Skip to content
This repository was archived by the owner on Dec 2, 2025. It is now read-only.

chore(deps): bump the ci group with 4 updates #180

Merged
hilmarf merged 2 commits into from
Feb 6, 2025
Merged

chore(deps): bump the ci group with 4 updates #180

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
11f02bd
chore(deps): bump the ci group with 4 updates
dependabot[bot] Feb 2, 2025
c728153
Merge branch 'main' into dependabot/github_actions/ci-2ef672008e
hilmarf Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/mend_scan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
go-version-file: '${{ github.workspace }}/go.mod'

- name: 'Setup jq'
uses: dcarbone/install-jq-action@v2.1.0
uses: dcarbone/install-jq-action@v3.0.1

Check warning on line 45 in .github/workflows/mend_scan.yaml

View check run for this annotation

GitHub Advanced Security / CodeQL

Unpinned tag for a non-immutable Action in workflow 

Unpinned 3rd party Action 'Mend Security Scan' step [Uses Step](1) uses 'dcarbone/install-jq-action' with ref 'v3.0.1', not a pinned commit hash
with:
version: '1.7'

Expand Down Expand Up @@ -180,7 +180,7 @@

- name: Comment Mend Status on PR
if: ${{ github.event_name != 'schedule' && steps.pr_exists.outputs.pr_found == 'true' }}
uses: thollander/actions-comment-pull-request@v2.5.0
uses: thollander/actions-comment-pull-request@v3.0.1

Check warning on line 183 in .github/workflows/mend_scan.yaml

View check run for this annotation

GitHub Advanced Security / CodeQL

Unpinned tag for a non-immutable Action in workflow 

Unpinned 3rd party Action 'Mend Security Scan' step [Uses Step](1) uses 'thollander/actions-comment-pull-request' with ref 'v3.0.1', not a pinned commit hash
with:
message: |
## Mend Scan Summary: :${{ steps.report.outputs.status }}:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@
mkdir -p output
kustomize build ./config/default > ./output/install.yaml
- name: Setup Syft
uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
- name: Setup Cosign
uses: sigstore/cosign-installer@v3.5.0
uses: sigstore/cosign-installer@v3.7.0

Check warning on line 103 in .github/workflows/release.yaml

View check run for this annotation

GitHub Advanced Security / CodeQL

Unpinned tag for a non-immutable Action in workflow 

Unpinned 3rd party Action 'Release' step [Uses Step](1) uses 'sigstore/cosign-installer' with ref 'v3.7.0', not a pinned commit hash

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Release' step
Uses Step
Loading
uses 'sigstore/cosign-installer' with ref 'v3.7.0', not a pinned commit hash
- name: Run goreleaser
uses: goreleaser/goreleaser-action@v6
with:
Expand Down
Loading