From 17a840eaae2ab2488f413f5f33863e91b5c987b6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 17:16:23 +0000 Subject: [PATCH] chore(deps): update maru support dependencies | datasource | package | from | to | | ----------- | -------------------------- | -------- | -------- | | github-tags | actions/upload-artifact | v4.3.4 | v4.3.5 | | github-tags | anchore/sbom-action | v0.16.1 | v0.17.0 | | github-tags | defenseunicorns/zarf | v0.36.0 | v0.37.0 | | github-tags | docker/setup-buildx-action | v3.4.0 | v3.6.1 | | github-tags | github/codeql-action | v3.25.12 | v3.25.15 | | github-tags | ossf/scorecard-action | v2.3.3 | v2.4.0 | --- .github/actions/install-tools/action.yaml | 4 ++-- .github/actions/save-logs/action.yaml | 2 +- .github/actions/zarf/action.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scan-codeql.yaml | 4 ++-- .github/workflows/scan-lint.yaml | 2 +- .github/workflows/scorecard.yaml | 6 +++--- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml index 90b4032..8a92c91 100644 --- a/.github/actions/install-tools/action.yaml +++ b/.github/actions/install-tools/action.yaml @@ -6,9 +6,9 @@ runs: steps: - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - - uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1 + - uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0 - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin" shell: bash - - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 23cdef6..d599092 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -4,7 +4,7 @@ description: "Save debug logs" runs: using: composite steps: - - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: debug-log path: /tmp/maru-*.log diff --git a/.github/actions/zarf/action.yaml b/.github/actions/zarf/action.yaml index 21255d7..2bc8108 100644 --- a/.github/actions/zarf/action.yaml +++ b/.github/actions/zarf/action.yaml @@ -7,4 +7,4 @@ runs: - uses: defenseunicorns/setup-zarf@main with: # renovate: datasource=github-tags depName=defenseunicorns/zarf - version: v0.36.0 + version: v0.37.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5f69d41..444ed05 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,7 +24,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml index f13b49a..c5f59c7 100644 --- a/.github/workflows/scan-codeql.yaml +++ b/.github/workflows/scan-codeql.yaml @@ -45,7 +45,7 @@ jobs: run: make build-cli-linux-amd - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 env: CODEQL_EXTRACTOR_GO_BUILD_TRACING: on with: @@ -54,6 +54,6 @@ jobs: - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scan-lint.yaml b/.github/workflows/scan-lint.yaml index ad9dc13..fd302b1 100644 --- a/.github/workflows/scan-lint.yaml +++ b/.github/workflows/scan-lint.yaml @@ -26,7 +26,7 @@ jobs: extra_args: --all-files --verbose # pre-commit run --all-files --verbose - name: Run Revive Action by pulling pre-built image - uses: docker://morphy/revive-action:v2@sha256:087d4e61077087755711ab7e9fae3cc899b7bb07ff8f6a30c3dfb240b1620ae8 + uses: docker://morphy/revive-action:v2@sha256:1d096ee3dd332113f7fb677d146337a3d92a24823623f2c2ab1d8e68f6c0eb14 with: config: revive.toml # Exclude patterns, separated by semicolons (optional) diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index f64b7ec..ee1ff98 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -37,7 +37,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif