ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #208

dependabot · 2024-05-06T06:55:31Z

Bumps the patch-minor-dependencies group with 16 updates in the / directory:

Package	From	To
actions/checkout	`4.1.1`	`4.1.4`
github/codeql-action	`3.23.1`	`3.25.3`
actions/setup-java	`4.0.0`	`4.2.1`
taiki-e/install-action	`2.26.7`	`2.33.16`
actions/dependency-review-action	`4.0.0`	`4.3.2`
aws-actions/configure-aws-credentials	`4.0.1`	`4.0.2`
zgosalvez/github-actions-ensure-sha-pinned-actions	`3.0.3`	`3.0.5`
gitleaks/gitleaks-action	`2.3.2`	`2.3.4`
anchore/scan-action	`3.6.1`	`3.6.4`
ncipollo/release-action	`1.13.0`	`1.14.0`
actions/upload-artifact	`4.2.0`	`4.3.3`
aquasecurity/trivy-action	`0.16.1`	`0.19.0`
hashicorp/setup-terraform	`3.0.0`	`3.1.0`
actions/cache	`4.0.0`	`4.0.2`
actions/setup-node	`4.0.1`	`4.0.2`
trunk-io/trunk-action	`1.1.9`	`1.1.13`

Updates actions/checkout from 4.1.1 to 4.1.4

Release notes

Sourced from actions/checkout's releases.

v4.1.4

What's Changed

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Full Changelog: actions/checkout@v4.1.3...v4.1.4

v4.1.3

What's Changed

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

We are investigating the following issue with this release and have rolled-back the v4 tag to point to v4.1.1

sparse-checkout is not available on git versions prior to 2.27.0 (see actions/checkout#1651)

What's Changed

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

Bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in actions/checkout#1406

Bump @babel/traverse from 7.20.5 to 7.24.0 by @dependabot in actions/checkout#1642

New Contributors

@jww3 made their first contribution in actions/checkout#1616

Full Changelog: actions/checkout@v4.1.1...v4.1.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

Fix slow checkout on Windows

v3.5.0

Add new public key for known_hosts

v3.4.0

Upgrade codeql actions to v2

Upgrade dependencies

Upgrade @actions/io

... (truncated)

Commits

0ad4b8f Prep Release v4.1.4 (#1704)
43045ae Disable extensions.worktreeConfig when disabling sparse-checkout (#1692)
37b0821 Bump the minor-actions-dependencies group with 2 updates (#1693)
9839dc1 Add dependabot config (#1688)
9b4c13b Bump word-wrap from 1.2.3 to 1.2.5 (#1643)
1d96c77 Add SSH user parameter (#1685)
cd7d8d6 Check git version before attempting to disable sparse-checkout (#1656)
8410ad0 Update actions/checkout version in update-main-version.yml (#1650)
9bb5618 Prep for release of v4.1.2 (#1649)
8eb1f6a Bump @babel/traverse from 7.20.5 to 7.24.0 (#1642)
Additional commits viewable in compare view

Updates github/codeql-action from 3.23.1 to 3.25.3

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.3 - 25 Apr 2024

Update default CodeQL bundle version to 2.17.1. #2247

Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235

Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

As a result, the following inputs and environment variables are now ignored:

The setup-python-dependencies input to the init Action

The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable

We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.

Automatically overwrite an existing database if found on the filesystem. #2229

Bump the minimum CodeQL bundle version to 2.12.6. #2232

A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234

3.24.10 - 05 Apr 2024

Update default CodeQL bundle version to 2.17.0. #2219

Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. #2220

If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.24.10 and github/codeql-action/*@v2 by github/codeql-action/*@v2.24.10 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.24.9 - 22 Mar 2024

Update default CodeQL bundle version to 2.16.5. #2203

3.24.8 - 18 Mar 2024

... (truncated)

Commits

d39d31e Merge pull request #2262 from github/update-v3.25.3-ac2f82a1f
a727825 Move changenote to most recent section
1efa859 Update changelog for v3.25.3
ac2f82a Log warning if SIP is disabled and CLI version is < 2.15.1 (#2261)
0ad7791 Merge pull request #2247 from github/update-bundle/codeql-bundle-v2.17.1
79d9ee7 Merge branch 'main' into update-bundle/codeql-bundle-v2.17.1
dbf2b17 Merge pull request #2255 from github/mergeback/v3.25.2-to-main-8f596b4a
ff6a3c4 Update checked-in dependencies
619dc0c Update changelog and version after v3.25.2
8f596b4 Merge pull request #2254 from github/update-v3.25.2-4909c1ffb
Additional commits viewable in compare view

Updates actions/setup-java from 4.0.0 to 4.2.1

Release notes

Sourced from actions/setup-java's releases.

v4.2.1

What's Changed

Patch for java version file to accept it from any path by @mahabaleshwars in actions/setup-java#610

Full Changelog: actions/setup-java@v4...v4.2.1

v4.2.0

What's Changed

Updated actions/httpclient version to 2.2.1 and other dependencies by @HarithaVattikuti in actions/setup-java#607

Added .tool-versions file support along with .java-version file by @mahabaleshwars in actions/setup-java#606

New Contributors

@HarithaVattikuti made their first contribution in actions/setup-java#607 Full Changelog: actions/setup-java@v4...v4.2.0

V4.1.0

What's Changed

Added Windows Arm64 Support for Windows Arm64 Runners by @mahabaleshwars in actions/setup-java#595

feat: bump actions/checkout and actions/setup-java to v4 by @kbdharun in actions/setup-java#533

Handle authorization when the token is undefined by @peter-murray in actions/setup-java#556

Documentation update of Java 21 by @Okeanos in actions/setup-java#566

Documentation update about maven-gpg-plugin version note by @IvanZosimov in actions/setup-java#570

Oracle JDK 21 support by @jdubois in actions/setup-java#538

Fix typo in configuration example by @Bananeweizen in actions/setup-java#572

New Contributors

@kbdharun made their first contribution in actions/setup-java#533

@peter-murray made their first contribution in actions/setup-java#556

@jdubois made their first contribution in actions/setup-java#538

@Bananeweizen made their first contribution in actions/setup-java#572

@mahabaleshwars made their first contribution in actions/setup-java#595

Full Changelog: actions/setup-java@v4...v4.1.0

Commits

99b8673 Patch for java version file (#610)
5896cec Added .tool-versions file support (#606)
80ae3c2 Update httpclient version and other dependencies (#607)
9704b39 Added Windows Arm64 Support for Windows Arm64 Runners (#595)
7a445ee Fix typo in configuration example (#572)
3232623 Oracle JDK 21 support (#538)
c0660d8 docs: add note about maven-gpg-plugin version (#570)
2f7af1b make it clear that Java 21 is supported (#566)
16ef37f HTTP errors when the token is undefined (#556)
a237454 feat: bump actions/checkout and actions/setup-java to v4 (#533)
See full diff in compare view

Updates taiki-e/install-action from 2.26.7 to 2.33.16

Release notes

Sourced from taiki-e/install-action's releases.

2.33.16

Update cargo-make@latest to 0.37.12.

2.33.15

Update wasmtime@latest to 20.0.1.

2.33.14

Update cargo-deny@latest to 0.14.23.

Support cargo-deny on aarch64 Linux.

2.33.13

Update cargo-tarpaulin@latest to 0.29.1.

Update cargo-binstall@latest to 1.6.5.

2.33.12

Update cargo-tarpaulin@latest to 0.29.0.

2.33.11

Update typos@latest to 1.21.0.

2.33.10

Update biome@latest to 1.7.2.

2.33.9

Update syft@latest to 1.3.0.

2.33.8

Update cargo-spellcheck@latest to 0.14.0.

2.33.7

Update typos@latest to 1.20.10.

2.33.6

Update cargo-deny@latest to 0.14.22.

2.33.5

Update wasmtime@latest to 20.0.0.

2.33.4

Update biome@latest to 1.7.1.

2.33.3

Update sccache@latest to 0.8.0.

2.33.2

Update parse-changelog@latest to 0.6.8.

2.33.1

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.33.16] - 2024-05-04

Update cargo-make@latest to 0.37.12.

[2.33.15] - 2024-05-04

Update wasmtime@latest to 20.0.1.

[2.33.14] - 2024-05-03

Update cargo-deny@latest to 0.14.23.

Support cargo-deny on aarch64 Linux.

[2.33.13] - 2024-05-03

Update cargo-tarpaulin@latest to 0.29.1.

Update cargo-binstall@latest to 1.6.5.

[2.33.12] - 2024-05-01

Update cargo-tarpaulin@latest to 0.29.0.

[2.33.11] - 2024-04-30

Update typos@latest to 1.21.0.

[2.33.10] - 2024-04-30

Update biome@latest to 1.7.2.

[2.33.9] - 2024-04-26

Update syft@latest to 1.3.0.

[2.33.8] - 2024-04-24

... (truncated)

Commits

672949f Release 2.33.16
ac1dc7f Update cargo-make@latest to 0.37.12
b635b8d Release 2.33.15
4bb5895 Update wasmtime@latest to 20.0.1
22c308f Release 2.33.14
7bcbbdb Support cargo-deny on aarch64 Linux
0884b6d Update cargo-deny@latest to 0.14.23
fb6a8a2 Release 2.33.13
8de347c Update cargo-tarpaulin@latest to 0.29.1
b780471 Update cargo-binstall@latest to 1.6.5
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.0.0 to 4.3.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.3.2

What's Changed

Fix package-url parsing for allow-dependencies-licenses by @juxtin in actions/dependency-review-action#761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See actions/dependency-review-action#753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

New Features

The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

Fix action variable name for scorecard by @lukehinds in actions/dependency-review-action#735

Fix extra https:// in summary by @jhutchings1 in actions/dependency-review-action#748

Bump typescript from 5.3.3 to 5.4.5 by @dependabot in actions/dependency-review-action#744

Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in actions/dependency-review-action#737

Show denied packages with red X by @juxtin in actions/dependency-review-action#750

deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in actions/dependency-review-action#733

New Contributors

@bteng22 made their first contribution in actions/dependency-review-action#733

@lukehinds made their first contribution in actions/dependency-review-action#735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

4.2.5

What's Changed

Fixed a bug where some configuration options in external files were not being properly picked up -- actions/dependency-review-action#722

Bump eslint from 8.56.0 to 8.57.0

Full Changelog: actions/dependency-review-action@v4.2.4...v4.2.5

v4.2.4

What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

New Contributors

@sporkmonger made their first contribution in actions/dependency-review-action#721

Full Changelog: actions/dependency-review-action@v4.2.3...v4.2.4

4.2.3

... (truncated)

Commits

0c155c5 Merge pull request #762 from actions/juxtin/prepare-4.3.2
f3dac32 Merge pull request #761 from actions/juxtin/fix-allow-dependencies-licenses
d0d5cc3 Update version number to 4.3.2
49fbbe0 Fix package-url parsing for allow-dependencies-licenses
e58c696 Merge pull request #758 from actions/juxtin/prepare-4.3.1
9b7c72d Change version to 4.3.1
7dcfabf Merge pull request #753 from actions/juxtin/debug-purl
5f0808f Validate that deny-packages purls are complete
fcc66c2 Refine purl parsing and tests
1dd418b Basic tests for PURL validation in config
Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v4.0.2

See the changelog for details about the changes included in this release.

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

4.0.2 (2024-02-09)

Revert 4.0.1 to remove warning

4.0.1 (2023-10-03)

Documentation

Throw a warning when customers use long-term credentials.

4.0.0 (2023-09-11)

Upgraded runtime to node20 from node16

3.0.2 (2023-09-07)

Bug Fixes

fixes #817 #819: validation logic throwing unwanted errors d78f55b

3.0.1 (2023-08-24)

Features

Can configure special-characters-workaround to keep retrying credentials if the returned credentials have special characters (Fixes #599)

Bug Fixes

Fixes #792: Action fails when intending to use existing credentials

Minor typo fix from @ubaid-ansari21

Changes to existing functionality

Special characters are now allowed in returned credential variables unless you configure the special-characters-workaround option

3.0.0 (2023-08-21)

