From 4ca743c321808d2449c8e65aac7cd149ff38dc9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Mar 2025 20:47:02 +0000 Subject: [PATCH] build(deps): bump the github-actions group with 4 updates Bumps the github-actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [github/codeql-action](https://github.com/github/codeql-action), [actions/cache](https://github.com/actions/cache) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `actions/setup-go` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/f111f3307d8850f501ac008e886eec1fd1932a34...0aaccfd150d50ccaeb58ebd88d36e91967a5f35b) Updates `github/codeql-action` from 3.28.11 to 3.28.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6bb031afdd8eb862ea3fc1848194185e076637e5...5f8171a638ada777af81d42b55959a643bb29017) Updates `actions/cache` from 4.2.2 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684) Updates `golangci/golangci-lint-action` from 6.5.1 to 6.5.2 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/4696ba8babb6127d732c3c6dde519db15edab9ea...55c2c1448f86e01eaae002a5a3a9624417608d84) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/lib-build.yaml | 2 +- .github/workflows/lib-codeql.yaml | 6 +++--- .github/workflows/lib-publish.yaml | 6 +++--- .github/workflows/lib-scorecard.yaml | 2 +- .github/workflows/lib-validate.yaml | 8 ++++---- .github/workflows/trivy-periodic.yaml | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml index caadebd01..dfc1d263b 100644 --- a/.github/workflows/lib-build.yaml +++ b/.github/workflows/lib-build.yaml @@ -39,7 +39,7 @@ jobs: builder: [buildah, docker] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml index 78f593a0d..086fd7789 100644 --- a/.github/workflows/lib-codeql.yaml +++ b/.github/workflows/lib-codeql.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true @@ -29,11 +29,11 @@ jobs: sudo apt-get update sudo apt-get install -y libze1 libze-dev - name: Initialize CodeQL - uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3 + uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3 with: languages: 'go' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3 + uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3 with: category: "/language:go" diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index d5df60138..739e44a33 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -29,7 +29,7 @@ jobs: sudo systemctl stop clamav-freshclam.service sudo freshclam - name: Cache clamav databases - uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 + uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: /var/lib/clamav key: clamav-${{ github.run_id }} @@ -59,7 +59,7 @@ jobs: - intel-xpumanager-sidecar steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true @@ -80,7 +80,7 @@ jobs: sudo mkdir -p /var/lib/clamav sudo chmod a+rwx /var/lib/clamav - name: Retrieve AV database - uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 + uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: /var/lib/clamav key: clamav-${{ github.run_id }} diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml index 7e99c4660..5c769a991 100644 --- a/.github/workflows/lib-scorecard.yaml +++ b/.github/workflows/lib-scorecard.yaml @@ -26,6 +26,6 @@ jobs: results_format: sarif publish_results: true - name: "Upload results to security" - uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3 + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/lib-validate.yaml b/.github/workflows/lib-validate.yaml index 36ae8b476..2c5c95f92 100644 --- a/.github/workflows/lib-validate.yaml +++ b/.github/workflows/lib-validate.yaml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true @@ -44,7 +44,7 @@ jobs: sudo apt-get update sudo apt-get install -y libze1 libze-dev - name: golangci-lint - uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6 + uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6 with: version: v1.64.5 args: -v --timeout 5m @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true @@ -82,7 +82,7 @@ jobs: - 1.32.x steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version-file: go.mod check-latest: true diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml index 5ddc1680f..ff60fd08a 100644 --- a/.github/workflows/trivy-periodic.yaml +++ b/.github/workflows/trivy-periodic.yaml @@ -31,6 +31,6 @@ jobs: format: sarif output: trivy-report.sarif - name: Upload sarif report to GitHub Security tab - uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3 + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3 with: sarif_file: trivy-report.sarif