shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-04 05:28:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,967 Commits 1,144 Branches 344 Tags
6b3e14f3fa77458bd7e556d72ae3343100b8b4df
Commit Graph

72 Commits

Author SHA1 Message Date
dependabot[bot] cf370d6d1f ci: bump the github-actions group with 5 updates (#16382) 
Bumps the github-actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.29.4` |
`1.29.5` |
|
[google-github-actions/auth](https://github.com/google-github-actions/auth)
| `2.1.7` | `2.1.8` |
|
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud)
| `2.1.2` | `2.1.4` |
|
[google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials)
| `2.3.0` | `2.3.1` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.28.5` | `3.28.8` |

Updates `crate-ci/typos` from 1.29.4 to 1.29.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.29.5</h2>
<h2>[1.29.5] - 2025-01-30</h2>
<h3>Internal</h3>
<ul>
<li>Update a dependency</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1200">January
2025</a> changes</li>
</ul>
<h2>[1.29.5] - 2025-01-30</h2>
<h3>Internal</h3>
<ul>
<li>Update a dependency</li>
</ul>
<h2>[1.29.4] - 2025-01-03</h2>
<h2>[1.29.3] - 2025-01-02</h2>
<h2>[1.29.2] - 2025-01-02</h2>
<h2>[1.29.1] - 2025-01-02</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>deriver</code></li>
</ul>
<h2>[1.29.0] - 2024-12-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1156">December
2024</a> changes</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Sped up dictionary lookups</li>
</ul>
<h2>[1.28.4] - 2024-12-16</h2>
<h3>Features</h3>
<ul>
<li><code>--format sarif</code> support</li>
</ul>
<h2>[1.28.3] - 2024-12-12</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/11ca4583f2f3f74c7e7785c0ecb20fe2c99a4308"><code>11ca458</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/99fd37f157f55c0565a0574a86eb3949dbd38165"><code>99fd37f</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/4f604f6effffe7f41833b65ee75da75d416821ef"><code>4f604f6</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1220">#1220</a>
from epage/w7</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ba04a1a0fd67a0e00ad36c5c5655b9740ee5e68a"><code>ba04a1a</code></a>
perf: Remove ErrMode overhead</li>
<li><a
href="https://github.com/crate-ci/typos/commit/60452b5a81caa4f70c81282f2cdd2116fc045f52"><code>60452b5</code></a>
chore: Update to Winnow 0.7</li>
<li><a
href="https://github.com/crate-ci/typos/commit/4c22f194b5c24cf2b7d0524df0857f0f8bbc32a5"><code>4c22f19</code></a>
refactor: Migrate from Parser to ModalParser</li>
<li><a
href="https://github.com/crate-ci/typos/commit/7830eb8730de84bf14bc14cadb996c0e52f9fe93"><code>7830eb8</code></a>
refactor: Resolve deprecations</li>
<li><a
href="https://github.com/crate-ci/typos/commit/07f1292e290f35153fb91dad3324e7bdb9cd827a"><code>07f1292</code></a>
chore: Upgrade to Winnow 0.6.26</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3683264986a72f63f13e9e8fc132a13af2a322b8"><code>3683264</code></a>
chore(deps): Update Rust Stable to v1.84 (<a
href="https://redirect.github.com/crate-ci/typos/issues/1216">#1216</a>)</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2ed38e07fc83ec249f9736b81008690c2c88ec98"><code>2ed38e0</code></a>
chore(deps): Update Rust crate bstr to v1.11.3 (<a
href="https://redirect.github.com/crate-ci/typos/issues/1202">#1202</a>)</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/685eb3d55be2f85191e8c84acb9f44d7756f84ab...11ca4583f2f3f74c7e7785c0ecb20fe2c99a4308">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/auth` from 2.1.7 to 2.1.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.8</h2>
<h2>What's Changed</h2>
<ul>
<li>Update TROUBLESHOOTING.md by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/457">google-github-actions/auth#457</a></li>
<li>fix: add runs-on to README.md example by <a
href="https://github.com/lbarthon"><code>@​lbarthon</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li>
<li>security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/463">google-github-actions/auth#463</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/466">google-github-actions/auth#466</a></li>
<li>Release: v2.1.8 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/467">google-github-actions/auth#467</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/lbarthon"><code>@​lbarthon</code></a>
made their first contribution in <a
href="https://redirect.github.com/google-github-actions/auth/pull/460">google-github-actions/auth#460</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2...v2.1.8">https://github.com/google-github-actions/auth/compare/v2...v2.1.8</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/auth/commit/71f986410dfbc7added4569d411d040a91dc6935"><code>71f9864</code></a>
Release: v2.1.8 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/467">#467</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/0cd8f2e4e26e94673a192056e2a7f0af77f84889"><code>0cd8f2e</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/auth/issues/466">#466</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/332e0ba72f0d93d01c6f79eff1bd404dc3abddd3"><code>332e0ba</code></a>
security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group
(<a
href="https://redirect.github.com/google-github-actions/auth/issues/463">#463</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/28d44ba25933bc5bc7f2d69931f8001632c46611"><code>28d44ba</code></a>
fix: add runs-on to README.md example (<a
href="https://redirect.github.com/google-github-actions/auth/issues/460">#460</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/83354cacbb08bb6ced8aa3959623167f377b302e"><code>83354ca</code></a>
Update TROUBLESHOOTING.md (<a
href="https://redirect.github.com/google-github-actions/auth/issues/457">#457</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/auth/compare/6fc4af4b145ae7821d527454aa9bd537d1f2dc5f...71f986410dfbc7added4569d411d040a91dc6935">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/setup-gcloud` from 2.1.2 to 2.1.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/setup-gcloud/releases">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert to pinned release workflows by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/706">google-github-actions/setup-gcloud#706</a></li>
<li>Release: v2.1.4 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/707">google-github-actions/setup-gcloud#707</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.1.3...v2.1.4">https://github.com/google-github-actions/setup-gcloud/compare/v2.1.3...v2.1.4</a></p>
<h2>v2.1.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Allow manually running integration tests with workflow_dispatch by
<a href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in
<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/702">google-github-actions/setup-gcloud#702</a></li>
<li>security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/703">google-github-actions/setup-gcloud#703</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/704">google-github-actions/setup-gcloud#704</a></li>
<li>Release: v2.1.3 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/705">google-github-actions/setup-gcloud#705</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2...v2.1.3">https://github.com/google-github-actions/setup-gcloud/compare/v2...v2.1.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/77e7a554d41e2ee56fc945c52dfd3f33d12def9a"><code>77e7a55</code></a>
Release: v2.1.4 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/707">#707</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/334c6905f38b9e030504ad8d87fbbaa43cdd3586"><code>334c690</code></a>
Revert to pinned release workflows (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/706">#706</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/4111bea454dcfe1b4c2db3753685db043571e112"><code>4111bea</code></a>
Release: v2.1.3 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/705">#705</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/0c0751a334df96bd97a58506905a494041dfdec0"><code>0c0751a</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/704">#704</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/ae61ebc56fc846462d0e35972f86f9fb1d30f2e2"><code>ae61ebc</code></a>
security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group
(<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/703">#703</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/25043b08d04e573bd8f468495feb10e6a5715267"><code>25043b0</code></a>
Allow manually running integration tests with workflow_dispatch (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/702">#702</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/setup-gcloud/compare/6189d56e4096ee891640bb02ac264be376592d6a...77e7a554d41e2ee56fc945c52dfd3f33d12def9a">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/get-gke-credentials` from 2.3.0 to 2.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/get-gke-credentials/releases">google-github-actions/get-gke-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Centralize request logic, turn on retries, and add debug logging by
<a href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in
<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/323">google-github-actions/get-gke-credentials#323</a></li>
<li>security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/324">google-github-actions/get-gke-credentials#324</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/325">google-github-actions/get-gke-credentials#325</a></li>
<li>Release: v2.3.1 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/326">google-github-actions/get-gke-credentials#326</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/v2...v2.3.1">https://github.com/google-github-actions/get-gke-credentials/compare/v2...v2.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/7a108e64ed8546fe38316b4086e91da13f4785e1"><code>7a108e6</code></a>
Release: v2.3.1 (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/326">#326</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/c5976979eef9961ac6e47fb2f06b958375d5ff33"><code>c597697</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/325">#325</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/cb57a88edb5f546e72abe31af937bfcc9b0820b2"><code>cb57a88</code></a>
security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group
(<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/324">#324</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/b7a282cc9785583100aba279cbe3ab147a4f2cf6"><code>b7a282c</code></a>
Centralize request logic, turn on retries, and add debug logging (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/323">#323</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/9025e8f90f2d8e0c3dafc3128cc705a26d992a6a...7a108e64ed8546fe38316b4086e91da13f4785e1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.28.5 to 3.28.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
<li>Update default CodeQL bundle version to 2.20.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2678">#2678</a></li>
</ul>
<h2>3.28.0 - 20 Dec 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2655">#2655</a></li>
<li>Don't fail in the unusual case that a file is on the search path. <a
href="https://redirect.github.com/github/codeql-action/pull/2660">#2660</a>.</li>
</ul>
<h2>3.27.9 - 12 Dec 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/dd746615b3b9d728a6a37ca2045b68ca76d4841a"><code>dd74661</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2746">#2746</a>
from github/update-v3.28.8-a91a3f767</li>
<li><a
href="https://github.com/github/codeql-action/commit/3210a3cda6446234a897a079af1b684aa4c73326"><code>3210a3c</code></a>
Fix Kotlin version in changelog</li>
<li><a
href="https://github.com/github/codeql-action/commit/72f9d0296b7b9c91564f67ddf9def81c815ce0c6"><code>72f9d02</code></a>
Update changelog for v3.28.8</li>
<li><a
href="https://github.com/github/codeql-action/commit/a91a3f76789881261b540fb7aa8a527214f8ac01"><code>a91a3f7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2744">#2744</a>
from github/igfoo/kot2.1.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/c520fb59d4c28e13147ed378b4c12599df187412"><code>c520fb5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2745">#2745</a>
from github/mergeback/v3.28.7-to-main-6e545590</li>
<li><a
href="https://github.com/github/codeql-action/commit/3879c5766041d8b2b7504c5c4b2d6dbd289f7634"><code>3879c57</code></a>
Add changelog entry</li>
<li><a
href="https://github.com/github/codeql-action/commit/0c2193725f360a9b0adcad3a71ce0d9cd4acb219"><code>0c21937</code></a>
Run &quot;npm run build&quot;</li>
<li><a
href="https://github.com/github/codeql-action/commit/5a61bf07fab8324ecda8ebb1d817463b17b717d9"><code>5a61bf0</code></a>
Kotlin: The 2.20.3 release supports Kotlin 2.1.10.</li>
<li><a
href="https://github.com/github/codeql-action/commit/163d1195df65a0e49551cd9b4fa0383e68d64a39"><code>163d119</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/bcf5cecbc6b147de017e1841778fa8d8644bf8a2"><code>bcf5cec</code></a>
Update changelog and version after v3.28.7</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4...dd746615b3b9d728a6a37ca2045b68ca76d4841a">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-03 12:23:21 +00:00
Thomas Kosiewski 1336925c9f feat(flake.nix): switch dogfood dev image to buildNixShellImage from dockerTools (#16223) 
Replace Depot build action with Nix for Nix dogfood image builds

The dogfood Nix image is now built using Nix's native container tooling instead of Depot. This change:

- Adds Nix setup steps to the GitHub Actions workflow
- Removes the Dockerfile.nix in favor of a Nix-native container build
- Updates the flake.nix to support building Docker images
- Introduces a hash file to track Nix-related changes
- Updates the vendorHash for Go dependencies

Change-Id: I4e011fe3a19d9a1375fbfd5223c910e59d66a5d9
Signed-off-by: Thomas Kosiewski <tk@coder.com>
 2025-01-28 16:38:37 +01:00
dependabot[bot] 84a54c1d7b ci: bump the github-actions group with 3 updates (#16299) 
Bumps the github-actions group with 3 updates:
[dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata),
[github/codeql-action](https://github.com/github/codeql-action) and
[umbrelladocs/action-linkspector](https://github.com/umbrelladocs/action-linkspector).

Updates `dependabot/fetch-metadata` from 2.2.0 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/create-github-app-token from 1.10.2 to 1.10.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/537">dependabot/fetch-metadata#537</a></li>
<li>Update readme to include an if conditional by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/548">dependabot/fetch-metadata#548</a></li>
<li>Silence audit and funding messages from <code>npm</code> by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/550">dependabot/fetch-metadata#550</a></li>
<li>Bump actions/create-github-app-token from 1.10.3 to 1.11.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/554">dependabot/fetch-metadata#554</a></li>
<li>fix readme action example by <a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li>
<li>Fixed missing outputs in action.yml by <a
href="https://github.com/CatChen"><code>@​CatChen</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li>
<li>Handle branch names containing dependency group by <a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/565">dependabot/fetch-metadata#565</a></li>
<li>v2.3.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/543">dependabot/fetch-metadata#543</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
made their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li>
<li><a href="https://github.com/CatChen"><code>@​CatChen</code></a> made
their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/d7267f607e9d3fb96fc2fbe83e0af444713e90b7"><code>d7267f6</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/543">#543</a>
from dependabot/bump-to-v2.3.0</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/e3dd295a04f6eccc15a116fc5cde058f1735c05d"><code>e3dd295</code></a>
v2.3.0</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/3da9521b8c62beab87c4d18ad1e9bd7fd7b9d3bf"><code>3da9521</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/565">#565</a>
from CloudNStoyan/main</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/de52f600152fa3f48a82e88e06e864cba8421436"><code>de52f60</code></a>
update build</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/59d2b1fb73ac123a1953e2ddc99ea8f1b869463a"><code>59d2b1f</code></a>
fix incorrect parsing of directory when using dependency-group</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/0d270694949cee4e6c179fc89629d95e0b9fb763"><code>0d27069</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/564">#564</a>
from CatChen/fixed-missing-outputs-in-action-yml</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/5a7546a6e709997b54d62d4e673a23eaa8621a26"><code>5a7546a</code></a>
Fixed missing outputs in action.yml</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/06ea45a2e4582d87b11f03c7ce596ae3261f39f6"><code>06ea45a</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/563">#563</a>
from CloudNStoyan/main</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/bbfca7ec1c0b06b16cc955f242ebc9f1c8daa4f4"><code>bbfca7e</code></a>
fix readme action example</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/b0d0393a82702c1819b5ae7ad6ea780cd8c18aae"><code>b0d0393</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/554">#554</a>
from dependabot/dependabot/github_actions/actions/cre...</li>
<li>Additional commits viewable in <a
href="https://github.com/dependabot/fetch-metadata/compare/dbb049abf0d677abbd7f7eee0375145b417fdd34...d7267f607e9d3fb96fc2fbe83e0af444713e90b7">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.28.1 to 3.28.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
<li>Update default CodeQL bundle version to 2.20.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2678">#2678</a></li>
</ul>
<h2>3.28.0 - 20 Dec 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2655">#2655</a></li>
<li>Don't fail in the unusual case that a file is on the search path. <a
href="https://redirect.github.com/github/codeql-action/pull/2660">#2660</a>.</li>
</ul>
<h2>3.27.9 - 12 Dec 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.8 - 12 Dec 2024</h2>
<ul>
<li>Fixed an issue where streaming the download and extraction of the
CodeQL bundle did not respect proxy settings. <a
href="https://redirect.github.com/github/codeql-action/pull/2624">#2624</a></li>
</ul>
<h2>3.27.7 - 10 Dec 2024</h2>
<ul>
<li>We are rolling out a change in December 2024 that will extract the
CodeQL bundle directly to the toolcache to improve performance. <a
href="https://redirect.github.com/github/codeql-action/pull/2631">#2631</a></li>
<li>Update default CodeQL bundle version to 2.20.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2636">#2636</a></li>
</ul>
<h2>3.27.6 - 03 Dec 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4"><code>f6091c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2721">#2721</a>
from github/update-v3.28.5-01f001931</li>
<li><a
href="https://github.com/github/codeql-action/commit/064af10f0de41995b41632364b4bfb00a34df047"><code>064af10</code></a>
Update changelog for v3.28.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/01f0019310ce544d1cf748667a69f8fd6e26e48a"><code>01f0019</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2717">#2717</a>
from github/update-bundle/codeql-bundle-v2.20.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/573ad887cd5b527e9baef02653bd455e1ff5181c"><code>573ad88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2718">#2718</a>
from github/kaeluka/4779-1</li>
<li><a
href="https://github.com/github/codeql-action/commit/d7f39764f685cbe3764f763469a0d72383d7b9c8"><code>d7f3976</code></a>
permissions block in query-filters.yml</li>
<li><a
href="https://github.com/github/codeql-action/commit/428975ce2cf327a0e919004c63e734eddd0e6255"><code>428975c</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/208091da0a1069394981cdf5e7a91a8ee3f10709"><code>208091d</code></a>
Update default bundle to codeql-bundle-v2.20.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a"><code>7e3036b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2716">#2716</a>
from github/mergeback/v3.28.4-to-main-ee117c90</li>
<li><a
href="https://github.com/github/codeql-action/commit/e32a0d62d44ac06377953bfaf3ffd43618be076a"><code>e32a0d6</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/67c21e4084d5e020fbc969b839d42911b87fb8b5"><code>67c21e4</code></a>
Update changelog and version after v3.28.4</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4">compare
view</a></li>
</ul>
</details>
<br />

Updates `umbrelladocs/action-linkspector` from 1.2.4 to 1.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/umbrelladocs/action-linkspector/releases">umbrelladocs/action-linkspector's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: disable AppArmor user namespace restrictions on the runner by
<a href="https://github.com/Realiserad"><code>@​Realiserad</code></a> in
<a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/34">UmbrellaDocs/action-linkspector#34</a></li>
<li>chore(deps): update reviewdog/reviewdog to 0.20.3 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>
in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/31">UmbrellaDocs/action-linkspector#31</a></li>
<li>Add fail_level argument and deprecate fail_on_error by <a
href="https://github.com/bitcoin-tools"><code>@​bitcoin-tools</code></a>
in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/23">UmbrellaDocs/action-linkspector#23</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Realiserad"><code>@​Realiserad</code></a> made
their first contribution in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/34">UmbrellaDocs/action-linkspector#34</a></li>
<li><a
href="https://github.com/bitcoin-tools"><code>@​bitcoin-tools</code></a>
made their first contribution in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/23">UmbrellaDocs/action-linkspector#23</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/UmbrellaDocs/action-linkspector/compare/v1.2.4...UmbrellaDocs:release-1.2.5">https://github.com/UmbrellaDocs/action-linkspector/compare/v1.2.4...UmbrellaDocs:release-1.2.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/de84085e0f51452a470558693d7d308fbb2fa261"><code>de84085</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/35">#35</a>
from UmbrellaDocs/release-1.2.5</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/c6a59a6bf98fa2b8a152acaeff16921a3e39bc7b"><code>c6a59a6</code></a>
Added sample usage</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/21ce8cd6fc4d2812628c7d6a353ea86bf085eb59"><code>21ce8cd</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/23">#23</a>
from bitcoin-tools/deprecate-fail-on-error</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/e62bb2d5a68b84dfc5c0d1f61b133585a16ade13"><code>e62bb2d</code></a>
Fix YAML issues</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/64e2b9bf4f671dd0c213d87f40148216b4a0882a"><code>64e2b9b</code></a>
mitigate risk of untrusted inputs and define shell</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/e376d76f51c09def617e6cff4a49d04956213a15"><code>e376d76</code></a>
add backwards-compatability for <code>fail_on_error</code></li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/c6a531461dff91607a44a0221d82d3c087d5aeb1"><code>c6a5314</code></a>
replace deprecated option with fail_level</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/b8d796f06117f0151d00b6131c5c6ae9884c8ddf"><code>b8d796f</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/31">#31</a>
from UmbrellaDocs/depup/reviewdog/reviewdog</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/cde5159538b1a07765b494a136968cb9833df246"><code>cde5159</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/34">#34</a>
from Realiserad/main</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/d32de29fc2dd0fcdcf3da8f8a95e0a0c15f30e26"><code>d32de29</code></a>
fix: disable AppArmor user namespace restrictions on the runner</li>
<li>Additional commits viewable in <a
href="https://github.com/umbrelladocs/action-linkspector/compare/fc382e19892aca958e189954912fe379a8df270c...de84085e0f51452a470558693d7d308fbb2fa261">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-27 13:10:49 +00:00
dependabot[bot] f8844cab0a ci: bump the github-actions group with 4 updates (#16192) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muhammad Atif Ali <atif@coder.com>
 2025-01-21 15:31:30 +00:00
dependabot[bot] 4c939a6461 ci: bump the github-actions group with 3 updates (#15874) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 18:14:32 +05:00
dependabot[bot] 0109c9fe6f ci: bump the github-actions group across 1 directory with 4 updates (#15762) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-05 13:12:07 +00:00
Jon Ayers 45d9274aca chore: disable parallelization when running security action (#15666) 
- `make -j` appears to be broken for clean builds
 2024-11-26 23:35:51 +02:00
dependabot[bot] 9e78aaeea3 ci: bump the github-actions group with 3 updates (#15649) 
Bumps the github-actions group with 3 updates:
[step-security/harden-runner](https://github.com/step-security/harden-runner),
[github/codeql-action](https://github.com/github/codeql-action) and
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.10.2</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>Fixes low-severity command injection weaknesses
The advisory is here: <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc">https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc</a></p>
</li>
<li>
<p>Bug fix to improve detection of whether Harden-Runner is running in a
container</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.10.2">https://github.com/step-security/harden-runner/compare/v2...v2.10.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f"><code>0080882</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/476">#476</a>
from step-security/rc-16</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4a3a88bbf8f2e304f84e1042472c02dce37eba82"><code>4a3a88b</code></a>
Update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/556aae632a6c1f630efa52e90d706218618e5f2f"><code>556aae6</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/480">#480</a>
from h0x0er/jatin/cleanup</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6c39b8466160e86ad8606033d399fe7f4052aee1"><code>6c39b84</code></a>
chore: clean the code</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40401cf6183a0ab2dae5c7e485c1d073fe911e91"><code>40401cf</code></a>
Update for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/806ab1cccb47a439a89d5f8f85d3ea41a7fb1e4c"><code>806ab1c</code></a>
Update check for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/28468118cdb665b2214b64175253b83fcb4b25f6"><code>2846811</code></a>
update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/df8a07c1712fac199e8d6e78d64a46092afffa44"><code>df8a07c</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/475">#475</a>
from h0x0er/fix-execSync</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/30636fb583e59a926da2f17677e5cd3b63cf1be1"><code>30636fb</code></a>
bug fixes</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.27.4 to 3.27.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message &quot;Invalid value 'undefined' for header
'authorization'&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/2590">#2590</a></li>
</ul>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with &quot;upload-sarif post-action step failed: Input required and not
supplied: token&quot; when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/f09c1c0a94de965c15400f5634aa42fac8fb8f88"><code>f09c1c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2616">#2616</a>
from github/update-v3.27.5-a6c8729a5</li>
<li><a
href="https://github.com/github/codeql-action/commit/67b73eaba559c7e6913377065b0362ccbfc94e87"><code>67b73ea</code></a>
Update changelog for v3.27.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/a6c8729a5d7573eb8d440e52a9645ce4db61d97c"><code>a6c8729</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2614">#2614</a>
from github/marcogario/per-platform-proxy</li>
<li><a
href="https://github.com/github/codeql-action/commit/8f3b48727ff1b076c28967a258b95fcee30a3a48"><code>8f3b487</code></a>
Start-proxy: Fetch OS specific binary</li>
<li><a
href="https://github.com/github/codeql-action/commit/cba5fb58d4f85affaf03eb9da32f5b6c9d76838b"><code>cba5fb5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2613">#2613</a>
from github/dependabot/npm_and_yarn/npm_and_yarn-018...</li>
<li><a
href="https://github.com/github/codeql-action/commit/e782c3a145d9946aba8fa390e406acbe4e4c05c5"><code>e782c3a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2612">#2612</a>
from github/angelapwen/report-linux-runner-release</li>
<li><a
href="https://github.com/github/codeql-action/commit/db6788195b646f87b3d1c616b0c14a6d5b7fa9a6"><code>db67881</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/ecde4d232d18cf2dba6c1a6b76810332abff736f"><code>ecde4d2</code></a>
Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3c67a01d31d9c173ba5ffccc9d0f275540d99de"><code>e3c67a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2610">#2610</a>
from github/dependabot/npm_and_yarn/npm-d2ca52e617</li>
<li><a
href="https://github.com/github/codeql-action/commit/f9ada54538b47b6db28c4d11f53848689968909e"><code>f9ada54</code></a>
Telemetry: report OS release for GitHub-hosted Linux runners</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88">compare
view</a></li>
</ul>
</details>
<br />

Updates `aquasecurity/trivy-action` from 0.28.0 to 0.29.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.29.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: Allow skipping setup by <a
href="https://github.com/rvesse"><code>@​rvesse</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414">aquasecurity/trivy-action#414</a></li>
<li>Fix oras command not found in &quot;Update Trivy Cache&quot; action
by <a href="https://github.com/Tiryoh"><code>@​Tiryoh</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413">aquasecurity/trivy-action#413</a></li>
<li>Update README.md by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/420">aquasecurity/trivy-action#420</a></li>
<li>feat: add token for <code>setup-trivy</code> by <a
href="https://github.com/DmitriyLewen"><code>@​DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/421">aquasecurity/trivy-action#421</a></li>
<li>fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info by <a
href="https://github.com/DmitriyLewen"><code>@​DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/424">aquasecurity/trivy-action#424</a></li>
<li>docs: remove ignore-unfixed from IaC scan example by <a
href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/429">aquasecurity/trivy-action#429</a></li>
<li>chore(deps): Bump trivy to v0.57.1 by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/434">aquasecurity/trivy-action#434</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rvesse"><code>@​rvesse</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414">aquasecurity/trivy-action#414</a></li>
<li><a href="https://github.com/Tiryoh"><code>@​Tiryoh</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413">aquasecurity/trivy-action#413</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0">https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/18f2510ee396bbf400402947b394f2dd8c87dbb0"><code>18f2510</code></a>
chore(deps): Bump trivy to v0.57.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/434">#434</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/93941cebba762da4c91a91883859bf1bfb221c73"><code>93941ce</code></a>
docs: remove ignore-unfixed from IaC scan example (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/429">#429</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/d2a392a13760cb64cb6bbd31d4bed2a7d9a5298d"><code>d2a392a</code></a>
fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/424">#424</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/ee8934673cc18947baf4b05c01c4100ff36648da"><code>ee89346</code></a>
feat: add token for <code>setup-trivy</code> (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/421">#421</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/cf990b19d84bbbe1eb8833659989a7c1029132e3"><code>cf990b1</code></a>
Update README.md (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/420">#420</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/bff40be51b9207cf8f2148d628a9836cc7370247"><code>bff40be</code></a>
docs: Fix oras command not found (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/413">#413</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/fc1500abdcdc9fc681e98d8912a52fa70dbc67de"><code>fc1500a</code></a>
feat: Allow skipping setup (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/414">#414</a>)</li>
<li>See full diff in <a
href="https://github.com/aquasecurity/trivy-action/compare/915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2...18f2510ee396bbf400402947b394f2dd8c87dbb0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-26 16:24:10 +05:00
dependabot[bot] 1c6cec3c43 ci: bump github/codeql-action from 3.27.1 to 3.27.4 in the github-actions group (#15563) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-18 19:38:29 +05:00
dependabot[bot] 7f294bbb70 ci: bump the github-actions group with 2 updates (#15474) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-11 18:02:29 +05:00
Jon Ayers fd60e1c2ba fix: fix security workflow not installing protoc properly (#15263) 2024-10-29 01:30:43 +00:00
dependabot[bot] cdd40fb292 ci: bump the github-actions group with 2 updates (#15245) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 21:59:30 +05:00
Jon Ayers bcd68ee249 fix: fix build in security workflow (#15209) 
- Fixes an issue where building the Docker image failed due to moving
the directory hosting the Dockerfile
- Removed the Palo Alto scanning since our subscription there is set to
expire. Trivy is still running though.
 2024-10-24 01:21:18 +01:00
dependabot[bot] b67a850659 ci: bump the github-actions group with 4 updates (#15158) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-23 12:40:46 +05:00
Muhammad Atif Ali 8e254cbb07 chore: integrate step-security/harden-runner in workflows (#15099) 
Redoing #15097
Part of #14879
 2024-10-16 11:23:00 -07:00
dependabot[bot] 5317c500c8 ci: bump aquasecurity/trivy-action from 0.25.0 to 0.27.0 in the github-actions group (#15061) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-15 23:28:04 +05:00
Muhammad Atif Ali 57a65c15bf chore: use commit sha for GitHub actions (#15019) 
Use specific commit SHAs for GitHub actions across various workflows to
enhance reliability and reproducibility. This change ensures that
actions run against a known version, reducing the risk of unexpected
issues due to updates in the third-party action repositories.

This contributes to improving the score in #14879
 2024-10-14 08:49:55 -07:00
dependabot[bot] 71d31713c5 ci: bump the github-actions group across 1 directory with 2 updates (#15016) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muhammad Atif Ali <atif@coder.com>
 2024-10-08 09:04:43 +05:00
dependabot[bot] aaf295badf ci: bump the github-actions group with 2 updates (#13890) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-15 15:56:12 +03:00
Muhammad Atif Ali 136900268e ci: migrate to depot.dev runners (#13467) 2024-06-25 09:36:33 +03:00
dependabot[bot] 7cb8bfb133 ci: bump the github-actions group with 2 updates (#13645) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 15:52:05 +03:00
dependabot[bot] 363dbad3a3 ci: bump the github-actions group with 2 updates (#13521) 
Bumps the github-actions group with 2 updates: [crate-ci/typos](https://github.com/crate-ci/typos) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `crate-ci/typos` from 1.21.0 to 1.22.3
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.21.0...v1.22.3)

Updates `aquasecurity/trivy-action` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/fd25fed6972e341ff0007ddb61f77e88103953c2...595be6a0f6560a0a8fc419ddf630567fc623531d)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-11 01:06:40 +03:00
dependabot[bot] a1d3b82dd1 ci: bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 in the github-actions group (#13376) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-27 19:57:36 +03:00
dependabot[bot] 8c9560ddb8 ci: bump the github-actions group with 2 updates (#13238) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-10 17:38:07 +00:00
dependabot[bot] b7f5456e35 ci: bump the github-actions group with 1 update (#12828) 
Bumps the github-actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `aquasecurity/trivy-action` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/062f2592684a31eb3aa050cc61e7ca1451cecd3d...d710430a6722f083d3b36b8339ff66b32f22ee55)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 13:01:09 -05:00
dependabot[bot] aa3ab209f3 ci: bump the github-actions group with 3 updates (#12622) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-17 13:27:15 +00:00
Dean Sheather 842799847a chore: fix trivy scanning (#12421) 2024-03-05 19:04:16 -06:00
dependabot[bot] 9560d9a68b ci: bump the github-actions group with 2 updates (#12091) 
Bumps the github-actions group with 2 updates: [crate-ci/typos](https://github.com/crate-ci/typos) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `crate-ci/typos` from 1.18.0 to 1.18.2
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.18.0...v1.18.2)

Updates `aquasecurity/trivy-action` from 0.16.1 to 0.17.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca...84384bd6e777ef152729993b8145ea352e9dd3ef)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-13 17:52:12 +03:00
dependabot[bot] f3efa0803b ci: bump the github-actions group with 3 updates (#11447) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-05 14:11:09 +00:00
Steven Masley dd05a6b13a chore: mockgen archived, moved to new location (#11415) 
* chore: mockgen archived, moved to new location
 2024-01-04 18:35:56 -06:00
dependabot[bot] 28a0242c27 ci: bump the github-actions group with 4 updates (#11256) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 13:30:18 +00:00
dependabot[bot] 6823194683 ci: bump the github-actions group with 7 updates (#11123) 
Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.16.23` | `1.16.24` |
| [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) | `1` | `2` |
| [google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials) | `1` | `2` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `4` | `5` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.14.0` | `0.16.0` |
| [actions/stale](https://github.com/actions/stale) | `8.0.0` | `9.0.0` |


Updates `crate-ci/typos` from 1.16.23 to 1.16.24
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.16.23...v1.16.24)

Updates `google-github-actions/setup-gcloud` from 1 to 2
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/setup-gcloud/compare/v1...v2)

Updates `google-github-actions/get-gke-credentials` from 1 to 2
- [Release notes](https://github.com/google-github-actions/get-gke-credentials/releases)
- [Changelog](https://github.com/google-github-actions/get-gke-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/get-gke-credentials/compare/v1...v2)

Updates `docker/setup-buildx-action` from 2 to 3
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

Updates `docker/build-push-action` from 4 to 5
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

Updates `aquasecurity/trivy-action` from 0.14.0 to 0.16.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/2b6a709cf9c4025c5438138008beaddbb02086f0...91713af97dc80187565512baba96e4364e983601)

Updates `actions/stale` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v8.0.0...v9.0.0)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: google-github-actions/setup-gcloud
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: google-github-actions/get-gke-credentials
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-11 23:21:07 +10:00
dependabot[bot] 3f4791c9de ci: bump the github-actions group with 4 updates (#10649) 
Bumps the github-actions group with 4 updates: [crate-ci/typos](https://github.com/crate-ci/typos), [actions/github-script](https://github.com/actions/github-script), [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `crate-ci/typos` from 1.16.22 to 1.16.23
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.16.22...v1.16.23)

Updates `actions/github-script` from 5 to 6
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v5...v6)

Updates `DeterminateSystems/nix-installer-action` from 6 to 7
- [Release notes](https://github.com/determinatesystems/nix-installer-action/releases)
- [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v6...v7)

Updates `aquasecurity/trivy-action` from 0.13.1 to 0.14.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/f78e9ecf42a1271402d4f484518b9313235990e1...2b6a709cf9c4025c5438138008beaddbb02086f0)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: DeterminateSystems/nix-installer-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 22:53:19 +03:00
dependabot[bot] e976f50415 ci: bump the github-actions group with 2 updates (#10537) 
Bumps the github-actions group with 2 updates: [crate-ci/typos](https://github.com/crate-ci/typos) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `crate-ci/typos` from 1.16.21 to 1.16.22
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.16.21...v1.16.22)

Updates `aquasecurity/trivy-action` from 0.13.0 to 0.13.1
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/b77b85c0254bba6789e787844f0585cde1e56320...f78e9ecf42a1271402d4f484518b9313235990e1)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 11:20:25 -06:00
dependabot[bot] 6b7858c516 ci: bump the github-actions group with 2 updates (#10420) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-30 11:25:37 +00:00
dependabot[bot] 2c19995712 ci: bump the github-actions group with 2 updates (#9620) 
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [crate-ci/typos](https://github.com/crate-ci/typos).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `crate-ci/typos` from 1.16.10 to 1.16.11
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.16.10...v1.16.11)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-12 10:22:22 +03:00
dependabot[bot] c31292abe8 ci: bump the github-actions group with 2 updates (#9509) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-04 16:29:56 +03:00
Muhammad Atif Ali 31b7de6a3e chore: upgrade go to 1.20.7 (#8923) 
* chore: upgrade go to 1.20.7

* remove unused env
 2023-08-08 09:20:36 +03:00
Colin Adler 502c7680a2 chore: fix release and security pipelines (#8891) 2023-08-03 18:40:47 -05:00
Colin Adler ed82b864d0 chore: reenable prisma image scan (#8810) 2023-07-31 10:12:24 -05:00
Muhammad Atif Ali 87f07b9f2f ci: reduce duplication (#8692) 
* ci: reduce duplication

* typo
 2023-07-24 10:51:43 +00:00
Muhammad Atif Ali ce114a7f9f chore: upgrade sqlc to 1.19.1 (#8511) 2023-07-15 09:07:19 +03:00
Muhammad Atif Ali be1013899f chore: use names for all GitHub actions steps and use sqlc setup action (#8495) 2023-07-13 22:46:18 +03:00
Muhammad Atif Ali 765fd29336 chore: upgrade go version to 1.20.6 (#8457) 2023-07-12 17:27:17 +03:00
Colin Adler ccea595b39 chore: temporarily skip prisma scan (#8355) 2023-07-07 00:48:29 +00:00
Colin Adler 7703bb77a7 ci: update sqlc version in security scan (#8135) 2023-06-21 13:53:41 -05:00
Colin Adler 15cba05dfc ci: scan images with sysdig (#8037) 2023-06-20 22:58:17 +00:00
Colin Adler ac605bad3d ci: scan images with prisma (#7988) 2023-06-12 23:11:45 +00:00
dependabot[bot] 0d71314ae1 chore: Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (#7967) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.10.0 to 0.11.2.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/e5f43133f6e8736992c9f3c1b3296e24b37e17f2...41f05d9ecffa2ed3f1580af306000f734b733e54)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-12 21:22:10 +03:00
Colin Adler 003120882f chore: update Go to 1.20.5 (#7877) 2023-06-06 14:05:09 -05:00