Skip to content

Commit b253e41

Browse files
Bump the all-actions group with 15 updates
Bumps the all-actions group with 15 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.1` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.247.0` | `1.286.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.3` | `4.32.0` | | [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) | `2.1` | `2.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `4.8.2` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.0.6` | `2.2.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.7.0` | | [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.1.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...de0fac2) Updates `tj-actions/changed-files` from 46.0.5 to 47.0.1 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@ed68ef8...e002140) Updates `ruby/setup-ruby` from 1.247.0 to 1.286.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@4727905...90be115) Updates `actions/setup-go` from 5.5.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@d35c59a...7a3fe6c) Updates `github/codeql-action` from 3.29.3 to 4.32.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d6bbdef...b20883b) Updates `codespell-project/actions-codespell` from 2.1 to 2.2 - [Release notes](https://github.com/codespell-project/actions-codespell/releases) - [Commits](codespell-project/actions-codespell@406322e...8f01853) Updates `actions/dependency-review-action` from 4.7.1 to 4.8.2 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@da24556...3c4e3dc) Updates `actions/create-github-app-token` from 2.0.6 to 2.2.1 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@df432ce...29824e6) Updates `sigstore/cosign-installer` from 3.9.2 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d58896d...faadad0) Updates `docker/login-action` from 3.4.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...c94ce9f) Updates `actions/labeler` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@8558fd7...634933e) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@05b42c6...4eaacf0) Updates `actions/cache` from 4.2.3 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...8b402f5) Updates `actions/upload-artifact` from 4.6.2 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...b7c566a) Updates `actions/stale` from 9.1.0 to 10.1.1 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5bef64f...9971854) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: ruby/setup-ruby dependency-version: 1.286.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: codespell-project/actions-codespell dependency-version: '2.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/labeler dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/stale dependency-version: 10.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>
1 parent ef15f02 commit b253e41

15 files changed

Lines changed: 45 additions & 45 deletions

.github/workflows/check-sorbet-typing-mode.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,11 @@ jobs:
1212
contents: read
1313

1414
steps:
15-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
15+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1616

1717
- name: Get Changed Files
1818
id: changed-files
19-
uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
19+
uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
2020
with:
2121
files: '**/lib/dependabot/**/*.rb' # Only get changed Ruby files in dependabot directory
2222

.github/workflows/ci.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
steps:
4848
- name: Checkout code
49-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
49+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5050
with:
5151
submodules: recursive
5252

@@ -79,7 +79,7 @@ jobs:
7979
runs-on: ubuntu-latest
8080
steps:
8181
- name: Checkout code
82-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
82+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8383
with:
8484
submodules: recursive
8585
# using bundler as the test updater
@@ -96,8 +96,8 @@ jobs:
9696
env:
9797
BUNDLE_GEMFILE: updater/Gemfile
9898
steps:
99-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
100-
- uses: ruby/setup-ruby@472790540115ce5bd69d399a020189a8c87d641f # v1.247.0
99+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
100+
- uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
101101
with:
102102
bundler-cache: true
103103
- run: ./bin/lint
@@ -110,15 +110,15 @@ jobs:
110110
runs-on: ubuntu-latest
111111
steps:
112112
- name: Checkout code
113-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
113+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
114114
with:
115115
submodules: recursive
116116

117117
- name: Build ecosystem image
118118
run: script/build silent
119119

120120
- name: Setup Go
121-
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
121+
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
122122
with:
123123
go-version-file: 'silent/tests/go.mod'
124124

.github/workflows/codeql-analysis.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,13 @@ jobs:
4545

4646
steps:
4747
- name: Checkout repository
48-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
48+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4949
with:
5050
submodules: recursive
5151

5252
# Initializes the CodeQL tools for scanning.
5353
- name: Initialize CodeQL (ruby)
54-
uses: github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
54+
uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
5555
with:
5656
languages: ${{ matrix.language }}
5757
config: |
@@ -60,15 +60,15 @@ jobs:
6060
if: matrix.language == 'ruby'
6161

6262
- name: Initialize CodeQL (others)
63-
uses: github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
63+
uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
6464
with:
6565
languages: ${{ matrix.language }}
6666
if: matrix.language != 'ruby'
6767

6868
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
6969
# If this step fails, then you should remove it and run the build manually (see below)
7070
- name: Autobuild
71-
uses: github/codeql-action/autobuild@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
71+
uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
7272

7373
# ℹ️ Command-line programs to run using the OS shell.
7474
# 📚 https://git.io/JvXDl
@@ -82,4 +82,4 @@ jobs:
8282
# make release
8383

8484
- name: Perform CodeQL Analysis
85-
uses: github/codeql-action/analyze@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
85+
uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6

.github/workflows/codespell.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ jobs:
1515

1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
18+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1919
- name: Codespell
20-
uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2.1
20+
uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2
2121
with:
2222
skip: "Gemfile,*.lock"

.github/workflows/dependency-review.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,6 @@ jobs:
2020
runs-on: ubuntu-latest
2121
steps:
2222
- name: Checkout Repository
23-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
23+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
- name: Perform Dependency Review
25-
uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
25+
uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0

.github/workflows/gems-bump-version.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,19 +19,19 @@ jobs:
1919
steps:
2020
- name: Generate token
2121
id: generate_token
22-
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
22+
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
2323
with:
2424
app-id: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_APP_ID }}
2525
private-key: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_PRIVATE_KEY }}
2626

27-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2828
with:
2929
token: ${{ steps.generate_token.outputs.token }}
3030
# Ensure we start from main in case the workflow is run from a branch
3131
ref: "main"
3232

3333
# bump-version.rb needs bundler
34-
- uses: ruby/setup-ruby@472790540115ce5bd69d399a020189a8c87d641f # v1.247.0
34+
- uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
3535
with:
3636
# Use the version of bundler specified in `updater/Gemfile.lock`.
3737
# Otherwise the generated PR will change `BUNDLED WITH` in

.github/workflows/gems-release-to-rubygems.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ jobs:
1616
id-token: write
1717

1818
steps:
19-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
20-
- uses: ruby/setup-ruby@472790540115ce5bd69d399a020189a8c87d641f # v1.247.0
19+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
20+
- uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
2121

2222
- name: Install the RubyGems version specified in the Dockerfile.updater-core file
2323
run: |

.github/workflows/images-branch.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
decision: ${{ steps.decision.outputs.decision }}
2929
steps:
3030
- name: Checkout code
31-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
31+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232
with:
3333
submodules: recursive
3434

@@ -90,11 +90,11 @@ jobs:
9090
DEPENDABOT_UPDATER_VERSION: ${{ github.sha }}
9191
steps:
9292
- name: Checkout code
93-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
93+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
9494
with:
9595
submodules: recursive
9696

97-
- uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
97+
- uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
9898

9999
- name: Prepare tag
100100
run: echo "DEPENDABOT_UPDATER_VERSION=${{ github.sha }}" >> $GITHUB_ENV
@@ -115,7 +115,7 @@ jobs:
115115
echo "DEPENDABOT_UPDATER_VERSION=$(git rev-parse HEAD)" >> $GITHUB_ENV
116116
if: github.event_name == 'workflow_dispatch'
117117

118-
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
118+
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
119119
with:
120120
registry: ghcr.io
121121
username: ${{ github.actor }}

.github/workflows/images-latest.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -65,11 +65,11 @@ jobs:
6565
ECOSYSTEM: ${{ matrix.suite.ecosystem }}
6666
steps:
6767
- name: Checkout code
68-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
68+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6969
with:
7070
submodules: recursive
7171

72-
- uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
72+
- uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
7373

7474
- name: Build the dependabot-updater-<ecosystem> image
7575
# despite the script input being $NAME, the resulting image is dependabot-updater-${ECOSYSTEM}
@@ -81,7 +81,7 @@ jobs:
8181
docker tag "${UPDATER_IMAGE}${ECOSYSTEM}" "${UPDATER_IMAGE}${ECOSYSTEM}:latest"
8282
docker tag "${UPDATER_IMAGE}${ECOSYSTEM}" "${UPDATER_IMAGE}${ECOSYSTEM}:${{ needs.date-version.outputs.date }}"
8383
84-
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
84+
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
8585
with:
8686
registry: ghcr.io
8787
username: ${{ github.actor }}

.github/workflows/images-updater-core.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,16 @@ jobs:
1818
packages: write
1919
steps:
2020
- name: Checkout code
21-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
21+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
submodules: recursive
2424

25-
- uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
25+
- uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
2626

2727
- name: Build dependabot-updater-core image
2828
run: script/build common
2929

30-
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
30+
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
3131
with:
3232
registry: ghcr.io
3333
username: ${{ github.actor }}

0 commit comments

Comments
 (0)