Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update github actions #18

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 25, 2024

This PR contains the following updates:

Package Type Update Change
actions/setup-java action minor v4.5.0 -> v4.6.0
actions/upload-artifact action minor v4.4.3 -> v4.6.0
docker/build-push-action action digest 4f58ea7 -> b32b51a
docker/setup-buildx-action action digest c47758b -> 6524bf6
docker/setup-qemu-action action digest 49b3bc8 -> 53851d1
ghcr.io/siderolabs/conform docker digest e824f01 -> f7e7212
github/codeql-action action minor v3.27.5 -> v3.28.0
oxsecurity/megalinter action minor v8.2.0 -> v8.3.0
step-security/harden-runner action patch v2.10.2 -> v2.10.3

Release Notes

actions/setup-java (actions/setup-java)

v4.6.0

Compare Source

What's Changed

Add-ons:

 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'

Bug fixes:

New Contributors

Full Changelog: actions/setup-java@v4...v4.6.0

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

github/codeql-action (github/codeql-action)

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024
  • Bump the minimum CodeQL bundle version to 2.15.5. #​2655
  • Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

oxsecurity/megalinter (oxsecurity/megalinter)

v8.3.0

Compare Source

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths
  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)
  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow
  • Linter versions upgrades (13)

step-security/harden-runner (step-security/harden-runner)

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3


Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the actions label Nov 25, 2024
@renovate renovate bot changed the title chore(deps): update oxsecurity/megalinter action to v8.3.0 chore(deps): update github actions Nov 26, 2024
@renovate renovate bot force-pushed the renovate/github-actions branch from ec7adb7 to 92d9c31 Compare November 26, 2024 11:56
@renovate renovate bot force-pushed the renovate/github-actions branch from 92d9c31 to 31b3ac4 Compare December 3, 2024 12:22
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from e330579 to cfde846 Compare December 16, 2024 12:19
@renovate renovate bot force-pushed the renovate/github-actions branch 5 times, most recently from 20836dd to 6d9d828 Compare December 23, 2024 12:49
@renovate renovate bot force-pushed the renovate/github-actions branch from 6d9d828 to c7f0473 Compare December 26, 2024 19:27
@renovate renovate bot force-pushed the renovate/github-actions branch 2 times, most recently from 135659b to 70c15e0 Compare January 9, 2025 22:42
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/github-actions branch from 70c15e0 to 3657f7c Compare January 10, 2025 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants