Bump the actions-minor group across 1 directory with 9 updates #148

dependabot · 2025-03-03T18:35:57Z

Bumps the actions-minor group with 9 updates in the / directory:

Package	From	To
actions/setup-node	`4.1.0`	`4.2.0`
actions/upload-artifact	`4.4.3`	`4.6.1`
github/codeql-action	`3.27.6`	`3.28.10`
super-linter/super-linter	`7.2.0`	`7.3.0`
ossf/scorecard-action	`2.4.0`	`2.4.1`
sigstore/cosign-installer	`3.7.0`	`3.8.1`
slsa-framework/slsa-github-generator	`2.0.0`	`2.1.0`
actions/download-artifact	`4.1.8`	`4.1.9`
softprops/action-gh-release	`2.1.0`	`2.2.1`

Updates actions/setup-node from 4.1.0 to 4.2.0

Release notes

Sourced from actions/setup-node's releases.

v4.2.0

What's Changed

Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @aparnajyothi-y in actions/setup-node#1174

Add recommended permissions section to readme by @benwells in actions/setup-node#1193

Configure Dependabot settings by @HarithaVattikuti in actions/setup-node#1192

Upgrade @actions/cache to ^4.0.0 by @priyagupta108 in actions/setup-node#1191

Upgrade pnpm/action-setup from 2 to 4 by @dependabot in actions/setup-node#1194

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-node#1195

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in actions/setup-node#1196

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot in actions/setup-node#1201

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-node#1205

New Contributors

@benwells made their first contribution in actions/setup-node#1193

Full Changelog: actions/setup-node@v4...v4.2.0

Commits

1d0ff46 Bump undici from 5.28.4 to 5.28.5 (#1205)
574f09a Bump @types/jest from 29.5.12 to 29.5.14 (#1201)
260f870 Bump semver from 7.6.0 to 7.6.3 (#1196)
111c4be Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1195)
0bc26de Bump pnpm/action-setup from 2 to 4 (#1194)
8f9cc17 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1191)
5eef37b Create dependabot.yml (#1192)
fbeca22 Update README.md (#1193)
48b9067 Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0...
See full diff in compare view

Updates actions/upload-artifact from 4.4.3 to 4.6.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits

4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
Additional commits viewable in compare view

Updates github/codeql-action from 3.27.6 to 3.28.10

Release notes

Sourced from github/codeql-action's releases.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

... (truncated)

Commits

b56ba49 Merge pull request #2778 from github/update-v3.28.10-9856c48b1
60c9c77 Update changelog for v3.28.10
9856c48 Merge pull request #2773 from github/redsun82/rust
9572e09 Rust: fix log string
1a52936 Rust: special case default setup
cf7e909 Merge pull request #2772 from github/update-bundle/codeql-bundle-v2.20.5
b7006aa Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5
cfedae7 Rust: throw configuration errors if requested and not correctly enabled
3971ed2 Merge branch 'main' into redsun82/rust
d38c6e6 Merge pull request #2775 from github/angelapwen/bump-octokit
Additional commits viewable in compare view

Updates super-linter/super-linter from 7.2.0 to 7.3.0

Release notes

Sourced from super-linter/super-linter's releases.

v7.3.0

7.3.0 (2025-02-26)

🚀 Features

add nbqa linter for jupyter notebooks (#6240) (469f30e)

composer install with any php linters (#6599) (9f7f83b), closes #6336 #6598 #6597

enable scss linting by default (#6408) (ff470a9)

golangci-lint: add possibility to specify custom config file (#6558) (4a4ab1e)

update eslint configuration (#6590) (d0b304a)

🐛 Bugfixes

handle push tag events on merge commits (#6204) (36971e1), closes #6193

⬆️ Dependency updates

bundler: bump the rubocop group across 1 directory with 4 updates (#6567) (e6340f4)

bundler: bump the rubocop group in /dependencies with 2 updates (#6602) (d85ded7)

docker: bump the docker group across 1 directory with 16 updates (#6591) (1da80af)

java: bump com.google.googlejavaformat:google-java-format (#6442) (a819ff6)

java: bump the java-gradle group across 2 directories with 2 updates (#6605) (846dfad)

npm: bump @babel/eslint-parser in /dependencies (#6547) (3a6c779)

npm: bump asl-validator from 3.9.0 to 3.13.0 in /dependencies (#6588) (e2ebecc)

npm: bump markdownlint-cli from 0.42.0 to 0.44.0 in /dependencies (#6529) (bb5a295)

npm: bump next (#6468) (b5a246e)

npm: bump next (#6564) (9a00bbf)

npm: bump npm-groovy-lint from 15.0.0 to 15.1.0 in /dependencies (#6609) (c43b06c)

npm: bump prettier from 3.5.1 to 3.5.2 in /dependencies (#6610) (d05486b)

npm: bump renovate from 39.172.0 to 39.176.3 in /dependencies (#6586) (7dacfb4)

npm: bump renovate from 39.176.3 to 39.179.1 in /dependencies (#6608) (ffe769d)

npm: bump stylelint-scss (#6607) (68b354c)

npm: bump textlint (#6484) (2094743)

npm: bump the commitlint group across 1 directory with 2 updates (#6560) (6f351f1)

npm: bump the react group across 1 directory with 7 updates (#6587) (b9c87d4)

npm: bump the stylelint group across 1 directory with 5 updates (#6537) (7d0a891)

python: bump the pip group across 1 directory with 13 updates (#6572) (d7d3a34)

python: bump the pip group across 1 directory with 3 updates (#6606) (d39d077)

🧰 Maintenance

dev-docker: bump node in /dev-dependencies (#6535) (d68be1a)

dev-docker: bump node in /dev-dependencies (#6559) (a5237ea)

dev-npm: bump release-please in /dev-dependencies (#6611) (b301205)

fix ansible dir ownership in tests (#6563) (ff7ebee)

fix broken link to sqlfluff config (#6475) (ae84419)

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

7.3.0 (2025-02-26)

🚀 Features

add nbqa linter for jupyter notebooks (#6240) (469f30e)

composer install with any php linters (#6599) (9f7f83b), closes #6336 #6598 #6597

enable scss linting by default (#6408) (ff470a9)

golangci-lint: add possibility to specify custom config file (#6558) (4a4ab1e)

update eslint configuration (#6590) (d0b304a)

🐛 Bugfixes

handle push tag events on merge commits (#6204) (36971e1), closes #6193

⬆️ Dependency updates

bundler: bump the rubocop group across 1 directory with 4 updates (#6567) (e6340f4)

bundler: bump the rubocop group in /dependencies with 2 updates (#6602) (d85ded7)

docker: bump the docker group across 1 directory with 16 updates (#6591) (1da80af)

java: bump com.google.googlejavaformat:google-java-format (#6442) (a819ff6)

java: bump the java-gradle group across 2 directories with 2 updates (#6605) (846dfad)

npm: bump @babel/eslint-parser in /dependencies (#6547) (3a6c779)

npm: bump asl-validator from 3.9.0 to 3.13.0 in /dependencies (#6588) (e2ebecc)

npm: bump markdownlint-cli from 0.42.0 to 0.44.0 in /dependencies (#6529) (bb5a295)

npm: bump next (#6468) (b5a246e)

npm: bump next (#6564) (9a00bbf)

npm: bump npm-groovy-lint from 15.0.0 to 15.1.0 in /dependencies (#6609) (c43b06c)

npm: bump prettier from 3.5.1 to 3.5.2 in /dependencies (#6610) (d05486b)

npm: bump renovate from 39.172.0 to 39.176.3 in /dependencies (#6586) (7dacfb4)

npm: bump renovate from 39.176.3 to 39.179.1 in /dependencies (#6608) (ffe769d)

npm: bump stylelint-scss (#6607) (68b354c)

npm: bump textlint (#6484) (2094743)

npm: bump the commitlint group across 1 directory with 2 updates (#6560) (6f351f1)

npm: bump the react group across 1 directory with 7 updates (#6587) (b9c87d4)

npm: bump the stylelint group across 1 directory with 5 updates (#6537) (7d0a891)

python: bump the pip group across 1 directory with 13 updates (#6572) (d7d3a34)

python: bump the pip group across 1 directory with 3 updates (#6606) (d39d077)

🧰 Maintenance

dev-docker: bump node in /dev-dependencies (#6535) (d68be1a)

dev-docker: bump node in /dev-dependencies (#6559) (a5237ea)

dev-npm: bump release-please in /dev-dependencies (#6611) (b301205)

fix ansible dir ownership in tests (#6563) (ff7ebee)

... (truncated)

Commits

4e8a7c2 chore(main): release 7.3.0 (#6460)
d85ded7 deps(bundler): bump the rubocop group in /dependencies with 2 updates (#6602)
f7cbf33 chore: fix ruby linting issues (#6614)
b301205 ci(dev-npm): bump release-please in /dev-dependencies (#6611)
41fd8a9 ci(github-actions): bump actions/upload-artifact (#6604)
846dfad deps(java): bump the java-gradle group across 2 directories with 2 updates (#...
d39d077 deps(python): bump the pip group across 1 directory with 3 updates (#6606)
68b354c deps(npm): bump stylelint-scss (#6607)
ffe769d deps(npm): bump renovate from 39.176.3 to 39.179.1 in /dependencies (#6608)
c43b06c deps(npm): bump npm-groovy-lint from 15.0.0 to 15.1.0 in /dependencies (#6609)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.1

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.1

What's Changed

This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.

Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.

use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in ossf/scorecard-action#1423

Some errors were made into annotations to make them more visible

Make default branch error more prominent by @jsoref in ossf/scorecard-action#1459

There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.

add input for specifying --file-mode by @spencerschrock in ossf/scorecard-action#1509

The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

🌱 publish docker images to GitHub Container Registry by @spencerschrock in ossf/scorecard-action#1453

Docs

Installation docs update by @JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

@JeremiahAHoward made their first contribution in ossf/scorecard-action#1416

@jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

Commits

f49aabe bump docker to ghcr v2.4.1 (#1478)
30a595b 🌱 Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (#1515)
69ae593 omit vcs info from build (#1514)
6a62a1c add input for specifying --file-mode (#1509)
2722664 🌱 Bump the github-actions group with 2 updates (#1510)
ae0ef31 🌱 Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1512)
3676bbc 🌱 Bump golang from 1.23.6 to 1.24.0 in the docker-images group (#1513)
ae7548a Limit codeQL push trigger to main branch (#1507)
9165624 upgrade scorecard to v5.1.0 (#1508)
620fd28 🌱 Bump the github-actions group with 2 updates (#1505)
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.7.0 to 3.8.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.8.1

What's Changed

use cosign 2.4.3 and other updates by @cpanato in sigstore/cosign-installer#182

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

v3.8.0

What's Changed

test action against all non-rc releases, verify entry in rekor log by @bobcallaway in sigstore/cosign-installer#179

bump for cosign v2.4.2 release by @bobcallaway in sigstore/cosign-installer#181

Full Changelog: sigstore/cosign-installer@v3...v3.8.0

Commits

d7d6bc7 use cosign 2.4.3 and other updates (#182)
c56c2d3 Bump actions/setup-go from 5.2.0 to 5.3.0 (#180)
02e36b8 bump for cosign v2.4.2 release (#181)
789d288 test action against all non-rc releases, verify entry in rekor log (#179)
e11c089 Bump actions/setup-go from 5.1.0 to 5.2.0 (#178)
718228a Bump actions/setup-go from 5.0.2 to 5.1.0 (#176)
325063e Bump actions/checkout from 4.2.1 to 4.2.2 (#177)
b929758 Bump actions/checkout from 4.2.0 to 4.2.1 (#175)
See full diff in compare view

Updates slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v2.1.0

What's Changed

chore: v2.0.0: update tags to v2.0.0 by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3584

fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3572

docs: fix broken links by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3605

chore(setup-go): update actions/setup-go to resolve the warning by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3604

fix: Update release docs by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3589

docs: Add Atsign-Foundation NoPorts to the Hall of Fame by @cpswan in slsa-framework/slsa-github-generator#3616

docs: Add v2.0.0 to SECURITY.md by @ianlewis in slsa-framework/slsa-github-generator#3630

docs: Add links to CHANGELOG by @ianlewis in slsa-framework/slsa-github-generator#3631

ci: fix PR title checker by @ianlewis in slsa-framework/slsa-github-generator#3632

ci: Add issue reopener by @ianlewis in slsa-framework/slsa-github-generator#3629

fix: update softprops/action-gh-release to v2.0.5 by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3619

chore(renovate): use cron syntax for schedule by @rarkins in slsa-framework/slsa-github-generator#3638

chore: Fix Renovate config by @ianlewis in slsa-framework/slsa-github-generator#3635

feat: workflow to update actions dist by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3653

fix(deps): update dependency @sigstore/rekor-types to v2 by @renovate-bot in slsa-framework/slsa-github-generator#3650

chore(deps): update github-actions (major) by @renovate-bot in slsa-framework/slsa-github-generator#3648

fix(deps): update dependency org.json:json to v20231013 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3641

fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3640

chore(deps): update dependency pathspec to v0.12.1 by @renovate-bot in slsa-framework/slsa-github-generator#3644

fix(deps): update dependency @actions/github to v6 by @renovate-bot in slsa-framework/slsa-github-generator#3649

fix(deps): update module golang.org/x/oauth2 to v0.20.0 by @renovate-bot in slsa-framework/slsa-github-generator#3646

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3647

chore: formatting by @ianlewis in slsa-framework/slsa-github-generator#3655

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3642

docs: Add openfga as another user of slsa-github-generator via Github Actions by @aaguiarz in slsa-framework/slsa-github-generator#2950

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in slsa-framework/slsa-github-generator#3645

chore: allow Renovate to create new config warning issues by @HonkingGoose in slsa-framework/slsa-github-generator#3662

chore: Fix markdown issues by @ianlewis in slsa-framework/slsa-github-generator#3658

chore(deps): update npm dev by @renovate-bot in slsa-framework/slsa-github-generator#3643

feat: Record vars in SLSA generators by @ianlewis in slsa-framework/slsa-github-generator#3633

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3679

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7 by @renovate-bot in slsa-framework/slsa-github-generator#3680

docs: Remove expected GA for Node.js builder by @ianlewis in slsa-framework/slsa-github-generator#3659

ci: Add formatting pre-submit check by @ianlewis in slsa-framework/slsa-github-generator#3654

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.8 by @renovate-bot in slsa-framework/slsa-github-generator#3712

chore(deps): bump the npm_and_yarn group across 10 directories with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3714

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3711

chore(deps): bump the go_modules group with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3715

chore: slsa-verifier v2.6.0: Update action.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3736

fix: Update maven helper plugin build by @loosebazooka in slsa-framework/slsa-github-generator#3746

fix: maven e2e: remove verify job by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3748

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3753

chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group by @dependabot in slsa-framework/slsa-github-generator#3760

chore(config): migrate renovate config by @renovate-bot in slsa-framework/slsa-github-generator#3774

chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.10.1 by @renovate-bot in slsa-framework/slsa-github-generator#3758

chore(deps): update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 by @renovate-bot in slsa-framework/slsa-github-generator#3820

chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.5 by @renovate-bot in slsa-framework/slsa-github-generator#3757

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3754

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it ...
Description has been truncated

Bumps the actions-minor group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `4.1.0` | `4.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.6` | `3.28.10` | | [super-linter/super-linter](https://github.com/super-linter/super-linter) | `7.2.0` | `7.3.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `3.8.1` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `2.0.0` | `2.1.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `4.1.9` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.1.0` | `2.2.1` | Updates `actions/setup-node` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@39370e3...1d0ff46) Updates `actions/upload-artifact` from 4.4.3 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...4cec3d8) Updates `github/codeql-action` from 3.27.6 to 3.28.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@aa57810...b56ba49) Updates `super-linter/super-linter` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@e1cb86b...4e8a7c2) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...f49aabe) Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@dc72c7d...d7d6bc7) Updates `slsa-framework/slsa-github-generator` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0) Updates `actions/download-artifact` from 4.1.8 to 4.1.9 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@fa0a91b...cc20338) Updates `softprops/action-gh-release` from 2.1.0 to 2.2.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@01570a1...c95fe14) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions-minor group across 1 directory with 9 updates #148

Bump the actions-minor group across 1 directory with 9 updates #148

dependabot bot commented on behalf of github Mar 3, 2025 •

edited

Loading

Bump the actions-minor group across 1 directory with 9 updates #148

Are you sure you want to change the base?

Bump the actions-minor group across 1 directory with 9 updates #148

Conversation

dependabot bot commented on behalf of github Mar 3, 2025 • edited Loading

v4.2.0

What's Changed

New Contributors

v4.6.1

What's Changed

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v3.28.10

CodeQL Action Changelog

3.28.10 - 21 Feb 2025

v3.28.9

CodeQL Action Changelog

3.28.9 - 07 Feb 2025

v3.28.8

CodeQL Action Changelog

3.28.8 - 29 Jan 2025

v3.28.7

CodeQL Action Changelog

3.28.7 - 29 Jan 2025

v3.28.6

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

3.28.10 - 21 Feb 2025

3.28.9 - 07 Feb 2025

3.28.8 - 29 Jan 2025

3.28.7 - 29 Jan 2025

3.28.6 - 27 Jan 2025

3.28.5 - 24 Jan 2025

3.28.4 - 23 Jan 2025

3.28.3 - 22 Jan 2025

3.28.2 - 21 Jan 2025

3.28.1 - 10 Jan 2025

v7.3.0

7.3.0 (2025-02-26)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

Changelog

7.3.0 (2025-02-26)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

v2.4.1

What's Changed

Docs

New Contributors

v3.8.1

What's Changed

v3.8.0

What's Changed

v2.1.0

What's Changed

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

v2.1.0: Vars context recorded in provenance

dependabot bot commented on behalf of github Mar 3, 2025 •

edited

Loading