Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all-ci-updates #652

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 11, 2025

This PR contains the following updates:

Package Type Update Change
actions/cache action patch v4.2.0 -> v4.2.2
actions/upload-artifact action patch v4.6.0 -> v4.6.1
aquasecurity/trivy-action action minor v0.29.0 -> 0.30.0
capsule patch 0.7.3 -> 0.7.4
codecov/codecov-action action minor v5.3.1 -> v5.4.0
github/codeql-action action patch v3.28.9 -> v3.28.11
goreleaser/goreleaser-action action minor v6.1.0 -> v6.2.1
ossf/scorecard-action action patch v2.4.0 -> v2.4.1
securego/gosec action patch v2.22.0 -> v2.22.2
sigstore/cosign-installer action patch v3.8.0 -> v3.8.1
slsa-framework/slsa-github-generator action minor v2.0.0 -> v2.1.0
zgosalvez/github-actions-ensure-sha-pinned-actions action patch v3.0.21 -> v3.0.22

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

actions/cache (actions/cache)

v4.2.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

New Contributors

Full Changelog: actions/cache@v4.2.0...v4.2.1

actions/upload-artifact (actions/upload-artifact)

v4.6.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.1

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.30.0

Compare Source

What's Changed
New Contributors

Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0

projectcapsule/capsule (capsule)

v0.7.4

Compare Source

Changelog

🚀 Build process updates

Full Changelog: projectcapsule/capsule@v0.7.3...v0.7.4

Docker Images

  • ghcr.io/projectcapsule/capsule:0.7.4
  • ghcr.io/projectcapsule/capsule:latest

Helm Chart
View this release on Artifact Hub or use the OCI helm chart:

  • ghcr.io/projectcapsule/charts/capsule:0.7.4

Review the Major Changes section first before upgrading to a new version

Kubernetes compatibility

[!IMPORTANT]
Note that the Capsule project offers support only for the latest minor version of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors.

Kubernetes version Minimum required
v1.31 >= 1.31.0

Thanks to all the contributors! 🚀 🦄

codecov/codecov-action (codecov/codecov-action)

v5.4.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

github/codeql-action (github/codeql-action)

v3.28.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025
  • Update default CodeQL bundle version to 2.20.6. #​2793

See the full CHANGELOG.md for more information.

v3.28.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025
  • Update default CodeQL bundle version to 2.20.5. #​2772
  • Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #​2768

See the full CHANGELOG.md for more information.

goreleaser/goreleaser-action (goreleaser/goreleaser-action)

v6.2.1

Compare Source

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix).
Older versions should work fine.

[!WARNING]
This version is required for GoReleaser Pro v2.7.0+.
Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

v6.2.0

Compare Source

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix).
Older versions should work fine.

[!WARNING]
This version is required for GoReleaser Pro v2.7.0+.
Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.1.0...v6.2.0

ossf/scorecard-action (ossf/scorecard-action)

v2.4.1

Compare Source

What's Changed

Docs

New Contributors

securego/gosec (securego/gosec)

v2.22.2

Compare Source

Changelog

v2.22.1

Compare Source

Changelog

sigstore/cosign-installer (sigstore/cosign-installer)

v3.8.1

Compare Source

What's Changed

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

v2.1.0

Compare Source

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml
have been updated to produce signed Sigstore Bundles, just like all the other builders
that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on
https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance
  • Updated: GitHub vars context is now recorded in provenance for the generic and
    container generators. The vars context cannot affect the build in the Go
    builder so it is not recorded.
zgosalvez/github-actions-ensure-sha-pinned-actions (zgosalvez/github-actions-ensure-sha-pinned-actions)

v3.0.22

Compare Source

What's Changed

Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v3...v3.0.22


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

codecov bot commented Feb 11, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 0.00%. Comparing base (dbab8d1) to head (3a018ce).

Additional details and impacted files
@@          Coverage Diff          @@
##            main    #652   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files          1       1           
  Lines        271     271           
=====================================
  Misses       271     271           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/all-ci-updates branch 3 times, most recently from 1e503cc to d38d190 Compare February 18, 2025 19:44
@renovate renovate bot force-pushed the renovate/all-ci-updates branch 4 times, most recently from bb4fc58 to dd06dbe Compare February 27, 2025 22:03
@renovate renovate bot force-pushed the renovate/all-ci-updates branch 2 times, most recently from e40b9bd to d40a18e Compare March 7, 2025 19:35
@renovate renovate bot force-pushed the renovate/all-ci-updates branch from d40a18e to 3a018ce Compare March 14, 2025 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants