search

favonia / cloudflare-ddns

🌟 A small, feature-rich, and robust Cloudflare DDNS updater
Apache License 2.0
662 stars 25 forks source link

build(deps): bump the github-actions group across 1 directory with 7 updates #757

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the github-actions group with 7 updates in the / directory:

Package From To
step-security/harden-runner 2.7.1 2.8.1
actions/checkout 4.1.5 4.1.7
docker/login-action 3.1.0 3.2.0
docker/build-push-action 5.3.0 5.4.0
actions/dependency-review-action 4.3.2 4.3.3
github/codeql-action 2.13.4 3.25.10
codecov/codecov-action 4.3.1 4.5.0

Updates step-security/harden-runner from 2.7.1 to 2.8.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.8.1

What's Changed

  • Bug fix: Update isGitHubHosted implementation by @​varunsh-coder in step-security/harden-runner#425 The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.8.1

v2.8.0

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#416 This release includes:

  • File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
  • Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: https://github.com/step-security/harden-runner/compare/v2...v2.8.0

Commits
  • 17d0e2b Merge pull request #425 from step-security/rc-9
  • bb112d0 Update isGitHubHosted implementation
  • f4f3f44 Merge pull request #407 from step-security/dependabot/github_actions/actions/...
  • 7a946b5 Bump actions/dependency-review-action from 3.1.3 to 4.3.2
  • 75a01c2 Merge pull request #417 from step-security/dependabot/github_actions/step-sec...
  • 53413f1 Bump step-security/harden-runner from 2.7.1 to 2.8.0
  • f086349 Merge pull request #416 from step-security/rc-8
  • b9c325d Update image
  • 808a771 Add info about file and process events
  • 7171429 Update agent
  • Additional commits viewable in compare view


Updates actions/checkout from 4.1.5 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7

v4.1.6

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.1.5...v4.1.6

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

... (truncated)

Commits


Updates docker/login-action from 3.1.0 to 3.2.0

Release notes

Sourced from docker/login-action's releases.

v3.2.0

Full Changelog: https://github.com/docker/login-action/compare/v3.1.0...v3.2.0

Commits
  • 0d4c9c5 Merge pull request #722 from crazy-max/update-readme
  • b29e14f add contributing section to README
  • 218a70c Merge pull request #721 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • b820080 build(deps): bump @​docker/actions-toolkit from 0.23.0 to 0.24.0
  • 27530a9 Merge pull request #720 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • d072a60 chore: update generated content
  • 7c627b5 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 787cfc6 Merge pull request #694 from docker/dependabot/npm_and_yarn/undici-5.28.4
  • 8e66e91 chore: update generated content
  • 5ba5e97 build(deps): bump undici from 5.28.3 to 5.28.4
  • Additional commits viewable in compare view


Updates docker/build-push-action from 5.3.0 to 5.4.0

Release notes

Sourced from docker/build-push-action's releases.

v5.4.0

Full Changelog: https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0

Commits
  • ca052bb Merge pull request #1128 from crazy-max/builder-info
  • 025c205 chore: update generated content
  • 12076d2 show builder information before building
  • ef6cba3 Merge pull request #1127 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 4c16cf9 chore: update generated content
  • a3118a8 fixes since moved types
  • c86eb8b chore(deps): Bump @​docker/actions-toolkit from 0.23.0 to 0.24.0
  • 2a53c6c Merge pull request #1122 from crazy-max/update-dev-deps
  • ccef1f2 chore: update generated content
  • 79117b6 chore: update dev dependencies
  • Additional commits viewable in compare view


Updates actions/dependency-review-action from 4.3.2 to 4.3.3

Release notes

Sourced from actions/dependency-review-action's releases.

Notes for v4.3.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3

Commits


Updates github/codeql-action from 2.13.4 to 3.25.10

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.17.5

Bundles CodeQL CLI v2.17.5

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.5:

CodeQL Bundle v2.17.4

Bundles CodeQL CLI v2.17.4

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.4:

CodeQL Bundle v2.17.3

Bundles CodeQL CLI v2.17.3

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.17.3:

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

  • We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

  • Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

  • Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
  • Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
  • The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

  • Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

  • Update default CodeQL bundle version to 2.17.1. #2247
  • Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

... (truncated)

Commits
  • 23acc5c Merge pull request #2337 from github/update-v3.25.10-5bf6dad35
  • 9b72dbd Update changelog for v3.25.10
  • 5bf6dad Merge pull request #2329 from github/henrymercer/csharp-buildless-rollback-me...
  • feec81c Merge branch 'main' into henrymercer/csharp-buildless-rollback-mechanism
  • 789b5f8 Merge pull request #2328 from github/henrymercer/direct-tracing-fix
  • c36b5fc Merge pull request #2327 from github/update-bundle/codeql-bundle-v2.17.5
  • b3642aa Merge branch 'main' into update-bundle/codeql-bundle-v2.17.5
  • 1fc6e20 Merge pull request #2335 from github/mergeback/v3.25.9-to-main-530d4fea
  • 356bee4 Update checked-in dependencies
  • 385808c Update changelog and version after v3.25.9
  • Additional commits viewable in compare view


Updates codecov/codecov-action from 4.3.1 to 4.5.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.4.1

What's Changed

New Contributors

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1

What's Changed

New Contributors

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1

v4.4.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.3.1...v4.4.0

Commits
  • e28ff12 chore(release): bump to 4.5.0 (#1477)
  • 7594baa Use an existing token even if the PR is from a fork (#1471)
  • 81c0a51 feat: add support for tokenless v3 (#1410)
  • f5e203f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 ...
  • 7c48363 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#1475)
  • 69e5d09 build(deps-dev): bump @​typescript-eslint/parser from 7.12.0 to 7.13.0 (#1474)
  • feaf700 fix: handle trailing commas (#1470)
  • 7b6a727 build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1472)
  • ccf7a1f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 ...
  • f03f015 build(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.12.0 (#1467)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 88.49%. Comparing base (280d6cd) to head (fd4d29f).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #757 +/- ## ======================================= Coverage 88.49% 88.49% ======================================= Files 48 48 Lines 1990 1990 ======================================= Hits 1761 1761 Misses 208 208 Partials 21 21 ``` | [Flag](https://app.codecov.io/gh/favonia/cloudflare-ddns/pull/757/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=favonia) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/favonia/cloudflare-ddns/pull/757/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=favonia) | `88.49% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=favonia#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.