Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the github-actions group with 22 updates #531

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 29, 2024

Bumps the github-actions group with 22 updates:

Package From To
actions/checkout 2 4
peter-evans/create-or-update-comment 3 4
docker/setup-qemu-action 2 3
docker/setup-buildx-action 2 3
docker/metadata-action 4.6.0 5.5.1
docker/login-action 2 3
docker/build-push-action 4 5
actions/setup-go 4 5
magnetikonline/action-golang-cache 4 5
codecov/codecov-action 3 4
contributor-assistant/github-action 2.3.0 2.3.2
github/codeql-action 2 3
actions/dependency-review-action 3 4
dessant/lock-threads 4 5
alex-page/github-project-automation-plus 0.8.3 0.9.0
actions/cache 3 4
sigstore/cosign-installer 3.1.1 3.5.0
anchore/sbom-action 0.14.3 0.15.11
crazy-max/ghaction-upx 2 3
cachix/install-nix-action 22 26
goreleaser/goreleaser-action 4 5
actions/stale 8 9

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

... (truncated)

Commits

Updates peter-evans/create-or-update-comment from 3 to 4

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v4.0.0

⚙️ Updated runtime to Node.js 20

  • The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.

What's Changed

Full Changelog: peter-evans/create-or-update-comment@v3.1.0...v4.0.0

Create or Update Comment v3.1.0

What's Changed

Full Changelog: peter-evans/create-or-update-comment@v3.0.2...v3.1.0

Create or Update Comment v3.0.2

What's Changed

... (truncated)

Commits
  • 71345be feat: update runtime to node 20 (#306)
  • d41bfe3 build(deps-dev): bump prettier from 3.2.3 to 3.2.4 (#305)
  • 73b4b9e build(deps-dev): bump @​types/node from 18.19.7 to 18.19.8 (#304)
  • b865fac build(deps-dev): bump @​types/node from 18.19.6 to 18.19.7 (#303)
  • 52b668a build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.3 (#302)
  • 974f56a build(deps-dev): bump prettier from 3.1.1 to 3.2.3 (#301)
  • 2cbfe8b build(deps-dev): bump @​types/node from 18.19.4 to 18.19.6 (#300)
  • 761872a build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (#299)
  • 72c3238 build(deps-dev): bump @​types/node from 18.19.3 to 18.19.4 (#298)
  • 07daf7b build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 (#297)
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

Full Changelog: docker/setup-qemu-action@v2.2.0...v3.0.0

v2.2.0

Full Changelog: docker/setup-qemu-action@v2.1.0...v2.2.0

v2.1.0

Full Changelog: docker/setup-qemu-action@v2.0.0...v2.1.0

Commits
  • 6882732 Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
  • 183f4af chore: update generated content
  • f174935 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
  • 2e423eb Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1
  • ecc406a Bump semver from 6.3.0 to 6.3.1
  • 12dec5e Merge pull request #102 from crazy-max/update-node20
  • c29b312 chore: node 20 as default runtime
  • 34ae628 chore: update generated content
  • 1f3d2e1 chore: fix author in package.json
  • 277dbe8 vendor: bump @​docker/actions-toolkit from 0.3.0 to 0.12.0
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 2 to 3

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

Full Changelog: docker/setup-buildx-action@v2.10.0...v3.0.0

v2.10.0

Full Changelog: docker/setup-buildx-action@v2.9.1...v2.10.0

v2.9.1

Full Changelog: docker/setup-buildx-action@v2.9.0...v2.9.1

v2.9.0

  • Bump @​docker/actions-toolkit from 0.6.0 to 0.7.0 in docker/setup-buildx-action#246
    • Adds support to cache Buildx binary to hosted tool cache and GHA cache backend

Full Changelog: docker/setup-buildx-action@v2.8.0...v2.9.0

v2.8.0

Full Changelog: docker/setup-buildx-action@v2.7.0...v2.8.0

v2.7.0

Full Changelog: docker/setup-buildx-action@v2.6.0...v2.7.0

v2.6.0

Full Changelog: docker/setup-buildx-action@v2.5.0...v2.6.0

v2.5.0

Full Changelog: docker/setup-buildx-action@v2.4.1...v2.5.0

v2.4.1

... (truncated)

Commits
  • d70bba7 Merge pull request #307 from crazy-max/bump-toolkit
  • 7638634 chore: update generated content
  • c68420f bump @​docker/actions-toolkit from 0.19.0 to 0.20.0
  • 2b51285 Merge pull request #306 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 0f00370 chore: update generated content
  • 11c9683 build(deps): bump @​docker/actions-toolkit from 0.18.0 to 0.19.0
  • 56a16b8 Merge pull request #303 from crazy-max/fix-inputs
  • c23f46e chore: update generated content
  • f876da6 rename and align config inputs
  • b7cf918 Merge pull request #304 from crazy-max/rm-docs-dir
  • Additional commits viewable in compare view

Updates docker/metadata-action from 4.6.0 to 5.5.1

Release notes

Sourced from docker/metadata-action's releases.

v5.5.1

Full Changelog: docker/metadata-action@v5.5.0...v5.5.1

v5.5.0

Full Changelog: docker/metadata-action@v5.4.0...v5.5.0

v5.4.0

Full Changelog: docker/metadata-action@v5.3.0...v5.4.0

v5.3.0

Full Changelog: docker/metadata-action@v5.2.0...v5.3.0

v5.2.0

Full Changelog: docker/metadata-action@v5.1.0...v5.2.0

v5.1.0

Full Changelog: docker/metadata-action@v5.0.0...v5.1.0

v5.0.0

Full Changelog: docker/metadata-action@v4.6.0...v5.0.0

Upgrade guide

Sourced from docker/metadata-action's upgrade guide.

Upgrade notes

v2 to v3

  • Repository has been moved to docker org. Replace crazy-max/ghaction-docker-meta@v2 with docker/metadata-action@v5
  • The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

v1 to v2

inputs

New Unchanged Removed
tags images tag-sha
flavor sep-tags tag-edge
labels sep-labels tag-edge-branch
tag-semver
tag-match
tag-match-group
tag-latest
tag-schedule
tag-custom
tag-custom-only
label-custom

tag-sha

tags: |
  type=sha

tag-edge / tag-edge-branch

tags: |
  # default branch
</tr></table> 

... (truncated)

Commits
  • 8e5442c Merge pull request #382 from crazy-max/dont-set-cwd-prefix
  • eda41b7 chore: update generated content
  • 388c08f don't set cwd:// prefix for local bake files
  • dbef880 Merge pull request #374 from docker/dependabot/npm_and_yarn/moment-timezone-0...
  • b73e7a7 chore: update generated content
  • b9fba69 chore(deps): Bump moment-timezone from 0.5.43 to 0.5.44
  • ac82374 Merge pull request #373 from docker/dependabot/npm_and_yarn/moment-2.30.1
  • c92519a chore: update generated content
  • 3b4179d chore(deps): Bump moment from 2.29.4 to 2.30.1
  • 0784993 Merge pull request #371 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

  • Ensure AWS temp credentials are redacted in workflow logs by @​crazy-max (#275)
  • Bump @​actions/core from 1.6.0 to 1.10.0 (#252 #292)
  • Bump @​aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)
  • Bump @​aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits
  • e92390c Merge pull request #685 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e752e2 chore: update generated content
  • 51c6097 build(deps): bump the aws-sdk-dependencies group with 2 updates
  • 8f079fb Merge pull request #676 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • 16fa768 chore: update generated content
  • 46d1619 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 8c291c5 Merge pull request #682 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • ec726f4 build(deps): bump @​docker/actions-toolkit from 0.14.0 to 0.18.0
  • 5139682 Merge pull request #677 from docker/dependabot/npm_and_yarn/undici-5.28.3
  • 6d4e2ba chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 4 to 5

Release notes

Sourced from docker/build-push-action's releases.

v5.0.0

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Bumps the github-actions group with 22 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `2` | `4` |
| [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `3` | `4` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `4.6.0` | `5.5.1` |
| [docker/login-action](https://github.com/docker/login-action) | `2` | `3` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `4` | `5` |
| [actions/setup-go](https://github.com/actions/setup-go) | `4` | `5` |
| [magnetikonline/action-golang-cache](https://github.com/magnetikonline/action-golang-cache) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` |
| [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.0` | `2.3.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3` | `4` |
| [dessant/lock-threads](https://github.com/dessant/lock-threads) | `4` | `5` |
| [alex-page/github-project-automation-plus](https://github.com/alex-page/github-project-automation-plus) | `0.8.3` | `0.9.0` |
| [actions/cache](https://github.com/actions/cache) | `3` | `4` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.1.1` | `3.5.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.14.3` | `0.15.11` |
| [crazy-max/ghaction-upx](https://github.com/crazy-max/ghaction-upx) | `2` | `3` |
| [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `22` | `26` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `4` | `5` |
| [actions/stale](https://github.com/actions/stale) | `8` | `9` |


Updates `actions/checkout` from 2 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v4)

Updates `peter-evans/create-or-update-comment` from 3 to 4
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](peter-evans/create-or-update-comment@v3...v4)

Updates `docker/setup-qemu-action` from 2 to 3
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

Updates `docker/setup-buildx-action` from 2 to 3
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v2...v3)

Updates `docker/metadata-action` from 4.6.0 to 5.5.1
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](docker/metadata-action@v4.6.0...v5.5.1)

Updates `docker/login-action` from 2 to 3
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v2...v3)

Updates `docker/build-push-action` from 4 to 5
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v4...v5)

Updates `actions/setup-go` from 4 to 5
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

Updates `magnetikonline/action-golang-cache` from 4 to 5
- [Release notes](https://github.com/magnetikonline/action-golang-cache/releases)
- [Commits](magnetikonline/action-golang-cache@v4...v5)

Updates `codecov/codecov-action` from 3 to 4
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v3...v4)

Updates `contributor-assistant/github-action` from 2.3.0 to 2.3.2
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](contributor-assistant/github-action@v2.3.0...v2.3.2)

Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

Updates `actions/dependency-review-action` from 3 to 4
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@v3...v4)

Updates `dessant/lock-threads` from 4 to 5
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](dessant/lock-threads@v4...v5)

Updates `alex-page/github-project-automation-plus` from 0.8.3 to 0.9.0
- [Release notes](https://github.com/alex-page/github-project-automation-plus/releases)
- [Commits](alex-page/github-project-automation-plus@v0.8.3...v0.9.0)

Updates `actions/cache` from 3 to 4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v3...v4)

Updates `sigstore/cosign-installer` from 3.1.1 to 3.5.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@v3.1.1...v3.5.0)

Updates `anchore/sbom-action` from 0.14.3 to 0.15.11
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@v0.14.3...v0.15.11)

Updates `crazy-max/ghaction-upx` from 2 to 3
- [Release notes](https://github.com/crazy-max/ghaction-upx/releases)
- [Commits](crazy-max/ghaction-upx@v2...v3)

Updates `cachix/install-nix-action` from 22 to 26
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](cachix/install-nix-action@v22...v26)

Updates `goreleaser/goreleaser-action` from 4 to 5
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v4...v5)

Updates `actions/stale` from 8 to 9
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v8...v9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: magnetikonline/action-golang-cache
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: contributor-assistant/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: dessant/lock-threads
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: alex-page/github-project-automation-plus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: crazy-max/ghaction-upx
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from skiffer-git, withchao and a team as code owners April 29, 2024 08:33
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 29, 2024
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 29, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github May 7, 2024

Superseded by #535.

@dependabot dependabot bot closed this May 7, 2024
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-242c439f50 branch May 7, 2024 08:34
@openimsdk openimsdk locked and limited conversation to collaborators May 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants