From e58a7cc8ff4586e6516712162d84cced1859c20d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 14:09:45 +0000 Subject: [PATCH] deps: bump the production-dependencies group across 1 directory with 6 updates Bumps the production-dependencies group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `b3b07ba8b418998c39fb20f53e8b695cdcc8de1b` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.18.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `2.4.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6.1.0` | `6.3.0` | | [42ByteLabs/patch-release-me](https://github.com/42bytelabs/patch-release-me) | `0.5.3` | `0.6.1` | Updates `dtolnay/rust-toolchain` from 56f84321dbccf38fb67ce29ab63e4754056677e0 to b3b07ba8b418998c39fb20f53e8b695cdcc8de1b - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](https://github.com/dtolnay/rust-toolchain/compare/56f84321dbccf38fb67ce29ab63e4754056677e0...b3b07ba8b418998c39fb20f53e8b695cdcc8de1b) Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...e468171a9de216ec08956ac3ada2f0791b6bd435) Updates `docker/build-push-action` from 6.15.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/471d1dc4e07e5cdedd4c2171150001c434f0b7a4...263435318d21b8e681c14492fe198d362a7d2c83) Updates `actions/attest-build-provenance` from 2.2.3 to 2.4.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/c074443f1aee8d4aeeae555aebba3282517141b2...e8998f949152b193b063cb0ec769d69d929409be) Updates `anchore/scan-action` from 6.1.0 to 6.3.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/7c05671ae9be166aeb155bad2d7df9121823df32...be7a22da4f22dde446c4c4c099887ff5b256526c) Updates `42ByteLabs/patch-release-me` from 0.5.3 to 0.6.1 - [Release notes](https://github.com/42bytelabs/patch-release-me/releases) - [Changelog](https://github.com/42ByteLabs/patch-release-me/blob/main/.release.yml) - [Commits](https://github.com/42bytelabs/patch-release-me/compare/f950db6bce09f2156a5f2d1cc86ac60ed1663a9e...9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a) --- updated-dependencies: - dependency-name: dtolnay/rust-toolchain dependency-version: b3b07ba8b418998c39fb20f53e8b695cdcc8de1b dependency-type: direct:production dependency-group: production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/attest-build-provenance dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: anchore/scan-action dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: 42ByteLabs/patch-release-me dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-ql.yml | 2 +- .github/workflows/container-publish.yml | 8 ++++---- .github/workflows/container-security.yml | 6 +++--- .github/workflows/release.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-ql.yml b/.github/workflows/codeql-ql.yml index 02cf7cf..99274d8 100644 --- a/.github/workflows/codeql-ql.yml +++ b/.github/workflows/codeql-ql.yml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@v4 - name: "Set up Rust" - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # v1.85.1 + uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # v1.85.1 with: toolchain: stable diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index 3acb733..246d699 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Log in to the Container registry uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 @@ -67,7 +67,7 @@ jobs: type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.version }} - name: Build & Publish Container ${{ env.IMAGE_NAME }} - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 id: build with: file: "${{ inputs.container-file }}" @@ -87,13 +87,13 @@ jobs: # Build provenance attestations - name: Attest Container Image - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true # - name: Attest Container SBOM - # uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + # uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 # with: # subject-path:: '*.spdx.json' diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml index 7c042bb..fbac1b5 100644 --- a/.github/workflows/container-security.yml +++ b/.github/workflows/container-security.yml @@ -38,10 +38,10 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Build Initial Container - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 id: build with: file: "${{ inputs.container-file }}" @@ -52,7 +52,7 @@ jobs: # Scan the image for vulnerabilities - name: Run the Anchore / Grype scan action - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 + uses: anchore/scan-action@be7a22da4f22dde446c4c4c099887ff5b256526c # v6.3.0 id: scan with: image: localbuild/testimage:latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1cfb4e1..f010c97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v4 - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@f950db6bce09f2156a5f2d1cc86ac60ed1663a9e # 0.5.3 + uses: 42ByteLabs/patch-release-me@9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a # 0.6.1 with: mode: ${{ github.event.inputs.bump }}