-
Notifications
You must be signed in to change notification settings - Fork 35
build(deps): bump the github-actions group across 2 directories with 2 updates #686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump the github-actions group across 2 directories with 2 updates #686
Conversation
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
…2 updates Bumps the github-actions group with 1 update in the / directory: [actions/checkout](https://github.com/actions/checkout). Bumps the github-actions group with 1 update in the /.github/actions/bootstrap directory: [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...08c6903) Updates `anchore/sbom-action` from 0.20.4 to 0.20.5 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@7b36ad6...da167ea) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-version: 0.20.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>
3772c17
to
6bdfea1
Compare
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
51eab14
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
FYI We trust in the |
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Pull request was closed
Bumps the github-actions group with 1 update in the / directory: actions/checkout.
Bumps the github-actions group with 1 update in the /.github/actions/bootstrap directory: anchore/sbom-action.
Updates
actions/checkout
from 4.2.2 to 5.0.0Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
08c6903
Prepare v5.0.0 release (#2238)9f26565
Update actions checkout to use node 24 (#2226)08eba0b
Prepare release v4.3.0 (#2237)631c7dc
Update package dependencies (#2236)8edcb1b
Update CODEOWNERS for actions (#2224)09d2aca
Update README.md (#2194)85e6279
Adjust positioning of user email note and permissions heading (#2044)009b9ae
Documentation update - add recommended permissions to Readme (#2043)cbb7224
Update README.md (#1977)3b9b8c8
docs: update README.md (#1971)Updates
anchore/sbom-action
from 0.20.4 to 0.20.5Release notes
Sourced from anchore/sbom-action's releases.
Commits
da167ea
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#532)0d72d6e
chore(deps): update Syft to v1.31.0 (#531)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions