chore(deps): update github-actions by renovate-bot · Pull Request #4259 · slsa-framework/slsa-github-generator

renovate-bot · 2025-06-01T01:26:02Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	digest	`85e6279` -> `09d2aca`
github/codeql-action	action	minor	`v3.28.18` -> `v3.29.0`
ianlewis/todo-issue-reopener	action	minor	`v1.6.0` -> `v1.7.0`
ossf/scorecard-action	action	patch	`v2.4.1` -> `v2.4.2`
sigstore/cosign-installer	action	minor	`v3.8.2` -> `v3.9.1`
softprops/action-gh-release	action	minor	`v2.2.2` -> `v2.3.2`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

github/codeql-action (github/codeql-action)

`v3.29.0`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025

Update default CodeQL bundle version to 2.22.0. #2925
Bump minimum CodeQL bundle version to 2.16.6. #2912

See the full CHANGELOG.md for more information.

`v3.28.19`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.19 - 03 Jun 2025

The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview.
The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned
your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
actions analysis.
Update default CodeQL bundle version to 2.21.4. #2910

See the full CHANGELOG.md for more information.

ianlewis/todo-issue-reopener (ianlewis/todo-issue-reopener)

`v1.7.0`

Compare Source

Updated in v1.7.0

Increased stability by retrying requests to the GitHub API (#565).
Updated the version of todos used to v0.13.0 (#1945).

What's Changed since v1.6.0

chore(deps-dev): Bump @github/local-action from 2.6.2 to 3.0.0 by @dependabot in https://github.com/ianlewis/todo-issue-reopener/pull/1847
feat: Use @octokit/plugin-retry by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/1858
docs: Update CHANGELOG by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/1869
chore(deps): npm audit fix by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/1880
chore: sync repo-template-ts by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/1947
chore: Update todos version by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/1994
chore(deps): update npm dev by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2021
chore(deps): update python by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2027
chore(deps): update dependency aquaproj/aqua-registry to v4.369.0 by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2028
chore(deps): update dependency aquaproj/aqua-renovate-config to v2.8.0 by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2030
chore(deps): update github-actions by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2033
chore(deps): update dependency eslint-import-resolver-typescript to v4 by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2034
chore(deps): update dependency ianlewis/todos to v0.13.0 by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2032
chore(deps): update github-actions by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2154
chore(deps): update dependency aquaproj/aqua-registry to v4.374.0 by @renovate in https://github.com/ianlewis/todo-issue-reopener/pull/2155
chore: Update github actions dependencies by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/2191
chore: sync repo-template-ts by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/2217
chore(release): v1.7.0 by @ianlewis in https://github.com/ianlewis/todo-issue-reopener/pull/2020

New Contributors

@renovate made their first contribution in https://github.com/ianlewis/todo-issue-reopener/pull/2021

Full Changelog: ianlewis/todo-issue-reopener@v1.6.0...v1.7.0

ossf/scorecard-action (ossf/scorecard-action)

`v2.4.2`

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

sigstore/cosign-installer (sigstore/cosign-installer)

softprops/action-gh-release (softprops/action-gh-release)

`v2.3.2`

Compare Source

fix: revert fs readableWebStream change

`v2.3.1`

Compare Source

What's Changed

Bug fixes 🐛

fix: fix file closing issue by @WailGree in https://github.com/softprops/action-gh-release/pull/629

New Contributors

@WailGree made their first contribution in https://github.com/softprops/action-gh-release/pull/629

Full Changelog: softprops/action-gh-release@v2.3.0...v2.3.1

`v2.3.0`

Compare Source

Migrate from jest to vitest
Replace mime with mime-types
Bump to use node 24
Dependency updates

Full Changelog: softprops/action-gh-release@v2.2.2...v2.3.0

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: Mend Renovate <bot@renovateapp.com>

renovate-bot requested a review from a team as a code owner June 1, 2025 01:26

renovate-bot requested a review from a team June 1, 2025 01:26

renovate-bot force-pushed the renovate/github-actions branch from 223dfd2 to e7f8996 Compare June 4, 2025 06:38

renovate-bot changed the title ~~chore(deps): update ossf/scorecard-action action to v2.4.2~~ chore(deps): update github-actions Jun 4, 2025

renovate-bot force-pushed the renovate/github-actions branch from e7f8996 to 9d6b333 Compare June 9, 2025 07:29

renovate-bot force-pushed the renovate/github-actions branch from 9d6b333 to bbc08fa Compare June 18, 2025 14:31

chore(deps): update github-actions

ba2208c

Signed-off-by: Mend Renovate <bot@renovateapp.com>

renovate-bot force-pushed the renovate/github-actions branch from bbc08fa to ba2208c Compare June 24, 2025 17:07

ramonpetgrave64 approved these changes Jun 25, 2025

View reviewed changes

ramonpetgrave64 merged commit 9255e11 into slsa-framework:main Jun 25, 2025
75 checks passed

renovate-bot deleted the renovate/github-actions branch June 25, 2025 11:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github-actions#4259

chore(deps): update github-actions#4259
ramonpetgrave64 merged 1 commit into
slsa-framework:mainfrom
renovate-bot:renovate/github-actions

renovate-bot commented Jun 1, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

renovate-bot commented Jun 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

CodeQL Action Changelog

3.29.0 - 11 Jun 2025

CodeQL Action Changelog

3.28.19 - 03 Jun 2025

Updated in v1.7.0

What's Changed since v1.6.0

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

Bug fixes 🐛

New Contributors

Configuration

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renovate-bot commented Jun 1, 2025 •

edited

Loading