Skip to content

Commit c7ea0ea

Browse files
authored
Merge pull request advanced-security#71 from advanced-security/dependabot/github_actions/main/production-dependencies-18e5ab34b8
deps: bump the production-dependencies group across 1 directory with 7 updates
2 parents 8c41b9d + 537e010 commit c7ea0ea

File tree

5 files changed

+10
-10
lines changed

5 files changed

+10
-10
lines changed

.github/workflows/codeql-ql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
uses: actions/checkout@v6
2222

2323
- name: "Set up Rust"
24-
uses: dtolnay/rust-toolchain@0b1efabc08b657293548b77fb76cc02d26091c7e # v1.85.1
24+
uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 # v1.85.1
2525
with:
2626
toolchain: stable
2727

.github/workflows/container-publish.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -43,10 +43,10 @@ jobs:
4343
uses: actions/checkout@v6
4444

4545
- name: Set up Docker Buildx
46-
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
46+
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
4747

4848
- name: Log in to the Container registry
49-
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
49+
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
5050
with:
5151
registry: ${{ env.REGISTRY }}
5252
username: ${{ github.actor }}
@@ -80,20 +80,20 @@ jobs:
8080

8181
# Upload Software Bill of Materials (SBOM) to GitHub
8282
- name: Upload SBOM
83-
uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # v0.1.1
83+
uses: advanced-security/spdx-dependency-submission-action@f957edbb35161c1f9e33f61026fc86a671c58cae # v0.1.2
8484
with:
8585
filePath: '.'
8686
filePattern: '*.spdx.json'
8787

8888
# Build provenance attestations
8989
- name: Attest Container Image
90-
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
90+
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
9191
with:
9292
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
9393
subject-digest: ${{ steps.build.outputs.digest }}
9494
push-to-registry: true
9595

9696
# - name: Attest Container SBOM
97-
# uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
97+
# uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
9898
# with:
9999
# subject-path:: '*.spdx.json'

.github/workflows/container-security.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
uses: actions/checkout@v6
3939

4040
- name: Set up Docker Buildx
41-
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
41+
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
4242

4343
- name: Build Initial Container
4444
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
@@ -52,7 +52,7 @@ jobs:
5252

5353
# Scan the image for vulnerabilities
5454
- name: Run the Anchore / Grype scan action
55-
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
55+
uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1
5656
id: scan
5757
with:
5858
image: localbuild/testimage:latest

.github/workflows/python-vendor.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ jobs:
7979
8080
- name: "Create Pull Request with updated vendored dependencies"
8181
if: ${{ steps.vendoring.outputs.changes > 0 }}
82-
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
82+
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
8383
with:
8484
token: ${{ github.token }}
8585
commit-message: "[chore]: Update vendored dependencies"

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
mode: ${{ github.event.inputs.bump }}
3939

4040
- name: "Create Release"
41-
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
41+
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
4242
with:
4343
token: ${{ github.token }}
4444
commit-message: "[chore]: Create release for ${{ github.event.inputs.version }}"

0 commit comments

Comments
 (0)