From c5563d834ca4b17506c5b5a5b28810c59a66a20f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:23:40 +0000 Subject: [PATCH] Bump the catch-all group across 1 directory with 3 updates Bumps the catch-all group with 3 updates in the /.github/actions/docker-build-image directory: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [anchore/scan-action](https://github.com/anchore/scan-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) Updates `anchore/scan-action` from 5.3.0 to 6.0.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/869c549e657a088dc0441b08ce4fc0ecdac2bb65...abae793926ec39a78ab18002bc7fc45bbbd94342) Updates `github/codeql-action` from 3.27.6 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/aa578102511db1f4524ed59b8cc2bae4f6e88195...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: catch-all - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: catch-all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: catch-all ... Signed-off-by: dependabot[bot] --- .github/actions/docker-build-image/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/docker-build-image/action.yml b/.github/actions/docker-build-image/action.yml index 0aceed452..baaffa6f2 100644 --- a/.github/actions/docker-build-image/action.yml +++ b/.github/actions/docker-build-image/action.yml @@ -105,7 +105,7 @@ runs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: version: v0.11.0 # apply fix from https://github.com/moby/buildkit/issues/3969 @@ -130,7 +130,7 @@ runs: - name: Anchore Scan API Image if: inputs.grype-scan-enabled == 'true' - uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 + uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342 # v6.0.0 id: scan with: fail-build: ${{ inputs.grype-fail-build }} @@ -145,7 +145,7 @@ runs: - name: Upload SARIF Files if: always() && inputs.grype-scan-enabled == 'true' && github.event_name == 'push' - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 continue-on-error: true # do not fail if GHAS is not enabled with: sarif_file: ${{ steps.scan.outputs.sarif }}