Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions (major) #55

Merged
merged 1 commit into from
Apr 29, 2024
Merged

chore(deps): update github-actions (major) #55

merged 1 commit into from
Apr 29, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 29, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
gradle/wrapper-validation-action action major v2.1.3 -> v3.3.2
slsa-framework/slsa-github-generator action major v1.10.0 -> v2.0.0

Release Notes

gradle/wrapper-validation-action (gradle/wrapper-validation-action)

v3.3.2

Compare Source

[!IMPORTANT]
As of v3 this action has been deprecated by gradle/actions/wrapper-validation.
Any workflow that uses gradle/wrapper-validation-action@v3 will transparently delegate to gradle/actions/wrapper-validation@v3.

Users are encouraged to update their workflows, replacing:

uses: gradle/wrapper-validation-action@v3

with

uses: gradle/actions/wrapper-validation@v3

See the wrapper-validation documentation for up-to-date documentation for gradle/actions/wrapper-validation.

For release details, see https://github.com/gradle/actions/releases/tag/v3.3.2

v3.3.1

Compare Source

[!IMPORTANT]
As of v3 this action has been deprecated by gradle/actions/wrapper-validation.
Any workflow that uses gradle/wrapper-validation-action@v3 will transparently delegate to gradle/actions/wrapper-validation@v3.

Users are encouraged to update their workflows, replacing:

uses: gradle/wrapper-validation-action@v3

with

uses: gradle/actions/wrapper-validation@v3

See the wrapper-validation documentation for up-to-date documentation for gradle/actions/wrapper-validation.

For release details, see https://github.com/gradle/actions/releases/tag/v3.3.1

v3.3.0

Compare Source

This is the first release of gradle/wrapper-validation-action available with the v3 version tag.

[!IMPORTANT]
As of v3 this action has been deprecated by gradle/actions/wrapper-validation.
Any workflow that uses gradle/wrapper-validation-action@v3 will transparently delegate to gradle/actions/wrapper-validation@v3.

Users are encouraged to update their workflows, replacing:

uses: gradle/wrapper-validation-action@v3

with

uses: gradle/actions/wrapper-validation@v3

See the wrapper-validation documentation for up-to-date documentation for gradle/actions/wrapper-validation.

Changes from wrapper-validation-acion@v2

There are no functional changes in this release. The jump directly to v3 (and v3.3.0) serves 2 purposes:

  • Ensure that users explicitly switch to the new delegating action implementation
    • This upgrade also provides an opportunity for users to switch directly to gradle/actions/wrapper-validation
  • Allows us to have consistent version numbering between gradle/wrapper-validation-action and gradle/actions/wrapper-validation

See #​198

Full Changelog: gradle/wrapper-validation-action@v2.1.3...v3.3.0

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

v2.0.0

Compare Source

v2.0.0: Breaking Change: upload-artifact and download-artifact
  • Our workflows now use the new @v4s of actions/upload-artifact and actions/download-artifact, which are incompatiblle with the prior @v3. See Our docs on the generic generator for more information and how to upgrade.
v2.0.0: Breaking Change: attestation-name Workflow Input and Output
  • attestation-name as a workflow input to .github/workflows/generator_generic_slsa3.yml is now removed. Use provenance-name instead.
v2.0.0: DSSE Rekor Type
  • When uploading signed provenance to the log, the entry created in the log is now
    a DSSE Rekor type. This fixes a bug where the current intoto type does not
    persist provenance signatures. The attestation will no longer be persisted
    in Rekor (#​3299)

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions GitHub Actions
Copy link

Target ghcr.io/miracum/github-reusable-workflow-without-test-image:v1.2.3-beta.123 (debian 12.5)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc6 CVE-2024-2961 HIGH 2.36-9+deb12u4 2.36-9+deb12u6
libc6 CVE-2024-33599 HIGH 2.36-9+deb12u4
libc6 CVE-2024-33600 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33601 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33602 MEDIUM 2.36-9+deb12u4
libc6 CVE-2010-4756 LOW 2.36-9+deb12u4
libc6 CVE-2018-20796 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010022 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010023 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010024 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010025 LOW 2.36-9+deb12u4
libc6 CVE-2019-9192 LOW 2.36-9+deb12u4
libexpat1 CVE-2023-52425 HIGH 2.5.0-1
libexpat1 CVE-2023-52426 LOW 2.5.0-1
libexpat1 CVE-2024-28757 LOW 2.5.0-1
libgcc-s1 CVE-2023-4039 MEDIUM 12.2.0-14
libgcc-s1 CVE-2022-27943 LOW 12.2.0-14
libgomp1 CVE-2023-4039 MEDIUM 12.2.0-14
libgomp1 CVE-2022-27943 LOW 12.2.0-14
libgssapi-krb5-2 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libncursesw6 CVE-2023-50495 MEDIUM 6.4-4
libncursesw6 CVE-2023-45918 LOW 6.4-4
libpython3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2024-0450 MEDIUM 3.11.2-6
libsqlite3-0 CVE-2023-7104 HIGH 3.40.1-2
libsqlite3-0 CVE-2024-0232 MEDIUM 3.40.1-2
libsqlite3-0 CVE-2021-45346 LOW 3.40.1-2
libssl3 CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2007-6755 LOW 3.0.11-1~deb12u2
libssl3 CVE-2010-0928 LOW 3.0.11-1~deb12u2
libssl3 CVE-2024-2511 LOW 3.0.11-1~deb12u2
libstdc++6 CVE-2023-4039 MEDIUM 12.2.0-14
libstdc++6 CVE-2022-27943 LOW 12.2.0-14
libtinfo6 CVE-2023-50495 MEDIUM 6.4-4
libtinfo6 CVE-2023-45918 LOW 6.4-4
libuuid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libuuid1 CVE-2022-0563 LOW 2.38.1-5+b1
python3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
python3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
python3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
python3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
python3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
python3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
zlib1g CVE-2023-45853 CRITICAL 1:1.2.13.dfsg-1

No Misconfigurations found

@github-actions GitHub Actions
Copy link

Target ghcr.io/miracum/github-reusable-workflow-without-test-image:pr-55 (debian 12.5)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc6 CVE-2024-2961 HIGH 2.36-9+deb12u4 2.36-9+deb12u6
libc6 CVE-2024-33599 HIGH 2.36-9+deb12u4
libc6 CVE-2024-33600 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33601 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33602 MEDIUM 2.36-9+deb12u4
libc6 CVE-2010-4756 LOW 2.36-9+deb12u4
libc6 CVE-2018-20796 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010022 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010023 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010024 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010025 LOW 2.36-9+deb12u4
libc6 CVE-2019-9192 LOW 2.36-9+deb12u4
libexpat1 CVE-2023-52425 HIGH 2.5.0-1
libexpat1 CVE-2023-52426 LOW 2.5.0-1
libexpat1 CVE-2024-28757 LOW 2.5.0-1
libgcc-s1 CVE-2023-4039 MEDIUM 12.2.0-14
libgcc-s1 CVE-2022-27943 LOW 12.2.0-14
libgomp1 CVE-2023-4039 MEDIUM 12.2.0-14
libgomp1 CVE-2022-27943 LOW 12.2.0-14
libgssapi-krb5-2 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libncursesw6 CVE-2023-50495 MEDIUM 6.4-4
libncursesw6 CVE-2023-45918 LOW 6.4-4
libpython3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2024-0450 MEDIUM 3.11.2-6
libsqlite3-0 CVE-2023-7104 HIGH 3.40.1-2
libsqlite3-0 CVE-2024-0232 MEDIUM 3.40.1-2
libsqlite3-0 CVE-2021-45346 LOW 3.40.1-2
libssl3 CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2007-6755 LOW 3.0.11-1~deb12u2
libssl3 CVE-2010-0928 LOW 3.0.11-1~deb12u2
libssl3 CVE-2024-2511 LOW 3.0.11-1~deb12u2
libstdc++6 CVE-2023-4039 MEDIUM 12.2.0-14
libstdc++6 CVE-2022-27943 LOW 12.2.0-14
libtinfo6 CVE-2023-50495 MEDIUM 6.4-4
libtinfo6 CVE-2023-45918 LOW 6.4-4
libuuid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libuuid1 CVE-2022-0563 LOW 2.38.1-5+b1
python3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
python3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
python3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
python3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
python3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
python3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
zlib1g CVE-2023-45853 CRITICAL 1:1.2.13.dfsg-1

No Misconfigurations found

@github-actions GitHub Actions
Copy link

Target ghcr.io/miracum/github-reusable-workflow:pr-55 (debian 12.5)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc6 CVE-2024-2961 HIGH 2.36-9+deb12u4 2.36-9+deb12u6
libc6 CVE-2024-33599 HIGH 2.36-9+deb12u4
libc6 CVE-2024-33600 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33601 MEDIUM 2.36-9+deb12u4
libc6 CVE-2024-33602 MEDIUM 2.36-9+deb12u4
libc6 CVE-2010-4756 LOW 2.36-9+deb12u4
libc6 CVE-2018-20796 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010022 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010023 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010024 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010025 LOW 2.36-9+deb12u4
libc6 CVE-2019-9192 LOW 2.36-9+deb12u4
libexpat1 CVE-2023-52425 HIGH 2.5.0-1
libexpat1 CVE-2023-52426 LOW 2.5.0-1
libexpat1 CVE-2024-28757 LOW 2.5.0-1
libgcc-s1 CVE-2023-4039 MEDIUM 12.2.0-14
libgcc-s1 CVE-2022-27943 LOW 12.2.0-14
libgomp1 CVE-2023-4039 MEDIUM 12.2.0-14
libgomp1 CVE-2022-27943 LOW 12.2.0-14
libgssapi-krb5-2 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libk5crypto3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5-3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26458 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26461 MEDIUM 1.20.1-2+deb12u1
libkrb5support0 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libncursesw6 CVE-2023-50495 MEDIUM 6.4-4
libncursesw6 CVE-2023-45918 LOW 6.4-4
libpython3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-6597 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2024-0450 MEDIUM 3.11.2-6
libsqlite3-0 CVE-2023-7104 HIGH 3.40.1-2
libsqlite3-0 CVE-2024-0232 MEDIUM 3.40.1-2
libsqlite3-0 CVE-2021-45346 LOW 3.40.1-2
libssl3 CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2007-6755 LOW 3.0.11-1~deb12u2
libssl3 CVE-2010-0928 LOW 3.0.11-1~deb12u2
libssl3 CVE-2024-2511 LOW 3.0.11-1~deb12u2
libstdc++6 CVE-2023-4039 MEDIUM 12.2.0-14
libstdc++6 CVE-2022-27943 LOW 12.2.0-14
libtinfo6 CVE-2023-50495 MEDIUM 6.4-4
libtinfo6 CVE-2023-45918 LOW 6.4-4
libuuid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libuuid1 CVE-2022-0563 LOW 2.38.1-5+b1
python3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
python3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
python3.11-minimal CVE-2023-6597 HIGH 3.11.2-6
python3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
python3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
python3.11-minimal CVE-2024-0450 MEDIUM 3.11.2-6
zlib1g CVE-2023-45853 CRITICAL 1:1.2.13.dfsg-1

No Misconfigurations found

@chgl chgl merged commit ab3e0ac into master Apr 29, 2024
24 checks passed
@renovate renovate bot deleted the renovate/major-github-actions branch April 29, 2024 08:36
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 1.8.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chgl