Bump the github-actions-all group across 1 directory with 7 updates

Bumps the github-actions-all group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.1` | `2.10.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.4.0` | `4.5.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.0` | `3.27.7` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.1.0` | `5.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.1.2` | `4.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.9.0` | `6.10.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.6.1` | Updates `step-security/harden-runner` from 2.10.1 to 2.10.2 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@91182cc...0080882) Updates `actions/dependency-review-action` from 4.4.0 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4081bf9...3b139cf) Updates `github/codeql-action` from 3.27.0 to 3.27.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@6624720...babb554) Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@41dfa10...3041bf5) Updates `actions/cache` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6849a64...1bd1e32) Updates `docker/build-push-action` from 6.9.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4f58ea7...48aba3b) Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...369eb59) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-all - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all ... Signed-off-by: dependabot[bot] <support@github.com>
felddy · Dec 12, 2024 · d33bca1 · d33bca1
1 parent a7823d7
commit d33bca1
Show file tree

Hide file tree

Showing 14 changed files with 22 additions and 22 deletions.
diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml
@@ -106,7 +106,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
 

diff --git a/.github/workflows/_dependency-review.yml b/.github/workflows/_dependency-review.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -24,4 +24,4 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # tag=v4.2.2
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a  # tag=v4.4.0
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019  # tag=v4.5.0
diff --git a/.github/workflows/_labels.yml b/.github/workflows/_labels.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
           allowed-endpoints: >

diff --git a/.github/workflows/_scorecards.yml b/.github/workflows/_scorecards.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -79,6 +79,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd  # tag=codeql-bundle-v3.27.0
+        uses: github/codeql-action/upload-sarif@babb554ede22fd5605947329c4d04d8e7a0b8155  # tag=codeql-bundle-v3.27.7
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/_stale-issues.yml b/.github/workflows/_stale-issues.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

diff --git a/.github/workflows/common-lint.yml b/.github/workflows/common-lint.yml
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -75,7 +75,7 @@ jobs:
 
       # We need the Go version and Go cache location for the actions/cache step,
       # so the Go installation must happen before that.
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed  # tag=v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a  # tag=v5.2.0
         with:
           go-version: ${{ inputs.go_version }}
 
@@ -89,7 +89,7 @@ jobs:
         run: |
           echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT
 
-      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a  # tag=v4.1.2
+      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57  # tag=v4.2.0
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ inputs.python_version }}-\

diff --git a/.github/workflows/csv-to-json.yml b/.github/workflows/csv-to-json.yml
@@ -23,7 +23,7 @@ jobs:
       json: ${{ steps.csv-to-json.outputs.json }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
           allowed-endpoints: >

diff --git a/.github/workflows/diagnostics.yml b/.github/workflows/diagnostics.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
           allowed-endpoints: >

diff --git a/.github/workflows/docker-build-image.yml b/.github/workflows/docker-build-image.yml
@@ -213,7 +213,7 @@ jobs:
       image_archive_name: ${{ steps.check_image_archive_key.outputs.file_name }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: audit
@@ -372,7 +372,7 @@ jobs:
 
       - name: Build image for push
         if: inputs.push == true
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75  # tag=v6.9.0
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355  # tag=v6.10.0
         with:
           build-args: ${{ steps.prepare-build-args.outputs.build_args }}
           cache-from: ${{ steps.cache_scopes.outputs.from }}
@@ -387,7 +387,7 @@ jobs:
 
       - name: Build image for archive
         if: inputs.push == false
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75  # tag=v6.9.0
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355  # tag=v6.10.0
         with:
           build-args: ${{ steps.prepare-build-args.outputs.build_args }}
           cache-from: ${{ steps.cache_scopes.outputs.from }}

diff --git a/.github/workflows/docker-metadata.yml b/.github/workflows/docker-metadata.yml
@@ -38,7 +38,7 @@ jobs:
       tags: ${{ steps.prep.outputs.tags }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
           allowed-endpoints: >
@@ -68,7 +68,7 @@ jobs:
 
       - name: Calculate Docker metadata
         id: docker_meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81  # tag=v5.5.1
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96  # tag=v5.6.1
         with:
           flavor: |
             latest=false

diff --git a/.github/workflows/docker-multi-arch-push.yml b/.github/workflows/docker-multi-arch-push.yml
@@ -36,7 +36,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           allowed-endpoints: >
             auth.docker.io:443

diff --git a/.github/workflows/docker-publish-description.yml b/.github/workflows/docker-publish-description.yml
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: audit  # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/.github/workflows/docker-pytest-image.yml b/.github/workflows/docker-pytest-image.yml
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           egress-policy: block
           allowed-endpoints: >
@@ -108,7 +108,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
 
       - name: Cache testing environments
-        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a  # tag=v4.1.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57  # tag=v4.2.0
         env:
           BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
             py${{ steps.setup-python.outputs.python-version }}-"

diff --git a/.github/workflows/sbom-artifact.yml b/.github/workflows/sbom-artifact.yml
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7  # tag=v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f  # tag=v2.10.2
         with:
           disable-sudo: true
           egress-policy: audit