Update github-actions#491
Conversation
gardener-ci-robot
requested review from
holgerkoser and
petersutter
as code owners
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
gardener-prow
Bot
added
cla: yes
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
from
08de0ba to
0788406
Compare
gardener-prow
Bot
added
cla: no
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
264eb91 to
aa5dacf
Compare
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
from
aa5dacf to
1074d98
Compare
|
LGTM label has been added. DetailsGit tree hash: e97efe8914983b8bc332dfc17b8f9872c3a4128f |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: petersutter The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
gardener-prow
Bot
added
the
approved
2 participants
This PR contains the following updates:
v1.24.1→1.25.2v0.5.3→v0.5.6Release Notes
zizmorcore/zizmor (ghcr.io/zizmorcore/zizmor)
v1.25.2Compare Source
Bug Fixes 🐛🔗
v1.25.0Compare Source
New Features 🌈🔗
zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)
Many thanks to @Proximyst for proposing and implementing this improvement!
New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)
New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)
zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)
zizmor's LSP now honors the --persona flag on the CLI (#1943)
zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)
Enhancements🔗
Recommend gh issue edit --add-label / gh pr edit --add-label as a replacement for actions-ecosystem/action-add-labels in superfluous-actions
Recommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for actions-ecosystem/action-remove-labels in superfluous-actions
Recommend jq as a replacement for sergeysova/jq-action in superfluous-actions
Recommend git add, git commit, and git push as a replacement for stefanzweifel/git-auto-commit-action in superfluous-actions
Recommend git add, git commit, and git push as a replacement for EndBug/add-and-commit in superfluous-actions
tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)
The [dangerous-triggers] audit now explicitly exempts workflows that only invoke actions/labeler (#1956)
The unpinned-images audit now detects unpinned image references in Docker-based action definitions (#1965)
zizmor's SARIF output now provides slightly more detailed finding messages (#1972)
The archived-uses audit now detects more archived actions (#1978)
deno is now recognized as a package-ecosystem in dependabot.yml (#1991)
Performance Improvements 🚄🔗
The impostor-commit audit is now significantly faster (in addition to being more correct) when the user has pinned their action to a tag SHA instead of a commit SHA (#1998)
Bug Fixes 🐛🔗
Fixed a crash in the template-injection audit when a workflow uses a parenthesized compound expression in context position (#1904)
Fixed a bug where local directory input collection could miss workflows for relative-path invocations from within .github subdirectories (#1909)
Fixed a bug where the unpinned-images audit would miss images defined in container:![]()
clauses (#1944)
Fixed a bug where inline ignore comments could not be easily applied to superfluous-actions findings (#1945)
Fixed a bug where the cache-poisoning audit would fail to detect some release trigger patterns (#1946)
Fixed a bug where inline ignore comments could not be easily applied to cache-poisoning findings (#1962)
Fixed a class of imprecisions where the cache-poisoning audit would incorrectly flag cache usage that doesn't actually occur on release events (#1940)
Many thanks to @reubenwong97 for implementing this fix!
Fixed a bug where dependabot.yml files containing a private cargo repository couldn't be parsed (#1976)
Fixed a bug where zizmor's input validation warnings lacked a mention of which files failed to validate (#1980)
Fixed a bug where the impostor-commit audit would falsely indicate impostor commits if an action was pinned to a tag SHA instead of a commit SHA (#1998)
zizmorcore/zizmor-action (zizmorcore/zizmor-action)
v0.5.6Compare Source
v0.5.5Compare Source
This is a no-op release.
v0.5.4Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.