From 1967add7ac74220f40e42fa04e98404815866424 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 11:05:59 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 6 updates Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `5` | `6` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.1` | `9.3.0` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `cf5c088a69634cd13ccddc735d7926162c31f9a6` | `c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8` | Updates `actions/cache` from 5 to 6 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v5...v6) Updates `golangci/golangci-lint-action` from 9.2.1 to 9.3.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v9.2.1...v9.3.0) Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a) Updates `github/codeql-action/init` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a) Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a) Updates `aquasecurity/trivy-action` from cf5c088a69634cd13ccddc735d7926162c31f9a6 to c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/cf5c088a69634cd13ccddc735d7926162c31f9a6...c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action/init dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 4 ++-- .github/workflows/lint.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/security.yaml | 10 +++++----- .github/workflows/test.yaml | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5950556..736645e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,13 +26,13 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go build cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-release-go-build-${{ hashFiles('**/go.sum') }} - name: Go mod cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a1cc24a..fc724e1 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -31,6 +31,6 @@ jobs: with: go-version-file: "go.mod" - name: golangci-lint - uses: golangci/golangci-lint-action@v9.2.1 + uses: golangci/golangci-lint-action@v9.3.0 with: version: v2.11.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8d09dbc..0d4fdf9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,6 +41,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 0039173..849823c 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -39,12 +39,12 @@ jobs: go-version-file: "go.mod" - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:go" @@ -82,14 +82,14 @@ jobs: echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner (table output for logs) - uses: aquasecurity/trivy-action@cf5c088a69634cd13ccddc735d7926162c31f9a6 # v0.34.2 + uses: aquasecurity/trivy-action@c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "table" severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Run Trivy vulnerability scanner (SARIF output for GitHub) - uses: aquasecurity/trivy-action@cf5c088a69634cd13ccddc735d7926162c31f9a6 # v0.34.2 + uses: aquasecurity/trivy-action@c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "sarif" @@ -97,7 +97,7 @@ jobs: severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: "trivy-results.sarif" category: "Trivy" diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b1defd9..a577d38 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,13 +45,13 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go Build Cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }} - name: Go Mod Cache - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}