bitwarden-bot
commented
7 months ago 
Checkmarx One – Scan Summary & Details – ca225f66-67bb-4099-981e-f729d8509eaf
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
 |
Using Platform Flag with FROM Command | /Dockerfile: [37](https://github.com/bitwarden/self-host/blob/renovate/gh-minor//docker-unified/Dockerfile# L37) |
|
Using Platform Flag with FROM Command | /Dockerfile: [5](https://github.com/bitwarden/self-host/blob/renovate/gh-minor//docker-unified/Dockerfile# L5) |
This PR contains the following updates:
v1.4.7->v1.6.0v2.0.0->v2.1.0v4.1.1->v4.1.7v6.0.0->v6.1.0v5.1.0->v5.4.0v3.0.0->v3.3.0v3.0.0->v3.1.0Release Notes
Azure/login (Azure/login)
### [`v1.6.0`](https://togithub.com/Azure/login/releases/tag/v1.6.0): Azure Login Action v1.6.0 [Compare Source](https://togithub.com/Azure/login/compare/v1.5.1...v1.6.0) - Added `pre:` and `post:` action for cleaning up ([#384](https://togithub.com/Azure/login/issues/384)) ### [`v1.5.1`](https://togithub.com/Azure/login/releases/tag/v1.5.1): Azure Login Action v1.5.1 [Compare Source](https://togithub.com/Azure/login/compare/v1.5.0...v1.5.1) - Fixed [#371](https://togithub.com/Azure/login/issues/371): Allow optional `subscriptionId` in `creds` ([#373](https://togithub.com/Azure/login/issues/373)) - Cleaned accounts before login ([#376](https://togithub.com/Azure/login/issues/376), [#377](https://togithub.com/Azure/login/issues/377)) - Updated actions-secret-parser from 1.0.2 to 1.0.4 ([#378](https://togithub.com/Azure/login/issues/378)) ### [`v1.5.0`](https://togithub.com/Azure/login/releases/tag/v1.5.0): Azure Login Action v1.5.0 [Compare Source](https://togithub.com/Azure/login/compare/v1.4.7...v1.5.0) - Updated the versions of dependencies. - Supported passwords to start with hyphen(-). - Enabled OIDC for sovereign clouds. - Supported Managed Identity Login.act10ns/slack (act10ns/slack)
### [`v2.1.0`](https://togithub.com/act10ns/slack/releases/tag/v2.1.0) [Compare Source](https://togithub.com/act10ns/slack/compare/v2.0.0...v2.1.0) ##### What's Changed - Bump decode-uri-component from 0.2.0 to 0.2.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/act10ns/slack/pull/255](https://togithub.com/act10ns/slack/pull/255) - Drop confused warning about secret by [@pftg](https://togithub.com/pftg) in [https://github.com/act10ns/slack/pull/260](https://togithub.com/act10ns/slack/pull/260) - Doc: Migrate to v2 by [@sue445](https://togithub.com/sue445) in [https://github.com/act10ns/slack/pull/269](https://togithub.com/act10ns/slack/pull/269) - Add matrix input by [@sue445](https://togithub.com/sue445) in [https://github.com/act10ns/slack/pull/268](https://togithub.com/act10ns/slack/pull/268) - Quote workflow names to fix workflows containing spaces by [@Jamesking56](https://togithub.com/Jamesking56) in [https://github.com/act10ns/slack/pull/271](https://togithub.com/act10ns/slack/pull/271) - Bump node to version 20 by [@satterly](https://togithub.com/satterly) in [https://github.com/act10ns/slack/pull/273](https://togithub.com/act10ns/slack/pull/273) ##### New Contributors - [@pftg](https://togithub.com/pftg) made their first contribution in [https://github.com/act10ns/slack/pull/260](https://togithub.com/act10ns/slack/pull/260) - [@sue445](https://togithub.com/sue445) made their first contribution in [https://github.com/act10ns/slack/pull/269](https://togithub.com/act10ns/slack/pull/269) - [@Jamesking56](https://togithub.com/Jamesking56) made their first contribution in [https://github.com/act10ns/slack/pull/271](https://togithub.com/act10ns/slack/pull/271) **Full Changelog**: https://github.com/act10ns/slack/compare/v2.0.0...v2.1.0actions/checkout (actions/checkout)
### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)crazy-max/ghaction-import-gpg (crazy-max/ghaction-import-gpg)
### [`v6.1.0`](https://togithub.com/crazy-max/ghaction-import-gpg/releases/tag/v6.1.0) [Compare Source](https://togithub.com/crazy-max/ghaction-import-gpg/compare/v6.0.0...v6.1.0) - Bump [@actions/core](https://togithub.com/actions/core) from 1.10.0 to 1.10.1 in [https://github.com/crazy-max/ghaction-import-gpg/pull/186](https://togithub.com/crazy-max/ghaction-import-gpg/pull/186) - Bump [@babel/traverse](https://togithub.com/babel/traverse) from 7.17.3 to 7.23.2 in [https://github.com/crazy-max/ghaction-import-gpg/pull/191](https://togithub.com/crazy-max/ghaction-import-gpg/pull/191) - Bump debug from 4.1.1 to 4.3.4 in [https://github.com/crazy-max/ghaction-import-gpg/pull/190](https://togithub.com/crazy-max/ghaction-import-gpg/pull/190) - Bump openpgp from 5.10.1 to 5.11.0 in [https://github.com/crazy-max/ghaction-import-gpg/pull/192](https://togithub.com/crazy-max/ghaction-import-gpg/pull/192) **Full Changelog**: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.0.0...v6.1.0docker/build-push-action (docker/build-push-action)
### [`v5.4.0`](https://togithub.com/docker/build-push-action/compare/v5.3.0...v5.4.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v5.3.0...v5.4.0) ### [`v5.3.0`](https://togithub.com/docker/build-push-action/releases/tag/v5.3.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v5.2.0...v5.3.0) - Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.18.0 to 0.19.0 in [https://github.com/docker/build-push-action/pull/1080](https://togithub.com/docker/build-push-action/pull/1080) **Full Changelog**: https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0 ### [`v5.2.0`](https://togithub.com/docker/build-push-action/releases/tag/v5.2.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v5.1.0...v5.2.0) - Disable quotes detection for `outputs` input by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/1074](https://togithub.com/docker/build-push-action/pull/1074) - Warn about ignored inputs by [@favonia](https://togithub.com/favonia) in [https://github.com/docker/build-push-action/pull/1019](https://togithub.com/docker/build-push-action/pull/1019) - Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.14.0 to 0.18.0 in [https://github.com/docker/build-push-action/pull/1070](https://togithub.com/docker/build-push-action/pull/1070) - Bump undici from 5.26.3 to 5.28.3 in [https://github.com/docker/build-push-action/pull/1057](https://togithub.com/docker/build-push-action/pull/1057) **Full Changelog**: https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0docker/setup-buildx-action (docker/setup-buildx-action)
### [`v3.3.0`](https://togithub.com/docker/setup-buildx-action/compare/v3.2.0...v3.3.0) [Compare Source](https://togithub.com/docker/setup-buildx-action/compare/v3.2.0...v3.3.0) ### [`v3.2.0`](https://togithub.com/docker/setup-buildx-action/releases/tag/v3.2.0) [Compare Source](https://togithub.com/docker/setup-buildx-action/compare/v3.1.0...v3.2.0) - Rename and align config inputs by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/setup-buildx-action/pull/303](https://togithub.com/docker/setup-buildx-action/pull/303) - `config` to `buildkitd-config` - `config-inline` to `buildkitd-config-inline` - Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.17.0 to 0.19.0 in [https://github.com/docker/setup-buildx-action/pull/302](https://togithub.com/docker/setup-buildx-action/pull/302) [https://github.com/docker/setup-buildx-action/pull/306](https://togithub.com/docker/setup-buildx-action/pull/306) > \[!NOTE] > `config` and `config-inline` input names are deprecated and will be removed in next major release. **Full Changelog**: https://github.com/docker/setup-buildx-action/compare/v3.1.0...v3.2.0 ### [`v3.1.0`](https://togithub.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0) [Compare Source](https://togithub.com/docker/setup-buildx-action/compare/v3.0.0...v3.1.0)hashicorp/setup-packer (hashicorp/setup-packer)
### [`v3.1.0`](https://togithub.com/hashicorp/setup-packer/releases/tag/v3.1.0) [Compare Source](https://togithub.com/hashicorp/setup-packer/compare/v3.0.0...v3.1.0) #### What's Changed - Maintenance by [@ksatirli](https://togithub.com/ksatirli) in [https://github.com/hashicorp/setup-packer/pull/96](https://togithub.com/hashicorp/setup-packer/pull/96) - Bump [@hashicorp/github-actions-core](https://togithub.com/hashicorp/github-actions-core) from 1.0.0 to v1.0.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/hashicorp/setup-packer/pull/97](https://togithub.com/hashicorp/setup-packer/pull/97) - Bump follow-redirects from 1.15.5 to 1.15.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/hashicorp/setup-packer/pull/94](https://togithub.com/hashicorp/setup-packer/pull/94) #### New Contributors - [@dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/hashicorp/setup-packer/pull/97](https://togithub.com/hashicorp/setup-packer/pull/97) **Full Changelog**: https://github.com/hashicorp/setup-packer/compare/v3.0.0...v3.1.0Configuration
📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.