Closed dependabot[bot] closed 4 months ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
@dependabot rebase
Looks like these dependencies are updatable in another way, so this is no longer needed.
Bumps the dependencies group with 5 updates in the / directory:
4.1.5
4.1.6
3.25.4
3.25.6
1.7.0
2.0.0
5.4.0
5.5.2
0.19.0
0.21.0
Updates
actions/checkout
from 4.1.5 to 4.1.6Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
a5ac7e5
Update for 4.1.6 release (#1733)24ed1a3
Check platform for extension (#1732)Updates
github/codeql-action
from 3.25.4 to 3.25.6Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
9fdb3e4
Merge pull request #2300 from github/update-v3.25.6-63d519c0a00792ab
Update changelog for v3.25.663d519c
Merge pull request #2295 from github/update-bundle/codeql-bundle-v2.17.30d9161c
Merge pull request #2293 from github/henrymercer/update-build-mode-autobuild-...e9e2729
Add changelog notede1ac31
Update default bundle to codeql-bundle-v2.17.3a57c67b
Merge pull request #2286 from github/koesie10/ghec-dr-db-uploadb7ef64e
Merge pull request #2294 from github/dependabot/npm_and_yarn/npm-d3285d5234e54dea2
Update checked-in dependencies3b42294
Bump the npm group across 1 directory with 4 updatesUpdates
checkmarx/kics-github-action
from 1.7.0 to 2.0.0Release notes
Sourced from checkmarx/kics-github-action's releases.
Commits
d1b692d
Merge pull request #109 from Checkmarx/gabriel-cx-patch-17f89475
Update Dockerfile03c9abe
Merge pull request #107 from Checkmarx/critical_Add26150f4
new link for critical image88fa5c6
change link to critical imagee4f01c6
new critical img and logic to get image6d1dc92
Merge pull request #105 from Checkmarx/fix-760dcc489
add user suggested change2917c26
Merge pull request #92 from felickz/patch-1d5323fb
update readmeUpdates
amannn/action-semantic-pull-request
from 5.4.0 to 5.5.2Release notes
Sourced from amannn/action-semantic-pull-request's releases.
Changelog
Sourced from amannn/action-semantic-pull-request's changelog.
... (truncated)
Commits
cfb6070
chore: Release 5.5.2 [skip ci]9a90d5a
fix: Bump tar from 6.1.11 to 6.2.1 (#262 by@EelcoLos
)9ebc021
chore: Release 5.5.1 [skip ci]5e7e9ac
fix: Bump ip from 2.0.0 to 2.0.1 (#263 by@EelcoLos
)c24d6dd
chore: Release 5.5.0 [skip ci]b05f5f6
feat: Add outputs fortype
,scope
andsubject
(#261 by@bcaurel
)67cbd7a
chore: Bumpword-wrap
dependency from 1.2.3 to 1.2.4 (#246 by@EelcoLos
)95af3b9
chore(deps): Bump@babel/traverse
from 7.17.0 to 7.23.2 (#245 by@EelcoLos
)Updates
aquasecurity/trivy-action
from 0.19.0 to 0.21.0Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
fd25fed
bump trivy version to v0.51.2 (#360)b2933f5
bump trivy version to v0.51.1 (#353)b2cd5ff
Update bump-trivy.yaml6f8c237
update tests (#334)7088d18
Revert "fix: 🐛 allow trivy-config and other options to be used together (#338)"ee6a4f5
fix: 🐛 allow trivy-config and other options to be used together (#338)b5f4977
Bump trivy version to v0.50.2 (#341)207cd40
Fix docker host bug (#329)840deb4
Browse scan reports without GitHub Advanced Security license (#328)0f287db
feat(image): add--docker-host
option for GH Action users (#267)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show