chore(deps): update anchore/sbom-action action to v0.22.2 by renovate[bot] · Pull Request #373 · mcaulifn/solcast

renovate · 2026-02-12T13:51:36Z

This PR contains the following updates:

Package	Type	Update	Change
anchore/sbom-action	action	minor	`v0.21.0` → `v0.22.2`

Release Notes

anchore/sbom-action (anchore/sbom-action)

`v0.22.2`

Compare Source

v0.22.2

⬆️ Dependencies

chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (#581) [@dependabot[bot]]
chore(deps): update Syft to v1.41.2 (#582) [@anchore-actions-token-generator[bot]]
chore(deps-dev): bump the dev-dependencies group with 2 updates (#580) [@dependabot[bot]]
chore(deps): update Syft to v1.41.1 (#579) [@anchore-actions-token-generator[bot]]

`v0.22.1`

Compare Source

v0.22.1

⬆️ Dependencies

chore(deps): update Syft to v1.41.0 (#576) [@anchore-actions-token-generator[bot]]
chore(deps): bump lodash from 4.17.21 to 4.17.23 (#573) [@dependabot[bot]]

`v0.22.0`

Compare Source

Changes in v0.22.0

⬆️ Dependencies

chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@dependabot]
chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@dependabot]
chore(deps): update Syft to v1.40.1 (#563) [@anchore-actions-token-generator[bot]]

`v0.21.1`

Compare Source

Changes in v0.21.1

chore(deps): update Syft to v1.40.0 (#562) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-02-12T13:51:47Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

actions/anchore/sbom-action

28d71544de8eaf1b958d335707167c5f783590ad

🟢 7.1

Details

Check	Score	Reason
Binary-Artifacts	🟢 9	binaries present in source code
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	11 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

.github/workflows/pullrequest.yaml

codecov · 2026-02-12T13:52:57Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (81657bd) to head (6f40f46).
⚠️ Report is 198 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #373   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            7         7           
  Lines          126       126           
=========================================
  Hits           126       126

Flag	Coverage Δ
unittests	`100.00% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3a6776b...6f40f46. Read the comment docs.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

renovate bot deployed to testpypi February 12, 2026 13:54 Active

chore(deps): update anchore/sbom-action action to v0.22.2

445ef1d

renovate bot force-pushed the renovate/anchore-sbom-action-0.x branch from 6f40f46 to 445ef1d Compare February 13, 2026 19:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update anchore/sbom-action action to v0.22.2#373

chore(deps): update anchore/sbom-action action to v0.22.2#373
renovate[bot] wants to merge 1 commit intomainfrom
renovate/anchore-sbom-action-0.x

renovate bot commented Feb 12, 2026

Uh oh!

github-actions bot commented Feb 12, 2026

Uh oh!

codecov bot commented Feb 12, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Feb 12, 2026

Release Notes

v0.22.2

v0.22.2

⬆️ Dependencies

v0.22.1

v0.22.1

⬆️ Dependencies

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

v0.21.1

Changes in v0.21.1

Configuration

Uh oh!

github-actions bot commented Feb 12, 2026

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

codecov bot commented Feb 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v0.22.2`

`v0.22.1`

`v0.22.0`

`v0.21.1`

codecov bot commented Feb 12, 2026 •

edited

Loading