New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Bump the github-actions group with 6 updates #3857
🌱 Bump the github-actions group with 6 updates #3857
Conversation
Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.6.1` | `2.7.0` | | [nick-invision/retry](https://github.com/nick-invision/retry) | `2.9.0` | `3.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.5` | `4.0.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.3.0` | `3.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.0` | `4.3.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.1` | `4.1.2` | Updates `step-security/harden-runner` from 2.6.1 to 2.7.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@eb238b5...63c24ba) Updates `nick-invision/retry` from 2.9.0 to 3.0.0 - [Release notes](https://github.com/nick-invision/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](nick-fields/retry@1467290...7152eba) Updates `codecov/codecov-action` from 3.1.5 to 4.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@4fe8c5f...e0b68c6) Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) Updates `actions/upload-artifact` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) Updates `actions/download-artifact` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@6b208ae...eaceaf8) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nick-invision/retry dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # 4.0.1 | ||
with: | ||
files: ./unit-coverage.out | ||
verbose: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems like we'll need to deal with a token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/ossf/scorecard/actions/runs/7805848954/job/21290943573?pr=3857#step:10:53
Error: Codecov token not found. Please provide Codecov token with -t flag.
(although the docs say to pass it as an action parameter or env var
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, it's complicated by the fact that we run this in a pull_request
trigger, which doesn't have access to secrets.
@dependabot ignore codecov/codecov-action minor version |
OK, I won't notify you about version 4.0.x of codecov/codecov-action again, unless you unignore it. |
Superseded by #3860. |
Bumps the github-actions group with 6 updates:
2.6.1
2.7.0
2.9.0
3.0.0
3.1.5
4.0.1
3.3.0
3.4.0
4.3.0
4.3.1
4.1.1
4.1.2
Updates
step-security/harden-runner
from 2.6.1 to 2.7.0Release notes
Sourced from step-security/harden-runner's releases.
Commits
63c24ba
Merge pull request #376 from step-security/rc-795691d3
Update dist6339621
Update to node204a63cda
Add tls-inspection capability (#368)dece111
Merge pull request #372 from step-security/readme-update1952f97
Updates32f00ff
Update README.mdea8b747
Publish test results (#363)c0db65e
Merge pull request #359 from step-security/dependabot/github_actions/actions/...4151c05
Merge pull request #361 from step-security/dependabot/github_actions/step-sec...Updates
nick-invision/retry
from 2.9.0 to 3.0.0Release notes
Sourced from nick-invision/retry's releases.
Commits
7152eba
Upgrade to Node 20 (#126)Updates
codecov/codecov-action
from 3.1.5 to 4.0.1Release notes
Sourced from codecov/codecov-action's releases.
... (truncated)
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
e0b68c6
fix: show both token uses in readme (#1250)1f9f557
Add all args (#1245)09686fc
Update README.md (#1243)f30e495
fix: update action.yml (#1240)a7b945c
fix: allow for other archs (#1239)98ab2c5
Update package.json (#1238)43235cc
Update README.md (#1237)0cf8684
chore(ci): bump to node20 (#1236)8e1e730
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 6.19.1 to 6.20.0 ...61293af
build(deps-dev): bump@typescript-eslint/parser
from 6.19.1 to 6.20.0 (#1235)Updates
sigstore/cosign-installer
from 3.3.0 to 3.4.0Release notes
Sourced from sigstore/cosign-installer's releases.
Commits
e1523de
default cosign install to release v2.2.3 (#156)b18d21a
Use examples that work with multiple tags (#155)Updates
actions/upload-artifact
from 4.3.0 to 4.3.1Release notes
Sourced from actions/upload-artifact's releases.
Commits
5d5d22a
Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1f1e993d
update artifact license4881bfd
updating dist:a30777e
@eggyhead
3a80482
Merge pull request #511 from actions/robherley/migration-docs-typo9d63e3f
Merge branch 'main' into robherley/migration-docs-typodfa1ab2
fix typo with v3 artifact downloads in migration guided00351b
Merge pull request #509 from markmssd/patch-1707f5a7
Update limitation of10
artifacts upload to500
Updates
actions/download-artifact
from 4.1.1 to 4.1.2Release notes
Sourced from actions/download-artifact's releases.
Commits
eaceaf8
Merge pull request #291 from actions/eggyhead/update-artifact-v2.1.181eafdc
update artifact license9ac5cad
updating artifact dependency to version 2.1.13ad8411
Merge pull request #287 from actions/robherley/sync-migration-docs1de4643
Sync migration docs with upload-artifactbb3fa7f
Merge pull request #275 from actions/robherley/better-log-msgsa244de5
ncc355659b
clarify log messages when using pattern/merge-multiple paramsMost Recent Ignore Conditions Applied to This Pull Request
You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions