From f3433e149bfd33858431ac581e58a5c2a86aa81a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jun 2026 23:53:44 +0000 Subject: [PATCH] chore(deps): bump the actions-minor-patch group across 1 directory with 6 updates Bumps the actions-minor-patch group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.2` | | [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.2` | | [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.2` | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [anchore/go-make](https://github.com/anchore/go-make) | `0.5.0` | `0.6.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.5` | `0.5.6` | Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.6.0 to 0.7.2 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b0c30a80409130d329aaa356fd64a34d8c0b3375) Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.6.0 to 0.7.2 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b0c30a80409130d329aaa356fd64a34d8c0b3375) Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.6.0 to 0.7.2 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b0c30a80409130d329aaa356fd64a34d8c0b3375) Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) Updates `anchore/go-make` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/anchore/go-make/releases) - [Commits](https://github.com/anchore/go-make/compare/9de27be11ed73e2f9d5406a836a492b7d8aa1225...39fe5f71112d4dceb3ff0a92a40f272f067fc457) Updates `zizmorcore/zizmor-action` from 0.5.5 to 0.5.6 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/a16621b09c6db4281f81a93cb393b05dcd7b7165...5f14fd08f7cf1cb1609c1e344975f152c7ee938d) --- updated-dependencies: - dependency-name: anchore/workflows/.github/workflows/codeql.yaml dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: anchore/workflows/.github/workflows/check-gate.yaml dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: anchore/go-make dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yaml | 2 +- .github/workflows/release.yaml | 8 ++++---- .github/workflows/validate-github-actions.yaml | 4 ++-- .github/workflows/validations.yaml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 06b5dbc..6384d59 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -13,7 +13,7 @@ permissions: {} jobs: analyze: name: Analyze - uses: anchore/workflows/.github/workflows/codeql.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/codeql.yaml@b0c30a80409130d329aaa356fd64a34d8c0b3375 # v0.7.2 permissions: security-events: write packages: read diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b817387..0f17b2d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,7 +16,7 @@ on: jobs: version-available: - uses: anchore/workflows/.github/workflows/check-version-available.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/check-version-available.yaml@b0c30a80409130d329aaa356fd64a34d8c0b3375 # v0.7.2 permissions: contents: read # for getting all tags with: @@ -25,7 +25,7 @@ jobs: check-gate: permissions: checks: read # required for getting the status of specific check names - uses: anchore/workflows/.github/workflows/check-gate.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/check-gate.yaml@b0c30a80409130d329aaa356fd64a34d8c0b3375 # v0.7.2 with: # these are checks that should be run on pull-request and merges to main. # we do NOT want to kick off a release if these have not been verified on main. @@ -39,13 +39,13 @@ jobs: permissions: contents: write # needed for creating github release objects steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 #v6.0.3 with: fetch-depth: 0 # we need the full history to reason about changelogs and tags persist-credentials: true # needed for pushing a tag # setup checkout, go, go-make, binny, and cache go modules - - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0 + - uses: anchore/go-make/.github/actions/setup@39fe5f71112d4dceb3ff0a92a40f272f067fc457 # v0.6.0 - name: Create release env: diff --git a/.github/workflows/validate-github-actions.yaml b/.github/workflows/validate-github-actions.yaml index 1960f38..d4c38eb 100644 --- a/.github/workflows/validate-github-actions.yaml +++ b/.github/workflows/validate-github-actions.yaml @@ -20,12 +20,12 @@ jobs: contents: read security-events: write # for uploading SARIF results steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: "Run zizmor" - uses: zizmorcore/zizmor-action@a16621b09c6db4281f81a93cb393b05dcd7b7165 # v0.5.5 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: # there is a pass/fail gate as a repo ruleset (if there is no ruleset configured then the action will pass by default) advanced-security: true diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml index 51fbb65..95669f4 100644 --- a/.github/workflows/validations.yaml +++ b/.github/workflows/validations.yaml @@ -17,7 +17,7 @@ jobs: contents: read steps: # setup checkout, go, go-make, binny, and cache go modules - - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0 + - uses: anchore/go-make/.github/actions/setup@39fe5f71112d4dceb3ff0a92a40f272f067fc457 # v0.6.0 - name: Run static analysis run: make static-analysis @@ -30,7 +30,7 @@ jobs: contents: read steps: # setup checkout, go, go-make, binny, and cache go modules - - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0 + - uses: anchore/go-make/.github/actions/setup@39fe5f71112d4dceb3ff0a92a40f272f067fc457 # v0.6.0 - name: Run unit tests run: make unit