From 6923cd215a3f9105f9404f1ebaa75c7fcab3cfc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Nov 2024 12:23:42 +0000
Subject: [PATCH 1/2] Bump anchore/scan-action from 3.3.0 to 5.2.1

Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3.3.0 to 5.2.1.
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anchore/scan-action/compare/d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7...f2ba85e044c8f5e5014c9a539328a9c78d3bfa49)

---
updated-dependencies:
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/anchore.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
index 1b3ef30..776043b 100644
--- a/.github/workflows/anchore.yml
+++ b/.github/workflows/anchore.yml
@@ -36,7 +36,7 @@ jobs:
     - name: Build the Docker image
       run: docker build . --file Dockerfile --tag localbuild/testimage:latest --no-cache --platform linux/amd64
     - name: Run the Anchore Grype scan action
-      uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
+      uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49
       id: scan
       with:
         image: "localbuild/testimage:latest"

From 0a6b2761bc0d3a7c41b25c5ee05c83121f4107b7 Mon Sep 17 00:00:00 2001
From: Sven Gottwald <2502366+svengo@users.noreply.github.com>
Date: Thu, 7 Nov 2024 14:16:30 +0100
Subject: [PATCH 2/2] Update anchore.yml

`retention-days` isn't supported by the upload-sarif action, see https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.
---
 .github/workflows/anchore.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
index 776043b..421e492 100644
--- a/.github/workflows/anchore.yml
+++ b/.github/workflows/anchore.yml
@@ -46,4 +46,3 @@ jobs:
       uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: ${{ steps.scan.outputs.sarif }}
-        retention-days: 90