From 7990d7a867e8ccf780ffaac8d1e8d588239e48ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 02:16:43 +0000 Subject: [PATCH] Bump the github-actions-all group across 1 directory with 8 updates Bumps the github-actions-all group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.1` | `2.10.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.4.0` | `4.5.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.0` | `3.27.9` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.1.0` | `5.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.1.2` | `4.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.7.1` | `3.8.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.9.0` | `6.10.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.6.1` | Updates `step-security/harden-runner` from 2.10.1 to 2.10.2 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f) Updates `actions/dependency-review-action` from 4.4.0 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4081bf99e2866ebe428fc0477b69eb4fcda7220a...3b139cfc5fae8b618d3eae3675e383bb1769c019) Updates `github/codeql-action` from 3.27.0 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...df409f7d9260372bd5f19e5b04e83cb3c43714ae) Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed...3041bf56c941b39c61721a86cd11f3bb1338122a) Updates `actions/cache` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/6849a6489940f00c2f30c0fb92c6274307ccb58a...1bd1e32a3bdc45362d1e726936510720a7c30a57) Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) Updates `docker/build-push-action` from 6.9.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4f58ea79222b3b9dc2c8bbdd6debcef730109a75...48aba3b46d1b1fec4febb7c5d0c644b249a11355) Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/8e5442c4ef9f78752691e2d8f8d19755c6f78e81...369eb591f429131d6889c46b94e711f089e6ca96) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-all - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all ... Signed-off-by: dependabot[bot] --- .github/workflows/_build.yml | 2 +- .github/workflows/_dependency-review.yml | 4 ++-- .github/workflows/_labels.yml | 2 +- .github/workflows/_scorecards.yml | 4 ++-- .github/workflows/_stale-issues.yml | 2 +- .github/workflows/common-lint.yml | 6 +++--- .github/workflows/csv-to-json.yml | 2 +- .github/workflows/diagnostics.yml | 2 +- .github/workflows/docker-build-image.yml | 8 ++++---- .github/workflows/docker-metadata.yml | 4 ++-- .github/workflows/docker-multi-arch-push.yml | 2 +- .github/workflows/docker-publish-description.yml | 2 +- .github/workflows/docker-pytest-image.yml | 4 ++-- .github/workflows/sbom-artifact.yml | 2 +- 14 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 4fa6921..aa47bca 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -106,7 +106,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block diff --git a/.github/workflows/_dependency-review.yml b/.github/workflows/_dependency-review.yml index ef84b1c..933bd3e 100644 --- a/.github/workflows/_dependency-review.yml +++ b/.github/workflows/_dependency-review.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: block @@ -24,4 +24,4 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # tag=v4.4.0 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # tag=v4.5.0 diff --git a/.github/workflows/_labels.yml b/.github/workflows/_labels.yml index 4f144ec..b4c10f8 100644 --- a/.github/workflows/_labels.yml +++ b/.github/workflows/_labels.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/_scorecards.yml b/.github/workflows/_scorecards.yml index d94a0b3..642b59b 100644 --- a/.github/workflows/_scorecards.yml +++ b/.github/workflows/_scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: block @@ -79,6 +79,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # tag=codeql-bundle-v3.27.0 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # tag=codeql-bundle-v3.27.9 with: sarif_file: results.sarif diff --git a/.github/workflows/_stale-issues.yml b/.github/workflows/_stale-issues.yml index fcd48b2..f9acd51 100644 --- a/.github/workflows/_stale-issues.yml +++ b/.github/workflows/_stale-issues.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/common-lint.yml b/.github/workflows/common-lint.yml index cf2b33d..767020d 100644 --- a/.github/workflows/common-lint.yml +++ b/.github/workflows/common-lint.yml @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: block @@ -75,7 +75,7 @@ jobs: # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # tag=v5.1.0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # tag=v5.2.0 with: go-version: ${{ inputs.go_version }} @@ -89,7 +89,7 @@ jobs: run: | echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT - - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # tag=v4.1.2 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # tag=v4.2.0 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ py${{ inputs.python_version }}-\ diff --git a/.github/workflows/csv-to-json.yml b/.github/workflows/csv-to-json.yml index ae13a28..8873a92 100644 --- a/.github/workflows/csv-to-json.yml +++ b/.github/workflows/csv-to-json.yml @@ -23,7 +23,7 @@ jobs: json: ${{ steps.csv-to-json.outputs.json }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/diagnostics.yml b/.github/workflows/diagnostics.yml index 6cc5853..f61e2d5 100644 --- a/.github/workflows/diagnostics.yml +++ b/.github/workflows/diagnostics.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/docker-build-image.yml b/.github/workflows/docker-build-image.yml index 172fa8c..0019417 100644 --- a/.github/workflows/docker-build-image.yml +++ b/.github/workflows/docker-build-image.yml @@ -213,7 +213,7 @@ jobs: image_archive_name: ${{ steps.check_image_archive_key.outputs.file_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: audit @@ -225,7 +225,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # tag=v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # tag=v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # tag=v3.8.0 - name: Docker credentials available for push if: inputs.push == true @@ -372,7 +372,7 @@ jobs: - name: Build image for push if: inputs.push == true - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # tag=v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # tag=v6.10.0 with: build-args: ${{ steps.prepare-build-args.outputs.build_args }} cache-from: ${{ steps.cache_scopes.outputs.from }} @@ -387,7 +387,7 @@ jobs: - name: Build image for archive if: inputs.push == false - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # tag=v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # tag=v6.10.0 with: build-args: ${{ steps.prepare-build-args.outputs.build_args }} cache-from: ${{ steps.cache_scopes.outputs.from }} diff --git a/.github/workflows/docker-metadata.yml b/.github/workflows/docker-metadata.yml index 2e6620a..300b299 100644 --- a/.github/workflows/docker-metadata.yml +++ b/.github/workflows/docker-metadata.yml @@ -38,7 +38,7 @@ jobs: tags: ${{ steps.prep.outputs.tags }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -68,7 +68,7 @@ jobs: - name: Calculate Docker metadata id: docker_meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # tag=v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # tag=v5.6.1 with: flavor: | latest=false diff --git a/.github/workflows/docker-multi-arch-push.yml b/.github/workflows/docker-multi-arch-push.yml index 3f0e179..2f305b5 100644 --- a/.github/workflows/docker-multi-arch-push.yml +++ b/.github/workflows/docker-multi-arch-push.yml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: allowed-endpoints: > auth.docker.io:443 diff --git a/.github/workflows/docker-publish-description.yml b/.github/workflows/docker-publish-description.yml index 65c656e..37315b8 100644 --- a/.github/workflows/docker-publish-description.yml +++ b/.github/workflows/docker-publish-description.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker-pytest-image.yml b/.github/workflows/docker-pytest-image.yml index 3b8e01f..7ddb7b4 100644 --- a/.github/workflows/docker-pytest-image.yml +++ b/.github/workflows/docker-pytest-image.yml @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -108,7 +108,7 @@ jobs: python-version: ${{ inputs.python_version }} - name: Cache testing environments - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # tag=v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # tag=v4.2.0 env: BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ py${{ steps.setup-python.outputs.python-version }}-" diff --git a/.github/workflows/sbom-artifact.yml b/.github/workflows/sbom-artifact.yml index 2f83cd5..89a5093 100644 --- a/.github/workflows/sbom-artifact.yml +++ b/.github/workflows/sbom-artifact.yml @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # tag=v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # tag=v2.10.2 with: disable-sudo: true egress-policy: audit