chore(deps): Bump the actions-all group across 1 directory with 10 updates #470

dependabot · 2025-01-20T02:28:29Z

Bumps the actions-all group with 10 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.10.2`	`2.10.4`
actions/setup-go	`5.1.0`	`5.2.0`
github/codeql-action	`3.27.6`	`3.28.1`
golangci/golangci-lint-action	`6.1.1`	`6.2.0`
docker/setup-buildx-action	`3.7.1`	`3.8.0`
docker/build-push-action	`6.10.0`	`6.12.0`
peter-evans/create-pull-request	`7.0.5`	`7.0.6`
actions/upload-artifact	`4.4.3`	`4.6.0`
crazy-max/ghaction-setup-docker	`4.0.0`	`4.1.0`
docker/setup-qemu-action	`3.2.0`	`3.3.0`

Updates step-security/harden-runner from 2.10.2 to 2.10.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

Commits

cb605e5 Merge pull request #496 from step-security/fix-enobufs
61144dd Update log statement
b8be370 Add try catch block
6f6fa07 Fix ENOBUFS issue
18f6947 Merge pull request #495 from AkhigbeEromo/Update-README
81f844e Edit docs
4c766de Merge branch 'Update-README' of https://github.com/AkhigbeEromo/harden-runner...
c9c5f32 Handle Ashish reviews
2877824 Merge branch 'main' into Update-README
be87de0 Clean up
Additional commits viewable in compare view

Updates actions/setup-go from 5.1.0 to 5.2.0

Release notes

Sourced from actions/setup-go's releases.

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

Commits

3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
See full diff in compare view

Updates github/codeql-action from 3.27.6 to 3.28.1

Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits

b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
bb999b4 Update changelog for v3.28.1
ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
a05a7eb Fix PR number in changenote
8d2753b Add public changelog blog post link
e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.1.1 to 6.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.2.0

What's Changed

Changes

chore: use new build tag syntax by @alexandear in golangci/golangci-lint-action#1133

feat: support linux arm64 public preview by @ldez in golangci/golangci-lint-action#1144

Documentation

docs: update local development instructions by @dmitris in golangci/golangci-lint-action#1125

Dependencies

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1112

build(deps): bump the dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1113

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1114

build(deps): bump @types/node from 22.7.4 to 22.7.5 in the dependencies group by @dependabot in golangci/golangci-lint-action#1115

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1117

build(deps): bump @types/node from 22.7.5 to 22.7.7 in the dependencies group by @dependabot in golangci/golangci-lint-action#1118

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1119

build(deps): bump @types/node from 22.7.7 to 22.8.1 in the dependencies group by @dependabot in golangci/golangci-lint-action#1120

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1122

build(deps): bump the dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1123

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1126

build(deps): bump @types/node from 22.8.7 to 22.9.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1127

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1128

build(deps): bump @types/node from 22.9.0 to 22.9.3 in the dependencies group by @dependabot in golangci/golangci-lint-action#1130

build(deps): bump @types/node from 22.9.3 to 22.10.1 in the dependencies group by @dependabot in golangci/golangci-lint-action#1131

build(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates by @dependabot in golangci/golangci-lint-action#1132

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1134

build(deps): bump @actions/cache from 3.3.0 to 4.0.0 in the dependencies group by @dependabot in golangci/golangci-lint-action#1135

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1136

build(deps): bump @types/node from 22.10.1 to 22.10.2 in the dependencies group by @dependabot in golangci/golangci-lint-action#1137

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1138

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1139

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1141

build(deps): bump @types/node from 22.10.2 to 22.10.5 in the dependencies group by @dependabot in golangci/golangci-lint-action#1142

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1143

New Contributors

@dmitris made their first contribution in golangci/golangci-lint-action#1125

@alexandear made their first contribution in golangci/golangci-lint-action#1133

Full Changelog: golangci/golangci-lint-action@v6.1.1...v6.2.0

Commits

ec5d184 feat: support linux arm64 public preview (#1144)
a0297a1 build(deps-dev): bump the dev-dependencies group with 3 updates (#1143)
58eda26 build(deps): bump @types/node from 22.10.2 to 22.10.5 in the dependencies gro...
44c2434 build(deps-dev): bump the dev-dependencies group with 2 updates (#1141)
2f13b80 build(deps-dev): bump the dev-dependencies group with 2 updates (#1139)
1ac3686 build(deps-dev): bump the dev-dependencies group with 2 updates (#1138)
9937fdf build(deps): bump @types/node from 22.10.1 to 22.10.2 in the dependencies gro...
cb60b26 build(deps-dev): bump the dev-dependencies group with 2 updates (#1136)
774c35b build(deps): bump @actions/cache from 3.3.0 to 4.0.0 in the dependencies grou...
7ce5487 build(deps-dev): bump the dev-dependencies group with 3 updates (#1134)
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.7.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

Commits

6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
8d5e074 chore: update generated content
7199e57 make cloud prefix optional to download buildx if driver is cloud
db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
686da90 chore: update generated content
a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
4dcdbce build(deps): bump @docker/actions-toolkit from 0.39.0 to 0.48.0
1a8ac74 ci: fix deprecated input for codecov-action
e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
Additional commits viewable in compare view

Updates docker/build-push-action from 6.10.0 to 6.12.0

Release notes

Sourced from docker/build-push-action's releases.

v6.12.0

Bump @docker/actions-toolkit from 0.49.0 to 0.51.0 in docker/build-push-action#1300

Full Changelog: docker/build-push-action@v6.11.0...v6.12.0

v6.11.0

Handlebar defaultContext support for build-contexts input by @crazy-max in docker/build-push-action#1283

Bump @docker/actions-toolkit from 0.46.0 to 0.49.0 in docker/build-push-action#1281

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

Commits

67a2d40 Merge pull request #1300 from docker/dependabot/npm_and_yarn/docker/actions-t...
0b1b1c9 chore: update generated content
b6a7c2c chore(deps): Bump @docker/actions-toolkit from 0.49.0 to 0.51.0
31ca4e5 Merge pull request #1296 from crazy-max/bake-v6
e613db9 update bake-action to v6
b32b51a Merge pull request #1281 from docker/dependabot/npm_and_yarn/docker/actions-t...
594bf46 Merge pull request #1294 from crazy-max/fix-e2e
fd37bd5 ci(e2e): fix setup docker config
e6478a2 chore: update generated content
78785bd chore(deps): Bump @docker/actions-toolkit from 0.46.0 to 0.49.0
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.5 to 7.0.6

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.6

⚙️ Fixes an issue with commit signing where unicode characters in file paths were not preserved.

What's Changed

build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot in peter-evans/create-pull-request#3365

Update distribution by @actions-bot in peter-evans/create-pull-request#3370

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.2.4 to 13.2.5 by @dependabot in peter-evans/create-pull-request#3375

build(deps-dev): bump @types/node from 18.19.50 to 18.19.54 by @dependabot in peter-evans/create-pull-request#3376

build(deps): bump @octokit/plugin-paginate-rest from 11.3.3 to 11.3.5 by @dependabot in peter-evans/create-pull-request#3377

Update distribution by @actions-bot in peter-evans/create-pull-request#3388

build(deps-dev): bump @types/node from 18.19.54 to 18.19.55 by @dependabot in peter-evans/create-pull-request#3400

build(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in peter-evans/create-pull-request#3401

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.2.5 to 13.2.6 by @dependabot in peter-evans/create-pull-request#3403

build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 by @dependabot in peter-evans/create-pull-request#3402

build(deps): bump @octokit/plugin-throttling from 9.3.1 to 9.3.2 by @dependabot in peter-evans/create-pull-request#3404

Update distribution by @actions-bot in peter-evans/create-pull-request#3423

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in peter-evans/create-pull-request#3441

build(deps): bump undici from 6.19.8 to 6.20.1 by @dependabot in peter-evans/create-pull-request#3442

Update distribution by @actions-bot in peter-evans/create-pull-request#3451

build(deps-dev): bump @types/node from 18.19.55 to 18.19.58 by @dependabot in peter-evans/create-pull-request#3457

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in peter-evans/create-pull-request#3462

build(deps-dev): bump @types/node from 18.19.58 to 18.19.60 by @dependabot in peter-evans/create-pull-request#3463

chore: don't bundle undici by @benmccann in peter-evans/create-pull-request#3475

Update distribution by @actions-bot in peter-evans/create-pull-request#3478

chore: use node-fetch-native support for proxy env vars by @peter-evans in peter-evans/create-pull-request#3483

build(deps-dev): bump @types/node from 18.19.60 to 18.19.64 by @dependabot in peter-evans/create-pull-request#3488

build(deps-dev): bump undici from 6.20.1 to 6.21.0 by @dependabot in peter-evans/create-pull-request#3499

build(deps-dev): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot in peter-evans/create-pull-request#3500

docs: note push-to-repo classic PAT workflow scope requirement by @scop in peter-evans/create-pull-request#3511

docs: spelling fixes by @scop in peter-evans/create-pull-request#3512

build(deps-dev): bump typescript from 5.6.3 to 5.7.2 by @dependabot in peter-evans/create-pull-request#3516

build(deps-dev): bump prettier from 3.3.3 to 3.4.0 by @dependabot in peter-evans/create-pull-request#3517

build(deps-dev): bump @types/node from 18.19.64 to 18.19.66 by @dependabot in peter-evans/create-pull-request#3518

docs(README): clarify that an existing open PR is managed by @caugner in peter-evans/create-pull-request#3498

Update distribution by @actions-bot in peter-evans/create-pull-request#3529

build(deps): bump @octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 by @dependabot in peter-evans/create-pull-request#3542

build(deps-dev): bump @types/node from 18.19.66 to 18.19.67 by @dependabot in peter-evans/create-pull-request#3543

build(deps-dev): bump prettier from 3.4.0 to 3.4.1 by @dependabot in peter-evans/create-pull-request#3544

build(deps-dev): bump eslint-import-resolver-typescript from 3.6.3 to 3.7.0 by @dependabot in peter-evans/create-pull-request#3559

build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by @dependabot in peter-evans/create-pull-request#3560

build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 by @dependabot in peter-evans/create-pull-request#3570

build(deps): bump p-limit from 6.1.0 to 6.2.0 by @dependabot in peter-evans/create-pull-request#3578

Update distribution by @actions-bot in peter-evans/create-pull-request#3583

fix: preserve unicode in filepaths when commit signing by @peter-evans in peter-evans/create-pull-request#3588

New Contributors

@benmccann made their first contribution in peter-evans/create-pull-request#3475

@scop made their first contribution in peter-evans/create-pull-request#3511

@caugner made their first contribution in peter-evans/create-pull-request#3498

... (truncated)

Commits

67ccf78 fix: preserve unicode in filepaths when commit signing (#3588)
bb88e27 build: update distribution (#3583)
b378ed5 build(deps): bump p-limit from 6.1.0 to 6.2.0 (#3578)
fa9200e build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 (#3570)
16e0059 build(deps-dev): bump prettier from 3.4.1 to 3.4.2 (#3560)
5bffd5a build(deps-dev): bump eslint-import-resolver-typescript (#3559)
a22a0dd build(deps-dev): bump prettier from 3.4.0 to 3.4.1 (#3544)
b27ce37 build(deps-dev): bump @types/node from 18.19.66 to 18.19.67 (#3543)
4e0cc19 build(deps): bump @octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 (#3542)
25b6871 docs: update scopes for push-to-fork
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.3 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits

65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
See full diff in compare view

Updates crazy-max/ghaction-setup-docker from 4.0.0 to 4.1.0

Release notes

Sourced from crazy-max/ghaction-setup-docker's releases.

v4.1.0

Adds tcp-port opt to expose Docker API to a local TCP address by @crazy-max in docker/setup-docker-action#138

Bump @docker/actions-toolkit from 0.47.0 to 0.49.0 in docker/setup-docker-action#137 docker/setup-docker-action#140

Full Changelog: docker/setup-docker-action@v4.0.0...v4.1.0

Commits

370a7da Merge pull request #139 from vvoland/docs-version-csv
23c3839 docs: Document version csv format
b814c39 Merge pull request #138 from crazy-max/expose-tcp-input
75153b5 chore: update generated content
3a56725 tcp-port opt to expose Docker API to a local TCP address
fde3095 Merge pull request #140 from docker/dependabot/npm_and_yarn/docker/actions-to...
d22c57e chore: update generated content
6172ee1 build(deps): bump @docker/actions-toolkit from 0.48.0 to 0.49.0
2a248d8 Merge pull request #137 from docker/dependabot/npm_and_yarn/docker/actions-to...
6dbd870 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.2.0 to 3.3.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

Commits

53851d1 Merge pull request #187 from docker/dependabot/npm_and_yarn/docker/actions-to...
7066b90 chore: update generated content
7559081 build(deps): bump @docker/actions-toolkit from 0.35.0 to 0.49.0
08d11eb Merge pull request #172 from docker/dependabot/npm_and_yarn/actions/core-1.11.1
e53506f chore: update generated content
610b442 build(deps): bump @actions/core from 1.10.1 to 1.11.1
58a19f8 Merge pull request #182 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
49a12c4 Merge pull request #180 from docker/dependabot/github_actions/codecov/codecov...
2b8ac83 ci: fix deprecated input for codecov-action
fdbeaac Merge pull request #130 from crazy-max/cache-image
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates Bumps the actions-all group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.2` | `2.10.4` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.1.0` | `5.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.6` | `3.28.1` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.1` | `6.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.7.1` | `3.8.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.10.0` | `6.12.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` | | [crazy-max/ghaction-setup-docker](https://github.com/crazy-max/ghaction-setup-docker) | `4.0.0` | `4.1.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.2.0` | `3.3.0` | Updates `step-security/harden-runner` from 2.10.2 to 2.10.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@0080882...cb605e5) Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@41dfa10...3041bf5) Updates `github/codeql-action` from 3.27.6 to 3.28.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@aa57810...b6a472f) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@971e284...ec5d184) Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@c47758b...6524bf6) Updates `docker/build-push-action` from 6.10.0 to 6.12.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@48aba3b...67a2d40) Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.6 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@5e91468...67ccf78) Updates `actions/upload-artifact` from 4.4.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...65c4c4a) Updates `crazy-max/ghaction-setup-docker` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/crazy-max/ghaction-setup-docker/releases) - [Commits](docker/setup-docker-action@01efb57...370a7da) Updates `docker/setup-qemu-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@49b3bc8...53851d1) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: crazy-max/ghaction-setup-docker dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-all ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the actions-all group across 1 directory with 10 updates #470

chore(deps): Bump the actions-all group across 1 directory with 10 updates #470

dependabot bot commented on behalf of github Jan 20, 2025

chore(deps): Bump the actions-all group across 1 directory with 10 updates #470

Are you sure you want to change the base?

chore(deps): Bump the actions-all group across 1 directory with 10 updates #470

Conversation

dependabot bot commented on behalf of github Jan 20, 2025

v2.10.4

What's Changed

v2.10.3

What's Changed

v5.2.0

What's Changed

New Contributors

v3.28.1

CodeQL Action Changelog

3.28.1 - 10 Jan 2025

v3.28.0

CodeQL Action Changelog

3.28.0 - 20 Dec 2024

v3.27.9

CodeQL Action Changelog

3.27.9 - 12 Dec 2024

v3.27.7

CodeQL Action Changelog

3.27.7 - 10 Dec 2024

CodeQL Action Changelog

[UNRELEASED]

3.28.1 - 10 Jan 2025

3.28.0 - 20 Dec 2024

3.27.9 - 12 Dec 2024

3.27.8 - 12 Dec 2024

3.27.7 - 10 Dec 2024

3.27.6 - 03 Dec 2024

3.27.5 - 19 Nov 2024

3.27.4 - 14 Nov 2024

3.27.3 - 12 Nov 2024

3.27.2 - 12 Nov 2024

v6.2.0

What's Changed

Changes

Documentation

Dependencies

New Contributors

v3.8.0

v6.12.0

v6.11.0

Create Pull Request v7.0.6

What's Changed

New Contributors

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v4.1.0

v3.3.0