Bump the actions group with 4 updates

[dependabot]

Bumps the actions group with 4 updates: docker/metadata-action, aquasecurity/trivy-action, actions/setup-go and anchore/sbom-action.

Updates docker/metadata-action from 5.2.0 to 5.3.0

Release notes

Sourced from docker/metadata-action's releases.

v5.3.0

• Bump @​docker/actions-toolkit from 0.14.0 to 0.15.0 in docker/metadata-action#363 (fixes #362)

Full Changelog: docker/metadata-action@v5.2.0...v5.3.0

Commits

• 31cebac Merge pull request #363 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 394bbab chore: update generated content
• ee4c905 chore(deps): Bump @​docker/actions-toolkit from 0.14.0 to 0.15.0
• See full diff in compare view

Updates aquasecurity/trivy-action from 0.14.0 to 0.15.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.15.0

What's Changed

• feature(config): add terraform variable files by @​kderck in aquasecurity/trivy-action#285

Full Changelog: aquasecurity/trivy-action@0.14.0...0.15.0

Commits

• 22d2755 feature(config): add terraform variable files (#285)
• See full diff in compare view

Updates actions/setup-go from 4.1.0 to 5.0.0

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

• Fix hosted tool cache usage on windows by @​galargh in actions/setup-go#411
• Improve documentation regarding dependencies caching by @​artemgavrilov in actions/setup-go#417

New Contributors

• @​galargh made their first contribution in actions/setup-go#411
• @​artemgavrilov made their first contribution in actions/setup-go#417
• @​chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: actions/setup-go@v4...v5.0.0

Commits

• 0c52d54 Update dependencies for node20 (#445)
• bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
• 3d65fa5 feat: bump to use actions/checkout@v4
• 8a505c9 feat: bump to use node20 runtime
• 883490d Merge pull request #417 from artemgavrilov/main
• d45ebba Rephrase sentence
• 317c661 Replace wildcards term with globs.
• f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
• 8018234 Improve documentation regarding dependencies cachin
• d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.15.0 to 0.15.1

Release notes

Sourced from anchore/sbom-action's releases.

v0.15.1

Changes in v0.15.1

• chore(deps): update Syft to v0.98.0 (#431) [anchore-actions-token-generator]
• Add config input (#430) [eyakubovich]
• chore: pin and upgrade gh actions (#429) [willmurphyscode]

Commits

• 5ecf649 chore(deps): update Syft to v0.98.0 (#431)
• a4126e6 Add config input (#430)
• 9d0277c chore: pin and upgrade gh actions (#429)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (7a4e579) 52.14% compared to head (9be9e89) 52.15%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4760      +/-   ##
==========================================
+ Coverage   52.14%   52.15%   +0.01%     
==========================================
  Files          59       59              
  Lines       17083    17083              
==========================================
+ Hits         8908     8910       +2     
+ Misses       7875     7873       -2     
  Partials      300      300              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.