From 6f49a72fd6818af5ab92264ae8c5032926c2f35b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 04:35:21 +0000 Subject: [PATCH] build(deps): bump the actions-production-dependencies group across 1 directory with 5 updates Bumps the actions-production-dependencies group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.18.0` | | [fossas/fossa-action](https://github.com/fossas/fossa-action) | `1.5.0` | `1.7.0` | | [gradle/actions](https://github.com/gradle/actions) | `4.3.0` | `4.4.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.12` | `3.28.18` | Updates `docker/build-push-action` from 6.15.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.15.0...v6.18.0) Updates `fossas/fossa-action` from 1.5.0 to 1.7.0 - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](https://github.com/fossas/fossa-action/compare/93a52ecf7c3ac7eb40f5de77fd69b1a19524de94...3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac) Updates `gradle/actions` from 4.3.0 to 4.4.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/v4.3.0...v4.4.0) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde) Updates `github/codeql-action` from 3.28.12 to 3.28.18 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5f8171a638ada777af81d42b55959a643bb29017...ff0a06e83cb2de871e5a09832bc6a81e7276941f) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-production-dependencies - dependency-name: fossas/fossa-action dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-production-dependencies - dependency-name: gradle/actions dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-production-dependencies - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-production-dependencies - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/component-build-images.yml | 2 +- .github/workflows/fossa.yml | 2 +- .github/workflows/gradle-wrapper-validation.yml | 2 +- .github/workflows/ossf-scorecard.yml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/component-build-images.yml b/.github/workflows/component-build-images.yml index 5d401187..9a2acd17 100644 --- a/.github/workflows/component-build-images.yml +++ b/.github/workflows/component-build-images.yml @@ -189,7 +189,7 @@ jobs: max-parallelism = 2 - name: Matrix Build and push demo images if: steps.check_changes.outputs.skip == 'false' - uses: docker/build-push-action@v6.15.0 + uses: docker/build-push-action@v6.18.0 with: context: ${{ matrix.file_tag.context }} file: ${{ matrix.file_tag.file }} diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 94c65fd8..567ecc6c 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -17,7 +17,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: fossas/fossa-action@93a52ecf7c3ac7eb40f5de77fd69b1a19524de94 # v1.5.0 + - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: api-key: ${{secrets.FOSSA_API_KEY}} team: OpenTelemetry diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 13fc3b57..bfb60327 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -15,4 +15,4 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: gradle/actions/wrapper-validation@v4.3.0 + - uses: gradle/actions/wrapper-validation@v4.4.2 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index c1527f2c..019c4128 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -26,7 +26,7 @@ jobs: with: persist-credentials: false - - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.7 with: sarif_file: results.sarif