From 524a44b70d896cdb410dcf4739a09a476883697a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 16:35:04 +0000 Subject: [PATCH] chore(deps): bump the actions-minor-patch group across 1 directory with 6 updates (#4946) Bumps the actions-minor-patch group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` | | [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` | | [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [anchore/workflows/.github/workflows/release-install-script.yaml](https://github.com/anchore/workflows) | `0.6.0` | `0.7.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.5` | `0.5.6` | Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5) Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5) Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `anchore/workflows/.github/workflows/release-install-script.yaml` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/anchore/workflows/releases) - [Commits](https://github.com/anchore/workflows/compare/15122524ced7906bfa9685eeae12e22647773ea6...b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5) Updates `zizmorcore/zizmor-action` from 0.5.5 to 0.5.6 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/a16621b09c6db4281f81a93cb393b05dcd7b7165...5f14fd08f7cf1cb1609c1e344975f152c7ee938d) --- updated-dependencies: - dependency-name: anchore/workflows/.github/workflows/codeql.yaml dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: anchore/workflows/.github/workflows/check-gate.yaml dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: anchore/workflows/.github/workflows/release-install-script.yaml dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yaml | 2 +- .github/workflows/release.yaml | 10 +++++----- .github/workflows/validate-github-actions.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 06b5dbc25..7a0a5654f 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -13,7 +13,7 @@ permissions: {} jobs: analyze: name: Analyze - uses: anchore/workflows/.github/workflows/codeql.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/codeql.yaml@b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5 # v0.7.0 permissions: security-events: write packages: read diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2d40b1250..7530793a8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: if: ${{ github.event.inputs.phase == 'all' }} permissions: contents: read # required for fetching tags - uses: anchore/workflows/.github/workflows/check-version-available.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/check-version-available.yaml@b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5 # v0.7.0 with: version: ${{ github.event.inputs.version }} @@ -35,7 +35,7 @@ jobs: if: ${{ github.event.inputs.phase == 'all' }} permissions: checks: read # required for getting the status of specific check names - uses: anchore/workflows/.github/workflows/check-gate.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/check-gate.yaml@b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5 # v0.7.0 with: # these are checks that should be run on pull-request and merges to main. # we do NOT want to kick off a release if these have not been verified on main. @@ -66,13 +66,13 @@ jobs: uses: ./.github/actions/bootstrap - name: Login to Docker Hub - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 #v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #v4.2.0 with: username: ${{ secrets.ANCHOREOSSWRITE_DH_USERNAME }} password: ${{ secrets.ANCHOREOSSWRITE_DH_PAT }} - name: Login to GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 #v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -106,7 +106,7 @@ jobs: if: ${{ always() && (needs.release.result == 'success' || github.event.inputs.phase == 'install-script-only') }} permissions: contents: read # required for the reusable workflow to check out the repo and publish the install script - uses: anchore/workflows/.github/workflows/release-install-script.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0 + uses: anchore/workflows/.github/workflows/release-install-script.yaml@b3e328b5ae31ba96297e2ed9a6124e5e6352a4c5 # v0.7.0 with: tag: ${{ github.event.inputs.version }} secrets: diff --git a/.github/workflows/validate-github-actions.yaml b/.github/workflows/validate-github-actions.yaml index 1960f38ef..9810f60f5 100644 --- a/.github/workflows/validate-github-actions.yaml +++ b/.github/workflows/validate-github-actions.yaml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: "Run zizmor" - uses: zizmorcore/zizmor-action@a16621b09c6db4281f81a93cb393b05dcd7b7165 # v0.5.5 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: # there is a pass/fail gate as a repo ruleset (if there is no ruleset configured then the action will pass by default) advanced-security: true