From c1629994e5727cb4ec12587e8613fdf0419ccc2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 03:34:16 +0000 Subject: [PATCH] build(deps): bump the github-actions group across 1 directory with 5 updates Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` | `6.3.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.3` | `4.32.6` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.22.2` | `0.23.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.0` | | [actions/stale](https://github.com/actions/stale) | `10.1.1` | `10.2.0` | Updates `actions/setup-go` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417) Updates `github/codeql-action` from 4.32.3 to 4.32.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...0d579ffd059c29b07949a3cce3983f0780820c98) Updates `anchore/sbom-action` from 0.22.2 to 0.23.1 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/28d71544de8eaf1b958d335707167c5f783590ad...57aae528053a48a3f6235f2d9461b05fbcb7366d) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/faadad0cce49287aee09b3a48701e75088a2c6ad...ba7bc0a3fef59531c69a25acd34668d6d3fe6f22) Updates `actions/stale` from 10.1.1 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-version: 0.23.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- .github/workflows/codeql.yaml | 6 +++--- .github/workflows/dotcom-acceptance-tests.yaml | 2 +- .github/workflows/ghes-acceptance-tests.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/stale.yaml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0bdd194767..a8e0f2f2b6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -29,7 +29,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set-up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 609a3a0f9b..b6afbb2184 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -42,14 +42,14 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set-up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 if: matrix.language == 'go' with: go-version-file: go.mod cache: true - name: Initialize CodeQL - uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -60,6 +60,6 @@ jobs: run: go build ./... - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dotcom-acceptance-tests.yaml b/.github/workflows/dotcom-acceptance-tests.yaml index 10004d8917..3c482e371d 100644 --- a/.github/workflows/dotcom-acceptance-tests.yaml +++ b/.github/workflows/dotcom-acceptance-tests.yaml @@ -73,7 +73,7 @@ jobs: echo "token=${GH_TEST_TOKEN}" >> "${GITHUB_OUTPUT}" - name: Set-up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/ghes-acceptance-tests.yaml b/.github/workflows/ghes-acceptance-tests.yaml index c5f0aa0b47..0af36ba54f 100644 --- a/.github/workflows/ghes-acceptance-tests.yaml +++ b/.github/workflows/ghes-acceptance-tests.yaml @@ -85,7 +85,7 @@ jobs: echo "token=${TEST_USER_TOKEN}" >> "${GITHUB_OUTPUT}" - name: Set-up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod cache: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bec9405dc6..427f1b0ef5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,16 +35,16 @@ jobs: fetch-depth: 0 - name: Set-up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod cache: true - name: Install Syft - uses: anchore/sbom-action/download-syft@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 + uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 46d64f4ebe..002e91dc74 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -26,7 +26,7 @@ jobs: run: shell: bash steps: - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: stale-issue-message: > 👋 Hey Friends, this issue has been automatically marked as `stale` because it has no recent activity.