search

controlplaneio / kubesec

Security risk analysis for Kubernetes resources
https://kubesec.io
Apache License 2.0
1.22k stars 103 forks source link

chore(deps): bump the gha group with 3 updates #588

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the gha group with 3 updates: actions/cache, aquasecurity/trivy-action and trufflesecurity/trufflehog.

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v4.0.0

v3.3.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3

v3.3.2

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.2

v3.3.1

What's Changed

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.1

v3.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

  • Updated minimum runner version support from node 12 -> node 16

3.0.1

  • Added support for caching from GHES 3.5.
  • Fixed download issue for files > 2GB during restore.

3.0.2

  • Added support for dynamic cache size cap on GHES.

3.0.3

  • Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

  • Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

  • Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

  • Fixed #809 - zstd -d: no such file or directory error
  • Fixed #833 - cache doesn't work with github workspace directory

3.0.7

  • Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

  • Fix zstd not working for windows on gnu tar in issues #888 and #891.
  • Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

  • Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

  • Fix a bug with sorting inputs.
  • Update definition for restore-keys in README.md

... (truncated)

Commits


Updates aquasecurity/trivy-action from 0.16.1 to 0.17.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.17.0

What's Changed

New Contributors

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.16.1...0.17.0

Commits
  • 84384bd Upgraded Trivy from 0.48.1 to v0.49.0 (#304)
  • f3d9851 fix: Fix skip-files and hide-progress options not being applied when usin...
  • 0b9d17b docs: add configuration info for flags not supported by inputs (#296)
  • See full diff in compare view


Updates trufflesecurity/trufflehog from 3.63.9 to 3.67.6

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.67.6

What's Changed

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.67.5...v3.67.6

v3.67.5

What's Changed

... (truncated)

Commits
  • e8006f1 2396 since commit stopped working (#2402)
  • 794f2bc Update custom detector example (#2435)
  • af7f811 chore(deps): update golangci/golangci-lint-action action to v4 (#2445)
  • 939aca2 chore(deps): update github/codeql-action action to v3 (#2444)
  • 0149ef7 fix(deps): update module google.golang.org/api to v0.164.0 (#2442)
  • bf9512a fix(deps): update module golang.org/x/oauth2 to v0.17.0 (#2441)
  • 774c485 chore(deps): update actions/setup-go action to v5 (#2443)
  • 929949a fix(deps): update module golang.org/x/net to v0.21.0 (#2440)
  • beb7a0e fix(deps): update module golang.org/x/crypto to v0.19.0 (#2439)
  • 30a067f fix(deps): update module cloud.google.com/go/storage to v1.38.0 (#2438)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 7 months ago

Superseded by #589.