From 474a9bb8db42aac1f25ba1e737d48bdfe5cda3cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Apr 2023 05:37:28 -0700 Subject: [PATCH 1/3] Bump google-github-actions/auth from 1.0.0 to 1.1.0 (#82) Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/ef5d53e30bbcd8d0836f4288f5e50ff3e086997d...e8df18b60c5dd38ba618c121b779307266153fbf) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 2 +- .github/workflows/sign.yaml | 2 +- .github/workflows/slsa.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5fc6fefe..3a977673 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -68,7 +68,7 @@ jobs: - id: auth name: Auth GCP - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0 + uses: google-github-actions/auth@e8df18b60c5dd38ba618c121b779307266153fbf # v1.1.0 with: token_format: "access_token" workload_identity_provider: ${{ inputs.auth_provider }} diff --git a/.github/workflows/sign.yaml b/.github/workflows/sign.yaml index 3bb8949c..187c01bb 100644 --- a/.github/workflows/sign.yaml +++ b/.github/workflows/sign.yaml @@ -40,7 +40,7 @@ jobs: - id: auth name: Auth GCP - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0 + uses: google-github-actions/auth@e8df18b60c5dd38ba618c121b779307266153fbf # v1.1.0 with: token_format: "access_token" workload_identity_provider: ${{ inputs.auth_provider }} diff --git a/.github/workflows/slsa.yaml b/.github/workflows/slsa.yaml index 2ab7c2ed..1493769e 100644 --- a/.github/workflows/slsa.yaml +++ b/.github/workflows/slsa.yaml @@ -69,7 +69,7 @@ jobs: - id: auth name: Auth GCP - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0 + uses: google-github-actions/auth@e8df18b60c5dd38ba618c121b779307266153fbf # v1.1.0 with: token_format: "access_token" workload_identity_provider: ${{ inputs.auth_provider }} From 43500afbfc267795ab25368abc74876b6b5db5bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Apr 2023 05:37:46 -0700 Subject: [PATCH 2/3] Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#84) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/1f0aa582c8c8f5f7639610d6d38baddfea4fdcee...e5f43133f6e8736992c9f3c1b3296e24b37e17f2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark Chmarny --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b8c764af..168616df 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -139,7 +139,7 @@ jobs: - name: Checkout Code uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.4.0 - name: Scan Repo - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # v0.9.2 + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # v0.10.0 with: scan-type: 'fs' ignore-unfixed: true From 91fcd0a98a199e743a40c30f4cdc6fc0ca860507 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Apr 2023 05:38:04 -0700 Subject: [PATCH 3/3] Bump codecov/codecov-action from 3.1.2 to 3.1.3 (#87) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/40a12dcee2df644d47232dde008099a3e9e4f865...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark Chmarny --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 168616df..09a0aa5c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -51,7 +51,7 @@ jobs: run: | make test - name: Parse Coverage - uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # v3.1.2 + uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # v3.1.3 with: flags: unittests # optional