From b921611009f40b28329f307bf3b7cf897e79b69c Mon Sep 17 00:00:00 2001 From: "mazi-renovate[bot]" <161091290+mazi-renovate[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 19:42:26 +0000 Subject: [PATCH] ci(deps): update actions/checkout action from v4.1.1 to v4.1.5 (#725) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v4.1.1` -> `v4.1.5` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/actions/checkout/badge)](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout) | --- ### Release Notes
actions/checkout (actions/checkout) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) ##### What's Changed - Update NPM dependencies by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). Co-authored-by: mazi-renovate[bot] <161091290+mazi-renovate[bot]@users.noreply.github.com> --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/docker-publish.yml | 4 ++-- .github/workflows/publish-crates.yml | 2 +- .github/workflows/release-please.yml | 2 +- .github/workflows/renovate.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dc48747e..73c956ab 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -50,12 +50,12 @@ jobs: steps: - id: pr-checkout if: startsWith( needs.pre-deployment.outputs.branch, 'pull/' ) && endsWith( needs.pre-deployment.outputs.branch, '/merge' ) - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: refs/${{ env.BRANCH }} - if: steps.pr-checkout.conclusion == 'skipped' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: ${{ env.BRANCH }} diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index e215e05b..1cdd7513 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -58,7 +58,7 @@ jobs: if: matrix.target == 'x86_64-unknown-linux-musl' run: | sudo apt-get install -y musl-tools --no-install-recommends - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - uses: dtolnay/rust-toolchain@master with: toolchain: stable @@ -103,7 +103,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: sparse-checkout: | .github/files/build/Dockerfile diff --git a/.github/workflows/publish-crates.yml b/.github/workflows/publish-crates.yml index f91e369e..7538da54 100644 --- a/.github/workflows/publish-crates.yml +++ b/.github/workflows/publish-crates.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest permissions: {} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - uses: dtolnay/rust-toolchain@master with: toolchain: stable diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 18a99054..a3902eb0 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -142,7 +142,7 @@ jobs: runs-on: ubuntu-latest steps: # You have to check out your repo first. - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: sparse-checkout: "" sparse-checkout-cone-mode: false diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 53aacb8a..f8216b3a 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -34,7 +34,7 @@ jobs: name: Renovate runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 # This third party action allows you to download the cache artifact from different workflow runs # Note that actions/cache doesn't work well because the cache key would need to be computed from