Bump the actions group across 1 directory with 5 updates #5587

dependabot · 2024-05-20T14:37:18Z

Bumps the actions group with 5 updates in the / directory:

Package	From	To
actions/checkout	`4.1.5`	`4.1.6`
github/codeql-action	`3.25.5`	`3.25.6`
carloscastrojumo/github-cherry-pick-action	`1.0.1`	`1.0.10`
codecov/codecov-action	`4.4.0`	`4.4.1`
anchore/sbom-action	`0.15.11`	`0.16.0`

Updates actions/checkout from 4.1.5 to 4.1.6

Release notes

Sourced from actions/checkout's releases.

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

... (truncated)

Commits

a5ac7e5 Update for 4.1.6 release (#1733)
24ed1a3 Check platform for extension (#1732)
See full diff in compare view

Updates github/codeql-action from 3.25.5 to 3.25.6

Commits

9fdb3e4 Merge pull request #2300 from github/update-v3.25.6-63d519c0a
00792ab Update changelog for v3.25.6
63d519c Merge pull request #2295 from github/update-bundle/codeql-bundle-v2.17.3
0d9161c Merge pull request #2293 from github/henrymercer/update-build-mode-autobuild-...
e9e2729 Add changelog note
de1ac31 Update default bundle to codeql-bundle-v2.17.3
a57c67b Merge pull request #2286 from github/koesie10/ghec-dr-db-upload
b7ef64e Merge pull request #2294 from github/dependabot/npm_and_yarn/npm-d3285d5234
e54dea2 Update checked-in dependencies
3b42294 Bump the npm group across 1 directory with 4 updates
Additional commits viewable in compare view

Updates carloscastrojumo/github-cherry-pick-action from 1.0.1 to 1.0.10

Release notes

Sourced from carloscastrojumo/github-cherry-pick-action's releases.

v1.0.10

❗️Changes

🐛 Bug Fixes

Fix typo in team reviewers input parameter @jeslat (#96)

🔧 Maintenance

Bump action Node version to v20 @LukasTy (#148)

Bump the npm group with 13 updates @dependabot (#156)

Bump the github-actions group with 3 updates @dependabot (#151)

Bump prettier from 2.8.4 to 3.2.5 @dependabot (#152)

Bump @types/node from 18.15.8 to 20.11.30 @dependabot (#150)

Bump @types/node from 18.13.0 to 18.15.8 @dependabot (#99)

Bump eslint-plugin-github from 4.6.0 to 4.7.0 @dependabot (#98)

Bump @typescript-eslint/parser from 5.51.0 to 5.56.0 @dependabot (#95)

Bump eslint from 8.33.0 to 8.36.0 @dependabot (#90)

Fix Auto label dependabot Pull Requests @carloscastrojumo (#81)

Auto label dependabot Pull Requests @carloscastrojumo (#79)

v1.0.9

❗️Changes

🚀 Features

[ISSUE-44] Get commit SHA from pull_request.merge_commit_sha @lampajr (#72)

🔧 Maintenance

Bump @types/node from 14.18.34 to 18.13.0 @dependabot (#68)

Bump prettier from 2.8.3 to 2.8.4 @dependabot (#70)

Bump @vercel/ncc from 0.36.0 to 0.36.1 @dependabot (#71)

v1.0.8

❗️Changes

🔧 Maintenance

Bump @actions/github from 4.0.0 to 5.1.1 @dependabot (#50)

Bump eslint and eslint-plugin-github @dependabot (#67)

Bump eslint-plugin-github from 4.1.1 to 4.3.2 @dependabot (#37)

Bump typescript from 4.9.3 to 4.9.5 @dependabot (#54)

Update token to GITHUB_TOKEN @carloscastrojumo (#66)

New release action @carloscastrojumo (#65)

Remove create action @carloscastrojumo (#64)

v1.0.7

🚀 Features

added support to fetch the PR outputs

PR: #24

... (truncated)

Commits

5037732 Automatic compilation
e5d2287 Merge pull request #148 from LukasTy/update-node-to-20
159a73a Bump @octokit/webhooks-types to latest
cd7ec3e Merge remote-tracking branch 'upstream/main' into update-node-to-20
7bd20ca Merge pull request #96 from jeslat/fix-team-reviewers
ec47480 Fix typo in team reviewers input parameter
a5fc02b Merge pull request #156 from carloscastrojumo/dependabot/npm_and_yarn/npm-a28...
8e3a123 Bump the npm group with 13 updates
be6bf47 Merge pull request #151 from carloscastrojumo/dependabot/github_actions/githu...
a5d4bc4 Bump the github-actions group with 3 updates
Additional commits viewable in compare view

Updates codecov/codecov-action from 4.4.0 to 4.4.1

Release notes

Sourced from codecov/codecov-action's releases.

v4.4.1

What's Changed

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in codecov/codecov-action#1427

fix: prevent xlarge from running on forks by @thomasrockhu-codecov in codecov/codecov-action#1432

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in codecov/codecov-action#1439

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in codecov/codecov-action#1438

fix: isPullRequestFromFork returns false for any PR by @shahar-h in codecov/codecov-action#1437

chore(release): 4.4.1 by @thomasrockhu-codecov in codecov/codecov-action#1441

New Contributors

@shahar-h made their first contribution in codecov/codecov-action#1437

Full Changelog: codecov/codecov-action@v4.4.0...v4.4.1

What's Changed

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in codecov/codecov-action#1427

fix: prevent xlarge from running on forks by @thomasrockhu-codecov in codecov/codecov-action#1432

build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in codecov/codecov-action#1439

build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in codecov/codecov-action#1438

fix: isPullRequestFromFork returns false for any PR by @shahar-h in codecov/codecov-action#1437

chore(release): 4.4.1 by @thomasrockhu-codecov in codecov/codecov-action#1441

New Contributors

@shahar-h made their first contribution in codecov/codecov-action#1437

Full Changelog: codecov/codecov-action@v4.4.0...v4.4.1

Commits

125fc84 chore(release): 4.4.1 (#1441)
c9dbf6a fix: isPullRequestFromFork returns false for any PR (#1437)
59fc46f build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#1438)
3889fdd build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 (#1439)
d42a336 fix: prevent xlarge from running on forks (#1432)
fd624e5 build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 (#...
See full diff in compare view

Updates anchore/sbom-action from 0.15.11 to 0.16.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.16

Changes in v0.16.0

Update Syft to v1.4.1 (#465)

Update GitHub artifact client (#463) [kzantow]

Commits

e8d2a69 chore(deps): update Syft to v1.4.1 (#465)
610bea4 chore: update GitHub artifact client (#463)
0445e23 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#464)
a66e2f3 chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#461)
1abd786 chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.5 (#462)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https:/actions/checkout) | `4.1.5` | `4.1.6` | | [github/codeql-action](https:/github/codeql-action) | `3.25.5` | `3.25.6` | | [carloscastrojumo/github-cherry-pick-action](https:/carloscastrojumo/github-cherry-pick-action) | `1.0.1` | `1.0.10` | | [codecov/codecov-action](https:/codecov/codecov-action) | `4.4.0` | `4.4.1` | | [anchore/sbom-action](https:/anchore/sbom-action) | `0.15.11` | `0.16.0` | Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https:/actions/checkout/releases) - [Changelog](https:/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.5...a5ac7e5) Updates `github/codeql-action` from 3.25.5 to 3.25.6 - [Release notes](https:/github/codeql-action/releases) - [Changelog](https:/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7cec75...9fdb3e4) Updates `carloscastrojumo/github-cherry-pick-action` from 1.0.1 to 1.0.10 - [Release notes](https:/carloscastrojumo/github-cherry-pick-action/releases) - [Commits](carloscastrojumo/github-cherry-pick-action@v1.0.1...v1.0.10) Updates `codecov/codecov-action` from 4.4.0 to 4.4.1 - [Release notes](https:/codecov/codecov-action/releases) - [Changelog](https:/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@6d79887...125fc84) Updates `anchore/sbom-action` from 0.15.11 to 0.16.0 - [Release notes](https:/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@7ccf588...e8d2a69) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: carloscastrojumo/github-cherry-pick-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https:/actions/checkout) | `4.1.5` | `4.1.6` | | [github/codeql-action](https:/github/codeql-action) | `3.25.5` | `3.25.6` | | [carloscastrojumo/github-cherry-pick-action](https:/carloscastrojumo/github-cherry-pick-action) | `1.0.1` | `1.0.10` | | [codecov/codecov-action](https:/codecov/codecov-action) | `4.4.0` | `4.4.1` | | [anchore/sbom-action](https:/anchore/sbom-action) | `0.15.11` | `0.16.0` | Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https:/actions/checkout/releases) - [Changelog](https:/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.5...a5ac7e5) Updates `github/codeql-action` from 3.25.5 to 3.25.6 - [Release notes](https:/github/codeql-action/releases) - [Changelog](https:/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7cec75...9fdb3e4) Updates `carloscastrojumo/github-cherry-pick-action` from 1.0.1 to 1.0.10 - [Release notes](https:/carloscastrojumo/github-cherry-pick-action/releases) - [Commits](carloscastrojumo/github-cherry-pick-action@v1.0.1...v1.0.10) Updates `codecov/codecov-action` from 4.4.0 to 4.4.1 - [Release notes](https:/codecov/codecov-action/releases) - [Changelog](https:/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@6d79887...125fc84) Updates `anchore/sbom-action` from 0.15.11 to 0.16.0 - [Release notes](https:/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@7ccf588...e8d2a69) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: carloscastrojumo/github-cherry-pick-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot requested a review from a team as a code owner May 20, 2024 14:37

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 20, 2024

github-actions bot added the chore Pull requests for routine tasks label May 20, 2024

pdabelf5 approved these changes May 20, 2024

View reviewed changes

vepatel approved these changes May 20, 2024

View reviewed changes

j1m-ryan approved these changes May 20, 2024

View reviewed changes

pdabelf5 merged commit 24ab78d into main May 20, 2024
78 checks passed

pdabelf5 deleted the dependabot/github_actions/actions-71f550ce4d branch May 20, 2024 16:13

This was referenced Jul 1, 2024

[DO NOT MERGE] transport server template #5902

Closed

[DO NOT MERGE] transport server template #5903

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 5 updates #5587

Bump the actions group across 1 directory with 5 updates #5587

dependabot bot commented on behalf of github May 20, 2024

Bump the actions group across 1 directory with 5 updates #5587

Bump the actions group across 1 directory with 5 updates #5587

Conversation

dependabot bot commented on behalf of github May 20, 2024

v4.1.6

What's Changed

Changelog

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v1.0.10

❗️Changes

🐛 Bug Fixes

🔧 Maintenance

v1.0.9

❗️Changes

🚀 Features

🔧 Maintenance

v1.0.8

❗️Changes

🔧 Maintenance

v1.0.7

🚀 Features

v4.4.1

What's Changed

New Contributors

What's Changed

New Contributors

v0.16

Changes in v0.16.0