Skip to content

Commit 29e01e2

Browse files
build(deps): bump the actions-routine group with 3 updates (#9)
Bumps the actions-routine group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `actions/checkout` from 4.1.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.1...de0fac2) Updates `dependabot/fetch-metadata` from 2.3.0 to 2.5.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@d7267f6...21025c7) Updates `actions/attest-build-provenance` from 1.4.4 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@ef24412...a2bbfa2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine - dependency-name: dependabot/fetch-metadata dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent fb5f840 commit 29e01e2

3 files changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/dependabot-auto-merge.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
steps:
2121
- name: Fetch Dependabot metadata
2222
id: metadata
23-
uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
23+
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a
2424
with:
2525
github-token: ${{ secrets.GITHUB_TOKEN }}
2626

.github/workflows/dependency-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout
16-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
1717
with:
1818
fetch-depth: 0
1919
- name: Detect dependency file changes

.github/workflows/security.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,6 @@ jobs:
103103
- name: Generate SBOM for attestation subject
104104
run: uv run make sbom
105105
- name: Attest SBOM provenance
106-
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018
106+
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
107107
with:
108108
subject-path: runs/security/sbom.cdx.json

0 commit comments

Comments
 (0)