chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549

hashicorp-tsccr · 2024-03-18T08:48:06Z

Bumping GitHub Actions version to latest TSCCR release.

changes in .github/workflows/build.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
changes in .github/workflows/docker.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump docker/build-push-action from v5.1.0 to v5.2.0 (release notes)
changes in .github/workflows/examples.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
changes in .github/workflows/integration.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache/restore from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/cache/restore from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
changes in .github/workflows/provider-integration.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/cache/restore from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/cache/restore from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
changes in .github/workflows/release.yml
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
changes in .github/workflows/release_next.yml
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
changes in .github/workflows/unit.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
changes in .github/workflows/yarn-upgrade.yml
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump actions/download-artifact from v4.1.3 to v4.1.4 (release notes)
- bump peter-evans/create-pull-request from v6.0.0 to v6.0.1 (release notes)
- bump actions/cache from v4.0.0 to v4.0.1 (release notes)
- bump peter-evans/create-pull-request from v6.0.0 to v6.0.1 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/8322016990

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

Please reach out to #team-prodsec if you have any questions.

github-actions · 2024-04-18T01:33:35Z

I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

Result of tsccr-helper -log-level=info gha update -latest .

8c51cd1

hashicorp-tsccr bot requested a review from a team as a code owner March 18, 2024 08:48

hashicorp-tsccr bot added dependencies Auto-pinning security Auto-pinning labels Mar 18, 2024

hashicorp-tsccr bot requested review from mutahhir and ansgarm and removed request for a team March 18, 2024 08:48

vercel bot deployed to Preview – terraform-cdk-redirects March 18, 2024 08:48 View deployment

vercel bot deployed to Preview – terraform-cdk March 18, 2024 08:54 View deployment

DanielMSchmidt merged commit 958de88 into main Mar 18, 2024
273 of 332 checks passed

DanielMSchmidt deleted the tsccr-auto-pinning/trusted/2024-03-18 branch March 18, 2024 08:55

ansgarm mentioned this pull request Mar 18, 2024

chore(release): Update CHANGELOG.md and version to 0.20.5 #3555

Merged

DanielMSchmidt mentioned this pull request Apr 2, 2024

chore: release 0.20.6 #3579

Merged

github-actions bot locked as resolved and limited conversation to collaborators Apr 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549

hashicorp-tsccr bot commented Mar 18, 2024

github-actions bot commented Apr 18, 2024

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549

Conversation

hashicorp-tsccr bot commented Mar 18, 2024

github-actions bot commented Apr 18, 2024