chore(deps): bump anchore/scan-action from 6.1.0 to 7.4.0 by dependabot[bot] · Pull Request #2199 · jenkins-docs/quickstart-tutorials

dependabot · 2026-04-24T23:45:48Z

Bumps anchore/scan-action from 6.1.0 to 7.4.0.

Release notes

Sourced from anchore/scan-action's releases.

v7.4.0

chore: update to node 24 (#629) [@kzantow]

fix(dev): move to esbuild (#601) [@willmurphyscode]

chore: update to ES modules + update @actions/* (#595) [@kzantow]

⬆️ Dependencies

chore(deps): update Grype to v0.110.0 (#618) [@anchore-actions-token-generator[bot]]

chore(deps-dev): bump tar 7.5.11 (#620) [@dependabot[bot]]

chore(deps): bump undici 6.24.1 (#622) [@dependabot[bot]]

chore: bump fast-xml-parser 5.5.7 (#626) [@dependabot[bot]]

v7.3.2

feat: add option to specify one or more grype config files (#589) [@sam-super]

⬆️ Dependencies

chore(deps): bump @actions/cache from 5.0.3 to 5.0.5 (#592) [@dependabot[bot]]

chore(deps): bump @actions/tool-cache from 3.0.0 to 3.0.1 (#593) [@dependabot[bot]]

chore(deps): update Grype to v0.107.1 (#594) [@anchore-actions-token-generator[bot]]

chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (#590) [@dependabot[bot]]

chore(deps): update Grype to v0.107.0 (#588) [@anchore-actions-token-generator[bot]]

chore(deps-dev): bump prettier from 3.8.0 to 3.8.1 (#584) [@dependabot[bot]]

chore(deps-dev): bump tar from 7.5.6 to 7.5.7 (#586) [@dependabot[bot]]

v7.3.1

⬆️ Dependencies

chore(deps): update Grype to v0.106.0 (#583) [@anchore-actions-token-generator[bot]]

chore(deps): bump lodash from 4.17.21 to 4.17.23 (#580) [@dependabot[bot]]

v7.3.0

New in scan-action v7.3.0

⬆️ Dependencies

chore(deps): bump @actions/tool-cache from 2.0.2 to 3.0.0 (#567) [@dependabot]

chore(deps): bump @actions/cache from 5.0.1 to 5.0.2 (#568) [@dependabot]

chore(deps): bump @actions/core from 2.0.1 to 2.0.2 (#569) [@dependabot]

chore(deps-dev): bump tar from 7.5.2 to 7.5.3 (#574) [@dependabot]

chore(deps): update Grype to v0.105.0 (#572) [@anchore-actions-token-generator[bot]]

v7.2.3

New in scan-action v7.2.3

chore(deps): update Grype to v0.104.4 (#566) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

chore(deps): bump @actions/cache from 4.1.0 to 5.0.1 (#563) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]

... (truncated)

Commits

e116508 chore: bump fast-xml-parser from 5.5.6 to 5.5.7 + setup-node (#631)
382a23a chore(deps): update Grype to v0.110.0 (#618)
2898213 chore: update to node 24 (#629)
4e1eb5b chore: update to modules and bump all deps (required for new @actions librari...
8ed60d1 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#617)
5a271d2 chore(deps-dev): bump lint-staged from 16.3.1 to 16.3.2 (#619)
6d37af2 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#625)
50a8160 chore(deps-dev): bump tar from 7.5.10 to 7.5.11 (#620)
daeb723 chore(deps): bump undici from 6.23.0 to 6.24.1 (#622)
6471a7e chore(deps): bump fast-xml-parser from 5.3.6 to 5.5.6 (#626)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 6.1.0 to 7.4.0. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@7c05671...e116508) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

…can-action-7.4.0

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 24, 2026

github-actions Bot added the repo label Apr 24, 2026

Merge branch 'weekly' into dependabot/github_actions/weekly/anchore/s…

3e7f09f

…can-action-7.4.0

gounthar merged commit a4d1b67 into weekly Apr 25, 2026
3 of 4 checks passed

gounthar deleted the dependabot/github_actions/weekly/anchore/scan-action-7.4.0 branch April 25, 2026 08:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump anchore/scan-action from 6.1.0 to 7.4.0#2199

chore(deps): bump anchore/scan-action from 6.1.0 to 7.4.0#2199
gounthar merged 2 commits intoweeklyfrom
dependabot/github_actions/weekly/anchore/scan-action-7.4.0

dependabot Bot commented on behalf of github Apr 24, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 24, 2026

v7.4.0

⬆️ Dependencies

v7.3.2

⬆️ Dependencies

v7.3.1

⬆️ Dependencies

v7.3.0

New in scan-action v7.3.0

⬆️ Dependencies

v7.2.3

New in scan-action v7.2.3

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant