From 9bb2e511f8dcc8075a59f6e2385aa91c1ffb89d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 12:33:53 +0000
Subject: [PATCH] ci: bump the github-actions group with 2 updates (#16503)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps the github-actions group with 2 updates:
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
and [github/codeql-action](https://github.com/github/codeql-action).
Updates `docker/setup-buildx-action` from 3.8.0 to 3.9.0
Release notes
Sourced from docker/setup-buildx-action's
releases.
v3.9.0
Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0
Commits
f7ce87c
Merge pull request #404
from docker/dependabot/npm_and_yarn/docker/actions-to...aa1e2a0
chore: update generated content673e008
build(deps): bump @docker/actions-toolkit from 0.53.0 to
0.54.0ba31df4
Merge pull request #402
from docker/dependabot/npm_and_yarn/docker/actions-to...5475af1
chore: update generated contentacacad9
build(deps): bump @docker/actions-toolkit from 0.48.0 to
0.53.06a25f98
Merge pull request #396
from crazy-max/bake-v6ca1af17
update bake-action to v6- See full diff in compare
view
Updates `github/codeql-action` from 3.28.8 to 3.28.9
Release notes
Sourced from github/codeql-action's
releases.
v3.28.9
CodeQL Action Changelog
See the releases
page for the relevant changes to the CodeQL CLI and language
packs.
3.28.9 - 07 Feb 2025
- Update default CodeQL bundle version to 2.20.4. #2753
See the full CHANGELOG.md
for more information.
Changelog
Sourced from github/codeql-action's
changelog.
CodeQL Action Changelog
See the releases
page for the relevant changes to the CodeQL CLI and language
packs.
[UNRELEASED]
No user facing changes.
3.28.9 - 07 Feb 2025
- Update default CodeQL bundle version to 2.20.4. #2753
3.28.8 - 29 Jan 2025
- Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. #2744
3.28.7 - 29 Jan 2025
No user facing changes.
3.28.6 - 27 Jan 2025
- Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
#2726
3.28.5 - 24 Jan 2025
- Update default CodeQL bundle version to 2.20.3. #2717
3.28.4 - 23 Jan 2025
No user facing changes.
3.28.3 - 22 Jan 2025
- Update default CodeQL bundle version to 2.20.2. #2707
- Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the CodeQL Action
sync tool and the Actions runner did not have Zstandard installed.
#2710
- Uploading debug artifacts for CodeQL analysis is temporarily
disabled. #2712
3.28.2 - 21 Jan 2025
No user facing changes.
3.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see this
changelog post. #2677
- Update default CodeQL bundle version to 2.20.1. #2678
3.28.0 - 20 Dec 2024
- Bump the minimum CodeQL bundle version to 2.15.5. #2655
... (truncated)
Commits
9e8d078
Merge pull request #2757
from github/update-v3.28.9-24e1c2d3343d9be6
Update changelog for v3.28.924e1c2d
Merge pull request #2753
from github/update-bundle/codeql-bundle-v2.20.457a08c0
Add changelog note52189d2
Update default bundle to codeql-bundle-v2.20.408bc0cf
Merge pull request #2751
from github/henrymercer/fix-init-post-without-configcf7c687
Send init-post status report in absence of configad42dbd
Merge pull request #2750
from github/dependabot/npm_and_yarn/npm-768bd9b555a8f5935
Merge pull request #2749
from github/dependabot/github_actions/actions-29d379...9660df3
Update checked-in dependencies- Additional commits viewable in compare
view
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/dogfood.yaml | 2 +-
.github/workflows/scorecard.yml | 2 +-
.github/workflows/security.yaml | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index 71e9d6e969..44e23ad626 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -53,7 +53,7 @@ jobs:
uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+ uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 83e8efce4d..44dec01907 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -47,6 +47,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+ uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
sarif_file: results.sarif
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 9e241d6e81..575adf205b 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -38,7 +38,7 @@ jobs:
uses: ./.github/actions/setup-go
- name: Initialize CodeQL
- uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+ uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
languages: go, javascript
@@ -48,7 +48,7 @@ jobs:
rm Makefile
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+ uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
- name: Send Slack notification on failure
if: ${{ failure() }}
@@ -144,7 +144,7 @@ jobs:
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+ uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
with:
sarif_file: trivy-results.sarif
category: "Trivy"