Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the gha group with 3 updates: actions/cache, aquasecurity/trivy-action and trufflesecurity/trufflehog.
Updates
actions/cache
from 3 to 4Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
ab5e6d0
Merge pull request #1341 from bethanyj28/main89c7d86
licensed cached2c84da
update@actions/cache
37e7d4e
Merge pull request #1340 from actions/bethanyj28/update-publish-flowa18323f
add release actiona2ed59d
Merge pull request #1305 from actions/yacaovsnc/update_examplesdc88ab5
Update examples1d78355
Merge pull request #1304 from actions/yacaovsnc/update_readmec36458f
Update README.md13aacd8
Merge pull request #1242 from to-s/mainUpdates
aquasecurity/trivy-action
from 0.16.1 to 0.18.0Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
062f259
fix: Refer to scan-ref when scan-type is "sbom" (#314)1f6384b
docs(report): improve documentation aroundUsing Trivy to generate SBOM
and...84384bd
Upgraded Trivy from 0.48.1 to v0.49.0 (#304)f3d9851
fix: Fixskip-files
andhide-progress
options not being applied when usin...0b9d17b
docs: add configuration info for flags not supported by inputs (#296)Updates
trufflesecurity/trufflehog
from 3.63.9 to 3.68.4Release notes
Sourced from trufflesecurity/trufflehog's releases.
... (truncated)
Commits
3da0c5e
[feat] - Make the client configurable (#2528)7620906
Ignore canary IDs in notifications (#2526)f0397fe
Fix minor typo (#2527)8ed0c0a
Remove one filter word (#2525)c325d09
fix(deps): update module golang.org/x/crypto to v0.20.0 (#2523)c2b6add
fix(deps): update module github.com/prometheus/client_golang to v1.19.0 (#2522)3f9360a
fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 (#2521)c8218dd
fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 (#2520)d49fbf6
fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2513)12ff21f
Improve Gitlab default URL handling (#2491)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show