chore(deps): bump the github-actions group across 1 directory with 22 updates #535

dependabot · 2024-05-07T08:34:09Z

Bumps the github-actions group with 22 updates in the / directory:

Package	From	To
actions/checkout	`2`	`4`
peter-evans/create-or-update-comment	`3`	`4`
docker/setup-qemu-action	`2`	`3`
docker/setup-buildx-action	`2`	`3`
docker/metadata-action	`4.6.0`	`5.5.1`
docker/login-action	`2`	`3`
docker/build-push-action	`4`	`5`
actions/setup-go	`4`	`5`
magnetikonline/action-golang-cache	`4`	`5`
codecov/codecov-action	`3`	`4`
contributor-assistant/github-action	`2.3.0`	`2.4.0`
github/codeql-action	`2`	`3`
actions/dependency-review-action	`3`	`4`
dessant/lock-threads	`4`	`5`
alex-page/github-project-automation-plus	`0.8.3`	`0.9.0`
actions/cache	`3`	`4`
sigstore/cosign-installer	`3.1.1`	`3.5.0`
anchore/sbom-action	`0.14.3`	`0.15.11`
crazy-max/ghaction-upx	`2`	`3`
cachix/install-nix-action	`22`	`26`
goreleaser/goreleaser-action	`4`	`5`
actions/stale	`8`	`9`

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

Update default runtime to node20 by @takost in actions/checkout#1436

Support fetching without the --progress option by @simonbaird in actions/checkout#1067

Release 4.0.0 by @takost in actions/checkout#1447

New Contributors

@takost made their first contribution in actions/checkout#1436

@simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377

Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579

Release 3.6.0 by @luketomlinson in actions/checkout#1437

New Contributors

@RobertWieczoreck made their first contribution in actions/checkout#579

@luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196

Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287

Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369

Release v3.5.3 by @TingluoHuang in actions/checkout#1376

New Contributors

@megamanics made their first contribution in actions/checkout#1196

@DimitriPapadopoulos made their first contribution in actions/checkout#1287

@dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246

New Contributors

@BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

Fix slow checkout on Windows

v3.5.0

Add new public key for known_hosts

v3.4.0

Upgrade codeql actions to v2

Upgrade dependencies

Upgrade @actions/io

... (truncated)

Commits

0ad4b8f Prep Release v4.1.4 (#1704)
43045ae Disable extensions.worktreeConfig when disabling sparse-checkout (#1692)
37b0821 Bump the minor-actions-dependencies group with 2 updates (#1693)
9839dc1 Add dependabot config (#1688)
9b4c13b Bump word-wrap from 1.2.3 to 1.2.5 (#1643)
1d96c77 Add SSH user parameter (#1685)
cd7d8d6 Check git version before attempting to disable sparse-checkout (#1656)
8410ad0 Update actions/checkout version in update-main-version.yml (#1650)
9bb5618 Prep for release of v4.1.2 (#1649)
8eb1f6a Bump @babel/traverse from 7.20.5 to 7.24.0 (#1642)
Additional commits viewable in compare view

Updates peter-evans/create-or-update-comment from 3 to 4

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v4.0.0

⚙️ Updated runtime to Node.js 20

The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.

What's Changed

build(deps): bump actions/setup-node from 3 to 4 by @dependabot in peter-evans/create-or-update-comment#273

build(deps-dev): bump @vercel/ncc from 0.38.0 to 0.38.1 by @dependabot in peter-evans/create-or-update-comment#274

build(deps-dev): bump eslint-plugin-jest from 27.4.2 to 27.4.3 by @dependabot in peter-evans/create-or-update-comment#276

build(deps-dev): bump @types/node from 18.18.5 to 18.18.6 by @dependabot in peter-evans/create-or-update-comment#277

build(deps-dev): bump eslint from 8.51.0 to 8.52.0 by @dependabot in peter-evans/create-or-update-comment#275

build(deps-dev): bump eslint-plugin-jest from 27.4.3 to 27.6.0 by @dependabot in peter-evans/create-or-update-comment#278

build(deps-dev): bump @types/node from 18.18.6 to 18.18.8 by @dependabot in peter-evans/create-or-update-comment#279

build(deps-dev): bump eslint from 8.52.0 to 8.53.0 by @dependabot in peter-evans/create-or-update-comment#280

build(deps-dev): bump @types/node from 18.18.8 to 18.18.9 by @dependabot in peter-evans/create-or-update-comment#281

build(deps-dev): bump prettier from 3.0.3 to 3.1.0 by @dependabot in peter-evans/create-or-update-comment#282

build(deps-dev): bump @types/node from 18.18.9 to 18.18.12 by @dependabot in peter-evans/create-or-update-comment#283

build(deps-dev): bump eslint from 8.53.0 to 8.54.0 by @dependabot in peter-evans/create-or-update-comment#284

build(deps-dev): bump @types/node from 18.18.12 to 18.18.13 by @dependabot in peter-evans/create-or-update-comment#285

build(deps-dev): bump eslint from 8.54.0 to 8.55.0 by @dependabot in peter-evans/create-or-update-comment#286

build(deps-dev): bump @types/node from 18.18.13 to 18.19.2 by @dependabot in peter-evans/create-or-update-comment#287

build(deps): bump chuhlomin/render-template from 1.8 to 1.9 by @dependabot in peter-evans/create-or-update-comment#288

build(deps-dev): bump @types/node from 18.19.2 to 18.19.3 by @dependabot in peter-evans/create-or-update-comment#289

build(deps-dev): bump prettier from 3.1.0 to 3.1.1 by @dependabot in peter-evans/create-or-update-comment#290

build(deps-dev): bump eslint-plugin-prettier from 5.0.1 to 5.1.0 by @dependabot in peter-evans/create-or-update-comment#292

build(deps-dev): bump eslint from 8.55.0 to 8.56.0 by @dependabot in peter-evans/create-or-update-comment#293

build(deps): bump actions/download-artifact from 3 to 4 by @dependabot in peter-evans/create-or-update-comment#295

build(deps-dev): bump eslint-plugin-prettier from 5.1.0 to 5.1.2 by @dependabot in peter-evans/create-or-update-comment#296

build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 by @dependabot in peter-evans/create-or-update-comment#297

build(deps-dev): bump @types/node from 18.19.3 to 18.19.4 by @dependabot in peter-evans/create-or-update-comment#298

build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 by @dependabot in peter-evans/create-or-update-comment#299

build(deps-dev): bump @types/node from 18.19.4 to 18.19.6 by @dependabot in peter-evans/create-or-update-comment#300

build(deps-dev): bump prettier from 3.1.1 to 3.2.3 by @dependabot in peter-evans/create-or-update-comment#301

build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.3 by @dependabot in peter-evans/create-or-update-comment#302

build(deps-dev): bump @types/node from 18.19.6 to 18.19.7 by @dependabot in peter-evans/create-or-update-comment#303

build(deps-dev): bump @types/node from 18.19.7 to 18.19.8 by @dependabot in peter-evans/create-or-update-comment#304

build(deps-dev): bump prettier from 3.2.3 to 3.2.4 by @dependabot in peter-evans/create-or-update-comment#305

feat: update runtime to node 20 by @peter-evans in peter-evans/create-or-update-comment#306

Full Changelog: peter-evans/create-or-update-comment@v3.1.0...v4.0.0

Create or Update Comment v3.1.0

What's Changed

Add truncate warning to body of comment by @ethanmdavidson and @peter-evans in peter-evans/create-or-update-comment#272

46 dependency updates by @dependabot

Full Changelog: peter-evans/create-or-update-comment@v3.0.2...v3.1.0

Create or Update Comment v3.0.2

What's Changed

... (truncated)

Commits

71345be feat: update runtime to node 20 (#306)
d41bfe3 build(deps-dev): bump prettier from 3.2.3 to 3.2.4 (#305)
73b4b9e build(deps-dev): bump @types/node from 18.19.7 to 18.19.8 (#304)
b865fac build(deps-dev): bump @types/node from 18.19.6 to 18.19.7 (#303)
52b668a build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.3 (#302)
974f56a build(deps-dev): bump prettier from 3.1.1 to 3.2.3 (#301)
2cbfe8b build(deps-dev): bump @types/node from 18.19.4 to 18.19.6 (#300)
761872a build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (#299)
72c3238 build(deps-dev): bump @types/node from 18.19.3 to 18.19.4 (#298)
07daf7b build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 (#297)
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-qemu-action#102

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-qemu-action#103

Bump semver from 6.3.0 to 6.3.1 in docker/setup-qemu-action#89

Full Changelog: docker/setup-qemu-action@v2.2.0...v3.0.0

v2.2.0

Trim off spaces in platforms input by @Chocobo1 in docker/setup-qemu-action#64

Switch to actions-toolkit implementation by @crazy-max in docker/setup-qemu-action#70 docker/setup-qemu-action#80 docker/setup-qemu-action#83

Full Changelog: docker/setup-qemu-action@v2.1.0...v2.2.0

v2.1.0

Use context for inputs by @crazy-max (#62)

Use built-in getExecOutput by @crazy-max (#61)

Remove workaround for setOutput by @crazy-max (#63)

Bump @actions/core from 1.6.0 to 1.10.0 (#54 #58 #59)

Full Changelog: docker/setup-qemu-action@v2.0.0...v2.1.0

Commits

6882732 Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
183f4af chore: update generated content
f174935 build(deps): bump @actions/core from 1.10.0 to 1.10.1
2e423eb Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1
ecc406a Bump semver from 6.3.0 to 6.3.1
12dec5e Merge pull request #102 from crazy-max/update-node20
c29b312 chore: node 20 as default runtime
34ae628 chore: update generated content
1f3d2e1 chore: fix author in package.json
277dbe8 vendor: bump @docker/actions-toolkit from 0.3.0 to 0.12.0
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 2 to 3

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-buildx-action#264

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-buildx-action#267

Full Changelog: docker/setup-buildx-action@v2.10.0...v3.0.0

v2.10.0

Bump @docker/actions-toolkit from 0.7.1 to 0.10.0 by @crazy-max in docker/setup-buildx-action#258

Bump word-wrap from 1.2.3 to 1.2.5 in docker/setup-buildx-action#253

Full Changelog: docker/setup-buildx-action@v2.9.1...v2.10.0

v2.9.1

Bump @docker/actions-toolkit from 0.7.0 to 0.7.1 in docker/setup-buildx-action#248

Fixes an issue where building Buildx does not match the local platform (docker/actions-toolkit#135)

Full Changelog: docker/setup-buildx-action@v2.9.0...v2.9.1

v2.9.0

Bump @docker/actions-toolkit from 0.6.0 to 0.7.0 in docker/setup-buildx-action#246

Adds support to cache Buildx binary to hosted tool cache and GHA cache backend

Full Changelog: docker/setup-buildx-action@v2.8.0...v2.9.0

v2.8.0

Only set specific flags for drivers supporting them by @nicks in docker/setup-buildx-action#241

Bump @docker/actions-toolkit from 0.5.0 to 0.6.0 in docker/setup-buildx-action#242

Full Changelog: docker/setup-buildx-action@v2.7.0...v2.8.0

v2.7.0

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 in docker/setup-buildx-action#237 docker/setup-buildx-action#238

Full Changelog: docker/setup-buildx-action@v2.6.0...v2.7.0

v2.6.0

Set node name for k8s driver when appending nodes by @crazy-max in docker/setup-buildx-action#219

Bump @docker/actions-toolkit from 0.1.0-beta.18 to 0.3.0 in docker/setup-buildx-action#220 docker/setup-buildx-action#229 docker/setup-buildx-action#231 docker/setup-buildx-action#236

Full Changelog: docker/setup-buildx-action@v2.5.0...v2.6.0

v2.5.0

cleanup input to remove builder and temp files by @crazy-max in docker/setup-buildx-action#213

do not remove builder using the docker driver by @crazy-max in docker/setup-buildx-action#218

fix current context as builder name for docker driver by @crazy-max in docker/setup-buildx-action#209

Full Changelog: docker/setup-buildx-action@v2.4.1...v2.5.0

v2.4.1

Get releases from actions toolkit by @crazy-max (#200)

... (truncated)

Commits

d70bba7 Merge pull request #307 from crazy-max/bump-toolkit
7638634 chore: update generated content
c68420f bump @docker/actions-toolkit from 0.19.0 to 0.20.0
2b51285 Merge pull request #306 from docker/dependabot/npm_and_yarn/docker/actions-to...
0f00370 chore: update generated content
11c9683 build(deps): bump @docker/actions-toolkit from 0.18.0 to 0.19.0
56a16b8 Merge pull request #303 from crazy-max/fix-inputs
c23f46e chore: update generated content
f876da6 rename and align config inputs
b7cf918 Merge pull request #304 from crazy-max/rm-docs-dir
Additional commits viewable in compare view

Updates docker/metadata-action from 4.6.0 to 5.5.1

Release notes

Sourced from docker/metadata-action's releases.

v5.5.1

Don't set cwd:// prefix for local bake files by @crazy-max in docker/metadata-action#382

Full Changelog: docker/metadata-action@v5.5.0...v5.5.1

v5.5.0

Set cwd:// prefix for bake files path by @crazy-max in docker/metadata-action#370

Bump @docker/actions-toolkit from 0.16.0 to 0.16.1 in docker/metadata-action#371

Bump moment from 2.29.4 to 2.30.1 in docker/metadata-action#373

Bump moment-timezone from 0.5.43 to 0.5.44 in docker/metadata-action#374

Full Changelog: docker/metadata-action@v5.4.0...v5.5.0

v5.4.0

Bump @docker/actions-toolkit from 0.15.0 to 0.16.0 in docker/metadata-action#369

Bump csv-parse from 5.5.2 to 5.5.3 in docker/metadata-action#365

Full Changelog: docker/metadata-action@v5.3.0...v5.4.0

v5.3.0

Bump @docker/actions-toolkit from 0.14.0 to 0.15.0 in docker/metadata-action#363 (fixes #362)

Full Changelog: docker/metadata-action@v5.2.0...v5.3.0

v5.2.0

Custom annotations support by @crazy-max in docker/metadata-action#361

Full Changelog: docker/metadata-action@v5.1.0...v5.2.0

v5.1.0

Annotations support by @crazy-max in docker/metadata-action#352

Split bake definition into two files by @crazy-max in docker/metadata-action#353

Allow images input to be empty to output bare tags by @crazy-max in docker/metadata-action#358

Bump @actions/github from 5.1.1 to 6.0.0 in docker/metadata-action#348

Bump @babel/traverse from 7.17.3 to 7.23.2 in docker/metadata-action#350

Bump @docker/actions-toolkit from 0.12.0 to 0.14.0 in docker/metadata-action#349 docker/metadata-action#357

Bump csv-parse from 5.5.0 to 5.5.2 in docker/metadata-action#346

Bump semver from 7.5.3 to 7.5.4 in docker/metadata-action#335

Full Changelog: docker/metadata-action@v5.0.0...v5.1.0

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/metadata-action#328

Bump @actions/core from 1.10.0 to 1.10.1 in docker/metadata-action#333

Bump csv-parse from 5.4.0 to 5.5.0 in docker/metadata-action#320

Bump semver from 7.5.1 to 7.5.2 in docker/metadata-action#304

Bump handlebars from 4.7.7 to 4.7.8 in docker/metadata-action#315

Full Changelog: docker/metadata-action@v4.6.0...v5.0.0

Upgrade guide

Sourced from docker/metadata-action's upgrade guide.

Upgrade notes

v2 to v3

Repository has been moved to docker org. Replace crazy-max/ghaction-docker-meta@v2 with docker/metadata-action@v5

The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

v1 to v2

inputs

tag-sha

tag-edge / tag-edge-branch

tag-semver

tag-match / tag-match-group

tag-latest

tag-schedule

tag-custom / tag-custom-only

label-custom

Basic workflow

Semver workflow

inputs

New Unchanged Removed

tags images tag-sha

flavor sep-tags tag-edge

labels sep-labels tag-edge-branch

tag-semver

tag-match

tag-match-group

tag-latest

tag-schedule

tag-custom

tag-custom-only

label-custom

tag-sha
tags: |
  type=sha
tag-edge / tag-edge-branch
tags: |
  # default branch
</tr></table> 

... (truncated)

Commits

8e5442c Merge pull request #382 from crazy-max/dont-set-cwd-prefix
eda41b7 chore: update generated content
388c08f don't set cwd:// prefix for local bake files
dbef880 Merge pull request #374 from docker/dependabot/npm_and_yarn/moment-timezone-0...
b73e7a7 chore: update generated content
b9fba69 chore(deps): Bump moment-timezone from 0.5.43 to 0.5.44
ac82374 Merge pull request #373 from docker/dependabot/npm_and_yarn/moment-2.30.1
c92519a chore: update generated content
3b4179d chore(deps): Bump moment from 2.29.4 to 2.30.1
0784993 Merge pull request #371 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/login-action#593

Bump @actions/core from 1.10.0 to 1.10.1 in docker/login-action#598

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599

Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556

Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Switch to actions-toolkit implementation by @crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363

Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354

Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378

Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509

Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

Ensure AWS temp credentials are redacted in workflow logs by @crazy-max (#275)

Bump @actions/core from 1.6.0 to 1.10.0 (#252 #292)

Bump @aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)

Bump @aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits

e92390c Merge pull request #685 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e752e2 chore: update generated content
51c6097 build(deps): bump the aws-sdk-dependencies group with 2 updates
8f079fb Merge pull request #676 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
16fa768 chore: update generated content
46d1619 build(deps): bump the proxy-agent-dependencies group with 2 updates
8c291c5 Merge pull request #682 from docker/dependabot/npm_and_yarn/docker/actions-to...
ec726f4 build(deps): bump @docker/actions-toolkit from 0.14.0 to 0.18.0
5139682 Merge pull request #677 from docker/dependabot/npm_and_yarn/undici-5.28.3
6d4e2ba chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 4 to 5

Release notes

Sourced from docker/build-push-action's releases.

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/build-push-action#954

Bump @actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

warn if docker config can't be parsed by @crazy-max in docker/build-push-action#957

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

display proxy configuration by @crazy-max in docker/build-push-action#872

chore(deps): Bump @docker/actions-toolkit from 0.6.0 to 0.8.0 in docker/build-push-action#930

chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in docker/build-push-action#925

chore(deps): Bump semver from 6.3.0 to 6.3.1 in docker/build-push-action#902

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 by ...
Description has been truncated

… updates Bumps the github-actions group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `2` | `4` | | [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `3` | `4` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4.6.0` | `5.5.1` | | [docker/login-action](https://github.com/docker/login-action) | `2` | `3` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `4` | `5` | | [magnetikonline/action-golang-cache](https://github.com/magnetikonline/action-golang-cache) | `4` | `5` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` | | [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.0` | `2.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3` | `4` | | [dessant/lock-threads](https://github.com/dessant/lock-threads) | `4` | `5` | | [alex-page/github-project-automation-plus](https://github.com/alex-page/github-project-automation-plus) | `0.8.3` | `0.9.0` | | [actions/cache](https://github.com/actions/cache) | `3` | `4` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.1.1` | `3.5.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.14.3` | `0.15.11` | | [crazy-max/ghaction-upx](https://github.com/crazy-max/ghaction-upx) | `2` | `3` | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `22` | `26` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `4` | `5` | | [actions/stale](https://github.com/actions/stale) | `8` | `9` | Updates `actions/checkout` from 2 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v4) Updates `peter-evans/create-or-update-comment` from 3 to 4 - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@v3...v4) Updates `docker/setup-qemu-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) Updates `docker/setup-buildx-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2...v3) Updates `docker/metadata-action` from 4.6.0 to 5.5.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](docker/metadata-action@v4.6.0...v5.5.1) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) Updates `docker/build-push-action` from 4 to 5 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v4...v5) Updates `actions/setup-go` from 4 to 5 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) Updates `magnetikonline/action-golang-cache` from 4 to 5 - [Release notes](https://github.com/magnetikonline/action-golang-cache/releases) - [Commits](magnetikonline/action-golang-cache@v4...v5) Updates `codecov/codecov-action` from 3 to 4 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v4) Updates `contributor-assistant/github-action` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/contributor-assistant/github-action/releases) - [Commits](contributor-assistant/github-action@v2.3.0...v2.4.0) Updates `github/codeql-action` from 2 to 3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) Updates `actions/dependency-review-action` from 3 to 4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v3...v4) Updates `dessant/lock-threads` from 4 to 5 - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](dessant/lock-threads@v4...v5) Updates `alex-page/github-project-automation-plus` from 0.8.3 to 0.9.0 - [Release notes](https://github.com/alex-page/github-project-automation-plus/releases) - [Commits](alex-page/github-project-automation-plus@v0.8.3...v0.9.0) Updates `actions/cache` from 3 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) Updates `sigstore/cosign-installer` from 3.1.1 to 3.5.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.1.1...v3.5.0) Updates `anchore/sbom-action` from 0.14.3 to 0.15.11 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@v0.14.3...v0.15.11) Updates `crazy-max/ghaction-upx` from 2 to 3 - [Release notes](https://github.com/crazy-max/ghaction-upx/releases) - [Commits](crazy-max/ghaction-upx@v2...v3) Updates `cachix/install-nix-action` from 22 to 26 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](cachix/install-nix-action@v22...v26) Updates `goreleaser/goreleaser-action` from 4 to 5 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v4...v5) Updates `actions/stale` from 8 to 9 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v8...v9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-or-update-comment dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: magnetikonline/action-golang-cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: contributor-assistant/github-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dessant/lock-threads dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: alex-page/github-project-automation-plus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crazy-max/ghaction-upx dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-09-29T06:39:13Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot requested review from skiffer-git, withchao and a team as code owners May 7, 2024 08:34

dependabot bot added the dependencies Pull requests that update a dependency file label May 7, 2024

dependabot bot mentioned this pull request May 7, 2024

chore(deps): bump the github-actions group with 22 updates #531

Closed

dependabot bot temporarily deployed to openim May 7, 2024 08:34 Inactive

pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 7, 2024

skiffer-git closed this Sep 29, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-57403959ee branch September 29, 2024 06:39

github-actions bot locked and limited conversation to collaborators Sep 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 22 updates #535

chore(deps): bump the github-actions group across 1 directory with 22 updates #535

dependabot bot commented on behalf of github May 7, 2024 •

edited

Loading

dependabot bot commented on behalf of github Sep 29, 2024

New	Unchanged	Removed
`tags`	`images`	`tag-sha`
`flavor`	`sep-tags`	`tag-edge`
`labels`	`sep-labels`	`tag-edge-branch`
		`tag-semver`
		`tag-match`
		`tag-match-group`
		`tag-latest`
		`tag-schedule`
		`tag-custom`
		`tag-custom-only`
		`label-custom`

chore(deps): bump the github-actions group across 1 directory with 22 updates #535

chore(deps): bump the github-actions group across 1 directory with 22 updates #535

Conversation

dependabot bot commented on behalf of github May 7, 2024 • edited Loading

v4.0.0

What's Changed

New Contributors

v3.6.0

What's Changed

New Contributors

v3.5.3

What's Changed

New Contributors

v3.5.2

What's Changed

v3.5.1

What's Changed

New Contributors

Changelog

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

Create or Update Comment v4.0.0

What's Changed

Create or Update Comment v3.1.0

What's Changed

Create or Update Comment v3.0.2

What's Changed

v3.0.0

v2.2.0

v2.1.0

v3.0.0

v2.10.0

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.0

v2.4.1

v5.5.1

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

Upgrade notes

v2 to v3

v1 to v2

inputs

tag-sha

tag-edge / tag-edge-branch

v3.0.0

v2.2.0

v2.1.0

v5.0.0

v4.2.1

v4.2.0

v4.1.1

dependabot bot commented on behalf of github Sep 29, 2024

dependabot bot commented on behalf of github May 7, 2024 •

edited

Loading

`tag-sha`

`tag-edge` / `tag-edge-branch`