From 0b1354c8964352f5e9dc3481fc6afcf0923202a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 22:05:17 +0000 Subject: [PATCH] update: bump the gh-actions-packages group across 1 directory with 10 updates Bumps the gh-actions-packages group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.3` | `3.28.13` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.5.0` | `4.6.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.3.0` | `5.5.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.4.0` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2947.0` | `12.2986.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.9` | `0.18.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.8.0` | `3.10.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.12.0` | `6.15.0` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `5.2.0` | `5.5.1` | Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) Updates `github/codeql-action` from 3.28.3 to 3.28.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7...1b549b9259bda1cb5ddde3b41741a82a2d15a841) Updates `actions/dependency-review-action` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/3b139cfc5fae8b618d3eae3675e383bb1769c019...ce3cf9537a52e8119d91fd484ab5b8a807627bf8) Updates `actions/setup-python` from 5.3.0 to 5.5.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0b93645e9fea7318ecaed2b359559ac225c90a2b...8d9ed9ac5c53483de85588cdf95a591a75ab9f55) Updates `docker/login-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) Updates `bridgecrewio/checkov-action` from 12.2947.0 to 12.2986.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](https://github.com/bridgecrewio/checkov-action/compare/5c5ef32fa4ed5765cb8f4894203edd314f284f61...d6eeb5622b39629a1940eb9d42f7229a2945ab98) Updates `anchore/sbom-action` from 0.17.9 to 0.18.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/df80a981bc6edbc4e220a492d3cbe9f5547a6e75...f325610c9f50a54015d37c8d16cb3b0e2c8f4de0) Updates `docker/setup-buildx-action` from 3.8.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) Updates `docker/build-push-action` from 6.12.0 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/67a2d409c0a876cbe6b11854e3e25193efe4e62d...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) Updates `mikepenz/action-junit-report` from 5.2.0 to 5.5.1 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](https://github.com/mikepenz/action-junit-report/compare/62516aa379bff6370c95fd5894d5a27fb6619d9b...cf701569b05ccdd861a76b8607a66d76f6fd4857) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-version: 3.28.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/setup-python dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/login-action dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-version: 12.2986.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/setup-buildx-action dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/build-push-action dependency-version: 6.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: mikepenz/action-junit-report dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] --- .github/workflows/.reusable-compliance.yml | 6 ++--- .github/workflows/.reusable-docs.yml | 2 +- .../workflows/.reusable-integration-test.yml | 8 +++---- .github/workflows/.reusable-sast.yml | 24 +++++++++---------- .github/workflows/.reusable-sca.yml | 4 ++-- .github/workflows/.reusable-unit-test.yml | 10 ++++---- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml index c3323a8..09d9dbe 100644 --- a/.github/workflows/.reusable-compliance.yml +++ b/.github/workflows/.reusable-compliance.yml @@ -26,14 +26,14 @@ jobs: with: persist-credentials: false - name: Analyze - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: false #TODO: reactivate when working again - name: Upload - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: results.sarif @@ -51,7 +51,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Review - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 + uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0 with: comment-summary-in-pr: always diff --git a/.github/workflows/.reusable-docs.yml b/.github/workflows/.reusable-docs.yml index fd4a191..02f3333 100644 --- a/.github/workflows/.reusable-docs.yml +++ b/.github/workflows/.reusable-docs.yml @@ -30,7 +30,7 @@ jobs: git config user.name "versioning_user" git config user.email "semgr8s@securesystems.de" - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry diff --git a/.github/workflows/.reusable-integration-test.yml b/.github/workflows/.reusable-integration-test.yml index 7a3c41b..07ae6d3 100644 --- a/.github/workflows/.reusable-integration-test.yml +++ b/.github/workflows/.reusable-integration-test.yml @@ -48,7 +48,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login with registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ inputs.build_registry }} username: ${{ inputs.repo_owner }} @@ -104,7 +104,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login with registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ inputs.build_registry }} username: ${{ inputs.repo_owner }} @@ -159,7 +159,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login with registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ inputs.build_registry }} username: ${{ inputs.repo_owner }} @@ -214,7 +214,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login with registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ inputs.build_registry }} username: ${{ inputs.repo_owner }} diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml index 1c961c0..ad2f465 100644 --- a/.github/workflows/.reusable-sast.yml +++ b/.github/workflows/.reusable-sast.yml @@ -27,7 +27,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry @@ -48,7 +48,7 @@ jobs: run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: 'bandit-results.sarif' @@ -62,7 +62,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry @@ -99,14 +99,14 @@ jobs: shell: bash - name: Scan if: inputs.output == 'table' - uses: bridgecrewio/checkov-action@5c5ef32fa4ed5765cb8f4894203edd314f284f61 # v12.2947.0 + uses: bridgecrewio/checkov-action@d6eeb5622b39629a1940eb9d42f7229a2945ab98 # v12.2986.0 with: skip_check: CKV_DOCKER_2 output_format: cli soft_fail: false - name: Scan if: inputs.output == 'sarif' - uses: bridgecrewio/checkov-action@5c5ef32fa4ed5765cb8f4894203edd314f284f61 # v12.2947.0 + uses: bridgecrewio/checkov-action@d6eeb5622b39629a1940eb9d42f7229a2945ab98 # v12.2986.0 with: skip_check: CKV_DOCKER_2 output_file_path: console,checkov-results.sarif @@ -114,7 +114,7 @@ jobs: soft_fail: true - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: checkov-results.sarif @@ -131,11 +131,11 @@ jobs: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: languages: 'python' - name: Analyze - uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 hadolint: runs-on: ubuntu-latest @@ -164,7 +164,7 @@ jobs: no-fail: true output-file: hadolint-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 if: inputs.output == 'sarif' with: sarif_file: 'hadolint-results.sarif' @@ -197,7 +197,7 @@ jobs: format: sarif output-file: kubelinter-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 if: inputs.output == 'sarif' with: sarif_file: 'kubelinter-results.sarif' @@ -211,7 +211,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry @@ -249,7 +249,7 @@ jobs: if: inputs.output == 'sarif' run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0 - name: Upload - uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 if: inputs.output == 'sarif' with: sarif_file: semgrep-results.sarif diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml index 369a7b2..3c6202e 100644 --- a/.github/workflows/.reusable-sca.yml +++ b/.github/workflows/.reusable-sca.yml @@ -87,13 +87,13 @@ jobs: steps: - name: Login with registry if: inputs.registry != '' - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ inputs.registry }} username: ${{ inputs.repo_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 with: image: ${{ inputs.image }} format: cyclonedx-json diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml index 2be4d17..3bfca7d 100644 --- a/.github/workflows/.reusable-unit-test.yml +++ b/.github/workflows/.reusable-unit-test.yml @@ -21,9 +21,9 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Docker buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build test image - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: false load: true @@ -46,7 +46,7 @@ jobs: pytest-coverage-path: tests/pytest-coverage.txt junitxml-path: tests/pytest.xml - name: Publish Test Report - uses: mikepenz/action-junit-report@62516aa379bff6370c95fd5894d5a27fb6619d9b # v5.2.0 + uses: mikepenz/action-junit-report@cf701569b05ccdd861a76b8607a66d76f6fd4857 # v5.5.1 if: success() || failure() # always run even if the previous step fails with: report_paths: 'tests/pytest.xml' @@ -61,7 +61,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry @@ -90,7 +90,7 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version-file: '.python-version' - name: Install poetry