search

paulscherrerinstitute / alphafold-on-fire

GNU General Public License v3.0
1 stars 3 forks source link

Bump docker/scout-action from 0.18.1 to 1.6.4 #546

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 7 months ago

Bumps docker/scout-action from 0.18.1 to 1.6.4.

Release notes

Sourced from docker/scout-action's releases.

v1.6.4

Bug Fix

Fix epoch handling for rpm-based images

Contributor(s)

@​cdupuis

v1.6.3

Bug Fixes / Improvements

  • improve package detection to ignore referenced but not installed packages

Contributors

@​cdupuis

v1.6.2

Bug Fixes / Improvements

  • fix an issue when rendering markdown output using sbom:// prefix

Contributors

@​cdupuis @​eunomie @​felipecruz91

v1.6.1

Highlights

  • Add support for passing in SBOM files in SDPX or in-toto SDPX format 
    uses: docker/scout-action@v1
with:
    command: cves
    image: sbom://alpine.spdx.json
  • Add support for SBOM files in syft-json format 
    uses: docker/scout-action@v1
with:
    command: cves
    image: sbom://alpine.syft.json

... (truncated)

Commits
  • c016294 Merge bd8713bdf6f0b8982872bbf85e8d71a0ac0234b3 into 77a0d18cc6da50ea02053662d...
  • bd8713b [BOT] Publish v1.6.4 release
  • 77a0d18 Merge 0a4349dbc4583338d1bbbbd99661dbf2d362d3f1 into 17b373594a388fbda8cdad7e6...
  • 0a4349d [BOT] Publish v1.6.3 release
  • 17b3735 Merge b04ac5cec52556dfa41c22e31b97a5f09a859537 into 777ea8eeca5c1f5ef97c3a349...
  • b04ac5c [BOT] Publish v1.6.2 release
  • 777ea8e Merge cdd15f0d87aef613bf10c3643a3282a2b0ef2183 into 2662cd53ccdb0d033b41c72c2...
  • cdd15f0 [BOT] Publish v1.6.1 release
  • 2662cd5 [BOT] Publish v1.5.2 release
  • 574cf60 Merge pull request #31 from docker/ref_name
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 6 months ago

Superseded by #557.