Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the github-actions group with 6 updates #34

Closed
wants to merge 1 commit into from
Closed

Bump the github-actions group with 6 updates #34

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 30, 2023
edited
Loading

Bumps the github-actions group with 6 updates:

Package From To
github/branch-deploy 8.0.0 8.2.0
azure/login 1.4.4 1.5.1
hashicorp/setup-terraform 1.4.0 3.0.0
actions/github-script 0.9.0 7.0.1
appleboy/ssh-action 0.1.6 1.0.1
GrantBirki/comment 2.0.7 2.0.8

Updates github/branch-deploy from 8.0.0 to 8.2.0

Release notes

Sourced from github/branch-deploy's releases.

v8.2.0

What's Changed

Full Changelog: github/branch-deploy@v8...v8.2.0

v8.1.2

What's Changed

This release updates internal node dependencies that this Action uses

Full Changelog: github/branch-deploy@v8...v8.1.2

v8.1.1

This patch release simply upgrades internal node packages and dependencies

What's Changed

Full Changelog: github/branch-deploy@v8.1.0...v8.1.1

v8.1.0

This release introduces two new input options!

  • allow_sha_deployments - Enable deployments to exact SHA1 or SHA256 hashes that represent a point-in-time in your commit history
  • disable_naked_commands - Prevent naked deploy commands and enforce environment usage in your commands

These new input options can be enabled like so:

- uses: github/[email protected]
  id: branch-deploy
  with:
    allow_sha_deployments: "true" # <-- allow deployments to SHA hashes
    disable_naked_commands: "true" # <-- prevent the use of .deploy without a specific <environment>

Both of these new input options are disabled by default but can be enabled if you choose to do so. Please ensure you read the documentation about each option before toggling them on as they can drastically change the behavior of this Action

Documentation:

... (truncated)

Commits
  • 8973281 Merge pull request #228 from github/node-updates
  • 45c86c9 update all internal node packages
  • 9e2d366 Merge pull request #227 from github/handle-github-emu-usernames
  • 43bd02c add supporting EMU tests
  • 2739f81 use new github emu check
  • 67cd82f Merge pull request #225 from github/dependabot/npm_and_yarn/npm-dependencies-...
  • f94137a npm update
  • fd012bd lint and bundle
  • cda4d29 Merge branch 'main' into dependabot/npm_and_yarn/npm-dependencies-b4e5359ab8
  • 5d3067f Merge pull request #224 from github/dependabot/github_actions/github-actions-...
  • Additional commits viewable in compare view

Updates azure/login from 1.4.4 to 1.5.1

Release notes

Sourced from azure/login's releases.

Azure Login Action v1.5.1

  • Fixed #371: Allow optional subscriptionId in creds (#373)
  • Cleaned accounts before login (#376, #377)
  • Updated actions-secret-parser from 1.0.2 to 1.0.4 (#378)

Azure Login Action v1.5.0

  • Updated the versions of dependencies.
  • Supported passwords to start with hyphen(-).
  • Enabled OIDC for sovereign clouds.
  • Supported Managed Identity Login.

[BUG FIX] Version pattern regex update

No release notes provided.

Handling id-token error and Node version upgradation

In this release, a separate error will be thrown if id-token permissions are not set in the workflow for OIDC login. Also upgraded the Node version to 16.

Commits

Updates hashicorp/setup-terraform from 1.4.0 to 3.0.0

Release notes

Sourced from hashicorp/setup-terraform's releases.

v3.0.0

NOTES:

  • Updated default runtime to node20 (#346)
  • The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

  • Fixed malformed stdout when wrapper is enabled (#367)

v2.0.3

What's Changed

NOTES

Full Changelog: hashicorp/setup-terraform@v2.0.2...v2.0.3

v2.0.2

What's Changed

NOTES

INTERNAL

Full Changelog: hashicorp/setup-terraform@v2.0.1...v2.0.2

v2.0.1

What's Changed

ENHANCEMENTS

BUG FIXES

INTERNAL

... (truncated)

Changelog

Sourced from hashicorp/setup-terraform's changelog.

3.0.0 (2023-10-30)

NOTES:

  • Updated default runtime to node20 (#346)
  • The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

  • Fixed malformed stdout when wrapper is enabled (#367)

[2.0.3] (2022-11-01)

NOTES

  • Reduced occurrences of GitHub Actions warnings for setting output #247

[2.0.2] (2022-10-12)

BUG FIXES

INTERNAL

[2.0.1] (2022-10-12)

ENHANCEMENTS

BUG FIXES

INTERNAL

... (truncated)

Commits

Updates actions/github-script from 0.9.0 to 7.0.1

Release notes

Sourced from actions/github-script's releases.

v7.0.1

What's Changed

Full Changelog: actions/github-script@v7.0.0...v7.0.1

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.4.1...v7.0.0

v6.4.1

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.4.0...v6.4.1

v6.4.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.3.3...v6.4.0

v6.3.3

What's Changed

New Contributors

... (truncated)

Commits
  • 60a0d83 Merge pull request #440 from actions/joshmgross/v7.0.1
  • b7fb200 Update version to 7.0.1
  • 12e22ed Merge pull request #439 from actions/joshmgross/avoid-setting-base-url
  • d319f8f Avoid setting baseUrl to undefined when input is not provided
  • e69ef54 Merge pull request #425 from actions/joshmgross/node-20
  • ee0914b Update licenses
  • d6fc56f Use @types/node for Node 20
  • 384d6cf Fix quotations in tests
  • 8472492 Only validate GraphQL previews
  • 84903f5 Remove node-fetch from type
  • Additional commits viewable in compare view

Updates appleboy/ssh-action from 0.1.6 to 1.0.1

Release notes

Sourced from appleboy/ssh-action's releases.

v1.0.1 for security patch

No release notes provided.

v1.0.0

No release notes provided.

v0.1.10

Enhancement

v0.1.9

Enhance

  • 5f64c95 - chore: improve SSH key handling and documentation
  • 3cd1bcf - feat: refactor code for parallel execution on multiple hosts (#237 #233)
  • 4958308 - docs: add traditional Chinese documentation. (5 weeks ago)

v0.1.8

Enhance

  • chore(auth): allow set password and private key at the same time. #226

v0.1.7

Bug fix

  • Fix(envs): set environment variable instead of bash variable (#209)
Commits
  • 8f94919 chore: update appleboy/ssh-action to v1.0.1 in documentation
  • 2344d97 chore(security): update drone-ssh to v1.7.1 (#286)
  • b9f6bf6 style: refine CI Workflow and Test Configurations
  • 4330a1e docs: update appleboy/ssh-action version in README
  • 55dabf8 docs: update appleboy/ssh-action version in README
  • 8d9094f docs: "Introduce allenvs option for shell script execution"
  • 5ac43dd chore(ssh): pass all ENV variables to script (#259)
  • a01d3ea chore: improve performance and test coverage across OSs
  • c7d850f docs: improve readability and functionality across project
  • f579d71 chore: improve action.yml clarity and update default values
  • Additional commits viewable in compare view

Updates GrantBirki/comment from 2.0.7 to 2.0.8

Release notes

Sourced from GrantBirki/comment's releases.

v2.0.8

This release updates internal node dependencies that this Action relies on

What's Changed

Full Changelog: GrantBirki/comment@v2.0.7...v2.0.8

Commits
  • 7016e89 Merge pull request #19 from GrantBirki/node-updates
  • f512151 update actions workflows
  • 54021ac bundle
  • f4a2970 npm update
  • 3b3c240 Merge pull request #18 from GrantBirki/dependabot/npm_and_yarn/babel/traverse...
  • b8b427b Bump @​babel/traverse from 7.22.17 to 7.23.2
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group with 6 updates
915827b 
Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github/branch-deploy](https://github.com/github/branch-deploy) | `8.0.0` | `8.2.0` |
| [azure/login](https://github.com/azure/login) | `1.4.4` | `1.5.1` |
| [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `1.4.0` | `3.0.0` |
| [actions/github-script](https://github.com/actions/github-script) | `0.9.0` | `7.0.1` |
| [appleboy/ssh-action](https://github.com/appleboy/ssh-action) | `0.1.6` | `1.0.1` |
| [GrantBirki/comment](https://github.com/grantbirki/comment) | `2.0.7` | `2.0.8` |


Updates `github/branch-deploy` from 8.0.0 to 8.2.0
- [Release notes](https://github.com/github/branch-deploy/releases)
- [Commits](github/branch-deploy@v8.0.0...v8.2.0)

Updates `azure/login` from 1.4.4 to 1.5.1
- [Release notes](https://github.com/azure/login/releases)
- [Commits](Azure/login@ec3c145...de95379)

Updates `hashicorp/setup-terraform` from 1.4.0 to 3.0.0
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@ed3a053...a1502cd)

Updates `actions/github-script` from 0.9.0 to 7.0.1
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@5d03ada...60a0d83)

Updates `appleboy/ssh-action` from 0.1.6 to 1.0.1
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Commits](appleboy/ssh-action@4a03da8...8f94919)

Updates `GrantBirki/comment` from 2.0.7 to 2.0.8
- [Release notes](https://github.com/grantbirki/comment/releases)
- [Commits](GrantBirki/comment@v2.0.7...v2.0.8)

---
updated-dependencies:
- dependency-name: github/branch-deploy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: azure/login
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: appleboy/ssh-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: GrantBirki/comment
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner December 30, 2023 17:39
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 30, 2023
@github-actions GitHub Actions
Copy link

👋 Thanks for opening a pull request!

If you are new, please check out the trimmed down summary of our deployment process below:

  1. 👀 Observe the CI jobs and tests to ensure they are passing

  2. ✔️ Obtain an approval/review on this pull request

  3. 🚀 Branch deploy your pull request to production

    Comment .deploy on this pull request to trigger a deploy. If anything goes wrong, rollback with .deploy main

  4. 🎉 Merge!

@GrantBirki GrantBirki added help wanted Extra attention is needed invalid This doesn't seem right labels Dec 30, 2023
@GrantBirki
Copy link
Member

see this comment the-hideout/cache#37 (comment)

@GrantBirki
Copy link
Member

@dependabot ignore actions/github-script

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 30, 2023

OK, I won't notify you about actions/github-script again, unless you unignore it.

@GrantBirki
Copy link
Member

@dependabot ignore hashicorp/setup-terraform

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 30, 2023

OK, I won't notify you about hashicorp/setup-terraform again, unless you unignore it.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 30, 2023

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 30, 2023
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-e4475d25de branch December 30, 2023 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file help wanted Extra attention is needed invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@GrantBirki