build(deps): bump the ci group with 4 updates

[dependabot[bot]]

Bumps the ci group with 4 updates: korthout/backport-action, actions/setup-go, docker/metadata-action and anchore/sbom-action.

Updates korthout/backport-action from 2.1.1 to 2.2.0

Release notes

Sourced from korthout/backport-action's releases.

Backport-action v2.2.0

What's Changed

This release introduces a new experimental input that you can use to configure experimental features. We encourage everyone to try them out and share feedback.

As a first experimental feature, this release adds detect_merge_method. When enabled, it cherry-picks the resulting commits based on the detected merge method. Give it a try if you're using the Squash and merge or Rebase and merge merge method for your pull requests, and please report any issues you encounter.

To enable merge method detection add the following to your backport workflow:

using: korthout/backport-action@v2
with:
  experimental: >
    {
      "detect_merge_method": true
    }

A special shoutout and heartfelt thanks to @​jschmid1 for their outstanding contribution to the detect_merge_method feature!

• Detect squash and rebase merge methods by @​jschmid1 in korthout/backport-action#399

Documentation

• Avoid loop in backport by comment usage example by @​jschmid1 in korthout/backport-action#400
• Align event type in usage example by @​chillleader in korthout/backport-action#401

Updated Dependencies

• build(deps): bump @​types/dedent from 0.7.1 to 0.7.2 by @​dependabot in korthout/backport-action#396

New Contributors

• @​chillleader made their first contribution in korthout/backport-action#401

Full Changelog: https://github.com/korthout/backport-action/compare/v2.1.0...v2.2.0

Commits

• b982d29 dist: release 2.2.0
• 32e3a3b dist: build new artifacts
• 13b24fe Merge pull request #399 from jschmid1/feat/respect-squash-and-rebase-merges
• 1e95a33 fix: reverse found commits for range
• 4735b06 fix: check commits to cherry pick for merges
• 68c7aff fix: remove surrounding quotes from shas
• 995cf04 fix: store fetched refs indefinitely
• a34b7c2 refactor: remove unused function
• 3b378cd feat: warn about unknown experimental input
• 493766a docs: describe merge_commit_sha
• Additional commits viewable in compare view

Updates actions/setup-go from 4.1.0 to 5.0.0

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

• Fix hosted tool cache usage on windows by @​galargh in actions/setup-go#411
• Improve documentation regarding dependencies caching by @​artemgavrilov in actions/setup-go#417

New Contributors

• @​galargh made their first contribution in actions/setup-go#411
• @​artemgavrilov made their first contribution in actions/setup-go#417
• @​chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: https://github.com/actions/setup-go/compare/v4...v5.0.0

Commits

• 0c52d54 Update dependencies for node20 (#445)
• bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
• 3d65fa5 feat: bump to use actions/checkout@v4
• 8a505c9 feat: bump to use node20 runtime
• 883490d Merge pull request #417 from artemgavrilov/main
• d45ebba Rephrase sentence
• 317c661 Replace wildcards term with globs.
• f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
• 8018234 Improve documentation regarding dependencies cachin
• d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.0.0 to 5.3.0

Release notes

Sourced from docker/metadata-action's releases.

v5.3.0

• Bump @​docker/actions-toolkit from 0.14.0 to 0.15.0 in docker/metadata-action#363 (fixes #362)

Full Changelog: https://github.com/docker/metadata-action/compare/v5.2.0...v5.3.0

v5.2.0

• Custom annotations support by @​crazy-max in docker/metadata-action#361

Full Changelog: https://github.com/docker/metadata-action/compare/v5.1.0...v5.2.0

v5.1.0

• Annotations support by @​crazy-max in docker/metadata-action#352
• Split bake definition into two files by @​crazy-max in docker/metadata-action#353
• Allow images input to be empty to output bare tags by @​crazy-max in docker/metadata-action#358
• Bump @​actions/github from 5.1.1 to 6.0.0 in docker/metadata-action#348
• Bump @​babel/traverse from 7.17.3 to 7.23.2 in docker/metadata-action#350
• Bump @​docker/actions-toolkit from 0.12.0 to 0.14.0 in docker/metadata-action#349 docker/metadata-action#357
• Bump csv-parse from 5.5.0 to 5.5.2 in docker/metadata-action#346
• Bump semver from 7.5.3 to 7.5.4 in docker/metadata-action#335

Full Changelog: https://github.com/docker/metadata-action/compare/v5.0.0...v5.1.0

Commits

• 31cebac Merge pull request #363 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 394bbab chore: update generated content
• ee4c905 chore(deps): Bump @​docker/actions-toolkit from 0.14.0 to 0.15.0
• e6428a5 Merge pull request #361 from crazy-max/custom-annotations
• 26b4721 Merge pull request #359 from favonia/document-annotations
• 352ce8b chore: update generated content
• cb0becc custom annotations support
• 91224bc docs(README): add a hint about multi-arch builds
• f19c369 Merge pull request #358 from crazy-max/empty-images
• 4066f0c chore: update generated content
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.15.0 to 0.15.1

Release notes

Sourced from anchore/sbom-action's releases.

v0.15.1

Changes in v0.15.1

• chore(deps): update Syft to v0.98.0 (#431) [anchore-actions-token-generator]
• Add config input (#430) [eyakubovich]
• chore: pin and upgrade gh actions (#429) [willmurphyscode]

Commits

• 5ecf649 chore(deps): update Syft to v0.98.0 (#431)
• a4126e6 Add config input (#430)
• 9d0277c chore: pin and upgrade gh actions (#429)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions