Bump the ci group across 1 directory with 9 updates #235

dependabot · 2025-02-21T03:51:57Z

Bumps the ci group with 9 updates in the / directory:

Package	From	To
actions/checkout	`4.2.0`	`4.2.2`
actions/setup-go	`5.0.2`	`5.3.0`
docker/setup-qemu-action	`3.2.0`	`3.4.0`
docker/setup-buildx-action	`3.6.1`	`3.9.0`
sigstore/cosign-installer	`3.6.0`	`3.8.1`
anchore/sbom-action	`0.17.2`	`0.18.0`
docker/metadata-action	`5.5.1`	`5.6.1`
docker/build-push-action	`6.7.0`	`6.14.0`
goreleaser/goreleaser-action	`6.0.0`	`6.2.1`

Updates actions/checkout from 4.2.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
See full diff in compare view

Updates actions/setup-go from 5.0.2 to 5.3.0

Release notes

Sourced from actions/setup-go's releases.

v5.3.0

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in actions/setup-go#531

Configure Dependabot settings by @HarithaVattikuti in actions/setup-go#530

Document update - permission section by @HarithaVattikuti in actions/setup-go#533

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-go#534

New Contributors

@Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

f111f33 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#534)
3d10edb Add new permission section (#533)
43e1389 Configure Dependabot settings (#530)
f81f022 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531)
3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.2.0 to 3.4.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

Commits

4574d27 Merge pull request #195 from radarhere/patch-1
7a38281 Merge pull request #197 from docker/dependabot/npm_and_yarn/docker/actions-to...
7a1c63f build(deps): bump @docker/actions-toolkit from 0.53.0 to 0.54.0
2825a12 Fixed typo
f30d974 Merge pull request #193 from docker/dependabot/npm_and_yarn/docker/actions-to...
568bf06 chore: update generated content
a1aad7b build(deps): bump @docker/actions-toolkit from 0.49.0 to 0.53.0
e5daf5d Merge pull request #189 from crazy-max/bake-v6
faec242 update bake-action to v6
53851d1 Merge pull request #187 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.9.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

Switch back to uuid package by @crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

Always set buildkitd-flags if opt-in by @crazy-max in docker/setup-buildx-action#363

Remove uuid package and switch to crypto by @crazy-max in docker/setup-buildx-action#366

Bump @docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

f7ce87c Merge pull request #404 from docker/dependabot/npm_and_yarn/docker/actions-to...
aa1e2a0 chore: update generated content
673e008 build(deps): bump @docker/actions-toolkit from 0.53.0 to 0.54.0
ba31df4 Merge pull request #402 from docker/dependabot/npm_and_yarn/docker/actions-to...
5475af1 chore: update generated content
acacad9 build(deps): bump @docker/actions-toolkit from 0.48.0 to 0.53.0
6a25f98 Merge pull request #396 from crazy-max/bake-v6
ca1af17 update bake-action to v6
6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
8d5e074 chore: update generated content
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.6.0 to 3.8.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.8.1

What's Changed

use cosign 2.4.3 and other updates by @cpanato in sigstore/cosign-installer#182

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

v3.8.0

What's Changed

test action against all non-rc releases, verify entry in rekor log by @bobcallaway in sigstore/cosign-installer#179

bump for cosign v2.4.2 release by @bobcallaway in sigstore/cosign-installer#181

Full Changelog: sigstore/cosign-installer@v3...v3.8.0

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

d7d6bc7 use cosign 2.4.3 and other updates (#182)
c56c2d3 Bump actions/setup-go from 5.2.0 to 5.3.0 (#180)
02e36b8 bump for cosign v2.4.2 release (#181)
789d288 test action against all non-rc releases, verify entry in rekor log (#179)
e11c089 Bump actions/setup-go from 5.1.0 to 5.2.0 (#178)
718228a Bump actions/setup-go from 5.0.2 to 5.1.0 (#176)
325063e Bump actions/checkout from 4.2.1 to 4.2.2 (#177)
b929758 Bump actions/checkout from 4.2.0 to 4.2.1 (#175)
dc72c7d bump for latest cosign v2.4.1 release (#173)
08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
See full diff in compare view

Updates anchore/sbom-action from 0.17.2 to 0.18.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.18.0

Changes in v0.18.0

chore(deps): update Syft to v1.19.0 (#513)

See Syft changelog for latest changes

v0.17.9

Changes in v0.17.9

chore(deps): update Syft to v1.18.1 (#510) [anchore-actions-token-generator]

chore(deps): update Syft to v1.18.0 (#509) [anchore-actions-token-generator]

v0.17.8

Changes in v0.17.8

chore(deps): update Syft to v1.17.0 (#507) [anchore-actions-token-generator]

v0.17.7

Changes in v0.17.7

chore(deps): update Syft to v1.16.0 (#506) [anchore-actions-token-generator]

v0.17.6

Changes in v0.17.6

chore(deps): update Syft to v1.15.0 (#505) [anchore-actions-token-generator]

chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504) [dependabot]

v0.17.5

Changes in v0.17.5

chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

v0.17.4

Changes in v0.17.4

chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

v0.17.3

Changes in v0.17.3

chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

Commits

f325610 chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#511)
83a99f5 chore(deps): bump release-drafter/release-drafter from 6.0.0 to 6.1.0 (#512)
9af714f chore(deps): update Syft to v1.19.0 (#513)
df80a98 chore(deps): update Syft to v1.18.1 (#510)
33651ab chore(deps): update Syft to v1.18.0 (#509)
a5bbe18 fix: github correlator name when run in matrix build (#482)
55dc4ee chore(deps): update Syft to v1.17.0 (#507)
fc46e51 chore(deps): update Syft to v1.16.0 (#506)
251a468 chore(deps): update Syft to v1.15.0 (#505)
6bb446c chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504)
Additional commits viewable in compare view

Updates docker/metadata-action from 5.5.1 to 5.6.1

Release notes

Sourced from docker/metadata-action's releases.

v5.6.1

Fix GitHub API request fallback for commit date by @crazy-max in docker/metadata-action#478

Revert to default commit SHA length of 7 by @crazy-max in docker/metadata-action#480

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Add commit_date global expression by @trim21 in docker/metadata-action#471 docker/metadata-action#475

Increase short commit sha length to 12 for uniqueness by @crazy-max in docker/metadata-action#467

Bump @actions/core from 1.10.1 to 1.11.1 docker/metadata-action#460

Bump @docker/actions-toolkit from 0.16.1 to 0.44.0 docker/metadata-action#391 docker/metadata-action#399 docker/metadata-action#413 docker/metadata-action#441

Bump braces from 3.0.2 to 3.0.3 docker/metadata-action#424

Bump cross-spawn from 7.0.3 to 7.0.5 docker/metadata-action#474

Bump csv-parse from 5.5.5 to 5.5.6 docker/metadata-action#412

Bump moment-timezone from 0.5.44 to 0.5.46 docker/metadata-action#383 docker/metadata-action#470 docker/metadata-action#459

Bump path-to-regexp from 6.2.2 to 6.3.0 docker/metadata-action#454

Bump semver from 7.6.0 to 7.6.3 docker/metadata-action#400 docker/metadata-action#411 docker/metadata-action#440

Bump undici from 5.26.3 to 5.28.4 docker/metadata-action#386 docker/metadata-action#402

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

Commits

369eb59 Merge pull request #480 from crazy-max/back-to-sha-7
7d870ce chore: update generated content
e44a9cd back to commit sha length of 7
8cb0002 Merge pull request #478 from crazy-max/commit-date-request
e01ddd3 chore: update generated content
861d98a commiter_date: fix github api request fallback
359e915 Merge pull request #475 from crazy-max/commit-date-changes
0c395eb commit_date: code cleanup and readme updates
1156622 Merge pull request #474 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.5
95ea8d0 chore(deps): Bump cross-spawn from 7.0.3 to 7.0.5
Additional commits viewable in compare view

Updates docker/build-push-action from 6.7.0 to 6.14.0

Release notes

Sourced from docker/build-push-action's releases.

v6.14.0

Bump @docker/actions-toolkit from 0.53.0 to 0.55.0 in docker/build-push-action#1324

Full Changelog: docker/build-push-action@v6.13.0...v6.14.0

v6.13.0

Bump @docker/actions-toolkit from 0.51.0 to 0.53.0 in docker/build-push-action#1308

Full Changelog: docker/build-push-action@v6.12.0...v6.13.0

v6.12.0

Bump @docker/actions-toolkit from 0.49.0 to 0.51.0 in docker/build-push-action#1300

Full Changelog: docker/build-push-action@v6.11.0...v6.12.0

v6.11.0

Handlebar defaultContext support for build-contexts input by @crazy-max in docker/build-push-action#1283

Bump @docker/actions-toolkit from 0.46.0 to 0.49.0 in docker/build-push-action#1281

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

v6.10.0

Add call input to set method for evaluating build by @crazy-max in docker/build-push-action#1265

Bump @actions/core from 1.10.1 to 1.11.1 in docker/build-push-action#1238

Bump @docker/actions-toolkit from 0.39.0 to 0.46.0 in docker/build-push-action#1268

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/build-push-action#1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

v6.9.0

Bump @docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

Bump @docker/actions-toolkit from 0.37.1 to 0.38.0 in docker/build-push-action#1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

Commits

0adf995 Merge pull request #1324 from docker/dependabot/npm_and_yarn/docker/actions-t...
d88cd28 chore: update generated content
3d09a6b chore(deps): Bump @docker/actions-toolkit from 0.53.0 to 0.55.0
ca877d9 Merge pull request #1308 from docker/dependabot/npm_and_yarn/docker/actions-t...
d2fe919 chore: update generated content
f0fc9ec chore(deps): Bump @docker/actions-toolkit from 0.51.0 to 0.53.0
67a2d40 Merge pull request #1300 from docker/dependabot/npm_and_yarn/docker/actions-t...
0b1b1c9 chore: update generated content
b6a7c2c chore(deps): Bump @docker/actions-toolkit from 0.49.0 to 0.51.0
31ca4e5 Merge pull request #1296 from crazy-max/bake-v6
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.0.0 to 6.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

v6.2.0

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.1.0...v6.2.0

v6.1.0

What's Changed

chore(deps): bump braces from 3.0.2 to 3.0.3 by @dependabot in goreleaser/goreleaser-action#467

chore(deps): bump docker/bake-action from 4 to 5 by @dependabot in goreleaser/goreleaser-action#468

chore(deps): bump semver from 7.6.2 to 7.6.3 by @dependabot in goreleaser/goreleaser-action#470

chore(deps): bump @actions/http-client from 2.2.1 to 2.2.2 by @dependabot in goreleaser/goreleaser-action#473

chore(deps): bump @actions/http-client from 2.2.2 to 2.2.3 by @dependabot in goreleaser/goreleaser-action#474

chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @dependabot in goreleaser/goreleaser-action#475

chore(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in goreleaser/goreleaser-action#478

docs: bump upload-artifact version by @dunglas in goreleaser/goreleaser-action#479

chore: update generated content by @crazy-max in goreleaser/goreleaser-action#480

New Contributors

@dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

Commits

90a3faa chore(deps): bake vendor
0262998 test: fixes
450d3a4 test: fix configs
25b92ab chore(deps): update semver and tool-cache
bc0ac76 chore(deps): update actions
842e7cc feat: update for goreleaser v2.7
d28c982 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#482)
9ed2f89 chore: update generated content (#480)
cf63508 docs: bump upload-artifact version (#479)
f7623f3 chore(deps): bump @actions/core from 1.10.1 to 1.11.1 (#478)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.2` | `5.3.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.2.0` | `3.4.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `3.9.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.8.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.2` | `0.18.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.6.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.7.0` | `6.14.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.0.0` | `6.2.1` | Updates `actions/checkout` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@d632683...11bd719) Updates `actions/setup-go` from 5.0.2 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...f111f33) Updates `docker/setup-qemu-action` from 3.2.0 to 3.4.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@49b3bc8...4574d27) Updates `docker/setup-buildx-action` from 3.6.1 to 3.9.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@988b5a0...f7ce87c) Updates `sigstore/cosign-installer` from 3.6.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...d7d6bc7) Updates `anchore/sbom-action` from 0.17.2 to 0.18.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@61119d4...f325610) Updates `docker/metadata-action` from 5.5.1 to 5.6.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...369eb59) Updates `docker/build-push-action` from 6.7.0 to 6.14.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@5cd11c3...0adf995) Updates `goreleaser/goreleaser-action` from 6.0.0 to 6.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@286f3b1...90a3faa) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 21, 2025

dependabot bot mentioned this pull request Feb 21, 2025

Bump the ci group across 1 directory with 9 updates #234

Closed

stefanprodan approved these changes Feb 21, 2025

View reviewed changes

stefanprodan merged commit 05586e6 into main Feb 21, 2025
2 checks passed

stefanprodan deleted the dependabot/github_actions/ci-95b4c82f0a branch February 21, 2025 12:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the ci group across 1 directory with 9 updates #235

Bump the ci group across 1 directory with 9 updates #235

dependabot bot commented on behalf of github Feb 21, 2025

Bump the ci group across 1 directory with 9 updates #235

Bump the ci group across 1 directory with 9 updates #235

Conversation

dependabot bot commented on behalf of github Feb 21, 2025

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v5.3.0

What's Changed

New Contributors

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

New Contributors

v3.4.0

v3.3.0

v3.9.0

v3.8.0

v3.7.1

v3.7.0

v3.8.1

What's Changed

v3.8.0

What's Changed

v3.7.0

What's Changed

v0.18.0

Changes in v0.18.0

v0.17.9

Changes in v0.17.9

v0.17.8

Changes in v0.17.8

v0.17.7

Changes in v0.17.7

v0.17.6

Changes in v0.17.6

v0.17.5

Changes in v0.17.5

v0.17.4

Changes in v0.17.4

v0.17.3

Changes in v0.17.3

v5.6.1

v5.6.0

v6.14.0

v6.13.0

v6.12.0

v6.11.0

v6.10.0

v6.9.0

v6.8.0

v6.2.1

What's Changed

v6.2.0

What's Changed

v6.1.0

What's Changed

New Contributors