From 5e4790948bd3c4a92a768d8d81ac7fc97dbbfaf5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 04:04:27 +0000 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 6 updates Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.2` | `3.9.2` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.5.1` | `8.0.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.3.0` | `6.4.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.30.0` | `0.33.1` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.8.2...v3.9.2) Updates `golangci/golangci-lint-action` from 6.5.1 to 8.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/4696ba8babb6127d732c3c6dde519db15edab9ea...4afd733a84b1f43292c63897423277bb7f4313a9) Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/9c156ee8a17a598857849441385a2041ef570552...e435ccd777264be153ace6237001ef4d979d3a7a) Updates `aquasecurity/trivy-action` from 0.30.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5...b6643a29fecd7f34b3597bc6acb0a98b03d33ff8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 3.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/docker.yml | 4 ++-- .github/workflows/go.yml | 26 +++++++++++++------------- .github/workflows/releaser.yml | 8 ++++---- .github/workflows/security.yml | 12 ++++++------ 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eb92e76c..48230a17 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. @@ -38,7 +38,7 @@ jobs: languages: go - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 44b68d62..79e6eb98 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -30,7 +30,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Install Cosign - uses: sigstore/cosign-installer@v3.8.2 + uses: sigstore/cosign-installer@v3.9.2 - name: Login to GHCR uses: docker/login-action@v3 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index ec92b235..4b662c57 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -33,10 +33,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - @@ -54,10 +54,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod check-latest: true @@ -84,15 +84,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Lint code - uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6.5.1 + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 with: version: latest args: --timeout=10m @@ -104,10 +104,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - @@ -137,10 +137,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - @@ -170,10 +170,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 3319351a..0d46069e 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -20,13 +20,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - @@ -46,7 +46,7 @@ jobs: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Install Cosign - uses: sigstore/cosign-installer@v3.8.2 + uses: sigstore/cosign-installer@v3.9.2 #- # name: Import Code-Signing Certificates # uses: Apple-Actions/import-codesign-certs@cfd6eb39a2c848ead8836bda6b56813585404ba7 # v5.0.0 @@ -59,7 +59,7 @@ jobs: brew install coreutils - name: Run GoReleaser - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: version: latest args: release --clean --skip=publish diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 5754c70f..ac10b1cc 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -20,9 +20,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + uses: actions/checkout@v5 - - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - @@ -43,10 +43,10 @@ jobs: steps: - - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 with: scan-type: 'fs' ignore-unfixed: true @@ -72,7 +72,7 @@ jobs: # # steps: # - -# uses: actions/checkout@v4 +# uses: actions/checkout@v5 # - # name: Run Snyk to check for vulnerabilities # uses: snyk/actions/golang@master @@ -99,7 +99,7 @@ jobs: steps: - - uses: actions/checkout@v4 + uses: actions/checkout@v5 - uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d # v1 with: