From 28d478974f6924d1d65b6e0c0419502de03a156d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 16:16:10 +0000 Subject: [PATCH] [v8](gha): Bump the dependencies group across 1 directory with 4 updates Bumps the dependencies group with 4 updates in the / directory: [anchore/scan-action](https://github.com/anchore/scan-action), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `anchore/scan-action` from 6 to 7 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/v6...v7) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) Updates `actions/download-artifact` from 5 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/check-cves.yml | 4 +-- .../workflows/release-build-sign-upload.yml | 30 +++++++++---------- .github/workflows/release-update-repos.yml | 4 +-- .github/workflows/util-code-quality.yml | 6 ++-- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/check-cves.yml b/.github/workflows/check-cves.yml index 011e96d8eeb..4239f0c5d14 100644 --- a/.github/workflows/check-cves.yml +++ b/.github/workflows/check-cves.yml @@ -14,7 +14,7 @@ jobs: - name: Scan current project id: scan - uses: anchore/scan-action@v6 + uses: anchore/scan-action@v7 with: path: "." add-cpes-if-none: true @@ -26,7 +26,7 @@ jobs: if: always() - name: Archive CVE scan results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 if: always() with: name: cve-scan-results-${{ github.sha }}-${{ github.run_id }}-${{ github.run_number }} diff --git a/.github/workflows/release-build-sign-upload.yml b/.github/workflows/release-build-sign-upload.yml index 7ecbb78baf3..0fdbcffc8e5 100644 --- a/.github/workflows/release-build-sign-upload.yml +++ b/.github/workflows/release-build-sign-upload.yml @@ -169,7 +169,7 @@ jobs: make out/cf-cli_linux_arm64 - name: Store Linux Binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-linux-binaries @@ -274,7 +274,7 @@ jobs: working-directory: signed-redhat-installer - name: Store Signed Linux RPM Packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-linux-rpm-packages @@ -375,7 +375,7 @@ jobs: working-directory: packaged-deb - name: Store Debian Packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-linux-deb-packages @@ -465,7 +465,7 @@ jobs: make out/cf-cli_macosarm - name: Store macOS Binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-macos-binaries @@ -604,7 +604,7 @@ jobs: "signed-macos-installer/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_macosarm.pkg" - name: Store macOS Signed Packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-macos-packages @@ -690,7 +690,7 @@ jobs: New-Item -ItemType SymbolicLink -Target .\out\cf-cli_winx64.exe -Path .\out\cf-cli_winx64-link.exe - name: Save signed binaries as a GitHub Action Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: cf-cli-windows-binaries if-no-files-found: error @@ -735,7 +735,7 @@ jobs: Get-ChildItem "${env:RUNNER_TEMP}" - name: Save installer and dist files as a GitHub Action Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: cf-cli-windows-packages if-no-files-found: error @@ -770,7 +770,7 @@ jobs: uses: actions/checkout@v5 - name: Download signed artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: path: signed # download all artifacts to 'signed/' @@ -856,7 +856,7 @@ jobs: signed/winx64/*zip - name: Store Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: final-artifacts @@ -889,7 +889,7 @@ jobs: steps: - name: Download Signed Linux Packages - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: cf-cli-linux-rpm-packages @@ -916,7 +916,7 @@ jobs: steps: - name: Download Signed Linux Packages - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: cf-cli-linux-deb-packages @@ -944,7 +944,7 @@ jobs: steps: - name: Download Signed macOS Packages - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: cf-cli-macos-packages @@ -968,7 +968,7 @@ jobs: steps: - name: Download Signed Windows Binaries - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: cf-cli-windows-binaries @@ -978,7 +978,7 @@ jobs: Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_winx64.exe - name: Download Signed Windows Binaries - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: cf-cli-windows-packages @@ -1008,7 +1008,7 @@ jobs: - s3-upload steps: - name: Download signed artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: final-artifacts path: ${{ env.ARTIFACTS_DIR }} diff --git a/.github/workflows/release-update-repos.yml b/.github/workflows/release-update-repos.yml index ea7daf1eb50..3cef9815235 100644 --- a/.github/workflows/release-update-repos.yml +++ b/.github/workflows/release-update-repos.yml @@ -385,7 +385,7 @@ jobs: # ls -R # # - name: Backup current Linux RPM repodata - # uses: actions/upload-artifact@v4 + # uses: actions/upload-artifact@v5 # with: # if-no-files-found: error # name: cf-cli-linux-rpm-repodata-backup @@ -428,7 +428,7 @@ jobs: run: ls -R - name: Store Linux RPM repodata - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: if-no-files-found: error name: cf-cli-linux-rpm-repodata diff --git a/.github/workflows/util-code-quality.yml b/.github/workflows/util-code-quality.yml index b18b7ee5f47..f9079296c26 100644 --- a/.github/workflows/util-code-quality.yml +++ b/.github/workflows/util-code-quality.yml @@ -25,15 +25,15 @@ jobs: uses: actions/checkout@v5 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: go config-file: ./.github/codeql/codeql-config.yml - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # vim: set sw=2 ts=2 sts=2 et tw=78 foldlevel=2 fdm=indent nospell: