Skip to content

chore(deps): update github actions minor and patch updates #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update github actions minor and patch updates #206

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 21, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/setup-go action minor v5.4.0 -> v5.5.0
anchore/sbom-action action minor v0.18.0 -> v0.20.0
sigstore/cosign-installer action patch v3.8.1 -> v3.8.2
step-security/harden-runner action minor v2.11.1 -> v2.12.0

Release Notes

actions/setup-go (actions/setup-go)

v5.5.0

Compare Source

What's Changed

Bug fixes:
Dependency updates:

New Contributors

Full Changelog: actions/setup-go@v5...v5.5.0

anchore/sbom-action (anchore/sbom-action)

v0.20.0

Compare Source

Changes in v0.20.0

  • chore(deps): update Syft to v1.24.0 (#​522)

v0.19.0

Compare Source

Changes in v0.19.0

  • chore(deps): update Syft to v1.23.0 (#​521)
  • chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#​519)
  • chore(deps): bump cross-spawn (#​514)
sigstore/cosign-installer (sigstore/cosign-installer)

v3.8.2

Compare Source

What's Changed

Full Changelog: sigstore/cosign-installer@v3...v3.8.2

step-security/harden-runner (step-security/harden-runner)

v2.12.0

Compare Source

What's Changed

  1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

  2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from janderssonse as a code owner April 21, 2025 19:42
@renovate renovate bot added the actions label Apr 21, 2025
@renovate renovate bot changed the title chore(deps): update step-security/harden-runner action to v2.12.0 chore(deps): update github actions minor and patch updates Apr 22, 2025
@renovate renovate bot force-pushed the renovate/github-actions-minor-and-patch-updates branch 2 times, most recently from bec5528 to c208c42 Compare April 24, 2025 23:20
@renovate renovate bot force-pushed the renovate/github-actions-minor-and-patch-updates branch from c208c42 to 451700d Compare May 8, 2025 03:29
@renovate
chore(deps): update github actions minor and patch updates
2b4b2cb 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/github-actions-minor-and-patch-updates branch from 451700d to 2b4b2cb Compare May 14, 2025 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@janderssonse janderssonse Awaiting requested review from janderssonse janderssonse is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants