build(deps): bump the dependencies group across 1 directory with 6 updates #846
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the dependencies group with 6 updates in the / directory:
4.1.5
4.1.6
3.1.0
3.2.0
3.25.4
3.25.6
1.7.0
2.0.0
5.4.0
5.5.2
0.19.0
0.21.0
Updates
actions/checkout
from 4.1.5 to 4.1.6Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
a5ac7e5
Update for 4.1.6 release (#1733)24ed1a3
Check platform for extension (#1732)Updates
docker/login-action
from 3.1.0 to 3.2.0Release notes
Sourced from docker/login-action's releases.
Commits
0d4c9c5
Merge pull request #722 from crazy-max/update-readmeb29e14f
add contributing section to README218a70c
Merge pull request #721 from docker/dependabot/npm_and_yarn/docker/actions-to...b820080
build(deps): bump@docker/actions-toolkit
from 0.23.0 to 0.24.027530a9
Merge pull request #720 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...d072a60
chore: update generated content7c627b5
build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...787cfc6
Merge pull request #694 from docker/dependabot/npm_and_yarn/undici-5.28.48e66e91
chore: update generated content5ba5e97
build(deps): bump undici from 5.28.3 to 5.28.4Updates
github/codeql-action
from 3.25.4 to 3.25.6Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
9fdb3e4
Merge pull request #2300 from github/update-v3.25.6-63d519c0a00792ab
Update changelog for v3.25.663d519c
Merge pull request #2295 from github/update-bundle/codeql-bundle-v2.17.30d9161c
Merge pull request #2293 from github/henrymercer/update-build-mode-autobuild-...e9e2729
Add changelog notede1ac31
Update default bundle to codeql-bundle-v2.17.3a57c67b
Merge pull request #2286 from github/koesie10/ghec-dr-db-uploadb7ef64e
Merge pull request #2294 from github/dependabot/npm_and_yarn/npm-d3285d5234e54dea2
Update checked-in dependencies3b42294
Bump the npm group across 1 directory with 4 updatesUpdates
checkmarx/kics-github-action
from 1.7.0 to 2.0.0Release notes
Sourced from checkmarx/kics-github-action's releases.
Commits
d1b692d
Merge pull request #109 from Checkmarx/gabriel-cx-patch-17f89475
Update Dockerfile03c9abe
Merge pull request #107 from Checkmarx/critical_Add26150f4
new link for critical image88fa5c6
change link to critical imagee4f01c6
new critical img and logic to get image6d1dc92
Merge pull request #105 from Checkmarx/fix-760dcc489
add user suggested change2917c26
Merge pull request #92 from felickz/patch-1d5323fb
update readmeUpdates
amannn/action-semantic-pull-request
from 5.4.0 to 5.5.2Release notes
Sourced from amannn/action-semantic-pull-request's releases.
Changelog
Sourced from amannn/action-semantic-pull-request's changelog.
... (truncated)
Commits
cfb6070
chore: Release 5.5.2 [skip ci]9a90d5a
fix: Bump tar from 6.1.11 to 6.2.1 (#262 by@EelcoLos
)9ebc021
chore: Release 5.5.1 [skip ci]5e7e9ac
fix: Bump ip from 2.0.0 to 2.0.1 (#263 by@EelcoLos
)c24d6dd
chore: Release 5.5.0 [skip ci]b05f5f6
feat: Add outputs fortype
,scope
andsubject
(#261 by@bcaurel
)67cbd7a
chore: Bumpword-wrap
dependency from 1.2.3 to 1.2.4 (#246 by@EelcoLos
)95af3b9
chore(deps): Bump@babel/traverse
from 7.17.0 to 7.23.2 (#245 by@EelcoLos
)Updates
aquasecurity/trivy-action
from 0.19.0 to 0.21.0Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
fd25fed
bump trivy version to v0.51.2 (#360)b2933f5
bump trivy version to v0.51.1 (#353)b2cd5ff
Update bump-trivy.yaml6f8c237
update tests (#334)7088d18
Revert "fix: 🐛 allow trivy-config and other options to be used together (#338)"ee6a4f5
fix: 🐛 allow trivy-config and other options to be used together (#338)b5f4977
Bump trivy version to v0.50.2 (#341)207cd40
Fix docker host bug (#329)840deb4
Browse scan reports without GitHub Advanced Security license (#328)0f287db
feat(image): add--docker-host
option for GH Action users (#267)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions