Skip to content

Bump the github-actions group with 7 updates#1

Closed
dependabot[bot] wants to merge 1 commit intoopenhandsfrom
dependabot/github_actions/github-actions-51bb56abf6
Closed

Bump the github-actions group with 7 updates#1
dependabot[bot] wants to merge 1 commit intoopenhandsfrom
dependabot/github_actions/github-actions-51bb56abf6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Nov 26, 2024
edited
Loading

Bumps the github-actions group with 7 updates:

Package From To
dessant/lock-threads 7de207be1d3ce97a9abe6ff1306222982d1ca9f9 1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771
actions/checkout 4.1.1 4.2.2
actions/setup-python 5.1.0 5.3.0
actions/upload-artifact 3.1.3 3.2.1
slsa-framework/slsa-github-generator 1.10.0 2.0.0
pypa/gh-action-pypi-publish 68e62d4871ad9d14a9d55f114e6ac71f0b408ec0 81e9d935c883d0b210363ab89cf05f3894778450
actions/cache 4.0.2 4.1.2

Updates dessant/lock-threads from 7de207be1d3ce97a9abe6ff1306222982d1ca9f9 to 1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771

Changelog

Sourced from dessant/lock-threads's changelog.

Changelog

All notable changes to this project will be documented in this file. See commit-and-tag-version for commit guidelines.

5.0.1 (2023-11-22)

Bug Fixes

  • support filtering threads by labels with spaces (0a63678), closes #40

5.0.0 (2023-11-14)

⚠ BREAKING CHANGES

  • Discussions are also processed by default, set the process-only input parameter to preserve the old behavior
    steps:
      - uses: dessant/lock-threads@v5
        with:
          process-only: 'issues, prs'
  • the action now requires Node.js 20

Features

Bug Fixes

4.0.1 (2023-06-12)

Bug Fixes

  • retry and throttle GitHub API requests (1618e91), closes #35

4.0.0 (2022-12-04)

⚠ BREAKING CHANGES

  • the action now requires Node.js 16

... (truncated)

Commits

Updates actions/checkout from 4.1.1 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

... (truncated)

Commits

Updates actions/setup-python from 5.1.0 to 5.3.0

Release notes

Sourced from actions/setup-python's releases.

v5.3.0

What's Changed

Bug Fixes:

Enhancements:

New Contributors

Full Changelog: actions/setup-python@v5...v5.3.0

v5.2.0

What's Changed

Bug fixes:

  • Add .zip extension to Windows package downloads for Expand-Archive Compatibility by @​priyagupta108 in actions/setup-python#916 This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly.
  • Add arch to cache key by @​Zxilly in actions/setup-python#896 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Documentation changes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v5.2.0

v5.1.1

What's Changed

Bug fixes:

  • fix(ci): update all failing workflows by @​mayeut in actions/setup-python#863 This update ensures compatibility and optimal performance of workflows on the latest macOS version.

Documentation changes:

Dependency updates:

... (truncated)

Commits
  • 0b93645 Enhance workflows: Add macOS 13 support, upgrade publish-action, and update d...
  • 9c76e71 Bump pillow from 7.2 to 10.2.0 in /tests/data (#956)
  • f4c5a11 Revise isGhes logic (#963)
  • 19dfb7b Bump default versions to latest (#905)
  • e9675cc Merge pull request #943 from actions/Jcambass-patch-1
  • 3226af6 Upgrade IA publish
  • 70dcb22 Merge pull request #941 from actions/Jcambass-patch-1
  • 65b48c7 Create publish-immutable-actions.yml
  • 29a37be initial commit (#938)
  • f677139 Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.3 to 3.2.1

Release notes

Sourced from actions/upload-artifact's releases.

v3.2.1

What's Changed

This fixes the include-hidden-files input introduced in https://github.com/actions/upload-artifact/releases/tag/v3.2.0

Full Changelog: actions/upload-artifact@v3.2.0...v3.2.1

v3.2.1-node20

What's Changed

This fixes the include-hidden-files input introduced in https://github.com/actions/upload-artifact/releases/tag/v3.2.0-node20

Full Changelog: actions/upload-artifact@v3.2.0-node20...v3.2.1-node20

v3.2.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Full Changelog: actions/upload-artifact@v3.1.3...v3.2.0

v3.2.0-node20

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@97a0fba...v3.2.0-node20

Commits
  • ff15f03 Merge pull request #609 from actions/joshmgross/fix-include-hidden-files-inpu...
  • 87b9624 Ensure hidden files input is used
  • 9ee08a3 Merge pull request #604 from actions/v3/backport-exclude-hidden-files
  • ff37344 Update documentation for action
  • d99c5ec update readme with section
  • afc7e4a Exclude hidden files by default backport
  • See full diff in compare view

Updates slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v2.0.0

See the CHANGELOG for details.

v2.0.0-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v2.0.0

v2.0.0: Breaking Change: upload-artifact and download-artifact

  • Our workflows now use the new @v4s of actions/upload-artifact and actions/download-artifact, which are incompatiblle with the prior @v3. See Our docs on the generic generator for more information and how to upgrade.

v2.0.0: Breaking Change: attestation-name Workflow Input and Output

  • attestation-name as a workflow input to .github/workflows/generator_generic_slsa3.yml is now removed. Use provenance-name instead.

v2.0.0: DSSE Rekor Type

  • When uploading signed provenance to the log, the entry created in the log is now a DSSE Rekor type. This fixes a bug where the current intoto type does not persist provenance signatures. The attestation will no longer be persisted in Rekor (#3299)
Commits
  • 5a775b3 chore: v2.0.0: update tags (#3583)
  • 41733f7 chore: v2.0.0-rc.0: update tags (#3578)
  • 3789345 docs: v.2.0.0: finalize CHANGELOG.md (#3577)
  • 02fc78b fix: deadlock and improve debugging experience (#3570)
  • 4534a0b break: Revert "chore: Revert "fix: upload-artifact and download-artifact v4""...
  • e8c2dcf fix(deps): Update Sigstore Dep to Sigstore 2.2.2 (#3491)
  • 2512315 feat(breaking): remove attestation-name input and output (#3456)
  • 4fbc6a9 chore: add ramonpetgrave64 to CODEOWNERS (#3490)
  • 8869c8a fix: Switch to newer DSSE rekor type (#3299)
  • 9d81ca7 chore: Update slsa-verifier version (#3454)
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 68e62d4871ad9d14a9d55f114e6ac71f0b408ec0 to 81e9d935c883d0b210363ab89cf05f3894778450

Commits

Updates actions/cache from 4.0.2 to 4.1.2

Release notes

Sourced from actions/cache's releases.

v4.1.2

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.1.2

v4.1.1

What's Changed

Full Changelog: actions/cache@v4.1.0...v4.1.1

v4.1.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4.0.2...v4.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.1.2

  • Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
  • Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

  • Restore original behavior of cache-hit output - #1467

4.1.0

  • Ensure cache-hit output is set when a cache is missed - #1404
  • Deprecate save-always input - #1452

4.0.2

  • Fixed restore fail-on-cache-miss not working.

4.0.1

  • Updated isGhes check

4.0.0

  • Updated minimum runner version support from node 12 -> node 20

3.3.3

  • Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
  • Additional audit fixes of npm package(s)

3.3.2

  • Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

  • Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

  • Added option to lookup cache without downloading it.

3.2.6

  • Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

... (truncated)

Commits
  • 6849a64 Release 4.1.2 #1477
  • 5a1720c Merge branch 'Link-/prep-4.1.2' of https://github.com/actions/cache into Link...
  • d9fef48 Merge branch 'main' into Link-/prep-4.1.2
  • a50e8d0 Merge branch 'main' into Link-/prep-4.1.2
  • acc9ae5 Merge pull request #1481 from actions/dependabot/github_actions/actions/setup...
  • 1ea5f18 Merge branch 'main' into Link-/prep-4.1.2
  • cc679ff Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
  • 366d43d Merge pull request #1483 from actions/dependabot/github_actions/github/codeql...
  • 02bf319 Bump github/codeql-action from 2 to 3
  • 6f6220b Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group with 7 updates
a2e78a4 
Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [dessant/lock-threads](https://github.com/dessant/lock-threads) | `7de207be1d3ce97a9abe6ff1306222982d1ca9f9` | `1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771` |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.2.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5.1.0` | `5.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.3` | `3.2.1` |
| [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `1.10.0` | `2.0.0` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `68e62d4871ad9d14a9d55f114e6ac71f0b408ec0` | `81e9d935c883d0b210363ab89cf05f3894778450` |
| [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` |


Updates `dessant/lock-threads` from 7de207be1d3ce97a9abe6ff1306222982d1ca9f9 to 1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](dessant/lock-threads@7de207b...1bf7ec2)

Updates `actions/checkout` from 4.1.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@b4ffde6...11bd719)

Updates `actions/setup-python` from 5.1.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@82c7e63...0b93645)

Updates `actions/upload-artifact` from 3.1.3 to 3.2.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@a8a3f3a...ff15f03)

Updates `slsa-framework/slsa-github-generator` from 1.10.0 to 2.0.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v1.10.0...v2.0.0)

Updates `pypa/gh-action-pypi-publish` from 68e62d4871ad9d14a9d55f114e6ac71f0b408ec0 to 81e9d935c883d0b210363ab89cf05f3894778450
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@68e62d4...81e9d93)

Updates `actions/cache` from 4.0.2 to 4.1.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0c45773...6849a64)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 26, 2024
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Jan 1, 2025

Dependabot could not find a dependency version.. Because of this, Dependabot cannot update this pull request.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Feb 1, 2025

Superseded by #5.

@dependabot dependabot bot closed this Feb 1, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-51bb56abf6 branch February 1, 2025 20:28
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 16, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants