chore(actions)(deps): bump the actions group across 1 directory with 5 updates

dependabot[bot] · web-flow · commit 57cc550cc709 · 2025-11-03T01:29:37.000Z
Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [distroless/actions](https://github.com/distroless/actions) | `1.0.0` | `1.0.6` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2` | `3` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6` | `7` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) Updates `distroless/actions` from 1.0.0 to 1.0.6 - [Release notes](https://github.com/distroless/actions/releases) - [Changelog](https://github.com/chainguard-images/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-images/actions@v1.0.0...v1.0.6) Updates `actions/attest-build-provenance` from 2 to 3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v2...v3) Updates `anchore/scan-action` from 6 to 7 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@v6...v7) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: distroless/actions dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: anchore/scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -58,7 +58,7 @@ jobs:
       - uses: imjasonh/setup-crane@v0.4
       - uses: sigstore/cosign-installer@v3
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set Vars
         id: vars
@@ -88,7 +88,7 @@ jobs:
 
       - name: Publish image
         id: apko
-        uses: distroless/actions/apko-publish@v1.0.0
+        uses: distroless/actions/apko-publish@v1.0.7
         with:
           config: ${{ inputs.config-dir }}/${{ inputs.target }}.yaml
           tag: ${{ steps.vars.outputs.image }}
@@ -158,7 +158,7 @@ jobs:
 
       - if: steps.vars.outputs.registry == 'ghcr.io'
         name: Attest build provenance
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ steps.vars.outputs.registry }}/${{ inputs.repository }}
           subject-digest: ${{ steps.digest.outputs.digest }}
@@ -189,11 +189,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Scan image
         id: scan
-        uses: anchore/scan-action@v6
+        uses: anchore/scan-action@v7
         with:
           image: ${{ needs.publish.outputs.image }}
           cache-db: true
@@ -202,7 +202,7 @@ jobs:
           #grype-version: v0.87.0
 
       - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
           category: ${{ github.workflow }}
