From 3b7cc3dcd9f5f6505e9db3faad8c0ad300d8afcf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 07:01:54 +0000 Subject: [PATCH] build(deps): bump the github-actions group across 1 directory with 8 updates Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.9` | `4.31.2` | | [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.33.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.5.0` | `3.6.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `4.0.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8.0.0` | `9.0.0` | Updates `actions/setup-go` from 5.5.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/d35c59abb061a4a6fb18e82ac0862c26744d6ab5...44694675825211faa026b3c33043df3e48a5fa00) Updates `github/codeql-action` from 3.29.9 to 4.31.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df559355d593797519d70b90fc8edd5db049e7a2...0499de31b99561a6d14a36a5f662c2a54f91beee) Updates `actions/cache` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830) Updates `aquasecurity/trivy-action` from 0.32.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/dc5a429b52fcf669ce959baa2c2dd26090d2a6c4...b6643a29fecd7f34b3597bc6acb0a98b03d33ff8) Updates `docker/login-action` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/184bdaa0721073962dff0199f1fb9940f07167d1...5e57cd118135c172c3672efd75eb46360885c0ef) Updates `sigstore/cosign-installer` from 3.9.2 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d58896d6a1865668819e1d91763c7751a165e159...faadad0cce49287aee09b3a48701e75088a2c6ad) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `golangci/golangci-lint-action` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/4afd733a84b1f43292c63897423277bb7f4313a9...0a35821d5c230e903fcfe077583637dea1b27b47) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/lib-build.yaml | 2 +- .github/workflows/lib-codeql.yaml | 6 +++--- .github/workflows/lib-publish.yaml | 12 ++++++------ .github/workflows/lib-scorecard.yaml | 4 ++-- .github/workflows/lib-trivy.yaml | 8 ++++---- .github/workflows/lib-validate.yaml | 8 ++++---- .github/workflows/trivy-periodic.yaml | 4 ++-- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml index 8a6f3e4be..cd25d753c 100644 --- a/.github/workflows/lib-build.yaml +++ b/.github/workflows/lib-build.yaml @@ -40,7 +40,7 @@ jobs: builder: [buildah, docker] steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml index 2cfad3d3b..b698d2c29 100644 --- a/.github/workflows/lib-codeql.yaml +++ b/.github/workflows/lib-codeql.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true @@ -29,11 +29,11 @@ jobs: sudo apt-get update sudo apt-get install -y libze1 libze-dev - name: Initialize CodeQL - uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3 + uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3 with: languages: 'go' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3 + uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3 with: category: "/language:go" diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index e2eb8014f..91bbde011 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -29,7 +29,7 @@ jobs: sudo systemctl stop clamav-freshclam.service sudo freshclam - name: Cache clamav databases - uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /var/lib/clamav key: clamav-${{ github.run_id }} @@ -58,7 +58,7 @@ jobs: - intel-idxd-config-initcontainer steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true @@ -69,7 +69,7 @@ jobs: run: | ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker - name: Trivy scan for image - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: image image-ref: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} @@ -79,7 +79,7 @@ jobs: sudo mkdir -p /var/lib/clamav sudo chmod a+rwx /var/lib/clamav - name: Retrieve AV database - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /var/lib/clamav key: clamav-${{ github.run_id }} @@ -99,7 +99,7 @@ jobs: if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }} run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker - name: Login - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} @@ -112,7 +112,7 @@ jobs: echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT - name: Install cosign if: ${{ inputs.image_tag != 'devel' }} - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 #v3.9.2 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0 - name: Keyless image sign if: ${{ inputs.image_tag != 'devel' }} run: | diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml index 8465b26fb..8251e7d65 100644 --- a/.github/workflows/lib-scorecard.yaml +++ b/.github/workflows/lib-scorecard.yaml @@ -20,12 +20,12 @@ jobs: with: persist-credentials: false - name: "Analyze project" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif publish_results: true - name: "Upload results to security" - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3 + uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/lib-trivy.yaml b/.github/workflows/lib-trivy.yaml index 4b044b24c..7abb9a197 100644 --- a/.github/workflows/lib-trivy.yaml +++ b/.github/workflows/lib-trivy.yaml @@ -32,7 +32,7 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - name: Run Trivy in config mode for deployments - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: config scan-ref: deployments/ @@ -50,7 +50,7 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - name: Run Trivy in config mode for dockerfiles - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: config scan-ref: build/docker/ @@ -64,7 +64,7 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - name: Run Trivy in fs mode - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: fs scan-ref: . @@ -81,7 +81,7 @@ jobs: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - name: Run Trivy in fs mode - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: fs scan-ref: . diff --git a/.github/workflows/lib-validate.yaml b/.github/workflows/lib-validate.yaml index fd767009e..c502adb93 100644 --- a/.github/workflows/lib-validate.yaml +++ b/.github/workflows/lib-validate.yaml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true @@ -44,7 +44,7 @@ jobs: sudo apt-get update sudo apt-get install -y libze1 libze-dev - name: golangci-lint - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v7 + uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47 # v7 with: version: v2.4.0 args: -v --timeout 5m @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true @@ -82,7 +82,7 @@ jobs: - 1.33.x steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5 with: go-version-file: go.mod check-latest: true diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml index 5404c53f0..b743e04bb 100644 --- a/.github/workflows/trivy-periodic.yaml +++ b/.github/workflows/trivy-periodic.yaml @@ -22,7 +22,7 @@ jobs: - name: Run Trivy in fs mode # Don't fail in case of vulnerabilities, report them in the next step continue-on-error: true - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: scan-type: fs scan-ref: . @@ -31,6 +31,6 @@ jobs: format: sarif output: trivy-report.sarif - name: Upload sarif report to GitHub Security tab - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3 + uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3 with: sarif_file: trivy-report.sarif