Bump anchore/scan-action from 3.5.0 to 6.2.0

[dependabot]

Bumps anchore/scan-action from 3.5.0 to 6.2.0.

Release notes

Sourced from anchore/scan-action's releases.

v6.2.0

New in scan-action v6.2.0

• feat: update Scan action to use grype db v6 (#462) [spiffcs]

v6.1.0

New in scan-action v6.1.0

• Feature (deps): update Grype to v0.87.0 (#430)
  • See Grype changes for new updates

v6.0.0

New in scan-action v6.0.0

Breaking Change

• feat: add output-file option, default to random directory output in temp (#346) [kzantow]

The action no longer generates files in your working directory by default, instead you should use the action outputs: ${{ steps.<id>.outputs.sarif }} where the <id> needs to match the id you configured to reference the scan-action, e.g.:

      - uses: anchore/scan-action@v6
        id: scan
        ...
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}

Other Changes

• chore(deps): update Grype to v0.86.1 (#416) [anchore-actions-token-generator]
• feat: add support for cyclonedx and cyclonedx-json output-formats (#396) [ps-e]
• chore(deps): bump @​actions/cache from 3.3.0 to 4.0.0 (#412) [dependabot]
• chore(deps): update Grype to v0.86.0 (#413) [anchore-actions-token-generator]

v5.3.0

New in scan-action v5.3.0

• chore(deps): update Grype to v0.85.0 (#408) [anchore-actions-token-generator]
• chore(deps-dev): bump @​vercel/ncc from 0.38.2 to 0.38.3 (#406) [dependabot]
• chore(deps-dev): bump eslint from 9.14.0 to 9.15.0 (#405) [dependabot]
• chore(deps-dev): bump husky from 9.1.6 to 9.1.7 (#407) [dependabot]

v5.2.1

New in scan-action v5.2.1

• update Grype to v0.84.0 (#404) [anchore-actions-token-generator]
• bump @​actions/cache from 3.2.4 to 3.3.0 (#402) [dependabot]

v5.2.0

New in scan-action v5.2.0

... (truncated)

Commits

• 2c901ab Scan action grype db v6 (#462)
• 39c42ea chore(deps-dev): bump lint-staged from 15.5.0 to 15.5.1 (#458)
• eec251a chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (#457)
• c8820f3 chore(deps-dev): bump eslint from 9.24.0 to 9.25.1 (#460)
• b1d1a26 chore(deps-dev): bump eslint from 9.23.0 to 9.24.0 (#456)
• dc6246f chore(deps-dev): bump lint-staged from 15.4.3 to 15.5.0 (#448)
• 4736597 chore(deps): bump actions/setup-node from 4.2.0 to 4.3.0 (#449)
• 0883344 chore(deps-dev): bump eslint from 9.22.0 to 9.23.0 (#452)
• 11388f2 chore(deps-dev): bump eslint from 9.21.0 to 9.22.0 (#447)
• 8b28347 chore(deps-dev): bump eslint from 9.19.0 to 9.21.0 (#440)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #268.