Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): pin dependencies by renovate (#27353)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [EndBug/label-sync](https://redirect.github.com/EndBug/label-sync) | action | pinDigest | -> `5207415` | | [actions/cache](https://redirect.github.com/actions/cache) | action | digest | `0c45773` -> `2cdf405` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `692973e` -> `eef6144` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `ac59398` -> `f43a0e5` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | minor | `v3.3.0` -> `v3.6.0` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | pinDigest | -> `ee0669b` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | pinDigest | -> `50fbc62` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | digest | `d27e3f3` -> `65d7f2d` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | pinDigest | -> `0f07f7f` | | [actions/stale](https://redirect.github.com/actions/stale) | action | pinDigest | -> `f7176fd` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | pinDigest | -> `3446296` | | [anchore/sbom-action](https://redirect.github.com/anchore/sbom-action) | action | minor | `v0.14.3` -> `v0.17.2` | | [azohra/shell-linter](https://redirect.github.com/azohra/shell-linter) | action | minor | `v0.3.0` -> `v0.6.0` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | digest | `0565240` -> `ca052bb` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | pinDigest | -> `ac9327e` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | digest | `343f7c4` -> `9780b0c` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | pinDigest | -> `dd4fa06` | | [docker/metadata-action](https://redirect.github.com/docker/metadata-action) | action | digest | `96383f4` -> `8e5442c` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | digest | `f95db51` -> `c47758b` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | pinDigest | -> `f211e3e` | | [docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action) | action | digest | `6882732` -> `49b3bc8` | | [docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action) | action | pinDigest | -> `27d0a4f` | | ghcr.io/truenas/middleware | container | pinDigest | -> `f6d1c7a` | | ixsystems/catalog_validation | container | pinDigest | -> `ec05445` | | [pascalgn/size-label-action](https://redirect.github.com/pascalgn/size-label-action) | action | minor | `v0.4.3` -> `v0.5.4` | | [peaceiris/actions-label-commenter](https://redirect.github.com/peaceiris/actions-label-commenter) | action | pinDigest | -> `f0dbbef` | | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | pinDigest | -> `18f7dc0` | | [pre-commit/action](https://redirect.github.com/pre-commit/action) | action | patch | `v3.0.0` -> `v3.0.1` | | tccr.io/truecharts/catalog_validation | container | pinDigest | -> `35d6b97` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v3.6.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.5.3...v3.6.0) - [Fix: Mark test scripts with Bash'isms to be run via Bash](https://redirect.github.com/actions/checkout/pull/1377) - [Add option to fetch tags even if fetch-depth > 0](https://redirect.github.com/actions/checkout/pull/579) ### [`v3.5.3`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.5.2...v3.5.3) - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://redirect.github.com/actions/checkout/pull/1196) - [Fix typos found by codespell](https://redirect.github.com/actions/checkout/pull/1287) - [Add support for sparse checkouts](https://redirect.github.com/actions/checkout/pull/1369) ### [`v3.5.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v352) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.5.1...v3.5.2) - [Fix api endpoint for GHES](https://redirect.github.com/actions/checkout/pull/1289) ### [`v3.5.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v351) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.5.0...v3.5.1) - [Fix slow checkout on Windows](https://redirect.github.com/actions/checkout/pull/1246) ### [`v3.5.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v350) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.4.0...v3.5.0) - [Add new public key for known_hosts](https://redirect.github.com/actions/checkout/pull/1237) ### [`v3.4.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://redirect.github.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://redirect.github.com/actions/checkout/pull/1210) - [Upgrade @​actions/io](https://redirect.github.com/actions/checkout/pull/1225) </details> <details> <summary>anchore/sbom-action (anchore/sbom-action)</summary> ### [`v0.17.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.2) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2) #### Changes in v0.17.2 - Update Syft to v1.11.1 ([#​485](https://redirect.github.com/anchore/sbom-action/issues/485)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.17.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.1) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1) #### Changes in v0.17.1 - chore(deps): update Syft to v1.11.0 ([#​483](https://redirect.github.com/anchore/sbom-action/issues/483)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.17.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.17.0) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.1...v0.17.0) #### Changes in v0.17.0 - chore(deps): update Syft to v1.9.0 ([#​479](https://redirect.github.com/anchore/sbom-action/issues/479)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.16.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.16.1) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.16.0...v0.16.1) #### Changes in v0.16.1 - fix: workaround windows install issue ([#​477](https://redirect.github.com/anchore/sbom-action/issues/477)) \[[willmurphyscode](https://redirect.github.com/willmurphyscode)] - fix: allow users to properly use the file input over the default path value ([#​471](https://redirect.github.com/anchore/sbom-action/issues/471)) \[[komish](https://redirect.github.com/komish)] - chore(deps): update Syft to v1.5.0 ([#​470](https://redirect.github.com/anchore/sbom-action/issues/470)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] - docs: notes for matrix and required permissions ([#​469](https://redirect.github.com/anchore/sbom-action/issues/469)) \[[kzantow](https://redirect.github.com/kzantow)] - chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ([#​466](https://redirect.github.com/anchore/sbom-action/issues/466)) \[[dependabot](https://redirect.github.com/dependabot)] ### [`v0.16.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.16.0): v0.16 [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.11...v0.16.0) #### Changes in v0.16.0 - Update Syft to v1.4.1 ([#​465](https://redirect.github.com/anchore/sbom-action/issues/465)) - Update GitHub artifact client ([#​463](https://redirect.github.com/anchore/sbom-action/issues/463)) \[[kzantow](https://redirect.github.com/kzantow)] NOTE: if you are using this action within a *matrix build* and see failures attempting to upload artifacts with duplicate names, you will need to set the `artifact-name` to be unique based on the matrix properties ([an example here](https://redirect.github.com/anchore/sbom-action/blob/main/.github/workflows/test.yml#L36)). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names. ### [`v0.15.11`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.11) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.10...v0.15.11) #### Changes in v0.15.11 - chore(deps): update Syft to v1.3.0 ([#​456](https://redirect.github.com/anchore/sbom-action/issues/456)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] - chore: remove outdated snapshot workflow ([#​457](https://redirect.github.com/anchore/sbom-action/issues/457)) \[[spiffcs](https://redirect.github.com/spiffcs)] - fix: don't pass in a separate env. This makes it impossible to pass env vars via the action context to syft. ([#​455](https://redirect.github.com/anchore/sbom-action/issues/455)) \[[iNoahNothing](https://redirect.github.com/iNoahNothing)] ### [`v0.15.10`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.10) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.9...v0.15.10) #### Changes in v0.15.10 - Update Syft to v1.1.0 ([#​454](https://redirect.github.com/anchore/sbom-action/issues/454)) - Bump Node to v20 on download-syft/publish-sbom actions ([#​448](https://redirect.github.com/anchore/sbom-action/issues/448)) \[[ViacheslavKudinov](https://redirect.github.com/ViacheslavKudinov)] ### [`v0.15.9`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.9) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.8...v0.15.9) #### Changes in v0.15.9 - reduce syft debug level ([#​446](https://redirect.github.com/anchore/sbom-action/issues/446)) \[[kzantow](https://redirect.github.com/kzantow)] - update Syft to v0.105.0 ([#​442](https://redirect.github.com/anchore/sbom-action/issues/442)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.8`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.8) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.7...v0.15.8) #### Changes in v0.15.8 - Update Syft to v0.103.1 ([#​441](https://redirect.github.com/anchore/sbom-action/issues/441)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.7`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.7) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.6...v0.15.7) #### Changes in v0.15.7 - chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x ([#​440](https://redirect.github.com/anchore/sbom-action/issues/440)) \[[spiffcs](https://redirect.github.com/spiffcs)] ### [`v0.15.6`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.6) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.5...v0.15.6) #### Changes in v0.15.6 - chore(deps): update Syft to v0.102.0 ([#​438](https://redirect.github.com/anchore/sbom-action/issues/438)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.5`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.5) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.4...v0.15.5) #### Changes in v0.15.5 - chore(deps): update Syft to v0.101.1 ([#​437](https://redirect.github.com/anchore/sbom-action/issues/437)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.4`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.4) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.3...v0.15.4) #### Changes in v0.15.4 - chore(deps): update Syft to v0.101.0 ([#​436](https://redirect.github.com/anchore/sbom-action/issues/436)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.3`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.3) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.2...v0.15.3) #### Changes in v0.15.3 - chore(deps): update Syft to v0.100.0 ([#​435](https://redirect.github.com/anchore/sbom-action/issues/435)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] ### [`v0.15.2`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.2) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.1...v0.15.2) #### Changes in v0.15.2 - chore(deps): update Syft to v0.99.0 ([#​432](https://redirect.github.com/anchore/sbom-action/issues/432)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] - chore: fix github-script invocation in update-snapshots workflow ([#​433](https://redirect.github.com/anchore/sbom-action/issues/433)) \[[willmurphyscode](https://redirect.github.com/willmurphyscode)] ### [`v0.15.1`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.1) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.15.0...v0.15.1) #### Changes in v0.15.1 - chore(deps): update Syft to v0.98.0 ([#​431](https://redirect.github.com/anchore/sbom-action/issues/431)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] - Add config input ([#​430](https://redirect.github.com/anchore/sbom-action/issues/430)) \[[eyakubovich](https://redirect.github.com/eyakubovich)] - chore: pin and upgrade gh actions ([#​429](https://redirect.github.com/anchore/sbom-action/issues/429)) \[[willmurphyscode](https://redirect.github.com/willmurphyscode)] ### [`v0.15.0`](https://redirect.github.com/anchore/sbom-action/releases/tag/v0.15.0) [Compare Source](https://redirect.github.com/anchore/sbom-action/compare/v0.14.3...v0.15.0) #### Changes in v0.14.4 ##### Breaking Changes - Previously, running on Windows required WSL. Now, running on Windows expects to be run on native windows ([#​426](https://redirect.github.com/anchore/sbom-action/issues/426)) \[[willmurphyscode](https://redirect.github.com/willmurphyscode)]. ##### Other Changes - pin and upgrade actions/checkout ([#​428](https://redirect.github.com/anchore/sbom-action/issues/428)) \[[willmurphyscode](https://redirect.github.com/willmurphyscode)] - chore(deps): update Syft to v0.97.1 ([#​427](https://redirect.github.com/anchore/sbom-action/issues/427)) \[[anchore-actions-token-generator](https://redirect.github.com/anchore-actions-token-generator)] - add oss community board auto-add workflow ([#​421](https://redirect.github.com/anchore/sbom-action/issues/421)) \[[wagoodman](https://redirect.github.com/wagoodman)] </details> <details> <summary>azohra/shell-linter (azohra/shell-linter)</summary> ### [`v0.6.0`](https://redirect.github.com/azohra/shell-linter/releases/tag/v0.6.0): Shell Linter v0.6.0 [Compare Source](https://redirect.github.com/azohra/shell-linter/compare/v0.5.0...v0.6.0) - Added support for excluding files and folders from Shellcheck scan - Upgraded the Shellcheck version used in the Shell-linter action to v0.7.2 to support the updated error/warning codes - Improved performance by adding `-x` to shellcheck to follow sourced files that are not specified as input ### [`v0.5.0`](https://redirect.github.com/azohra/shell-linter/releases/tag/v0.5.0): Shell Linter v0.5.0 [Compare Source](https://redirect.github.com/azohra/shell-linter/compare/v0.4.0...v0.5.0) - Improved performance by only scanning the Shellcheck-supported scripts (sh/bash/dsh/ksh) - Added templates for bug reports, feature requests and pull requests - Improved code coverage by adding more unit tests and integration tests ### [`v0.4.0`](https://redirect.github.com/azohra/shell-linter/releases/tag/v0.4.0): Shell Linter v0.4.0 [Compare Source](https://redirect.github.com/azohra/shell-linter/compare/v0.3.0...v0.4.0) - Added support for ShellCheck severity mode - The default behavior is set to `style` which considers errors with all severity levels - Improved tagging - The latest stable version can be fetched by using `@latest` </details> <details> <summary>pascalgn/size-label-action (pascalgn/size-label-action)</summary> ### [`v0.5.4`](https://redirect.github.com/pascalgn/size-label-action/releases/tag/v0.5.4): Release 0.5.4 [Compare Source](https://redirect.github.com/pascalgn/size-label-action/compare/v0.5.3...v0.5.4) #### What's Changed - Add HTTPS proxy support by [@​donovanmuller](https://redirect.github.com/donovanmuller) in [https://github.com/pascalgn/size-label-action/pull/28](https://redirect.github.com/pascalgn/size-label-action/pull/28) #### New Contributors - [@​donovanmuller](https://redirect.github.com/donovanmuller) made their first contribution in [https://github.com/pascalgn/size-label-action/pull/28](https://redirect.github.com/pascalgn/size-label-action/pull/28) **Full Changelog**: pascalgn/size-label-action@v0.5.3...v0.5.4 ### [`v0.5.3`](https://redirect.github.com/pascalgn/size-label-action/releases/tag/v0.5.3): Release 0.5.3 [Compare Source](https://redirect.github.com/pascalgn/size-label-action/compare/v0.5.2...v0.5.3) #### What's Changed - fix: Use list pull request files api by [@​levsa](https://redirect.github.com/levsa) in [https://github.com/pascalgn/size-label-action/pull/54](https://redirect.github.com/pascalgn/size-label-action/pull/54) #### New Contributors - [@​levsa](https://redirect.github.com/levsa) made their first contribution in [https://github.com/pascalgn/size-label-action/pull/54](https://redirect.github.com/pascalgn/size-label-action/pull/54) **Full Changelog**: pascalgn/size-label-action@v0.5.2...v0.5.3 ### [`v0.5.2`](https://redirect.github.com/pascalgn/size-label-action/releases/tag/v0.5.2): Release 0.5.2 [Compare Source](https://redirect.github.com/pascalgn/size-label-action/compare/v0.5.1...v0.5.2) #### What's Changed - feat: use GITHUB_API_URL as baseUrl for octokit by [@​fty4](https://redirect.github.com/fty4) in [https://github.com/pascalgn/size-label-action/pull/43](https://redirect.github.com/pascalgn/size-label-action/pull/43) - feat: add sizeLabel GITHUB_OUTPUT for further reuse in other jobs by [@​mat3e](https://redirect.github.com/mat3e) in [https://github.com/pascalgn/size-label-action/pull/44](https://redirect.github.com/pascalgn/size-label-action/pull/44) #### New Contributors - [@​fty4](https://redirect.github.com/fty4) made their first contribution in [https://github.com/pascalgn/size-label-action/pull/43](https://redirect.github.com/pascalgn/size-label-action/pull/43) - [@​mat3e](https://redirect.github.com/mat3e) made their first contribution in [https://github.com/pascalgn/size-label-action/pull/44](https://redirect.github.com/pascalgn/size-label-action/pull/44) **Full Changelog**: pascalgn/size-label-action@v0.5.1...v0.5.2 ### [`v0.5.1`](https://redirect.github.com/pascalgn/size-label-action/releases/tag/v0.5.1): Release 0.5.1 [Compare Source](https://redirect.github.com/pascalgn/size-label-action/compare/v0.5.0...v0.5.1) Switched to Node 20 ### [`v0.5.0`](https://redirect.github.com/pascalgn/size-label-action/releases/tag/v0.5.0): Release 0.5.0 [Compare Source](https://redirect.github.com/pascalgn/size-label-action/compare/v0.4.3...v0.5.0) </details> <details> <summary>pre-commit/action (pre-commit/action)</summary> ### [`v3.0.1`](https://redirect.github.com/pre-commit/action/releases/tag/v3.0.1): pre-commit/[email protected] [Compare Source](https://redirect.github.com/pre-commit/action/compare/v3.0.0...v3.0.1) ##### Misc - Update actions/cache to v4 - [#​190](https://redirect.github.com/pre-commit/action/issues/190) PR by [@​SukiCZ](https://redirect.github.com/SukiCZ). - [#​189](https://redirect.github.com/pre-commit/action/issues/189) issue by [@​bakerkj](https://redirect.github.com/bakerkj). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjM4LjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImF1dG9tZXJnZSJdfQ==-->
- Loading branch information