28.4 in docker/login-action#694

Full Changelog: docker/login-action@v3.1.0...v3.2.0

Commits

0d4c9c5 Merge pull request #722 from crazy-max/update-readme
b29e14f add contributing section to README
218a70c Merge pull request #721 from docker/dependabot/npm_and_yarn/docker/actions-to...
b820080 build(deps): bump @docker/actions-toolkit from 0.23.0 to 0.24.0
27530a9 Merge pull request #720 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
d072a60 chore: update generated content
7c627b5 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
787cfc6 Merge pull request #694 from docker/dependabot/npm_and_yarn/undici-5.28.4
8e66e91 chore: update generated content
5ba5e97 build(deps): bump undici from 5.28.3 to 5.28.4
Additional commits viewable in compare view

Updates github/codeql-action from 2.13.4 to 3.25.8

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.17.4

Bundles CodeQL CLI v2.17.4

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.4:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

codeql/javascript-queries (changelog, source)

codeql/javascript-all (changelog, source)

codeql/python-queries (changelog, source)

codeql/python-all (changelog, source)

codeql/ruby-queries (changelog, source)

codeql/ruby-all (changelog, source)

codeql/swift-queries (changelog, source)

codeql/swift-all (changelog, source)

CodeQL Bundle v2.17.3

Bundles CodeQL CLI v2.17.3

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.3:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

codeql/javascript-queries (changelog, source)

codeql/javascript-all (changelog, source)

codeql/python-queries (changelog, source)

codeql/python-all (changelog, source)

codeql/ruby-queries (changelog, source)

codeql/ruby-all (changelog, source)

codeql/swift-queries (changelog, source)

codeql/swift-all (changelog, source)

CodeQL Bundle v2.17.2

Bundles CodeQL CLI v2.17.2

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.2:

codeql/cpp-queries (changelog, source)

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.8 - 04 Jun 2024

Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273

Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274

The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

Update default CodeQL bundle version to 2.17.1. #2247

Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235

Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

... (truncated)

Commits

2e230e8 Merge pull request #2323 from github/update-v3.25.8-18b06dd1d
66ad891 Update changelog for v3.25.8
18b06dd Merge pull request #2322 from github/dependabot/npm_and_yarn/npm-10d82c2911
200dd0c Update checked-in dependencies
2bb35ea bump the npm group with 4 updates
9c15e42 Merge pull request #2321 from github/update-bundle/codeql-bundle-v2.17.4
98e7922 Merge branch 'main' into update-bundle/codeql-bundle-v2.17.4
440350b Add changelog note
d4fcc8b Update default bundle to codeql-bundle-v2.17.4
add199b Merge pull request #2320 from github/angelapwen/use-linked-in-tests
Additional commits viewable in compare view

Updates anchore/sbom-action from 0.15.11 to 0.16.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.16

Changes in v0.16.0

Update Syft to v1.4.1 (#465)

Update GitHub artifact client (#463) [kzantow]

NOTE: if you are using this action within a matrix build and see failures attempting to upload artifacts with duplicate names, you will need to set the artifact-name to be unique based on the matrix properties (an example here). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names.

Commits

e8d2a69 chore(deps): update Syft to v1.4.1 (#465)
610bea4 chore: update GitHub artifact client (#463)
0445e23 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#464)
a66e2f3 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#461)
1abd786 chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 (#462)
See full diff in compare view

Updates goreleaser/goreleaser-action from 5.1.0 to 6.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.0.0

[!WARNING] This is a breaking change!

Follow the instructions here to upgrade!

What's Changed

feat!: use "~> v2" as default by @caarlos0 in goreleaser/goreleaser-action#463

Full Changelog: goreleaser/goreleaser-action@v5...v6.0.0

Commits

286f3b1 ci: fix tests
beac410 ci: update workflow and .goreleaser.yml
18bbabc feat!: use "~> v2" as default (#463)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.5` | `4.1.6` | | [korthout/backport-action](https://github.com/korthout/backport-action) | `2.5.0` | `3.0.2` | | [Azure/login](https://github.com/azure/login) | `2.1.0` | `2.1.1` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.2` | `2.1.3` | | [docker/login-action](https://github.com/docker/login-action) | `3.1.0` | `3.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.13.4` | `3.25.8` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.11` | `0.16.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.1.0` | `6.0.0` | Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@44c2b7a...a5ac7e5) Updates `korthout/backport-action` from 2.5.0 to 3.0.2 - [Release notes](https://github.com/korthout/backport-action/releases) - [Commits](korthout/backport-action@ef20d86...bd410d3) Updates `Azure/login` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@6b24568...6c25186) Updates `google-github-actions/auth` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@55bd3a7...71fee32) Updates `docker/login-action` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@e92390c...0d4c9c5) Updates `github/codeql-action` from 2.13.4 to 3.25.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@cdcdbb5...2e230e8) Updates `anchore/sbom-action` from 0.15.11 to 0.16.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@7ccf588...e8d2a69) Updates `goreleaser/goreleaser-action` from 5.1.0 to 6.0.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@5742e2a...286f3b1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: korthout/backport-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: Azure/login dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]>

fluxcdbot · 2024-06-11T06:44:00Z

Successfully created backport PR for release/v2.3.x:

[release/v2.3.x] build(deps): bump the ci group across 1 directory with 8 updates #4834

dependabot bot added area/ci CI related issues and pull requests dependencies Pull requests that update a dependency labels Jun 10, 2024

stefanprodan added the backport:release/v2.3.x To be backported to release/v2.3.x label Jun 11, 2024

stefanprodan approved these changes Jun 11, 2024

View reviewed changes

stefanprodan merged commit ffc1f72 into main Jun 11, 2024
11 checks passed

stefanprodan deleted the dependabot/github_actions/ci-38c577afb2 branch June 11, 2024 06:43

fluxcdbot mentioned this pull request Jun 11, 2024

[release/v2.3.x] build(deps): bump the ci group across 1 directory with 8 updates #4834

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the ci group across 1 directory with 8 updates #4833

build(deps): bump the ci group across 1 directory with 8 updates #4833

dependabot bot commented on behalf of github Jun 10, 2024

fluxcdbot commented Jun 11, 2024

build(deps): bump the ci group across 1 directory with 8 updates #4833

build(deps): bump the ci group across 1 directory with 8 updates #4833

Conversation

dependabot bot commented on behalf of github Jun 10, 2024

v4.1.6

What's Changed

Changelog

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

Backport-action v3.0.2

Fixed

Backport-action v3.0.1

Fixed

Backport-action v3.0.0

Changed

Added

Updated Dependencies

v2.1.1

What's Changed

New Contributors

v2.1.3

What's Changed

New Contributors

v3.2.0

CodeQL Bundle v2.17.4

CodeQL Bundle v2.17.3

CodeQL Bundle v2.17.2

CodeQL Action Changelog

[UNRELEASED]

3.25.8 - 04 Jun 2024

3.25.7 - 31 May 2024

3.25.6 - 20 May 2024

3.25.5 - 13 May 2024

3.25.4 - 08 May 2024

3.25.3 - 25 Apr 2024

3.25.2 - 22 Apr 2024

3.25.1 - 17 Apr 2024

3.25.0 - 15 Apr 2024

v0.16

Changes in v0.16.0

v6.0.0

What's Changed

fluxcdbot commented Jun 11, 2024