Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the actions group across 1 directory with 6 updates #2930

Closed
wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 19, 2024

Bumps the actions group with 6 updates in the / directory:

Package From To
step-security/harden-runner 2.10.1 2.10.2
actions/checkout 4.2.1 4.2.2
chainguard-dev/digestabot 1.2.0 1.2.1
tj-actions/changed-files 45.0.3 45.0.4
chainguard-dev/setup-chainctl 0.2.3 0.2.4
rtCamp/action-slack-notify 2.3.0 2.3.2

Updates step-security/harden-runner from 2.10.1 to 2.10.2

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.2

What's Changed

  1. Fixes low-severity command injection weaknesses The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

Commits

Updates actions/checkout from 4.2.1 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

... (truncated)

Commits

Updates chainguard-dev/digestabot from 1.2.0 to 1.2.1

Release notes

Sourced from chainguard-dev/digestabot's releases.

v1.2.1

What's Changed

New Contributors

Full Changelog: chainguard-dev/digestabot@v1.2.0...v1.2.1

Commits
  • cee67ce add makefile for test and fix blank spaces (#46)
  • a52c17b Bump actions/checkout from 4.2.1 to 4.2.2 (#45)
  • 8013418 Bump actions/checkout from 4.2.0 to 4.2.1 (#42)
  • caa15f4 feat: make github commit signing configurable (#44)
  • eedd1d7 Bump actions/checkout from 4.1.7 to 4.2.0 (#41)
  • 5477b8d Bump peter-evans/create-pull-request from 7.0.3 to 7.0.5 (#40)
  • fe3c6c5 feat(action): support multiple items per file and output diff in PR body (#34)
  • 958f7d5 Bump peter-evans/create-pull-request from 7.0.1 to 7.0.3 (#39)
  • 88d36a2 Bump peter-evans/create-pull-request from 6.1.0 to 7.0.1 (#37)
  • See full diff in compare view

Updates tj-actions/changed-files from 45.0.3 to 45.0.4

Release notes

Sourced from tj-actions/changed-files's releases.

v45.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v45...v45.0.4

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

45.0.4 - (2024-11-05)

🚀 Features

  • Prevent ignore files warning (#2318) (1f772e9) - (Tonye Jack)

🐛 Bug Fixes

  • deps: Update dependency @​actions/core to v1.11.1 (4d0aab9) - (renovate[bot])

➕ Add

  • Added missing changes and modified dist assets. (9d7201d) - (GitHub Action)
  • Added missing changes and modified dist assets. (0104c75) - (GitHub Action)

📝 Other

⚙️ Miscellaneous Tasks

  • deps: Update dependency eslint-plugin-jest to v28.9.0 (4edd678) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.9.0 (f082558) - (renovate[bot])
  • deps: Lock file maintenance (92c02a0) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.7 (b702211) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.6 (435fd74) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.5 (0626fa3) - (renovate[bot])
  • deps: Update dependency @​types/lodash to v4.17.13 (8817a79) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.4 (5417491) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.2 (84ef162) - (renovate[bot])
  • deps: Lock file maintenance (b672a51) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.1 (678cdc2) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.8.0 (27b7bbb) - (renovate[bot])
  • deps: Update actions/setup-node action to v4.1.0 (8361072) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.7.9 (21acf46) - (renovate[bot])
  • deps: Update dependency @​types/jest to v29.5.14 (f356b3c) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.7.8 (66275de) - (renovate[bot])
  • deps: Lock file maintenance (a16702b) - (renovate[bot])
  • deps: Update dependency @​types/lodash to v4.17.12 (aa11897) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.7.7 (6513fe1) - (renovate[bot])
  • deps: Update dependency @​types/lodash to v4.17.11 (45e0c78) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.7.6 (a949a83) - (renovate[bot])
  • deps: Lock file maintenance (f93ff33) - (renovate[bot])
  • deps: Update dependency typescript to v5.6.3 (729c704) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.7.5 (2009d44) - (renovate[bot])
  • deps: Lock file maintenance (b693fc2) - (renovate[bot])

... (truncated)

Commits
  • 4edd678 chore(deps): update dependency eslint-plugin-jest to v28.9.0
  • f082558 chore(deps): update dependency @​types/node to v22.9.0
  • 92c02a0 chore(deps): lock file maintenance
  • b702211 chore(deps): update dependency @​types/node to v22.8.7
  • 435fd74 chore(deps): update dependency @​types/node to v22.8.6
  • 0626fa3 chore(deps): update dependency @​types/node to v22.8.5
  • 8817a79 chore(deps): update dependency @​types/lodash to v4.17.13
  • 5417491 chore(deps): update dependency @​types/node to v22.8.4
  • 84ef162 chore(deps): update dependency @​types/node to v22.8.2
  • b672a51 chore(deps): lock file maintenance
  • Additional commits viewable in compare view

Updates chainguard-dev/setup-chainctl from 0.2.3 to 0.2.4

Release notes

Sourced from chainguard-dev/setup-chainctl's releases.

v0.2.4

What's Changed

New Contributors

Full Changelog: chainguard-dev/setup-chainctl@v0...v0.2.4

Commits
  • 8d93dcb fix: export HTTP_AUTH to github env (#17)
  • a2e4820 Bump actions/checkout from 4.2.0 to 4.2.2 in the actions group across 1 direc...
  • See full diff in compare view

Updates rtCamp/action-slack-notify from 2.3.0 to 2.3.2

Release notes

Sourced from rtCamp/action-slack-notify's releases.

v2.3.2

What's Changed

Changelog:

What's Changed

Full Changelog: rtCamp/action-slack-notify@v2.3.1...v2.3.2

v2.3.1

What's Changed

Changelog:

What's Changed

New Contributors

Full Changelog: rtCamp/action-slack-notify@v2...v2.3.1

Commits
  • c337377 Update action image version to v2.3.2
  • 1134e51 Merge pull request #207 from L0RD-ZER0/master
  • 2e9d8e4 Update the way text is set
  • 3154c16 Merge pull request #206 from rtCamp/dependabot/docker/golang-f6392ff
  • 083cc1d Bump golang from e0ea2a1 to f6392ff
  • 65e6fc1 Update action image version to v2.3.1
  • dbbd015 Merge pull request #198 from rtCamp/dependabot/docker/golang-e0ea2a1
  • 9cf45d7 Merge pull request #199 from rtCamp/dependabot/docker/alpine-beefdbd8a1da6d29...
  • 17200f4 Bump alpine from 0a4eaa0 to beefdbd
  • e01e65e Bump golang from fe8f9c7 to e0ea2a1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 19, 2024
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-9a7876a33a branch 3 times, most recently from ad4a86d to 788bb89 Compare November 21, 2024 10:02
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.1` | `2.10.2` |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.1` | `4.2.2` |
| [chainguard-dev/digestabot](https://github.com/chainguard-dev/digestabot) | `1.2.0` | `1.2.1` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.3` | `45.0.4` |
| [chainguard-dev/setup-chainctl](https://github.com/chainguard-dev/setup-chainctl) | `0.2.3` | `0.2.4` |
| [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify) | `2.3.0` | `2.3.2` |



Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@91182cc...0080882)

Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@eef6144...11bd719)

Updates `chainguard-dev/digestabot` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/chainguard-dev/digestabot/releases)
- [Commits](chainguard-dev/digestabot@02ea60d...cee67ce)

Updates `tj-actions/changed-files` from 45.0.3 to 45.0.4
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@c3a1bb2...4edd678)

Updates `chainguard-dev/setup-chainctl` from 0.2.3 to 0.2.4
- [Release notes](https://github.com/chainguard-dev/setup-chainctl/releases)
- [Commits](chainguard-dev/setup-chainctl@5984995...8d93dcb)

Updates `rtCamp/action-slack-notify` from 2.3.0 to 2.3.2
- [Release notes](https://github.com/rtcamp/action-slack-notify/releases)
- [Commits](rtCamp/action-slack-notify@4e5fb42...c337377)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: chainguard-dev/digestabot
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: chainguard-dev/setup-chainctl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: rtCamp/action-slack-notify
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-9a7876a33a branch from 788bb89 to b0401fb Compare November 22, 2024 09:39
@jdolitsky jdolitsky enabled auto-merge (squash) November 22, 2024 17:59
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 12, 2024

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Dec 12, 2024
auto-merge was automatically disabled December 12, 2024 01:27

Pull request was closed

@dependabot dependabot bot deleted the dependabot/github_actions/actions-9a7876a33a branch December 12, 2024 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants