chore(deps): bump the github-actions group with 21 updates #442

dependabot · 2024-03-06T08:54:59Z

Bumps the github-actions group with 21 updates:

Package	From	To
actions/checkout	`3`	`4`
peter-evans/create-or-update-comment	`3`	`4`
docker/setup-qemu-action	`2`	`3`
docker/setup-buildx-action	`2`	`3`
docker/metadata-action	`4.6.0`	`5.5.1`
docker/login-action	`2`	`3`
docker/build-push-action	`4`	`5`
actions/setup-go	`4`	`5`
codecov/codecov-action	`3`	`4`
contributor-assistant/github-action	`2.3.0`	`2.3.1`
github/codeql-action	`2`	`3`
actions/dependency-review-action	`3`	`4`
actions/cache	`3`	`4`
dessant/lock-threads	`4`	`5`
alex-page/github-project-automation-plus	`0.8.3`	`0.9.0`
sigstore/cosign-installer	`3.1.1`	`3.4.0`
anchore/sbom-action	`0.14.3`	`0.15.9`
crazy-max/ghaction-upx	`2`	`3`
cachix/install-nix-action	`22`	`25`
goreleaser/goreleaser-action	`4`	`5`
actions/stale	`8`	`9`

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

Update default runtime to node20 by @takost in actions/checkout#1436

Support fetching without the --progress option by @simonbaird in actions/checkout#1067

Release 4.0.0 by @takost in actions/checkout#1447

New Contributors

@takost made their first contribution in actions/checkout#1436

@simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377

Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579

Release 3.6.0 by @luketomlinson in actions/checkout#1437

New Contributors

@RobertWieczoreck made their first contribution in actions/checkout#579

@luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196

Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287

Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369

Release v3.5.3 by @TingluoHuang in actions/checkout#1376

New Contributors

@megamanics made their first contribution in actions/checkout#1196

@DimitriPapadopoulos made their first contribution in actions/checkout#1287

@dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246

New Contributors

@BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

Fix slow checkout on Windows

v3.5.0

Add new public key for known_hosts

v3.4.0

Upgrade codeql actions to v2

Upgrade dependencies

Upgrade @actions/io

v3.3.0

Implement branch list using callbacks from exec function

Add in explicit reference to private checkout options

[Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

Add GitHub Action to perform release

Fix status badge

Replace datadog/squid with ubuntu/squid Docker image

Wrap pipeline commands for submoduleForeach in quotes

Update @actions/io to 1.1.2

Upgrading version to 3.2.0

v3.1.0

Use @actions/core saveState and getState

Add github-server-url input

v3.0.2

... (truncated)

Commits

b4ffde6 Link to release page from what's new section (#1514)
8530928 Correct link to GitHub Docs (#1511)
7cdaf2f Update CODEOWNERS to Launch team (#1510)
8ade135 Prepare 4.1.0 release (#1496)
c533a0a Add support for partial checkout filters (#1396)
72f2cec Update README.md for V4 (#1452)
3df4ab1 Release 4.0.0 (#1447)
8b5e8b7 Support fetching without the --progress option (#1067)
97a652b Update default runtime to node20 (#1436)
See full diff in compare view

Updates peter-evans/create-or-update-comment from 3 to 4

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v4.0.0

⚙️ Updated runtime to Node.js 20

The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.

What's Changed

build(deps): bump actions/setup-node from 3 to 4 by @dependabot in peter-evans/create-or-update-comment#273

build(deps-dev): bump @vercel/ncc from 0.38.0 to 0.38.1 by @dependabot in peter-evans/create-or-update-comment#274

build(deps-dev): bump eslint-plugin-jest from 27.4.2 to 27.4.3 by @dependabot in peter-evans/create-or-update-comment#276

build(deps-dev): bump @types/node from 18.18.5 to 18.18.6 by @dependabot in peter-evans/create-or-update-comment#277

build(deps-dev): bump eslint from 8.51.0 to 8.52.0 by @dependabot in peter-evans/create-or-update-comment#275

build(deps-dev): bump eslint-plugin-jest from 27.4.3 to 27.6.0 by @dependabot in peter-evans/create-or-update-comment#278

build(deps-dev): bump @types/node from 18.18.6 to 18.18.8 by @dependabot in peter-evans/create-or-update-comment#279

build(deps-dev): bump eslint from 8.52.0 to 8.53.0 by @dependabot in peter-evans/create-or-update-comment#280

build(deps-dev): bump @types/node from 18.18.8 to 18.18.9 by @dependabot in peter-evans/create-or-update-comment#281

build(deps-dev): bump prettier from 3.0.3 to 3.1.0 by @dependabot in peter-evans/create-or-update-comment#282

build(deps-dev): bump @types/node from 18.18.9 to 18.18.12 by @dependabot in peter-evans/create-or-update-comment#283

build(deps-dev): bump eslint from 8.53.0 to 8.54.0 by @dependabot in peter-evans/create-or-update-comment#284

build(deps-dev): bump @types/node from 18.18.12 to 18.18.13 by @dependabot in peter-evans/create-or-update-comment#285

build(deps-dev): bump eslint from 8.54.0 to 8.55.0 by @dependabot in peter-evans/create-or-update-comment#286

build(deps-dev): bump @types/node from 18.18.13 to 18.19.2 by @dependabot in peter-evans/create-or-update-comment#287

build(deps): bump chuhlomin/render-template from 1.8 to 1.9 by @dependabot in peter-evans/create-or-update-comment#288

build(deps-dev): bump @types/node from 18.19.2 to 18.19.3 by @dependabot in peter-evans/create-or-update-comment#289

build(deps-dev): bump prettier from 3.1.0 to 3.1.1 by @dependabot in peter-evans/create-or-update-comment#290

build(deps-dev): bump eslint-plugin-prettier from 5.0.1 to 5.1.0 by @dependabot in peter-evans/create-or-update-comment#292

build(deps-dev): bump eslint from 8.55.0 to 8.56.0 by @dependabot in peter-evans/create-or-update-comment#293

build(deps): bump actions/download-artifact from 3 to 4 by @dependabot in peter-evans/create-or-update-comment#295

build(deps-dev): bump eslint-plugin-prettier from 5.1.0 to 5.1.2 by @dependabot in peter-evans/create-or-update-comment#296

build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 by @dependabot in peter-evans/create-or-update-comment#297

build(deps-dev): bump @types/node from 18.19.3 to 18.19.4 by @dependabot in peter-evans/create-or-update-comment#298

build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 by @dependabot in peter-evans/create-or-update-comment#299

build(deps-dev): bump @types/node from 18.19.4 to 18.19.6 by @dependabot in peter-evans/create-or-update-comment#300

build(deps-dev): bump prettier from 3.1.1 to 3.2.3 by @dependabot in peter-evans/create-or-update-comment#301

build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.3 by @dependabot in peter-evans/create-or-update-comment#302

build(deps-dev): bump @types/node from 18.19.6 to 18.19.7 by @dependabot in peter-evans/create-or-update-comment#303

build(deps-dev): bump @types/node from 18.19.7 to 18.19.8 by @dependabot in peter-evans/create-or-update-comment#304

build(deps-dev): bump prettier from 3.2.3 to 3.2.4 by @dependabot in peter-evans/create-or-update-comment#305

feat: update runtime to node 20 by @peter-evans in peter-evans/create-or-update-comment#306

Full Changelog: peter-evans/create-or-update-comment@v3.1.0...v4.0.0

Create or Update Comment v3.1.0

What's Changed

Add truncate warning to body of comment by @ethanmdavidson and @peter-evans in peter-evans/create-or-update-comment#272

46 dependency updates by @dependabot

Full Changelog: peter-evans/create-or-update-comment@v3.0.2...v3.1.0

Create or Update Comment v3.0.2

What's Changed

... (truncated)

Commits

71345be feat: update runtime to node 20 (#306)
d41bfe3 build(deps-dev): bump prettier from 3.2.3 to 3.2.4 (#305)
73b4b9e build(deps-dev): bump @types/node from 18.19.7 to 18.19.8 (#304)
b865fac build(deps-dev): bump @types/node from 18.19.6 to 18.19.7 (#303)
52b668a build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.3 (#302)
974f56a build(deps-dev): bump prettier from 3.1.1 to 3.2.3 (#301)
2cbfe8b build(deps-dev): bump @types/node from 18.19.4 to 18.19.6 (#300)
761872a build(deps-dev): bump eslint-plugin-prettier from 5.1.2 to 5.1.3 (#299)
72c3238 build(deps-dev): bump @types/node from 18.19.3 to 18.19.4 (#298)
07daf7b build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 (#297)
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-qemu-action#102

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-qemu-action#103

Bump semver from 6.3.0 to 6.3.1 in docker/setup-qemu-action#89

Full Changelog: docker/setup-qemu-action@v2.2.0...v3.0.0

v2.2.0

Trim off spaces in platforms input by @Chocobo1 in docker/setup-qemu-action#64

Switch to actions-toolkit implementation by @crazy-max in docker/setup-qemu-action#70 docker/setup-qemu-action#80 docker/setup-qemu-action#83

Full Changelog: docker/setup-qemu-action@v2.1.0...v2.2.0

v2.1.0

Use context for inputs by @crazy-max (#62)

Use built-in getExecOutput by @crazy-max (#61)

Remove workaround for setOutput by @crazy-max (#63)

Bump @actions/core from 1.6.0 to 1.10.0 (#54 #58 #59)

Full Changelog: docker/setup-qemu-action@v2.0.0...v2.1.0

Commits

6882732 Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
183f4af chore: update generated content
f174935 build(deps): bump @actions/core from 1.10.0 to 1.10.1
2e423eb Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1
ecc406a Bump semver from 6.3.0 to 6.3.1
12dec5e Merge pull request #102 from crazy-max/update-node20
c29b312 chore: node 20 as default runtime
34ae628 chore: update generated content
1f3d2e1 chore: fix author in package.json
277dbe8 vendor: bump @docker/actions-toolkit from 0.3.0 to 0.12.0
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 2 to 3

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-buildx-action#264

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-buildx-action#267

Full Changelog: docker/setup-buildx-action@v2.10.0...v3.0.0

v2.10.0

Bump @docker/actions-toolkit from 0.7.1 to 0.10.0 by @crazy-max in docker/setup-buildx-action#258

Bump word-wrap from 1.2.3 to 1.2.5 in docker/setup-buildx-action#253

Full Changelog: docker/setup-buildx-action@v2.9.1...v2.10.0

v2.9.1

Bump @docker/actions-toolkit from 0.7.0 to 0.7.1 in docker/setup-buildx-action#248

Fixes an issue where building Buildx does not match the local platform (docker/actions-toolkit#135)

Full Changelog: docker/setup-buildx-action@v2.9.0...v2.9.1

v2.9.0

Bump @docker/actions-toolkit from 0.6.0 to 0.7.0 in docker/setup-buildx-action#246

Adds support to cache Buildx binary to hosted tool cache and GHA cache backend

Full Changelog: docker/setup-buildx-action@v2.8.0...v2.9.0

v2.8.0

Only set specific flags for drivers supporting them by @nicks in docker/setup-buildx-action#241

Bump @docker/actions-toolkit from 0.5.0 to 0.6.0 in docker/setup-buildx-action#242

Full Changelog: docker/setup-buildx-action@v2.7.0...v2.8.0

v2.7.0

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 in docker/setup-buildx-action#237 docker/setup-buildx-action#238

Full Changelog: docker/setup-buildx-action@v2.6.0...v2.7.0

v2.6.0

Set node name for k8s driver when appending nodes by @crazy-max in docker/setup-buildx-action#219

Bump @docker/actions-toolkit from 0.1.0-beta.18 to 0.3.0 in docker/setup-buildx-action#220 docker/setup-buildx-action#229 docker/setup-buildx-action#231 docker/setup-buildx-action#236

Full Changelog: docker/setup-buildx-action@v2.5.0...v2.6.0

v2.5.0

cleanup input to remove builder and temp files by @crazy-max in docker/setup-buildx-action#213

do not remove builder using the docker driver by @crazy-max in docker/setup-buildx-action#218

fix current context as builder name for docker driver by @crazy-max in docker/setup-buildx-action#209

Full Changelog: docker/setup-buildx-action@v2.4.1...v2.5.0

v2.4.1

Get releases from actions toolkit by @crazy-max (#200)

... (truncated)

Commits

0d103c3 Merge pull request #300 from crazy-max/cache-binary
f19477a chore: update generated content
a4180f8 cache-binary input to enable/disable caching binary to GHA cache backend
5243153 Merge pull request #299 from docker/dependabot/npm_and_yarn/docker/actions-to...
3679a54 chore: update generated content
37a22a2 build(deps): bump @docker/actions-toolkit from 0.14.0 to 0.17.0
65afe61 Merge pull request #297 from docker/dependabot/npm_and_yarn/undici-5.28.3
fcb8f72 chore: update generated content
f62b9a1 Merge pull request #298 from crazy-max/bump-gha
74c5b71 bump codecov/codecov-action from 3 to 4
Additional commits viewable in compare view

Updates docker/metadata-action from 4.6.0 to 5.5.1

Release notes

Sourced from docker/metadata-action's releases.

v5.5.1

Don't set cwd:// prefix for local bake files by @crazy-max in docker/metadata-action#382

Full Changelog: docker/metadata-action@v5.5.0...v5.5.1

v5.5.0

Set cwd:// prefix for bake files path by @crazy-max in docker/metadata-action#370

Bump @docker/actions-toolkit from 0.16.0 to 0.16.1 in docker/metadata-action#371

Bump moment from 2.29.4 to 2.30.1 in docker/metadata-action#373

Bump moment-timezone from 0.5.43 to 0.5.44 in docker/metadata-action#374

Full Changelog: docker/metadata-action@v5.4.0...v5.5.0

v5.4.0

Bump @docker/actions-toolkit from 0.15.0 to 0.16.0 in docker/metadata-action#369

Bump csv-parse from 5.5.2 to 5.5.3 in docker/metadata-action#365

Full Changelog: docker/metadata-action@v5.3.0...v5.4.0

v5.3.0

Bump @docker/actions-toolkit from 0.14.0 to 0.15.0 in docker/metadata-action#363 (fixes #362)

Full Changelog: docker/metadata-action@v5.2.0...v5.3.0

v5.2.0

Custom annotations support by @crazy-max in docker/metadata-action#361

Full Changelog: docker/metadata-action@v5.1.0...v5.2.0

v5.1.0

Annotations support by @crazy-max in docker/metadata-action#352

Split bake definition into two files by @crazy-max in docker/metadata-action#353

Allow images input to be empty to output bare tags by @crazy-max in docker/metadata-action#358

Bump @actions/github from 5.1.1 to 6.0.0 in docker/metadata-action#348

Bump @babel/traverse from 7.17.3 to 7.23.2 in docker/metadata-action#350

Bump @docker/actions-toolkit from 0.12.0 to 0.14.0 in docker/metadata-action#349 docker/metadata-action#357

Bump csv-parse from 5.5.0 to 5.5.2 in docker/metadata-action#346

Bump semver from 7.5.3 to 7.5.4 in docker/metadata-action#335

Full Changelog: docker/metadata-action@v5.0.0...v5.1.0

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/metadata-action#328

Bump @actions/core from 1.10.0 to 1.10.1 in docker/metadata-action#333

Bump csv-parse from 5.4.0 to 5.5.0 in docker/metadata-action#320

Bump semver from 7.5.1 to 7.5.2 in docker/metadata-action#304

Bump handlebars from 4.7.7 to 4.7.8 in docker/metadata-action#315

Full Changelog: docker/metadata-action@v4.6.0...v5.0.0

Upgrade guide

Sourced from docker/metadata-action's upgrade guide.

Upgrade notes

v2 to v3

Repository has been moved to docker org. Replace crazy-max/ghaction-docker-meta@v2 with docker/metadata-action@v5

The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

v1 to v2

inputs

tag-sha

tag-edge / tag-edge-branch

tag-semver

tag-match / tag-match-group

tag-latest

tag-schedule

tag-custom / tag-custom-only

label-custom

Basic workflow

Semver workflow

inputs

New Unchanged Removed

tags images tag-sha

flavor sep-tags tag-edge

labels sep-labels tag-edge-branch

tag-semver

tag-match

tag-match-group

tag-latest

tag-schedule

tag-custom

tag-custom-only

label-custom

tag-sha
tags: |
  type=sha
tag-edge / tag-edge-branch
tags: |
  # default branch
</tr></table> 

... (truncated)

Commits

8e5442c Merge pull request #382 from crazy-max/dont-set-cwd-prefix
eda41b7 chore: update generated content
388c08f don't set cwd:// prefix for local bake files
dbef880 Merge pull request #374 from docker/dependabot/npm_and_yarn/moment-timezone-0...
b73e7a7 chore: update generated content
b9fba69 chore(deps): Bump moment-timezone from 0.5.43 to 0.5.44
ac82374 Merge pull request #373 from docker/dependabot/npm_and_yarn/moment-2.30.1
c92519a chore: update generated content
3b4179d chore(deps): Bump moment from 2.29.4 to 2.30.1
0784993 Merge pull request #371 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/login-action#593

Bump @actions/core from 1.10.0 to 1.10.1 in docker/login-action#598

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599

Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556

Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Switch to actions-toolkit implementation by @crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363

Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354

Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378

Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509

Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

Ensure AWS temp credentials are redacted in workflow logs by @crazy-max (#275)

Bump @actions/core from 1.6.0 to 1.10.0 (#252 #292)

Bump @aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)

Bump @aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits

343f7c4 Merge pull request #599 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
aad0f97 chore: update generated content
2e0cd39 build(deps): bump the aws-sdk-dependencies group with 2 updates
203bc9c Merge pull request #588 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2199648 chore: update generated content
b489376 build(deps): bump the proxy-agent-dependencies group with 1 update
7c309e7 Merge pull request #598 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
0ccf222 chore: update generated content
56d703e Merge pull request #597 from docker/dependabot/github_actions/aws-actions/con...
24d3b35 build(deps): bump @actions/core from 1.10.0 to 1.10.1
Additional commits viewable in compare view

Updates docker/build-push-action from 4 to 5

Release notes

Sourced from docker/build-push-action's releases.

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/build-push-action#954

Bump @actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

warn if docker config can't be parsed by @crazy-max in docker/build-push-action#957

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

display proxy configuration by @crazy-max in docker/build-push-action#872

chore(deps): Bump @docker/actions-toolkit from 0.6.0 to 0.8.0 in docker/build-push-action#930

chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in docker/build-push-action#925

chore(deps): Bump semver from 6.3.0 to 6.3.1 in docker/build-push-action#902

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 by @crazy-max in docker/build-push-action#880

Full Changelog: docker/build-push-action@v4.1.0...v4.1.1

v4.1.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Switch to actions-toolkit implementation by @crazy-max in docker/build-push-action#811 docker/build-push-action#838 ...
Description has been truncated

Bumps the github-actions group with 21 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `3` | `4` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4.6.0` | `5.5.1` | | [docker/login-action](https://github.com/docker/login-action) | `2` | `3` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `4` | `5` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` | | [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.0` | `2.3.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3` | `4` | | [actions/cache](https://github.com/actions/cache) | `3` | `4` | | [dessant/lock-threads](https://github.com/dessant/lock-threads) | `4` | `5` | | [alex-page/github-project-automation-plus](https://github.com/alex-page/github-project-automation-plus) | `0.8.3` | `0.9.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.1.1` | `3.4.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.14.3` | `0.15.9` | | [crazy-max/ghaction-upx](https://github.com/crazy-max/ghaction-upx) | `2` | `3` | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `22` | `25` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `4` | `5` | | [actions/stale](https://github.com/actions/stale) | `8` | `9` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) Updates `peter-evans/create-or-update-comment` from 3 to 4 - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@v3...v4) Updates `docker/setup-qemu-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) Updates `docker/setup-buildx-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2...v3) Updates `docker/metadata-action` from 4.6.0 to 5.5.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](docker/metadata-action@v4.6.0...v5.5.1) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) Updates `docker/build-push-action` from 4 to 5 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v4...v5) Updates `actions/setup-go` from 4 to 5 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) Updates `codecov/codecov-action` from 3 to 4 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v4) Updates `contributor-assistant/github-action` from 2.3.0 to 2.3.1 - [Release notes](https://github.com/contributor-assistant/github-action/releases) - [Commits](contributor-assistant/github-action@v2.3.0...v2.3.1) Updates `github/codeql-action` from 2 to 3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) Updates `actions/dependency-review-action` from 3 to 4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v3...v4) Updates `actions/cache` from 3 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) Updates `dessant/lock-threads` from 4 to 5 - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](dessant/lock-threads@v4...v5) Updates `alex-page/github-project-automation-plus` from 0.8.3 to 0.9.0 - [Release notes](https://github.com/alex-page/github-project-automation-plus/releases) - [Commits](alex-page/github-project-automation-plus@v0.8.3...v0.9.0) Updates `sigstore/cosign-installer` from 3.1.1 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.1.1...v3.4.0) Updates `anchore/sbom-action` from 0.14.3 to 0.15.9 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@v0.14.3...v0.15.9) Updates `crazy-max/ghaction-upx` from 2 to 3 - [Release notes](https://github.com/crazy-max/ghaction-upx/releases) - [Commits](crazy-max/ghaction-upx@v2...v3) Updates `cachix/install-nix-action` from 22 to 25 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](cachix/install-nix-action@v22...v25) Updates `goreleaser/goreleaser-action` from 4 to 5 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v4...v5) Updates `actions/stale` from 8 to 9 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v8...v9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-or-update-comment dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: contributor-assistant/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dessant/lock-threads dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: alex-page/github-project-automation-plus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crazy-max/ghaction-upx dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-03-08T08:23:50Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested review from cubxxw and a team as code owners March 6, 2024 08:55

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2024

dependabot bot mentioned this pull request Mar 6, 2024

chore(deps): bump the github-actions group with 21 updates #409

Closed

dependabot bot temporarily deployed to openim March 6, 2024 08:55 Inactive

pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 6, 2024

dependabot bot force-pushed the dependabot/github_actions/github-actions-c7f500e201 branch from 4170f8b to 3d1dabd Compare March 7, 2024 09:01

dependabot bot temporarily deployed to openim March 7, 2024 09:01 Inactive

dependabot bot closed this Mar 8, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-c7f500e201 branch March 8, 2024 08:23

openimsdk locked and limited conversation to collaborators Mar 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group with 21 updates #442

chore(deps): bump the github-actions group with 21 updates #442

dependabot bot commented on behalf of github Mar 6, 2024 •

edited

Loading

dependabot bot commented on behalf of github Mar 8, 2024

New	Unchanged	Removed
`tags`	`images`	`tag-sha`
`flavor`	`sep-tags`	`tag-edge`
`labels`	`sep-labels`	`tag-edge-branch`
		`tag-semver`
		`tag-match`
		`tag-match-group`
		`tag-latest`
		`tag-schedule`
		`tag-custom`
		`tag-custom-only`
		`label-custom`

chore(deps): bump the github-actions group with 21 updates #442

chore(deps): bump the github-actions group with 21 updates #442

Conversation

dependabot bot commented on behalf of github Mar 6, 2024 • edited Loading

v4.0.0

What's Changed

New Contributors

v3.6.0

What's Changed

New Contributors

v3.5.3

What's Changed

New Contributors

v3.5.2

What's Changed

v3.5.1

What's Changed

New Contributors

Changelog

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.2

Create or Update Comment v4.0.0

What's Changed

Create or Update Comment v3.1.0

What's Changed

Create or Update Comment v3.0.2

What's Changed

v3.0.0

v2.2.0

v2.1.0

v3.0.0

v2.10.0

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.0

v2.4.1

v5.5.1

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

Upgrade notes

v2 to v3

v1 to v2

inputs

tag-sha

tag-edge / tag-edge-branch

v3.0.0

v2.2.0

v2.1.0

v5.0.0

v4.2.1

v4.2.0

v4.1.1

v4.1.0

dependabot bot commented on behalf of github Mar 8, 2024

dependabot bot commented on behalf of github Mar 6, 2024 •

edited

Loading

`tag-sha`

`tag-edge` / `tag-edge-branch`