Bump the ci group across 1 directory with 11 updates #1132

dependabot · 2024-12-17T03:59:14Z

Bumps the ci group with 11 updates in the / directory:

Package	From	To
actions/checkout	`4.2.0`	`4.2.2`
actions/setup-go	`5.0.2`	`5.2.0`
docker/setup-buildx-action	`3.6.1`	`3.8.0`
actions/cache	`4.0.2`	`4.2.0`
helm/kind-action	`1.10.0`	`1.11.0`
docker/build-push-action	`6.7.0`	`6.10.0`
docker/metadata-action	`5.5.1`	`5.6.1`
sigstore/cosign-installer	`3.6.0`	`3.7.0`
anchore/sbom-action	`0.17.2`	`0.17.9`
goreleaser/goreleaser-action	`6.0.0`	`6.1.0`
github/codeql-action	`3.26.9`	`3.27.9`

Updates actions/checkout from 4.2.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
See full diff in compare view

Updates actions/setup-go from 5.0.2 to 5.2.0

Release notes

Sourced from actions/setup-go's releases.

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
49582f6 Add workflow file for publishing releases to immutable action package
b26d402 fix: add arch to cache key (#493)
See full diff in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
8d5e074 chore: update generated content
7199e57 make cloud prefix optional to download buildx if driver is cloud
db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
686da90 chore: update generated content
a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
4dcdbce build(deps): bump @docker/actions-toolkit from 0.39.0 to 0.48.0
1a8ac74 ci: fix deprecated input for codecov-action
e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
Additional commits viewable in compare view

Updates actions/cache from 4.0.2 to 4.2.0

Release notes

Sourced from actions/cache's releases.

v4.2.0

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

@actions/core: 1.11.1

@actions/io: 1.1.3

@vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4...v4.2.0

v4.1.2

What's Changed

Add Bun example by @idleberg in actions/cache#1456

Revise isGhes logic by @jww3 in actions/cache#1474

Bump braces from 3.0.2 to 3.0.3 by @dependabot in actions/cache#1475

Add dependabot.yml to enable automatic dependency upgrades by @Link- in actions/cache#1476

Bump actions/checkout from 3 to 4 by @dependabot in actions/cache#1478

Bump actions/stale from 3 to 9 by @dependabot in actions/cache#1479

Bump github/codeql-action from 2 to 3 by @dependabot in actions/cache#1483

Bump actions/setup-node from 3 to 4 by @dependabot in actions/cache#1481

Prepare 4.1.2 release by @Link- in actions/cache#1477

New Contributors

@idleberg made their first contribution in actions/cache#1456

@jww3 made their first contribution in actions/cache#1474

@Link- made their first contribution in actions/cache#1476

Full Changelog: actions/cache@v4...v4.1.2

v4.1.1

What's Changed

Restore original behavior of cache-hit output by @joshmgross in actions/cache#1467

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

4.0.0

Updated minimum runner version support from node 12 -> node 20

3.4.0

Integrated with the new cache service (v2) APIs

3.3.3

Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378

Additional audit fixes of npm package(s)

... (truncated)

Commits

1bd1e32 Merge pull request #1509 from actions/Link-/cache-4.2.0
882d7ce Add 3.4.0 release notes
f2695d7 Rerun CI
f46ceeb Add licensed output
e6f5858 Add lodash to list of reviewed licenses
4ae6f21 Add reviewed licensed packages
c16df86 Add licensed output
b109c12 Upgrade @actions/core to 1.11.1 and other deps
b7d227d Upgrade @vercel/ncc to 0.38.3
faf6392 Update RELEASES.md
Additional commits viewable in compare view

Updates helm/kind-action from 1.10.0 to 1.11.0

Release notes

Sourced from helm/kind-action's releases.

v1.11.0

What's Changed

add wait test by @cpanato in helm/kind-action#111

revert wget to use curl again by @cpanato in helm/kind-action#110

feat: add custom kubeconfig option as action input by @jbattiato in helm/kind-action#119

fix: Use new mirror for downloading kubectl by @jriedel-ionos in helm/kind-action#127

update kind to default to release v0.24.0 by @cpanato in helm/kind-action#122

New Contributors

@jbattiato made their first contribution in helm/kind-action#119

@jriedel-ionos made their first contribution in helm/kind-action#127

Full Changelog: helm/kind-action@v1.10.0...v1.11.0

Commits

ae94020 update kind to default to release v0.24.0 (#122)
9fdad06 fix: Use new mirror for downloading kubectl (#127)
c93960c Bump actions/checkout from 4.2.1 to 4.2.2 in the actions group (#125)
fce224d Bump actions/checkout from 4.2.0 to 4.2.1 in the actions group (#123)
0958ddc Bump actions/checkout from 4.1.7 to 4.2.0 in the actions group (#121)
5d66646 feat: add custom kubeconfig option as action input (#119)
6f17223 Bump actions/checkout from 4.1.7 to 4.2.0 in the actions group (#120)
7e05df2 revert wget to use curl again (#110)
b17b03a Bump actions/checkout from 4.1.6 to 4.1.7 in the actions group (#117)
674d091 Bump actions/checkout from 4.1.5 to 4.1.6 in the actions group (#115)
Additional commits viewable in compare view

Updates docker/build-push-action from 6.7.0 to 6.10.0

Release notes

Sourced from docker/build-push-action's releases.

v6.10.0

Add call input to set method for evaluating build by @crazy-max in docker/build-push-action#1265

Bump @actions/core from 1.10.1 to 1.11.1 in docker/build-push-action#1238

Bump @docker/actions-toolkit from 0.39.0 to 0.46.0 in docker/build-push-action#1268

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/build-push-action#1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

v6.9.0

Bump @docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

Bump @docker/actions-toolkit from 0.37.1 to 0.38.0 in docker/build-push-action#1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

Commits

48aba3b Merge pull request #1268 from docker/dependabot/npm_and_yarn/docker/actions-t...
678328c chore: update generated content
cdf0a37 chore(deps): Bump @docker/actions-toolkit from 0.39.0 to 0.46.0
d719b79 Merge pull request #1238 from docker/dependabot/npm_and_yarn/actions/core-1.11.1
c333dfd chore: update generated content
6b56a4c chore(deps): Bump @actions/core from 1.10.1 to 1.11.1
92fb0d7 Merge pull request #1259 from docker/dependabot/github_actions/codecov/codeco...
40532c5 ci: fix deprecated input for codecov-action
70dd953 Merge pull request #1267 from crazy-max/fix-allow
41b4e80 Merge pull request #1261 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
Additional commits viewable in compare view

Updates docker/metadata-action from 5.5.1 to 5.6.1

Release notes

Sourced from docker/metadata-action's releases.

v5.6.1

Fix GitHub API request fallback for commit date by @crazy-max in docker/metadata-action#478

Revert to default commit SHA length of 7 by @crazy-max in docker/metadata-action#480

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Add commit_date global expression by @trim21 in docker/metadata-action#471 docker/metadata-action#475

Increase short commit sha length to 12 for uniqueness by @crazy-max in docker/metadata-action#467

Bump @actions/core from 1.10.1 to 1.11.1 docker/metadata-action#460

Bump @docker/actions-toolkit from 0.16.1 to 0.44.0 docker/metadata-action#391 docker/metadata-action#399 docker/metadata-action#413 docker/metadata-action#441

Bump braces from 3.0.2 to 3.0.3 docker/metadata-action#424

Bump cross-spawn from 7.0.3 to 7.0.5 docker/metadata-action#474

Bump csv-parse from 5.5.5 to 5.5.6 docker/metadata-action#412

Bump moment-timezone from 0.5.44 to 0.5.46 docker/metadata-action#383 docker/metadata-action#470 docker/metadata-action#459

Bump path-to-regexp from 6.2.2 to 6.3.0 docker/metadata-action#454

Bump semver from 7.6.0 to 7.6.3 docker/metadata-action#400 docker/metadata-action#411 docker/metadata-action#440

Bump undici from 5.26.3 to 5.28.4 docker/metadata-action#386 docker/metadata-action#402

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

Commits

369eb59 Merge pull request #480 from crazy-max/back-to-sha-7
7d870ce chore: update generated content
e44a9cd back to commit sha length of 7
8cb0002 Merge pull request #478 from crazy-max/commit-date-request
e01ddd3 chore: update generated content
861d98a commiter_date: fix github api request fallback
359e915 Merge pull request #475 from crazy-max/commit-date-changes
0c395eb commit_date: code cleanup and readme updates
1156622 Merge pull request #474 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.5
95ea8d0 chore(deps): Bump cross-spawn from 7.0.3 to 7.0.5
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.6.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

dc72c7d bump for latest cosign v2.4.1 release (#173)
08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
See full diff in compare view

Updates anchore/sbom-action from 0.17.2 to 0.17.9

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.9

Changes in v0.17.9

chore(deps): update Syft to v1.18.1 (#510) [anchore-actions-token-generator]

chore(deps): update Syft to v1.18.0 (#509) [anchore-actions-token-generator]

v0.17.8

Changes in v0.17.8

chore(deps): update Syft to v1.17.0 (#507) [anchore-actions-token-generator]

v0.17.7

Changes in v0.17.7

chore(deps): update Syft to v1.16.0 (#506) [anchore-actions-token-generator]

v0.17.6

Changes in v0.17.6

chore(deps): update Syft to v1.15.0 (#505) [anchore-actions-token-generator]

chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504) [dependabot]

v0.17.5

Changes in v0.17.5

chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

v0.17.4

Changes in v0.17.4

chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

v0.17.3

Changes in v0.17.3

chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

Commits

df80a98 chore(deps): update Syft to v1.18.1 (#510)
33651ab chore(deps): update Syft to v1.18.0 (#509)
a5bbe18 fix: github correlator name when run in matrix build (#482)
55dc4ee chore(deps): update Syft to v1.17.0 (#507)
fc46e51 chore(deps): update Syft to v1.16.0 (#506)
251a468 chore(deps): update Syft to v1.15.0 (#505)
6bb446c chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504)
1ca97d9 chore(deps): update Syft to v1.14.2 (#503)
8d0a650 chore(deps): update Syft to v1.14.1 (#502)
f5e124a chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.0.0 to 6.1.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.1.0

What's Changed

chore(deps): bump braces from 3.0.2 to 3.0.3 by @dependabot in goreleaser/goreleaser-action#467

chore(deps): bump docker/bake-action from 4 to 5 by @dependabot in goreleaser/goreleaser-action#468

chore(deps): bump semver from 7.6.2 to 7.6.3 by @dependabot in goreleaser/goreleaser-action#470

chore(deps): bump @actions/http-client from 2.2.1 to 2.2.2 by @dependabot in goreleaser/goreleaser-action#473

chore(deps): bump @actions/http-client from 2.2.2 to 2.2.3 by @dependabot in goreleaser/goreleaser-action#474

chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @dependabot in goreleaser/goreleaser-action#475

chore(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in goreleaser/goreleaser-action#478

docs: bump upload-artifact version by @dunglas in goreleaser/goreleaser-action#479

chore: update generated content by @crazy-max in goreleaser/goreleaser-action#480

New Contributors

@dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

Commits

9ed2f89 chore: update generated content (#480)
cf63508 docs: bump upload-artifact version (#479)
f7623f3 chore(deps): bump @actions/core from 1.10.1 to 1.11.1 (#478)
006a7a4 chore: update
e4066e6 chore(deps): bump micromatch from 4.0.5 to 4.0.8 (#475)
22f558e chore(deps): bump @actions/http-client from 2.2.2 to 2.2.3 (#474)
6e33108 chore(deps): bump @actions/http-client from 2.2.1 to 2.2.2 (#473)
7ca6450 chore(deps): bump semver from 7.6.2 to 7.6.3 (#470)
d33b6f6 chore(deps): bump docker/bake-action from 4 to 5 (#468)
85d0b9d chore(deps): bump braces from 3.0.2 to 3.0.3 (#467)
See full diff in compare view

Updates github/codeql-action from 3.26.9 to 3.27.9

Release notes

Sourced from github/codeql-action's releases.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

v3.27.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.6 - 03 Dec 2024

Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

v3.27.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.5 - 19 Nov 2024

No user facing changes.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to Description has been truncated

Bumps the ci group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `3.8.0` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.2.0` | | [helm/kind-action](https://github.com/helm/kind-action) | `1.10.0` | `1.11.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.7.0` | `6.10.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.6.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.7.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.2` | `0.17.9` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.0.0` | `6.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.26.9` | `3.27.9` | Updates `actions/checkout` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...11bd719) Updates `actions/setup-go` from 5.0.2 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...3041bf5) Updates `docker/setup-buildx-action` from 3.6.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@988b5a0...6524bf6) Updates `actions/cache` from 4.0.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...1bd1e32) Updates `helm/kind-action` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](helm/kind-action@0025e74...ae94020) Updates `docker/build-push-action` from 6.7.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@5cd11c3...48aba3b) Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...369eb59) Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...dc72c7d) Updates `anchore/sbom-action` from 0.17.2 to 0.17.9 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@61119d4...df80a98) Updates `goreleaser/goreleaser-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@286f3b1...9ed2f89) Updates `github/codeql-action` from 3.26.9 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@461ef6c...df409f7) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added area/ci CI related issues and pull requests dependencies Pull requests that update a dependency labels Dec 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the ci group across 1 directory with 11 updates #1132

Bump the ci group across 1 directory with 11 updates #1132

dependabot bot commented on behalf of github Dec 17, 2024 •

edited

Loading

Bump the ci group across 1 directory with 11 updates #1132

Are you sure you want to change the base?

Bump the ci group across 1 directory with 11 updates #1132

Conversation

dependabot bot commented on behalf of github Dec 17, 2024 • edited Loading

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

New Contributors

v3.8.0

v3.7.1

v3.7.0

v4.2.0

⚠️ Important Changes

Minor changes

v4.1.2

What's Changed

New Contributors

v4.1.1

What's Changed

Releases

4.2.0

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

4.0.0

3.4.0

3.3.3

v1.11.0

What's Changed

New Contributors

v6.10.0

v6.9.0

v6.8.0

v5.6.1

v5.6.0

v3.7.0

What's Changed

v0.17.9

Changes in v0.17.9

v0.17.8

Changes in v0.17.8

v0.17.7

Changes in v0.17.7

v0.17.6

Changes in v0.17.6

v0.17.5

Changes in v0.17.5

v0.17.4

Changes in v0.17.4

v0.17.3

Changes in v0.17.3

v6.1.0

What's Changed

New Contributors

v3.27.9

CodeQL Action Changelog

3.27.9 - 12 Dec 2024

v3.27.7

dependabot bot commented on behalf of github Dec 17, 2024 •

edited

Loading