Bump the actions group across 1 directory with 8 updates

[dependabot[bot]]

Bumps the actions group with 8 updates in the / directory:

Package	From	To
actions/checkout	3	4
actions/setup-go	5.0.1	5.0.2
actions/upload-artifact	4.3.3	4.4.0
actions/download-artifact	4.1.7	4.1.8
docker/setup-buildx-action	2.8.0	3.6.1
aquasecurity/trivy-action	0.22.0	0.24.0
mindsers/changelog-reader-action	2.2.2	2.2.3
coverallsapp/github-action	2.2.1	2.3.0

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Commits

• 692973e Prepare 4.1.7 release (#1775)
• 6ccd57f Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
• b17fe1e Handle hidden refs (#1774)
• b80ff79 Bump actions/checkout from 3 to 4 (#1697)
• b1ec302 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
• a5ac7e5 Update for 4.1.6 release (#1733)
• 24ed1a3 Check platform for extension (#1732)
• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• Additional commits viewable in compare view

Updates actions/setup-go from 5.0.1 to 5.0.2

Release notes

Sourced from actions/setup-go's releases.

v5.0.2

What's Changed

Bug fixes:

• Fix versions check failure by @​HarithaVattikuti in actions/setup-go#479

Dependency updates:

• Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @​dependabot in actions/setup-go#487

New Contributors

• @​HarithaVattikuti made their first contribution in actions/setup-go#479

Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.0.2

Commits

• 0a12ed9 Bump braces from 3.0.2 to 3.0.3 (#487)
• 4ab57d7 Fix versions check failure (#479)
• See full diff in compare view

Updates actions/upload-artifact from 4.3.3 to 4.4.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.0

Notice: Breaking Changes :warning:

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

• Exclude hidden files by default by @​joshmgross in actions/upload-artifact#598

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0

v4.3.6

What's Changed

• Revert to @​actions/artifact 2.1.8 by @​robherley in actions/upload-artifact#594

Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.3.6

v4.3.5

What's Changed

• Bump @​actions/artifact to v2.1.9 by @​robherley in actions/upload-artifact#588
  • Fixed artifact upload chunk timeout logic #1774
  • Use lazy stream to prevent issues with open file limits #1771

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5

v4.3.4

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in actions/upload-artifact#584

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4

Commits

• 5076954 Merge pull request #598 from actions/joshmgross/exclude-hidden-files
• d52396a Add a warning about enabling include-hidden-files
• 710f362 Remove "merged" from include-hidden-files input description
• 3b315f2 npm run release again 🙂
• 3be2180 Remove another trailing comma
• 453e8d0 Update glob license
• 0a398c1 npm run release
• a0c40cf Update to latest @actions/glob and fix tests
• acb59e4 lint
• cb6558b Exclude hidden files by default
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.1.7 to 4.1.8

Release notes

Sourced from actions/download-artifact's releases.

v4.1.8

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in actions/download-artifact#341

Full Changelog: https://github.com/actions/download-artifact/compare/v4...v4.1.8

Commits

• fa0a91b Merge pull request #341 from actions/robherley/bump-pkgs
• b54d088 Update @​actions/artifact version, bump dependencies
• See full diff in compare view

Updates docker/setup-buildx-action from 2.8.0 to 3.6.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.6.1

• Check for malformed docker context by @​crazy-max in docker/setup-buildx-action#347

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1

v3.6.0

• Create temp docker context if default one has TLS data loaded before creating a container builder by @​crazy-max in docker/setup-buildx-action#341

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0

v3.5.0

• Bump @​docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-buildx-action#340 docker/setup-buildx-action#344 docker/setup-buildx-action#345

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0

v3.4.0

• Throw error message instead of exit code by @​crazy-max in docker/setup-buildx-action#315
• Bump @​docker/actions-toolkit from 0.20.0 to 0.31.0 in docker/setup-buildx-action#321 docker/setup-buildx-action#338
• Bump braces from 3.0.2 to 3.0.3 in docker/setup-buildx-action#329
• Bump undici from 5.28.3 to 5.28.4 in docker/setup-buildx-action#312
• Bump uuid from 9.0.1 to 10.0.0 in docker/setup-buildx-action#326

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.3.0...v3.4.0

v3.3.0

• Bump @​docker/actions-toolkit from 0.19.0 to 0.20.0 by @​crazy-max in docker/setup-buildx-action#307

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.2.0...v3.3.0

v3.2.0

• Rename and align config inputs by @​crazy-max in docker/setup-buildx-action#303
  • config to buildkitd-config
  • config-inline to buildkitd-config-inline
• Bump @​docker/actions-toolkit from 0.17.0 to 0.19.0 in docker/setup-buildx-action#302 docker/setup-buildx-action#306

[!NOTE] config and config-inline input names are deprecated and will be removed in next major release.

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.1.0...v3.2.0

v3.1.0

• cache-binary input to enable/disable caching binary to GHA cache backend by @​crazy-max in docker/setup-buildx-action#300
• build(deps): bump @​babel/traverse from 7.17.3 to 7.23.2 in docker/setup-buildx-action#282
• build(deps): bump @​docker/actions-toolkit from 0.12.0 to 0.17.0 in docker/setup-buildx-action#281 docker/setup-buildx-action#284 docker/setup-buildx-action#299
• build(deps): bump uuid from 9.0.0 to 9.0.1 in docker/setup-buildx-action#271
• build(deps): bump undici from 5.26.3 to 5.28.3 in docker/setup-buildx-action#297

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0

v3.0.0

... (truncated)

Commits

• 988b5a0 Merge pull request #347 from crazy-max/skip-malformed-context
• 2c21562 chore: update generated content
• 3382292 check for malformed docker context
• 3d68780 Merge pull request #341 from crazy-max/docker-context-tls
• d069e98 chore: update generated content
• 8b850f8 create docker context if default one has TLS data loaded
• aa33708 Merge pull request #345 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 2d99e34 chore: update generated content
• 4dab436 build(deps): bump @​docker/actions-toolkit from 0.34.0 to 0.35.0
• 49a04d6 Merge pull request #344 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.22.0 to 0.24.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.24.0

What's Changed

• Upgrade trivy to v0.53.0 by @​Dr-DevOps in aquasecurity/trivy-action#369

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0

v0.23.0

What's Changed

• Upgrade trivy to v0.52.2 by @​Dr-DevOps in aquasecurity/trivy-action#367

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.23.0

Commits

• 6e7b7d1 Upgrade trivy to v0.53.0 (#369)
• 7c2007b Upgrade trivy to v0.52.2 (#367)
• See full diff in compare view

Updates mindsers/changelog-reader-action from 2.2.2 to 2.2.3

Release notes

Sourced from mindsers/changelog-reader-action's releases.

v2.2.3

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

Changelog

Sourced from mindsers/changelog-reader-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[2.2.3] - 2024-03-10

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

[2.2.2] - 2022-11-23

Fixed

• Upgrade dependencies to solve deprecation issues.

[2.2.1] - 2022-11-10

Fixed

• Change node engine for a non-deprecated version.

[2.2.0] - 2022-09-01

Changed

• Allow more section types into prerelease versions. #67

Fixed

• Change the links' syntax to make them correctly recognized by GitHub.

[2.1.1] - 2022-07-03

Fixed

• The action was returning empty data since the last version. Now correctly returns selected entries data.

[2.1.0] - 2022-06-14

Added

• Introduced changelog validation to help keep the release version in line with Semantic Versioning

... (truncated)

Commits

• 32aa5b4 Version bump to 2.2.3
• d80ff88 Rebuild the project
• 3749b1e Fix package command for node v20
• ebbb2a5 Fix tests on addLinks method
• 64ff230 Upgrade deps
• 1d532b4 Merge pull request #81 from mrks115/patch-1
• cc042cc dependencies: bump node to v20
• d8f4048 Merge branch 'develop'
• 3027c3a Merge pull request #76 from mindsers/develop
• See full diff in compare view

Updates coverallsapp/github-action from 2.2.1 to 2.3.0

Release notes

Sourced from coverallsapp/github-action's releases.

v2.3.0

What's Changed

• Set default values as strings per GH Action requirements by @​littleforest in coverallsapp/github-action#204
• Allow pinning of coverage reporter version by @​littleforest in coverallsapp/github-action#208

New Contributors

• @​littleforest made their first contribution in coverallsapp/github-action#204

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.2.3...v2.3.0

v2.2.3

No release notes provided.

v2.2.2

No release notes provided.

Commits

• 643bc37 Allow pinning of coverage reporter version (#208)
• 1064f6c Set default values as strings per GH Action requirements (#204)
• c203f01 Update README.md
• 3dfc556 fix: don't fail if bin directory exists on windows (#189)
• 3b7078e feat: use pwsh for windows runner (#188)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.