From dc9549602e18d93557f9ee3b82cf076a9ac87452 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 21:30:31 +0000 Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 8 updates Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.6.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.3.0` | | [sigstore/sigstore-conformance](https://github.com/sigstore/sigstore-conformance) | `0.0.18` | `0.0.21` | | [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.4.7` | `1.5.7` | | [cpanato/vault-installer](https://github.com/cpanato/vault-installer) | `1.2.0` | `1.3.0` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.47.1` | `4.48.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `5.5.1` | Updates `docker/login-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/74a5d142397b4f367a81961eba4e8cd7edddf772...5e57cd118135c172c3672efd75eb46360885c0ef) Updates `actions/cache` from 4.2.3 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0057852bfaa89a56745cba8c7296529d2fc39830) Updates `sigstore/sigstore-conformance` from 0.0.18 to 0.0.21 - [Release notes](https://github.com/sigstore/sigstore-conformance/releases) - [Commits](https://github.com/sigstore/sigstore-conformance/compare/fd90e6b0f3046f2276a6659481de6df495dea3b9...244638a7a138ae9f6106cfe2d44a698eccd3bef7) Updates `chainguard-dev/actions` from 1.4.7 to 1.5.7 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Changelog](https://github.com/chainguard-dev/actions/blob/main/.goreleaser.yml) - [Commits](https://github.com/chainguard-dev/actions/compare/708219d4822f33611ac1a2653815cc10e1ab54a6...1b32103f5aa389c31ab0be75a8edc38d7e4750d8) Updates `cpanato/vault-installer` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/cpanato/vault-installer/releases) - [Commits](https://github.com/cpanato/vault-installer/compare/e7c1d664fa15219e89e43739e39a9df11ba00849...f7e2ad9737b49f351f233eba2df1bdfede939a21) Updates `mikefarah/yq` from 4.47.1 to 4.48.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/f03c9dc599c37bfcaf533427211d05e51e6fee64...0ecdce24e83f0fa127940334be98c86b07b0c488) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `codecov/codecov-action` from 5.4.3 to 5.5.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/18283e04ce6e62d37312384ff67231eb8fd56d24...5a1091511ad55cbe89839c7260b706298ca349f7) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/sigstore-conformance dependency-version: 0.0.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: chainguard-dev/actions dependency-version: 1.5.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: cpanato/vault-installer dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mikefarah/yq dependency-version: 4.48.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/conformance.yml | 2 +- .github/workflows/donotsubmit.yaml | 2 +- .github/workflows/e2e-tests.yml | 4 ++-- .github/workflows/kind-verify-attestation.yaml | 4 ++-- .github/workflows/scorecard-action.yml | 2 +- .github/workflows/tests.yaml | 10 +++++----- .github/workflows/whitespace.yaml | 4 ++-- 9 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 71b9de6c8c7..6f12888b93c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -68,7 +68,7 @@ jobs: run: gcloud auth configure-docker --quiet - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b9ec879d307..32a47835715 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -56,7 +56,7 @@ jobs: persist-credentials: false - name: Utilize Go Module Cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/go/pkg/mod diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index d64220099de..688acb21ad3 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -39,6 +39,6 @@ jobs: - run: make cosign conformance - - uses: sigstore/sigstore-conformance@fd90e6b0f3046f2276a6659481de6df495dea3b9 # v0.0.18 + - uses: sigstore/sigstore-conformance@244638a7a138ae9f6106cfe2d44a698eccd3bef7 # v0.0.21 with: entrypoint: ${{ github.workspace }}/conformance diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 43cdb3a4975..c2fb75c456b 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -40,4 +40,4 @@ jobs: persist-credentials: false - name: Do Not Submit - uses: chainguard-dev/actions/donotsubmit@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + uses: chainguard-dev/actions/donotsubmit@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index b8ceccc4247..4486c9ca9f8 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -94,7 +94,7 @@ jobs: persist-credentials: false - name: setup vault - uses: cpanato/vault-installer@e7c1d664fa15219e89e43739e39a9df11ba00849 # v1.2.0 + uses: cpanato/vault-installer@f7e2ad9737b49f351f233eba2df1bdfede939a21 # v1.3.0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: @@ -220,4 +220,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + uses: chainguard-dev/actions/kind-diag@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 diff --git a/.github/workflows/kind-verify-attestation.yaml b/.github/workflows/kind-verify-attestation.yaml index cddb4c31444..3990ddd00b1 100644 --- a/.github/workflows/kind-verify-attestation.yaml +++ b/.github/workflows/kind-verify-attestation.yaml @@ -65,7 +65,7 @@ jobs: - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Install yq - uses: mikefarah/yq@f03c9dc599c37bfcaf533427211d05e51e6fee64 # v4.47.1 + uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 - name: build cosign run: | @@ -156,7 +156,7 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + uses: chainguard-dev/actions/kind-diag@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 - name: Create vuln attestation for it run: | diff --git a/.github/workflows/scorecard-action.yml b/.github/workflows/scorecard-action.yml index 3083085cf82..4466239bc00 100644 --- a/.github/workflows/scorecard-action.yml +++ b/.github/workflows/scorecard-action.yml @@ -45,7 +45,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index d87b0bfd58b..a2f61b2bc14 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -45,7 +45,7 @@ jobs: with: persist-credentials: false # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: # In order: # * Module download cache @@ -67,7 +67,7 @@ jobs: - name: Run Go tests run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/) - name: Upload Coverage Report - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 with: env_vars: OS - name: Run Go tests w/ `-race` @@ -138,7 +138,7 @@ jobs: - name: check disk space run: df -h # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: # In order: # * Module download cache @@ -169,7 +169,7 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + uses: chainguard-dev/actions/kind-diag@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 e2e-windows-powershell-tests: name: Run PowerShell E2E tests @@ -186,7 +186,7 @@ jobs: check-latest: true # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: # In order: # * Module download cache diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index 525a9d3b776..f9714bd4de9 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -38,8 +38,8 @@ jobs: with: persist-credentials: false - - uses: chainguard-dev/actions/trailing-space@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + - uses: chainguard-dev/actions/trailing-space@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 if: ${{ always() }} - - uses: chainguard-dev/actions/eof-newline@708219d4822f33611ac1a2653815cc10e1ab54a6 # v1.4.7 + - uses: chainguard-dev/actions/eof-newline@1b32103f5aa389c31ab0be75a8edc38d7e4750d8 # v1.5.7 if: ${{ always() }}