From 40f7e38793fc4e036fc88a0943d9f3ce09b24278 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 May 2025 09:25:24 +0000 Subject: [PATCH] chore(deps): bump the ci group with 5 updates Bumps the ci group with 5 updates: | Package | From | To | | --- | --- | --- | | [blackduck-inc/black-duck-security-scan](https://github.com/blackduck-inc/black-duck-security-scan) | `2.0.0` | `2.1.1` | | [dcarbone/install-jq-action](https://github.com/dcarbone/install-jq-action) | `3.0.1` | `3.1.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.18.0` | `0.19.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.0` | `3.8.2` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.1.0` | `6.3.0` | Updates `blackduck-inc/black-duck-security-scan` from 2.0.0 to 2.1.1 - [Release notes](https://github.com/blackduck-inc/black-duck-security-scan/releases) - [Changelog](https://github.com/blackduck-inc/black-duck-security-scan/blob/main/releasesrc) - [Commits](https://github.com/blackduck-inc/black-duck-security-scan/compare/805cbd09e806b01907bbea0f990723c2bb85abe9...6ee400ee2502a366bdff13cddae76bbde804fd20) Updates `dcarbone/install-jq-action` from 3.0.1 to 3.1.1 - [Release notes](https://github.com/dcarbone/install-jq-action/releases) - [Commits](https://github.com/dcarbone/install-jq-action/compare/e397bd87438d72198f81efd21f876461183d383a...f0e10f46ff84f4d32178b4b76e1ef180b16f82c3) Updates `anchore/sbom-action` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/f325610c9f50a54015d37c8d16cb3b0e2c8f4de0...9f7302141466aa6482940f15371237e9d9f4c34a) Updates `sigstore/cosign-installer` from 3.8.0 to 3.8.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c56c2d3e59e4281cc41dea2217323ba5694b171e...3454372f43399081ed03b604cb2d021dabca52bb) Updates `goreleaser/goreleaser-action` from 6.1.0 to 6.3.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/9ed2f89a662bf1735a48bc8557fd212fa902bebf...9c156ee8a17a598857849441385a2041ef570552) --- updated-dependencies: - dependency-name: blackduck-inc/black-duck-security-scan dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: dcarbone/install-jq-action dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 3.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/blackduck_scan_scheduled.yaml | 2 +- .github/workflows/mend_scan.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml index 78ac406..c4ff387 100644 --- a/.github/workflows/blackduck_scan_scheduled.yaml +++ b/.github/workflows/blackduck_scan_scheduled.yaml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v4 - name: Blackduck Full Scan - uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 + uses: blackduck-inc/black-duck-security-scan@6ee400ee2502a366bdff13cddae76bbde804fd20 env: DETECT_PROJECT_USER_GROUPS: opencomponentmodel DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml index afb5102..a399cb8 100644 --- a/.github/workflows/mend_scan.yaml +++ b/.github/workflows/mend_scan.yaml @@ -41,7 +41,7 @@ jobs: go-version-file: '${{ github.workspace }}/go.mod' - name: 'Setup jq' - uses: dcarbone/install-jq-action@e397bd87438d72198f81efd21f876461183d383a + uses: dcarbone/install-jq-action@f0e10f46ff84f4d32178b4b76e1ef180b16f82c3 with: version: '1.7' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 868de8c..a13c1bc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -98,11 +98,11 @@ jobs: mkdir -p output kustomize build ./config/default > ./output/install.yaml - name: Setup Syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + uses: anchore/sbom-action/download-syft@9f7302141466aa6482940f15371237e9d9f4c34a # v0.19.0 - name: Setup Cosign - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e + uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb - name: Run goreleaser - uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf + uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 with: distribution: goreleaser version: latest