Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the github-actions group across 1 directory with 5 updates #15249

Closed
wants to merge 1 commit into from
Closed

Bump the github-actions group across 1 directory with 5 updates #15249

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2024
edited
Loading

Bumps the github-actions group with 5 updates in the / directory:

Package From To
tj-actions/changed-files 44 45
actions/attest-build-provenance 1.0.0 1.4.2
ossf/scorecard-action 2.3.3 2.4.0
github/codeql-action 3.25.11 3.26.6
softprops/action-gh-release 2.0.6 2.0.8

Updates tj-actions/changed-files from 44 to 45

Release notes

Sourced from tj-actions/changed-files's releases.

v45

Changes in v45.0.0

🔥🔥 BREAKING CHANGE 🔥🔥

  • With changes detected using GitHub's API setting output_renamed_files_as_deleted_and_added to true, would now include the previous file name in the list of deleted files instead of the current file name.

What's Changed

New Contributors

Full Changelog: tj-actions/changed-files@v44...v45.0.0

v45.0.0

🔥🔥 BREAKING CHANGE 🔥🔥

  • With changes detected using GitHub's API setting output_renamed_files_as_deleted_and_added to true, would now include the previous file name in the list of deleted files.

What's Changed

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

45.0.0 - (2024-08-21)

🐛 Bug Fixes

  • Update test skip logic to use custom env (#2242) (b4c0974) - (Tonye Jack)
  • Remove unsupported input (#2238) (525aabb) - (Tonye Jack)
  • deps: Update dependency @​octokit/rest to v21.0.2 (3ea85a1) - (renovate[bot])

➕ Add

  • Added missing changes and modified dist assets. (598b721) - (GitHub Action)

📝 Rename

  • Renamed Files decomposed into Deleted: previous_filename and Added:filename (#2236)

Co-authored-by: Tonye Jack jtonye@ymail.com (f8034fb) - (Lukas Pfahler)

🔄 Update

  • Updated README.md (#2243)

Co-authored-by: jackton1 17484350+jackton1@users.noreply.github.com Co-authored-by: GitHub Action action@github.com (40853de) - (tj-actions[bot])

  • Update tsconfig.json (88201be) - (Tonye Jack)

📚 Documentation

  • Add Whadup as a contributor for code (#2239) (94b94fe) - (allcontributors[bot])

⚙️ Miscellaneous Tasks

  • Debug env vars (#2241) (246859d) - (Tonye Jack)
  • Conditionally skip certain test for foked prs (#2240) (46a4c02) - (Tonye Jack)
  • deps: Update dependency @​types/node to v22.4.2 (25b2562) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.4.1 (257f12c) - (renovate[bot])
  • deps: Lock file maintenance (9b7ba7b) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.4.0 (50693d8) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.3.0 (87d8f94) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.2.0 (950331d) - (renovate[bot])
  • deps: Update dependency eslint-plugin-jest to v28.8.0 (ed00b69) - (renovate[bot])
  • deps: Update dependency eslint-plugin-jest to v28.7.0 (9d768c3) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.1.0 (6b79c79) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.0.3 (99b60a2) - (renovate[bot])
  • deps: Update dependency ts-jest to v29.2.4 (8ae850f) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.0.1 (03d95b0) - (renovate[bot])

... (truncated)

Commits
  • 40853de Updated README.md (#2243)
  • 94b94fe docs: add Whadup as a contributor for code (#2239)
  • f8034fb Renamed Files decomposed into Deleted: previous_filename and Added:filename (...
  • b4c0974 fix: update test skip logic to use custom env (#2242)
  • 246859d chore: debug env vars (#2241)
  • 46a4c02 chore: conditionally skip certain test for foked prs (#2240)
  • 525aabb fix: remove unsupported input (#2238)
  • 25b2562 chore(deps): update dependency @​types/node to v22.4.2
  • 257f12c chore(deps): update dependency @​types/node to v22.4.1
  • 598b721 Added missing changes and modified dist assets.
  • Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.0.0 to 1.4.2

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.4.2

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.1...v1.4.2

v1.4.1

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.0...v1.4.1

v1.4.0

What's Changed

Full Changelog: actions/attest-build-provenance@v1.3.3...v1.4.0

v1.3.3

What's Changed

Full Changelog: actions/attest-build-provenance@v1.3.2...v1.3.3

v1.3.2

What's Changed

Full Changelog: actions/attest-build-provenance@v1.3.1...v1.3.2

v1.3.1

What's Changed

Full Changelog: actions/attest-build-provenance@v1.3.0...v1.3.1

v1.3.0

... (truncated)

Commits
  • 6149ea5 bump actions/attest from 1.4.0 to 1.4.1 (#209)
  • 3eb3242 Bump super-linter/super-linter from 6 to 7 (#205)
  • 399bb17 Bump @​types/node from 22.2.0 to 22.4.0 in the npm-development group (#203)
  • 9f60666 Bump the npm-development group with 2 updates (#199)
  • 310b0a4 update predicate action to 1.1.2 (#197)
  • d58ddf9 dynamic construction of oidc issuer (#195)
  • f9d4126 Bump @​typescript-eslint/parser from 7.17.0 to 7.18.0 (#188)
  • 588eda3 Bump the npm-development group with 3 updates (#187)
  • 48f71d5 disable typescript-standard super linter (#191)
  • 210c191 bump actions/attest from 1.3.3 to 1.4.0 (#183)
  • Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.3 to 2.4.0

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

Commits
  • 62b2cac bump docker tag to v2.4.0 for release (#1414)
  • c09630c lower license score alert threshold to 9 (#1411)
  • cf8594c 🌱 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
  • de5fcb9 🌱 Bump the github-actions group with 2 updates (#1412)
  • a46b90b bump scorecard to v5.0.0 release (#1410)
  • 9fc518d 🌱 Bump golang in the docker-images group (#1407)
  • a8eaa1b 🌱 Bump the github-actions group with 2 updates (#1408)
  • 873d5fd 🌱 Bump the github-actions group across 1 directory with 2 updates (#...
  • 54cc1fe 🌱 Bump the docker-images group with 2 updates (#1401)
  • 82bcb91 🌱 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.25.11 to 3.26.6

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.26.6 - 29 Aug 2024

  • Update default CodeQL bundle version to 2.18.3. #2449

3.26.5 - 23 Aug 2024

  • Fix an issue where the csrutil system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. #2441

3.26.4 - 21 Aug 2024

  • Deprecation: The add-snippets input on the analyze Action is deprecated and will be removed in the first release in August 2025. #2436
  • Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. #2434

3.26.3 - 19 Aug 2024

  • Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. #2430

3.26.2 - 14 Aug 2024

  • Update default CodeQL bundle version to 2.18.2. #2417

3.26.1 - 13 Aug 2024

No user facing changes.

3.26.0 - 06 Aug 2024

  • Deprecation: Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. #2403
  • Bump the minimum CodeQL bundle version to 2.13.5. #2408

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2376

3.25.13 - 19 Jul 2024

... (truncated)

Commits
  • 4dd1613 Merge pull request #2452 from github/update-v3.26.6-7233ec5e6
  • dd9dd2d Update changelog for v3.26.6
  • 7233ec5 Merge pull request #2449 from github/update-bundle/codeql-bundle-v2.18.3
  • a32c44d Add changelog note
  • 2966897 Update default bundle to codeql-bundle-v2.18.3
  • b8efe4d Merge pull request #2435 from github/update-supported-enterprise-server-versions
  • ab408a8 Merge branch 'main' into update-supported-enterprise-server-versions
  • 864b979 Merge pull request #2443 from github/dbartol/config-file-telemetry
  • d36c7aa Merge pull request #2448 from github/dependabot/npm_and_yarn/npm-09b7c43f6b
  • b3bf514 Update checked-in dependencies
  • Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.0.6 to 2.0.8

Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.8

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.0.8

v2.0.7

What's Changed

Bug fixes 🐛

Other Changes 🔄

New Contributors

Full Changelog: softprops/action-gh-release@v2.0.6...v2.0.7

Changelog

Sourced from softprops/action-gh-release's changelog.

2.0.8

Other Changes 🔄

2.0.7

Bug fixes 🐛

Other Changes 🔄

2.0.6

  • maintenance release with updated dependencies

2.0.5

2.0.4

2.0.3

  • Declare make_latest as an input field in action.yml #419

2.0.2

  • Revisit approach to #384 making unresolved pattern failures opt-in #417

2.0.1

... (truncated)

Commits
  • c062e08 release 2.0.8
  • 380635c chore(deps): bump @​actions/github from 5.1.1 to 6.0.0 (#470)
  • 20adb42 refactor: write jest config in ts (#485)
  • f808f15 chore(deps): bump glob from 10.4.2 to 11.0.0 (#477)
  • 6145241 chore(deps): bump @​octokit/plugin-throttling from 9.3.0 to 9.3.1 (#484)
  • 4ac522d chore(deps): bump @​types/node from 20.14.9 to 20.14.11 (#483)
  • 25849b1 chore(deps): bump prettier from 2.8.0 to 3.3.3 (#480)
  • 6206056 chore: update dependabot commit msg
  • 39aadf1 chore: run frizbee actions .github/workflows/
  • 6f3ab65 chore: update dist file
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group across 1 directory with 5 updates
c421769 
Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `44` | `45` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.0.0` | `1.4.2` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.11` | `3.26.6` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.6` | `2.0.8` |



Updates `tj-actions/changed-files` from 44 to 45
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@v44...v45)

Updates `actions/attest-build-provenance` from 1.0.0 to 1.4.2
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@897ed5e...6149ea5)

Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@dc50aa9...62b2cac)

Updates `github/codeql-action` from 3.25.11 to 3.26.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b611370...4dd1613)

Updates `softprops/action-gh-release` from 2.0.6 to 2.0.8
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@a74c6b7...c062e08)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner September 1, 2024 11:40
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 1, 2024
@bader
Copy link
Contributor

bader commented Sep 27, 2024

@intel/dpcpp-tools-reviewers, ping.

asudarsa
asudarsa approved these changes Sep 28, 2024
View reviewed changes
Copy link
Contributor

@asudarsa asudarsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not too familiar with these changes. But looks reasonable.

Thanks

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 1, 2024

Superseded by #15565.

@dependabot dependabot bot closed this Oct 1, 2024
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-349a9c4478 branch October 1, 2024 11:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asudarsa asudarsa asudarsa approved these changes

@uditagarwal97 uditagarwal97 uditagarwal97 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bader @uditagarwal97 @asudarsa