Features

Can configure max-retries and disable-retry to modify retry functionality when the assume role call fails

Set returned credentials as step outputs with output-credentials

Clear AWS related environment variables at the start of the action with unset-current-credentials

Unique role identifier is now printed in the workflow logs

Bug Fixes

Can't use credentials if they contain a special character

Retry functionality added when generating the JWT fails

Can now use webIdentityTokenFile option

Branch name validation too strict

JS SDK v2 deprecation warning in workflow logs

... (truncated)

Commits

e3dd6a4 chore: Bump @types/jest from 29.5.11 to 29.5.12 (#1000)
c6c400f chore: Bump @types/node from 20.11.5 to 20.11.16 (#999)
c38ab41 chore: Bump prettier from 3.2.4 to 3.2.5 (#998)
2071ebe chore: Bump @types/node from 20.11.3 to 20.11.5 (#986)
44112af chore: Update dist
492c455 chore: Bump @aws-sdk/client-sts from 3.490.0 to 3.496.0 (#982)
13e074e chore: Update dist
5a676ce chore: Bump @smithy/property-provider from 2.0.17 to 2.1.1 (#985)
e43a696 chore: Bump ts-jest from 29.1.1 to 29.1.2 (#983)
eb98af5 chore: Bump prettier from 3.2.2 to 3.2.4 (#981)
Additional commits viewable in compare view

Updates zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.3 to 3.0.5

Release notes

Sourced from zgosalvez/github-actions-ensure-sha-pinned-actions's releases.

v3.0.5

What's Changed

Bump eslint from 9.0.0 to 9.1.0 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#150

Bump eslint from 9.1.0 to 9.1.1 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#151

Bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#152

Bump actions/checkout from 4.1.2 to 4.1.4 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#153

Bump zgosalvez/github-actions-get-action-runs-using-version from 2.0.3 to 2.0.4 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#154

Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v3.0.4...v3.0.5

v3.0.4

What's Changed

Update dependencies by @zgosalvez in zgosalvez/github-actions-ensure-sha-pinned-actions#146

Bump zgosalvez/github-actions-get-action-runs-using-version from 2.0.1 to 2.0.3 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#138

Bump actions/setup-node from 4.0.0 to 4.0.2 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#143

Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#148

Bump actions/cache from 3.3.2 to 4.0.2 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#147

Bump eslint from 8.57.0 to 9.0.0 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#149

Bump yaml from 2.3.4 to 2.4.1 by @dependabot in zgosalvez/github-actions-ensure-sha-pinned-actions#145

Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v3.0.3...v3.0.4

Commits

40e45e7 Bump zgosalvez/github-actions-get-action-runs-using-version (#154)
8209f07 Bump actions/checkout from 4.1.2 to 4.1.4 (#153)
96ca778 Bump stefanzweifel/git-auto-commit-action from 5.0.0 to 5.0.1 (#152)
347a9da Bump eslint from 9.1.0 to 9.1.1 (#151)
0ccf1a2 Bump eslint from 9.0.0 to 9.1.0 (#150)
19ebcb0 Bump yaml from 2.3.4 to 2.4.1 (#145)
95b5ec8 Bump eslint from 8.57.0 to 9.0.0 (#149)
d910129 Bump actions/cache from 3.3.2 to 4.0.2 (#147)
5e73513 Bump actions/checkout from 4.1.1 to 4.1.2 (#148)
2682f52 Bump actions/setup-node from 4.0.0 to 4.0.2 (#143)
Additional commits viewable in compare view

Updates gitleaks/gitleaks-action from 2.3.2 to 2.3.4

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v2.3.4

Full Changelog: gitleaks/gitleaks-action@v2.3.3...v2.3.4

v2.3.3

What's Changed

bump gitleaks version by @zricethezav in gitleaks/gitleaks-action#111

Document GITLEAKS_VERSION env var by @spaze in gitleaks/gitleaks-action#123

Upgrade from 'node16' to 'node20' by @ericcornelissen in gitleaks/gitleaks-action#134

New Contributors

@spaze made their first contribution in gitleaks/gitleaks-action#123

Full Changelog: gitleaks/gitleaks-action@v2.3.2...v2.3.3

Commits

e6dab24 provide the build
cb7149a Merge pull request #134 from ericcornelissen/patch-1
a00e16e Upgrade from 'node16' to 'node20'
4df6500 Merge pull request #123 from spaze/patch-1
dc199d1 Document GITLEAKS_VERSION env var
d3511a7 Update README.md
3da0f07 update readme
fb6e139 Merge pull request #111 from gitleaks/bump-gitleaks-version-8.16.1
9eb17ac bump gitleaks version
See full diff in compare view

Updates anchore/scan-action from 3.6.1 to 3.6.4

Release notes

Sourced from anchore/scan-action's releases.

v3.6.4

New in scan-action v3.6.4

Update Grype to v0.74.4 (#279) [anchore-actions-token-generator]

v3.6.3

New in scan-action v3.6.3

chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#278) [spiffcs]

v3.6.2

New in scan-action v3.6.2

chore(deps): update Grype to v0.74.3 (#275) [anchore-actions-token-generator]

Commits

3343887 chore(deps): update Grype to v0.74.4 (#279)
1c57367 chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#278)
a9603d0 chore(deps): update Grype to v0.74.3 (#275)
See full diff in compare view

Updates ncipollo/release-action from 1.13.0 to 1.14.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.14.0

What's Changed

Bump semver from 6.3.0 to 6.3.1 by @dependabot in ncipollo/release-action#350

Bump actions/checkout from 3 to 4 by @dependabot in ncipollo/release-action#364

Bump glob from 10.3.1 to 10.3.4 by @dependabot in ncipollo/release-action#361

Bump jest-circus from 29.5.0 to 29.6.4 by @dependabot in ncipollo/release-action#359

Bump typescript from 5.1.6 to 5.2.2 by @dependabot in ncipollo/release-action#362

Bump @types/node from 20.3.3 to 20.6.0 by @dependabot in ncipollo/release-action#366

Bump jest and @types/jest by @dependabot in ncipollo/release-action#367

Bump @babel/traverse from 7.17.3 to 7.23.2 by @dependabot in ncipollo/release-action#378

Bump jest and @types/jest by @dependabot in ncipollo/release-action#377

Bump jest-circus from 29.6.4 to 29.7.0 by @dependabot in ncipollo/release-action#376

Bump @types/node from 20.6.0 to 20.8.6 by @dependabot in ncipollo/release-action#379

Bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in ncipollo/release-action#375

Bump @types/jest from 29.5.5 to 29.5.7 by @dependabot in ncipollo/release-action#386

Bump actions/setup-node from 3 to 4 by @dependabot in ncipollo/release-action#381

Bump @types/node from 20.8.6 to 20.9.0 by @dependabot in ncipollo/release-action#390

Bump typescript from 5.2.2 to 5.3.2 by @dependabot in ncipollo/release-action#396

Bump @types/node from 20.9.0 to 20.10.1 by @dependabot in ncipollo/release-action#395

Bump @types/jest from 29.5.7 to 29.5.11 by @dependabot in ncipollo/release-action#399

Bump @actions/github from 5.1...
Description has been truncated

…6 updates Bumps the patch-minor-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.1.4` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.23.1` | `3.25.3` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.0.0` | `4.2.1` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.26.7` | `2.33.16` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.0.0` | `4.3.2` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.0.1` | `4.0.2` | | [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `3.0.3` | `3.0.5` | | [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.2` | `2.3.4` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `3.6.1` | `3.6.4` | | [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.13.0` | `1.14.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.2.0` | `4.3.3` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.16.1` | `0.19.0` | | [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `3.0.0` | `3.1.0` | | [actions/cache](https://github.com/actions/cache) | `4.0.0` | `4.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.1` | `4.0.2` | | [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action) | `1.1.9` | `1.1.13` | Updates `actions/checkout` from 4.1.1 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...0ad4b8f) Updates `github/codeql-action` from 3.23.1 to 3.25.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0b21cf2...d39d31e) Updates `actions/setup-java` from 4.0.0 to 4.2.1 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@387ac29...99b8673) Updates `taiki-e/install-action` from 2.26.7 to 2.33.16 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@bee85d7...672949f) Updates `actions/dependency-review-action` from 4.0.0 to 4.3.2 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4901385...0c155c5) Updates `aws-actions/configure-aws-credentials` from 4.0.1 to 4.0.2 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@010d0da...e3dd6a4) Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 3.0.3 to 3.0.5 - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328...40e45e7) Updates `gitleaks/gitleaks-action` from 2.3.2 to 2.3.4 - [Release notes](https://github.com/gitleaks/gitleaks-action/releases) - [Commits](gitleaks/gitleaks-action@1f2d10f...e6dab24) Updates `anchore/scan-action` from 3.6.1 to 3.6.4 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](anchore/scan-action@c35e932...3343887) Updates `ncipollo/release-action` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@6c75be8...2c591bc) Updates `actions/upload-artifact` from 4.2.0 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@694cdab...6546280) Updates `aquasecurity/trivy-action` from 0.16.1 to 0.19.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@d43c1f1...d710430) Updates `hashicorp/setup-terraform` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](hashicorp/setup-terraform@a1502cd...97f030c) Updates `actions/cache` from 4.0.0 to 4.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@13aacd8...0c45773) Updates `actions/setup-node` from 4.0.1 to 4.0.2 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@b39b52d...60edb5d) Updates `trunk-io/trunk-action` from 1.1.9 to 1.1.13 - [Release notes](https://github.com/trunk-io/trunk-action/releases) - [Commits](trunk-io/trunk-action@97ecd21...da67635) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: taiki-e/install-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: aws-actions/configure-aws-credentials dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: gitleaks/gitleaks-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: ncipollo/release-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-minor dependency-group: patch-minor-dependencies - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies - dependency-name: trunk-io/trunk-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-minor-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-05-13T06:26:19Z

Superseded by #209.

dependabot bot requested a review from aps831 as a code owner May 6, 2024 06:55

dependabot bot added github_actions Update to Github actions no_ci_cd_run Do not run Github actions labels May 6, 2024

dependabot bot assigned aps831 May 6, 2024

dependabot bot mentioned this pull request May 6, 2024

ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #207

Closed

dependabot bot closed this May 13, 2024

dependabot bot deleted the dependabot/github_actions/patch-minor-dependencies-3881f118a4 branch May 13, 2024 06:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #208

ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #208

dependabot bot commented on behalf of github May 6, 2024 •

edited

dependabot bot commented on behalf of github May 13, 2024

ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #208

ci: bump the patch-minor-dependencies group across 1 directory with 16 updates #208

Conversation

dependabot bot commented on behalf of github May 6, 2024 • edited

v4.1.4

What's Changed

v4.1.3

What's Changed

v4.1.2

What's Changed

New Contributors

Changelog

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

CodeQL Action Changelog

[UNRELEASED]

3.25.3 - 25 Apr 2024

3.25.2 - 22 Apr 2024

3.25.1 - 17 Apr 2024

3.25.0 - 15 Apr 2024

3.24.10 - 05 Apr 2024

3.24.9 - 22 Mar 2024

3.24.8 - 18 Mar 2024

v4.2.1

What's Changed

v4.2.0

What's Changed

New Contributors

V4.1.0

What's Changed

New Contributors

2.33.16

2.33.15

2.33.14

2.33.13

2.33.12

2.33.11

2.33.10

2.33.9

2.33.8

2.33.7

2.33.6

2.33.5

2.33.4

2.33.3

2.33.2

2.33.1

Changelog

[Unreleased]

[2.33.16] - 2024-05-04

[2.33.15] - 2024-05-04

[2.33.14] - 2024-05-03

[2.33.13] - 2024-05-03

[2.33.12] - 2024-05-01

[2.33.11] - 2024-04-30

[2.33.10] - 2024-04-30

[2.33.9] - 2024-04-26

[2.33.8] - 2024-04-24

v4.3.2

What's Changed

v4.3.1

What's Changed

v4.3.0

New Features

What's Changed

New Contributors

4.2.5

What's Changed

v4.2.4

What's Changed

dependabot bot commented on behalf of github May 6, 2024 •

edited