From 9a9bf3ecb0e6c36a0fc1f5686248d74639b66827 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 07:28:09 +0000 Subject: [PATCH] Bump the github-actions-dependency group with 4 updates Bumps the github-actions-dependency group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action), [open-edge-platform/anomalib](https://github.com/open-edge-platform/anomalib) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8) Updates `github/codeql-action` from 3.29.2 to 3.29.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...96f518a34f7a870018057716cc4d7a5c014bd61c) Updates `open-edge-platform/anomalib` from 90e1192dd7d420cb243a93ce17809e43f23fc36d to f6ec1c57363a9894ff57184a5bfb78efa8f3de1b - [Release notes](https://github.com/open-edge-platform/anomalib/releases) - [Changelog](https://github.com/open-edge-platform/anomalib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-edge-platform/anomalib/compare/90e1192dd7d420cb243a93ce17809e43f23fc36d...f6ec1c57363a9894ff57184a5bfb78efa8f3de1b) Updates `actions/download-artifact` from 4 to 5 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependency - dependency-name: github/codeql-action dependency-version: 3.29.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependency - dependency-name: open-edge-platform/anomalib dependency-version: f6ec1c57363a9894ff57184a5bfb78efa8f3de1b dependency-type: direct:production dependency-group: github-actions-dependency - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependency ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/docs.yml | 2 +- .github/workflows/pre_commit.yml | 12 ++++++------ .github/workflows/publish.yaml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/security-scan.yml | 12 ++++++------ .github/workflows/test_accuracy.yml | 2 +- .github/workflows/test_precommit.yml | 4 ++-- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b94d64c3..0b3153e3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,19 +28,19 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 + uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 + uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index cc30713c..d106a878 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -14,7 +14,7 @@ jobs: contents: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml index 7cf1adf6..127d23f4 100644 --- a/.github/workflows/pre_commit.yml +++ b/.github/workflows/pre_commit.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: CHECKOUT REPOSITORY - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: CHECKOUT REPOSITORY - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python @@ -54,11 +54,11 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run Zizmor scan - uses: open-edge-platform/anomalib/.github/actions/security/zizmor@90e1192dd7d420cb243a93ce17809e43f23fc36d + uses: open-edge-platform/anomalib/.github/actions/security/zizmor@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b with: scan-scope: "changed" severity-level: "MEDIUM" @@ -70,11 +70,11 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run Bandit scan - uses: open-edge-platform/anomalib/.github/actions/security/bandit@90e1192dd7d420cb243a93ce17809e43f23fc36d + uses: open-edge-platform/anomalib/.github/actions/security/bandit@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b with: scan-scope: "changed" severity-level: "LOW" diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 6379b915..d6a9b52d 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python 3.10 @@ -48,7 +48,7 @@ jobs: id-token: write # required by trusted publisher steps: - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: path: dist pattern: artifact-* diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 517c95fa..1c21428c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -35,6 +35,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 + uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: sarif_file: results.sarif diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 34837422..1822d459 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -20,11 +20,11 @@ jobs: security-events: write # Needed to upload the results to code-scanning dashboard steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run Zizmor scan - uses: open-edge-platform/anomalib/.github/actions/security/zizmor@90e1192dd7d420cb243a93ce17809e43f23fc36d + uses: open-edge-platform/anomalib/.github/actions/security/zizmor@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b with: scan-scope: "all" severity-level: "LOW" @@ -38,11 +38,11 @@ jobs: security-events: write # Needed to upload the results to code-scanning dashboard steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run Bandit scan - uses: open-edge-platform/anomalib/.github/actions/security/bandit@90e1192dd7d420cb243a93ce17809e43f23fc36d + uses: open-edge-platform/anomalib/.github/actions/security/bandit@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b with: scan-scope: "all" severity-level: "LOW" @@ -57,7 +57,7 @@ jobs: security-events: write # Needed to upload the results to code-scanning dashboard steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python @@ -72,7 +72,7 @@ jobs: - name: Run Trivy scan id: trivy - uses: open-edge-platform/anomalib/.github/actions/security/trivy@90e1192dd7d420cb243a93ce17809e43f23fc36d + uses: open-edge-platform/anomalib/.github/actions/security/trivy@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b with: scan_type: "fs" scan-scope: all diff --git a/.github/workflows/test_accuracy.yml b/.github/workflows/test_accuracy.yml index ead050f4..97ae49bc 100644 --- a/.github/workflows/test_accuracy.yml +++ b/.github/workflows/test_accuracy.yml @@ -12,7 +12,7 @@ jobs: test_accuracy: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 diff --git a/.github/workflows/test_precommit.yml b/.github/workflows/test_precommit.yml index a9dc27ca..6452e891 100644 --- a/.github/workflows/test_precommit.yml +++ b/.github/workflows/test_precommit.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: CHECKOUT REPOSITORY - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up Python @@ -51,7 +51,7 @@ jobs: run: | brew install colima docker colima start - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0