Bump the actions-minor group across 1 directory with 8 updates #145

dependabot · 2025-02-24T20:17:14Z

Bumps the actions-minor group with 8 updates in the / directory:

Package	From	To
actions/setup-node	`4.1.0`	`4.2.0`
actions/upload-artifact	`4.4.3`	`4.6.1`
github/codeql-action	`3.27.6`	`3.28.10`
super-linter/super-linter	`7.2.0`	`7.2.1`
ossf/scorecard-action	`2.4.0`	`2.4.1`
sigstore/cosign-installer	`3.7.0`	`3.8.1`
slsa-framework/slsa-github-generator	`2.0.0`	`2.1.0`
softprops/action-gh-release	`2.1.0`	`2.2.1`

Updates actions/setup-node from 4.1.0 to 4.2.0

Release notes

Sourced from actions/setup-node's releases.

v4.2.0

What's Changed

Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @aparnajyothi-y in actions/setup-node#1174

Add recommended permissions section to readme by @benwells in actions/setup-node#1193

Configure Dependabot settings by @HarithaVattikuti in actions/setup-node#1192

Upgrade @actions/cache to ^4.0.0 by @priyagupta108 in actions/setup-node#1191

Upgrade pnpm/action-setup from 2 to 4 by @dependabot in actions/setup-node#1194

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-node#1195

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in actions/setup-node#1196

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot in actions/setup-node#1201

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-node#1205

New Contributors

@benwells made their first contribution in actions/setup-node#1193

Full Changelog: actions/setup-node@v4...v4.2.0

Commits

1d0ff46 Bump undici from 5.28.4 to 5.28.5 (#1205)
574f09a Bump @types/jest from 29.5.12 to 29.5.14 (#1201)
260f870 Bump semver from 7.6.0 to 7.6.3 (#1196)
111c4be Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1195)
0bc26de Bump pnpm/action-setup from 2 to 4 (#1194)
8f9cc17 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1191)
5eef37b Create dependabot.yml (#1192)
fbeca22 Update README.md (#1193)
48b9067 Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0...
See full diff in compare view

Updates actions/upload-artifact from 4.4.3 to 4.6.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits

4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
Additional commits viewable in compare view

Updates github/codeql-action from 3.27.6 to 3.28.10

Release notes

Sourced from github/codeql-action's releases.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

... (truncated)

Commits

b56ba49 Merge pull request #2778 from github/update-v3.28.10-9856c48b1
60c9c77 Update changelog for v3.28.10
9856c48 Merge pull request #2773 from github/redsun82/rust
9572e09 Rust: fix log string
1a52936 Rust: special case default setup
cf7e909 Merge pull request #2772 from github/update-bundle/codeql-bundle-v2.20.5
b7006aa Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5
cfedae7 Rust: throw configuration errors if requested and not correctly enabled
3971ed2 Merge branch 'main' into redsun82/rust
d38c6e6 Merge pull request #2775 from github/angelapwen/bump-octokit
Additional commits viewable in compare view

Updates super-linter/super-linter from 7.2.0 to 7.2.1

Release notes

Sourced from super-linter/super-linter's releases.

v7.2.1

7.2.1 (2024-12-12)

🐛 Bugfixes

define command options function before use (#6375) (6b60f4c), closes #6372

downgrade npm-groovy-lint to 15.0.0 (#6373) (ffccf2d)

ensure setting /github/workdir as Git safe directory works always (#6242) (ec05515)

make git conflict markers check more precise (#6379) (d929d04)

⬆️ Dependency updates

bundler: bump standard from 1.42.0 to 1.42.1 in /dependencies (#6383) (6776692)

docker: bump the docker group across 1 directory with 4 updates (#6381) (0fe8b07)

npm: bump @stoplight/spectral-cli in /dependencies (#6389) (39b1577)

npm: bump renovate from 39.15.4 to 39.31.3 in /dependencies (#6397) (70a684d)

npm: bump renovate from 39.31.3 to 39.58.1 in /dependencies (#6432) (71cc525)

php: bump phpstan/phpstan (#6419) (24a53df)

php: bump the composer group across 1 directory with 2 updates (#6365) (de5f8a4)

🧰 Maintenance

disable fail-fast in ci (#6399) (102ceb6)

move npm audit to a dedicate task (#6297) (b2d0953)

update npm deps (#6401) (7b18a58), closes #6400

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

7.2.1 (2024-12-12)

🐛 Bugfixes

define command options function before use (#6375) (6b60f4c), closes #6372

downgrade npm-groovy-lint to 15.0.0 (#6373) (ffccf2d)

ensure setting /github/workdir as Git safe directory works always (#6242) (ec05515)

make git conflict markers check more precise (#6379) (d929d04)

⬆️ Dependency updates

bundler: bump standard from 1.42.0 to 1.42.1 in /dependencies (#6383) (6776692)

docker: bump the docker group across 1 directory with 4 updates (#6381) (0fe8b07)

npm: bump @stoplight/spectral-cli in /dependencies (#6389) (39b1577)

npm: bump renovate from 39.15.4 to 39.31.3 in /dependencies (#6397) (70a684d)

npm: bump renovate from 39.31.3 to 39.58.1 in /dependencies (#6432) (71cc525)

php: bump phpstan/phpstan (#6419) (24a53df)

php: bump the composer group across 1 directory with 2 updates (#6365) (de5f8a4)

🧰 Maintenance

disable fail-fast in ci (#6399) (102ceb6)

move npm audit to a dedicate task (#6297) (b2d0953)

update npm deps (#6401) (7b18a58), closes #6400

7.2.0 (2024-11-17)

🚀 Features

allow passing custom options to rust clippy (#6094) (05d4d4e), closes #4001

implement a linter to check git conflicts (#6113) (e0d8b4f)

lint commit messages with commitlint (#6118) (5d6e3fc)

optionally remove color codes from output (#6095) (94920ff), closes #5540

🐛 Bugfixes

correctly load custom linter commands (#6085) (ad0ff68), closes #6084

⬆️ Dependency updates

bundler: bump standard from 1.40.0 to 1.40.1 in /dependencies (#6239) (75fb343)

bundler: bump standard from 1.41.0 to 1.41.1 in /dependencies (#6291) (54782ec)

... (truncated)

Commits

85f7611 chore(main): release 7.2.1 (#6404)
ec05515 fix: ensure setting /github/workdir as Git safe directory works always (#6242)
24a53df deps(php): bump phpstan/phpstan (#6419)
71cc525 deps(npm): bump renovate from 39.31.3 to 39.58.1 in /dependencies (#6432)
d929d04 fix: make git conflict markers check more precise (#6379)
6b60f4c fix: define command options function before use (#6375)
de5f8a4 deps(php): bump the composer group across 1 directory with 2 updates (#6365)
0fe8b07 deps(docker): bump the docker group across 1 directory with 4 updates (#6381)
6776692 deps(bundler): bump standard from 1.42.0 to 1.42.1 in /dependencies (#6383)
39b1577 deps(npm): bump @stoplight/spectral-cli in /dependencies (#6389)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.1

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.1

What's Changed

This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.

Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.

use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in ossf/scorecard-action#1423

Some errors were made into annotations to make them more visible

Make default branch error more prominent by @jsoref in ossf/scorecard-action#1459

There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.

add input for specifying --file-mode by @spencerschrock in ossf/scorecard-action#1509

The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

🌱 publish docker images to GitHub Container Registry by @spencerschrock in ossf/scorecard-action#1453

Docs

Installation docs update by @JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

@JeremiahAHoward made their first contribution in ossf/scorecard-action#1416

@jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

Commits

f49aabe bump docker to ghcr v2.4.1 (#1478)
30a595b 🌱 Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (#1515)
69ae593 omit vcs info from build (#1514)
6a62a1c add input for specifying --file-mode (#1509)
2722664 🌱 Bump the github-actions group with 2 updates (#1510)
ae0ef31 🌱 Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1512)
3676bbc 🌱 Bump golang from 1.23.6 to 1.24.0 in the docker-images group (#1513)
ae7548a Limit codeQL push trigger to main branch (#1507)
9165624 upgrade scorecard to v5.1.0 (#1508)
620fd28 🌱 Bump the github-actions group with 2 updates (#1505)
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.7.0 to 3.8.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.8.1

What's Changed

use cosign 2.4.3 and other updates by @cpanato in sigstore/cosign-installer#182

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

v3.8.0

What's Changed

test action against all non-rc releases, verify entry in rekor log by @bobcallaway in sigstore/cosign-installer#179

bump for cosign v2.4.2 release by @bobcallaway in sigstore/cosign-installer#181

Full Changelog: sigstore/cosign-installer@v3...v3.8.0

Commits

d7d6bc7 use cosign 2.4.3 and other updates (#182)
c56c2d3 Bump actions/setup-go from 5.2.0 to 5.3.0 (#180)
02e36b8 bump for cosign v2.4.2 release (#181)
789d288 test action against all non-rc releases, verify entry in rekor log (#179)
e11c089 Bump actions/setup-go from 5.1.0 to 5.2.0 (#178)
718228a Bump actions/setup-go from 5.0.2 to 5.1.0 (#176)
325063e Bump actions/checkout from 4.2.1 to 4.2.2 (#177)
b929758 Bump actions/checkout from 4.2.0 to 4.2.1 (#175)
See full diff in compare view

Updates slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v2.1.0

This is an un-finalized release.

See the CHANGELOG for details.

What's Changed

chore: v2.0.0: update tags to v2.0.0 by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3584

fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3572

docs: fix broken links by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3605

chore(setup-go): update actions/setup-go to resolve the warning by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3604

fix: Update release docs by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3589

docs: Add Atsign-Foundation NoPorts to the Hall of Fame by @cpswan in slsa-framework/slsa-github-generator#3616

docs: Add v2.0.0 to SECURITY.md by @ianlewis in slsa-framework/slsa-github-generator#3630

docs: Add links to CHANGELOG by @ianlewis in slsa-framework/slsa-github-generator#3631

ci: fix PR title checker by @ianlewis in slsa-framework/slsa-github-generator#3632

ci: Add issue reopener by @ianlewis in slsa-framework/slsa-github-generator#3629

fix: update softprops/action-gh-release to v2.0.5 by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3619

chore(renovate): use cron syntax for schedule by @rarkins in slsa-framework/slsa-github-generator#3638

chore: Fix Renovate config by @ianlewis in slsa-framework/slsa-github-generator#3635

feat: workflow to update actions dist by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3653

fix(deps): update dependency @sigstore/rekor-types to v2 by @renovate-bot in slsa-framework/slsa-github-generator#3650

chore(deps): update github-actions (major) by @renovate-bot in slsa-framework/slsa-github-generator#3648

fix(deps): update dependency org.json:json to v20231013 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3641

fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3640

chore(deps): update dependency pathspec to v0.12.1 by @renovate-bot in slsa-framework/slsa-github-generator#3644

fix(deps): update dependency @actions/github to v6 by @renovate-bot in slsa-framework/slsa-github-generator#3649

fix(deps): update module golang.org/x/oauth2 to v0.20.0 by @renovate-bot in slsa-framework/slsa-github-generator#3646

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3647

chore: formatting by @ianlewis in slsa-framework/slsa-github-generator#3655

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3642

docs: Add openfga as another user of slsa-github-generator via Github Actions by @aaguiarz in slsa-framework/slsa-github-generator#2950

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in slsa-framework/slsa-github-generator#3645

chore: allow Renovate to create new config warning issues by @HonkingGoose in slsa-framework/slsa-github-generator#3662

chore: Fix markdown issues by @ianlewis in slsa-framework/slsa-github-generator#3658

chore(deps): update npm dev by @renovate-bot in slsa-framework/slsa-github-generator#3643

feat: Record vars in SLSA generators by @ianlewis in slsa-framework/slsa-github-generator#3633

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3679

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7 by @renovate-bot in slsa-framework/slsa-github-generator#3680

docs: Remove expected GA for Node.js builder by @ianlewis in slsa-framework/slsa-github-generator#3659

ci: Add formatting pre-submit check by @ianlewis in slsa-framework/slsa-github-generator#3654

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.8 by @renovate-bot in slsa-framework/slsa-github-generator#3712

chore(deps): bump the npm_and_yarn group across 10 directories with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3714

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3711

chore(deps): bump the go_modules group with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3715

chore: slsa-verifier v2.6.0: Update action.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3736

fix: Update maven helper plugin build by @loosebazooka in slsa-framework/slsa-github-generator#3746

fix: maven e2e: remove verify job by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3748

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3753

chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group by @dependabot in slsa-framework/slsa-github-generator#3760

chore(config): migrate renovate config by @renovate-bot in slsa-framework/slsa-github-generator#3774

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.

Commits

fbeecf0 update docs
f701310 update workflows
3618598 v2.1.0-rc.3
46f81fc chore: update refs to v2.1.0-rc.1 (#4120)
5d20c93 chore: use builder tag v2.1.0-rc.0 (#4118)
e27b237 chore: braces and ejs vulns (#4116)
8967e1c chore: Update CODEOWNERS (#4115)
47d1954 chore: update octokit deps (#4114)
f51d60a chore(deps): bump the npm_and_yarn group across 8 directories with 2 updates ...
4011345 chore(deps): update npm dev (#4113)
Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.1.0 to 2.2.1

Release notes

Sourced from softprops/action-gh-release's releases.

v2.2.1

What's Changed

Bug fixes 🐛

fix: big file uploads by @xen0n in softprops/action-gh-release#562

Other Changes 🔄

chore(deps): bump @types/node from 22.10.1 to 22.10.2 by @dependabot in softprops/action-gh-release#559

chore(deps): bump @types/node from 22.10.2 to 22.10.5 by @dependabot in softprops/action-gh-release#569

chore: update error and warning messages for not matching files in files field by @ytimocin in softprops/action-gh-release#568

New Contributors

@ytimocin made their first contribution in softprops/action-gh-release#568

Full Changelog: softprops/action-gh-release@v2.2.0...v2.2.1

v2.2.0

What's Changed

Exciting New Features 🎉

feat: read the release assets asynchronously by @xen0n in softprops/action-gh-release#552

Bug fixes 🐛

fix(docs): clarify the default for tag_name by @alexeagle in softprops/action-gh-release#544

Other Changes 🔄

chore(deps): bump typescript from 5.6.3 to 5.7.2 by @dependabot in softprops/action-gh-release#548

chore(deps): bump @types/node from 22.9.0 to 22.9.4 by @dependabot in softprops/action-gh-release#547

chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @dependabot in softprops/action-gh-release#545

chore(deps): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot in softprops/action-gh-release#543

chore(deps): bump prettier from 3.3.3 to 3.4.1 by @dependabot in softprops/action-gh-release#550

chore(deps): bump @types/node from 22.9.4 to 22.10.1 by @dependabot in softprops/action-gh-release#551

chore(deps): bump prettier from 3.4.1 to 3.4.2 by @dependabot in softprops/action-gh-release#554

New Contributors

@alexeagle made their first contribution in softprops/action-gh-release#544

@xen0n made their first contribution in softprops/action-gh-release#552

Full Changelog: softprops/action-gh-release@v2.1.0...v2.2.0

Changelog

Sourced from softprops/action-gh-release's changelog.

2.2.1

What's Changed

Bug fixes 🐛

fix: big file uploads by @xen0n in softprops/action-gh-release#562

Other Changes 🔄

chore(deps): bump @types/node from 22.10.1 to 22.10.2 by @dependabot in softprops/action-gh-release#559

chore(deps): bump @types/node from 22.10.2 to 22.10.5 by @dependabot in softprops/action-gh-release#569

chore: update error and warning messages for not matching files in files field by @ytimocin in softprops/action-gh-release#568

2.2.0

What's Changed

Exciting New Features 🎉

...
Description has been truncated

Bumps the actions-minor group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `4.1.0` | `4.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.6` | `3.28.10` | | [super-linter/super-linter](https://github.com/super-linter/super-linter) | `7.2.0` | `7.2.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `3.8.1` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `2.0.0` | `2.1.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.1.0` | `2.2.1` | Updates `actions/setup-node` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@39370e3...1d0ff46) Updates `actions/upload-artifact` from 4.4.3 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...4cec3d8) Updates `github/codeql-action` from 3.27.6 to 3.28.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@aa57810...b56ba49) Updates `super-linter/super-linter` from 7.2.0 to 7.2.1 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@e1cb86b...85f7611) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...f49aabe) Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@dc72c7d...d7d6bc7) Updates `slsa-framework/slsa-github-generator` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0) Updates `softprops/action-gh-release` from 2.1.0 to 2.2.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@01570a1...c95fe14) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-03-03T18:35:36Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 24, 2025

dependabot bot closed this Mar 3, 2025

dependabot bot deleted the dependabot/github_actions/actions-minor-798726c98a branch March 3, 2025 18:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions-minor group across 1 directory with 8 updates #145

Bump the actions-minor group across 1 directory with 8 updates #145

dependabot bot commented on behalf of github Feb 24, 2025 •

edited

Loading

dependabot bot commented on behalf of github Mar 3, 2025

Bump the actions-minor group across 1 directory with 8 updates #145

Bump the actions-minor group across 1 directory with 8 updates #145

Conversation

dependabot bot commented on behalf of github Feb 24, 2025 • edited Loading

v4.2.0

What's Changed

New Contributors

v4.6.1

What's Changed

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v3.28.10

CodeQL Action Changelog

3.28.10 - 21 Feb 2025

v3.28.9

CodeQL Action Changelog

3.28.9 - 07 Feb 2025

v3.28.8

CodeQL Action Changelog

3.28.8 - 29 Jan 2025

v3.28.7

CodeQL Action Changelog

3.28.7 - 29 Jan 2025

v3.28.6

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

3.28.10 - 21 Feb 2025

3.28.9 - 07 Feb 2025

3.28.8 - 29 Jan 2025

3.28.7 - 29 Jan 2025

3.28.6 - 27 Jan 2025

3.28.5 - 24 Jan 2025

3.28.4 - 23 Jan 2025

3.28.3 - 22 Jan 2025

3.28.2 - 21 Jan 2025

3.28.1 - 10 Jan 2025

v7.2.1

7.2.1 (2024-12-12)

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

Changelog

7.2.1 (2024-12-12)

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

7.2.0 (2024-11-17)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

v2.4.1

What's Changed

Docs

New Contributors

v3.8.1

What's Changed

v3.8.0

What's Changed

v2.1.0

What's Changed

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

v2.1.0: Vars context recorded in provenance

v2.2.1

What's Changed

Bug fixes 🐛

Other Changes 🔄

New Contributors

v2.2.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

New Contributors

2.2.1

What's Changed

dependabot bot commented on behalf of github Feb 24, 2025 •

edited

Loading