Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v4.2.0
->v4.2.2
v4.6.0
->v4.6.1
v0.29.0
->0.30.0
0.7.3
->0.7.4
v5.3.1
->v5.4.0
v3.28.9
->v3.28.11
v6.1.0
->v6.2.1
v2.4.0
->v2.4.1
v2.22.0
->v2.22.2
v3.8.0
->v3.8.1
v2.0.0
->v2.1.0
v3.0.21
->v3.0.22
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/cache (actions/cache)
v4.2.2
Compare Source
What's Changed
Full Changelog: actions/cache@v4.2.1...v4.2.2
v4.2.1
Compare Source
What's Changed
New Contributors
Full Changelog: actions/cache@v4.2.0...v4.2.1
actions/upload-artifact (actions/upload-artifact)
v4.6.1
Compare Source
What's Changed
Full Changelog: actions/upload-artifact@v4...v4.6.1
aquasecurity/trivy-action (aquasecurity/trivy-action)
v0.30.0
Compare Source
What's Changed
New Contributors
Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0
projectcapsule/capsule (capsule)
v0.7.4
Compare Source
Changelog
🚀 Build process updates
b7a2072
: ci: generate seccomp profile within pipeline (#1325) (@alegrey91)Full Changelog: projectcapsule/capsule@v0.7.3...v0.7.4
Docker Images
ghcr.io/projectcapsule/capsule:0.7.4
ghcr.io/projectcapsule/capsule:latest
Helm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.7.4
Review the Major Changes section first before upgrading to a new version
Kubernetes compatibility
[!IMPORTANT]
Note that the Capsule project offers support only for the latest minor version of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors.
v1.31
>= 1.31.0
Thanks to all the contributors! 🚀 🦄
codecov/codecov-action (codecov/codecov-action)
v5.4.0
Compare Source
What's Changed
use_pypi
bypasses integrity checks too by @webknjaz in https://github.com/codecov/codecov-action/pull/1773Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0
github/codeql-action (github/codeql-action)
v3.28.11
Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.28.11 - 07 Mar 2025
See the full CHANGELOG.md for more information.
v3.28.10
Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.28.10 - 21 Feb 2025
See the full CHANGELOG.md for more information.
goreleaser/goreleaser-action (goreleaser/goreleaser-action)
v6.2.1
Compare Source
What's Changed
This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the
-pro
suffix).Older versions should work fine.
Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1
v6.2.0
Compare Source
What's Changed
This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the
-pro
suffix).Older versions should work fine.
Full Changelog: goreleaser/goreleaser-action@v6.1.0...v6.2.0
ossf/scorecard-action (ossf/scorecard-action)
v2.4.1
Compare Source
What's Changed
file_mode
input which controls how repository files are fetched from GitHub. The default isarchive
, butgit
produces the most accurate results for repositories with.gitattributes
files at the cost of analysis speed.--file-mode
by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1509Docs
New Contributors
Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1
securego/gosec (securego/gosec)
v2.22.2
Compare Source
Changelog
136f6c0
Update to go version 1.24.1 and 1.23.7 (#1313)047453a
chore(deps): update all dependencies (#1310)76ccee5
chore(deps): update all dependencies (#1308)a9eb1c9
Update gosec version in the GitHub action to v2.22.1 (#1307)89c5da3
chore(deps): update module google.golang.org/api to v0.221.0 (#1305)v2.22.1
Compare Source
Changelog
43fee88
Update cosign to v2.4.2 (#1303)7723829
Add support for go 1.24 and phased out support for go 1.22 (#1302)9552f03
chore(deps): update all dependencies (#1300)f4d2576
Update to go version 1.23.6 and 1.22.12 (#1299)2258e31
chore(deps): update module google.golang.org/api to v0.219.0 (#1296)fbb0833
chore(deps): update module google.golang.org/api to v0.218.0 (#1294)c66cb56
Add test to conver unit parssing for G115 rule (#1293)59291a0
Update to go version 1.23.5 and 1.22.11 (#1291)7466b7c
chore(deps): update all dependencies (#1290)32dcc8a
Update gosec in github action to 2.22.0 (#1286)sigstore/cosign-installer (sigstore/cosign-installer)
v3.8.1
Compare Source
What's Changed
Full Changelog: sigstore/cosign-installer@v3...v3.8.1
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)
v2.1.0
Compare Source
v2.1.0: Sigstore Bundles for Generic Generator and Go Builder
The workflows
generator_generic_slsa3.yml
andbuilder_go_slsa3.yml
have been updated to produce signed Sigstore Bundles, just like all the other builders
that use the BYOB framework.
The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on
https://search.sigstore.dev/.
v2.1.0: Vars context recorded in provenance
vars
context is now recorded in provenance for the generic andcontainer generators. The
vars
context cannot affect the build in the Gobuilder so it is not recorded.
zgosalvez/github-actions-ensure-sha-pinned-actions (zgosalvez/github-actions-ensure-sha-pinned-actions)
v3.0.22
Compare Source
What's Changed
Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v3...v3.0.22
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.