chore: bump the github-actions group across 1 directory with 6 updates#72
Closed
dependabot[bot] wants to merge 1 commit into
Closed
chore: bump the github-actions group across 1 directory with 6 updates#72dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
This comment has been minimized.
This comment has been minimized.
6d37db1 to
1cedb43
Compare
This comment has been minimized.
This comment has been minimized.
Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dataaxiom/ghcr-cleanup-action](https://github.com/dataaxiom/ghcr-cleanup-action) | `1.0.16` | `1.2.1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.17.0` | `2.19.4` | | [gradle/actions](https://github.com/gradle/actions) | `5.0.1` | `6.1.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` | | [epam/ai-dial-ci](https://github.com/epam/ai-dial-ci) | `3.2.0` | `4.3.0` | | [oss-review-toolkit/ort-ci-github-action](https://github.com/oss-review-toolkit/ort-ci-github-action) | `1.0.1` | `1.2.0` | Updates `dataaxiom/ghcr-cleanup-action` from 1.0.16 to 1.2.1 - [Release notes](https://github.com/dataaxiom/ghcr-cleanup-action/releases) - [Commits](dataaxiom/ghcr-cleanup-action@cd0cdb9...f092b48) Updates `step-security/harden-runner` from 2.17.0 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@f808768...9af89fc) Updates `gradle/actions` from 5.0.1 to 6.1.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@f29f5a9...50e97c2) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) Updates `epam/ai-dial-ci` from 3.2.0 to 4.3.0 - [Release notes](https://github.com/epam/ai-dial-ci/releases) - [Commits](epam/ai-dial-ci@3.2.0...4.3.0) Updates `oss-review-toolkit/ort-ci-github-action` from 1.0.1 to 1.2.0 - [Commits](oss-review-toolkit/ort-ci-github-action@9acdf1e...086d928) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dataaxiom/ghcr-cleanup-action dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: epam/ai-dial-ci dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: gradle/actions dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: oss-review-toolkit/ort-ci-github-action dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/harden-runner dependency-version: 2.19.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
1cedb43 to
443d63f
Compare
Collaborator
Dependency ReviewThe following issues were found:
License Issues.github/workflows/test.yml
OpenSSF Scorecard
Scanned Files
|
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the github-actions group with 6 updates in the / directory:
1.0.161.2.12.17.02.19.45.0.16.1.04.9.05.0.03.2.04.3.01.0.11.2.0Updates
dataaxiom/ghcr-cleanup-actionfrom 1.0.16 to 1.2.1Release notes
Sourced from dataaxiom/ghcr-cleanup-action's releases.
Commits
f092b48Merge pull request #122 from rohanmars/mainfa3daf5ci: hoist fork-PR approval gate to a single job (was per matrix entry)c1ba289fix: synchronously claim digests before delete to prevent concurrent duplicat...f5e37e7fix: tolerate all 404s on package version delete; always flush per-tree log b...374e202Merge pull request #120 from rohanmars/code-reviewe1e6176perf: cap per-listing log volume at 1000 lines (truncate at INFO)6516895fix: drop the post-reload untag-ops invariant assertion (3.1.5 retraction)5a020affeat: buffer deleteImage logs per top-level tree, flush atomically8263ff3chore: refresh dependencies to latest patches within current ranges5a3f4ccchore: update coverage badge to 94.47%Updates
step-security/harden-runnerfrom 2.17.0 to 2.19.4Release notes
Sourced from step-security/harden-runner's releases.
... (truncated)
Commits
9af89fcMerge pull request #667 from step-security/update-agent-v1.8.6485dce8Update agent to v1.8.6ab7a940Merge pull request #665 from step-security/fix/use-policy-store-default-auditec41b78Default to audit mode when api-key missing with use-policy-store9ca718dMerge pull request #664 from step-security/update-agent-v1.8.51dee3dfUpdate agent to v1.8.5a5ad31dMerge pull request #657 from devantler/fix/ubuntu-slim-user-env6e92856build dist and trim ubuntu-slim message4e0504eMerge branch 'main' into fix/ubuntu-slim-user-env8d3c67dRelease v2.19.0 (#661)Updates
gradle/actionsfrom 5.0.1 to 6.1.0Release notes
Sourced from gradle/actions's releases.
... (truncated)
Commits
50e97c2Link to docs for caching providersf2e6298Restructure caching documentation for basic and enhanced providers (#934)b294b1eReally fix integ-test-full83d3189Revise license details for gradle-actions-caching1d5db06Update license link for gradle-actions-caching component1c80961Fix license link for Enhanced Caching component9e99920Fix integ-test-full workflowbb8aaafFix workflow permissionsf5dfb43[bot] Update dist directoryff9ae24Add open-source 'basic' cache provider and revamp licensing documentation (#930)Updates
actions/dependency-review-actionfrom 4.9.0 to 5.0.0Release notes
Sourced from actions/dependency-review-action's releases.
Commits
a1d282bMerge pull request #1098 from actions/ahpook/v5-releaseeb6c199update examples to show@v53943c2cv5.0.0 release branch454943cMerge pull request #1094 from actions/ashelytc/security-findings6d92a12revert@typescript-eslint/parserupdatea8e5a7eMerge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...b6b7079update@typescript-eslint/parserto 8.40.0821a21dupdate more dependencies05aaaaerun npm audit fix55d3e75Merge pull request #1077 from Marukome0743/docs/checkoutUpdates
epam/ai-dial-cifrom 3.2.0 to 4.3.0Release notes
Sourced from epam/ai-dial-ci's releases.
... (truncated)
Commits
627c642feat: add support of trusted publishing to npmjs registry (#494)0d37166fix: npm publish script should not use reserved name "publish" (#493)9a85c64feat: make review env availability check script generic (#492)38aeeccfeat: add ability to create stable GitHub releases as drafts (#491)d273ed8feat: improved changelog generation (#488)f79ec27chore: increase timeout-minutes for deploy job of deploy-review command (#487)5dfd62afix: use related environment for monitor job01f7d22chore: support another GitHub environment in deploy review workflow (#484)80dd0c7chore: rename GitLab variables in legacy e2e-test workflow (#483)829d71efix: show GitLab host and pipeline URL in logs (#480)Updates
oss-review-toolkit/ort-ci-github-actionfrom 1.0.1 to 1.2.0Commits
086d928deps: update actions/cache action to v5.0.531f3860deps: update actions/upload-artifact action to v7.0.135e1afdci: Add a workflow to validate the Renovate config08b7556ci(renovate): Use the config preset from the .github repo15444efdeps: update actions/cache action to v506ee8d5deps: update actions/upload-artifact action to v79450696deps: update actions/cache action to v4.3.0b3f00a5Add Renovate configuration for automated dependency updates62e59b4rearrange input by lex order2f757c4make ort jdk java options configurable