From e7673729bd6b1d6a49a4707705df82e8676c1582 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 02:51:14 +0000 Subject: [PATCH] ci(deps): bump the github-action-dependencies group with 2 updates Bumps the github-action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `aquasecurity/trivy-action` from 0.29.0 to 0.32.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.32.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-action-dependencies - dependency-name: aquasecurity/trivy-action dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-action-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/pipeline.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 503a749..0ee985f 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -15,7 +15,7 @@ jobs: conventional-commit-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: Conventional commit check @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest needs: conventional-commit-check steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: distribution: adopt @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: distribution: adopt @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: distribution: adopt @@ -83,7 +83,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: distribution: adopt @@ -106,7 +106,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: snyk/actions/maven-3-jdk-21@master name: Run Snyk scan for dependency and license env: @@ -127,13 +127,13 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile failure-threshold: error - name: Run Trivy vulnerability for IAC - uses: aquasecurity/trivy-action@0.29.0 + uses: aquasecurity/trivy-action@0.32.0 with: scan-type: config scan-ref: './' @@ -171,7 +171,7 @@ jobs: outputs: is-dryrun-version-bumped: ${{ steps.bump-version.outputs.is-dryrun-version-bumped }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: fetch-tags @@ -234,7 +234,7 @@ jobs: environment: name: approve-release # Manual Approval to decide if we are ready to push tags and release steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 fetch-tags: true