search

controlplaneio / kubesec

Security risk analysis for Kubernetes resources
https://kubesec.io
Apache License 2.0
1.19k stars 100 forks source link

chore(deps): bump the gha group with 3 updates #594

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the gha group with 3 updates: actions/cache, aquasecurity/trivy-action and trufflesecurity/trufflehog.

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v4.0.0

v3.3.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.3

v3.3.2

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.2

v3.3.1

What's Changed

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.1

v3.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.1

  • Updated isGhes check

4.0.0

  • Updated minimum runner version support from node 12 -> node 20

3.3.3

  • Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
  • Additional audit fixes of npm package(s)

3.3.2

  • Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

  • Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

  • Added option to lookup cache without downloading it.

3.2.6

  • Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

  • Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

  • Added option to fail job on cache miss.

3.2.3

  • Support cross os caching on Windows as an opt-in feature.
  • Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

  • Reverted the changes made in 3.2.1 to use gnu tar and zstd by default on windows.

3.2.1

... (truncated)

Commits


Updates aquasecurity/trivy-action from 0.16.1 to 0.18.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.18.0

What's Changed

New Contributors

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.17.0...0.18.0

v0.17.0

What's Changed

New Contributors

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.16.1...0.17.0

Commits
  • 062f259 fix: Refer to scan-ref when scan-type is "sbom" (#314)
  • 1f6384b docs(report): improve documentation around Using Trivy to generate SBOM and...
  • 84384bd Upgraded Trivy from 0.48.1 to v0.49.0 (#304)
  • f3d9851 fix: Fix skip-files and hide-progress options not being applied when usin...
  • 0b9d17b docs: add configuration info for flags not supported by inputs (#296)
  • See full diff in compare view


Updates trufflesecurity/trufflehog from 3.63.9 to 3.69.0

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.69.0

What's Changed

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.68.5...v3.69.0

v3.68.5

What's Changed

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.68.4...v3.68.5

v3.68.4

What's Changed

New Contributors

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.68.3...v3.68.4

... (truncated)

Commits
  • f2a0ea0 fix(deps): update module google.golang.org/protobuf to v1.33.0 (#2548)
  • 0c171b8 fix(deps): update testcontainers-go monorepo to v0.29.1 (#2549)
  • 0bbb689 Canary verification (#2531)
  • 1fea549 fix(deps): update module google.golang.org/api to v0.169.0 (#2547)
  • e062e77 fix(deps): update module golang.org/x/oauth2 to v0.18.0 (#2546)
  • 13c0fa1 fix(deps): update module github.com/xanzy/go-gitlab to v0.99.0 (#2543)
  • c35a76b fix(deps): update module golang.org/x/crypto to v0.21.0 (#2544)
  • c3321b9 fix(deps): update module github.com/aws/aws-sdk-go to v1.50.34 (#2541)
  • 1d3f973 fix(deps): update module github.com/charmbracelet/lipgloss to v0.10.0 (#2542)
  • 1d89efc fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2535)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 4 months ago

Superseded by #597.