Bump the github-actions group with 6 updates

[dependabot[bot]]

Bumps the github-actions group with 6 updates:

Package	From	To
actions/checkout	2	4
docker/setup-qemu-action	2	3
docker/setup-buildx-action	2	3
docker/login-action	2	3
docker/build-push-action	4	5
codecov/codecov-action	2	3

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

... (truncated)

Commits

• b4ffde6 Link to release page from what's new section (#1514)
• 8530928 Correct link to GitHub Docs (#1511)
• 7cdaf2f Update CODEOWNERS to Launch team (#1510)
• 8ade135 Prepare 4.1.0 release (#1496)
• c533a0a Add support for partial checkout filters (#1396)
• 72f2cec Update README.md for V4 (#1452)
• 3df4ab1 Release 4.0.0 (#1447)
• 8b5e8b7 Support fetching without the --progress option (#1067)
• 97a652b Update default runtime to node20 (#1436)
• f43a0e5 Release 3.6.0 (#1437)
• Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/setup-qemu-action#102
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/setup-qemu-action#103
• Bump semver from 6.3.0 to 6.3.1 in docker/setup-qemu-action#89

Full Changelog: https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0

v2.2.0

• Trim off spaces in platforms input by @​Chocobo1 in docker/setup-qemu-action#64
• Switch to actions-toolkit implementation by @​crazy-max in docker/setup-qemu-action#70 docker/setup-qemu-action#80 docker/setup-qemu-action#83

Full Changelog: https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0

v2.1.0

• Use context for inputs by @​crazy-max (#62)
• Use built-in getExecOutput by @​crazy-max (#61)
• Remove workaround for setOutput by @​crazy-max (#63)
• Bump @​actions/core from 1.6.0 to 1.10.0 (#54 #58 #59)

Full Changelog: https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0

Commits

• 6882732 Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 183f4af chore: update generated content
• f174935 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
• 2e423eb Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1
• ecc406a Bump semver from 6.3.0 to 6.3.1
• 12dec5e Merge pull request #102 from crazy-max/update-node20
• c29b312 chore: node 20 as default runtime
• 34ae628 chore: update generated content
• 1f3d2e1 chore: fix author in package.json
• 277dbe8 vendor: bump @​docker/actions-toolkit from 0.3.0 to 0.12.0
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 2 to 3

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/setup-buildx-action#264
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/setup-buildx-action#267

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.10.0...v3.0.0

v2.10.0

What's Changed

• Bump @​docker/actions-toolkit from 0.7.1 to 0.10.0 by @​crazy-max in docker/setup-buildx-action#258
• Bump word-wrap from 1.2.3 to 1.2.5 in docker/setup-buildx-action#253

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.9.1...v2.10.0

v2.9.1

• Bump @​docker/actions-toolkit from 0.7.0 to 0.7.1 in docker/setup-buildx-action#248
  • Fixes an issue where building Buildx does not match the local platform (docker/actions-toolkit#135)

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.9.0...v2.9.1

v2.9.0

• Bump @​docker/actions-toolkit from 0.6.0 to 0.7.0 in docker/setup-buildx-action#246
  • Adds support to cache Buildx binary to hosted tool cache and GHA cache backend

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.8.0...v2.9.0

v2.8.0

• Only set specific flags for drivers supporting them by @​nicks in docker/setup-buildx-action#241
• Bump @​docker/actions-toolkit from 0.5.0 to 0.6.0 in docker/setup-buildx-action#242

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0

v2.7.0

• Bump @​docker/actions-toolkit from 0.3.0 to 0.5.0 in docker/setup-buildx-action#237 docker/setup-buildx-action#238

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0

v2.6.0

• Set node name for k8s driver when appending nodes by @​crazy-max in docker/setup-buildx-action#219
• Bump @​docker/actions-toolkit from 0.1.0-beta.18 to 0.3.0 in docker/setup-buildx-action#220 docker/setup-buildx-action#229 docker/setup-buildx-action#231 docker/setup-buildx-action#236

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.5.0...v2.6.0

v2.5.0

• cleanup input to remove builder and temp files by @​crazy-max in docker/setup-buildx-action#213
• do not remove builder using the docker driver by @​crazy-max in docker/setup-buildx-action#218
• fix current context as builder name for docker driver by @​crazy-max in docker/setup-buildx-action#209

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0

v2.4.1

... (truncated)

Commits

• f95db51 Merge pull request #267 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 998a87c chore: update generated content
• 28bae59 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
• c215341 Merge pull request #264 from crazy-max/update-node20
• 02e9319 chore: node 20 as default runtime
• 5c9160e chore: update generated content
• 1283140 chore: fix author in package.json
• c6afe06 vendor: bump @​docker/actions-toolkit from 0.10.0 to 0.12.0
• f35e0d5 chore: update dev dependencies
• baeb468 dev: remove unneeded binaries
• Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/login-action#593
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/login-action#598
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599
• Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556
• Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: https://github.com/docker/login-action/compare/v2.2.0...v3.0.0

v2.2.0

• Switch to actions-toolkit implementation by @​crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363
• Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354
• Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378
• Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509
• Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: https://github.com/docker/login-action/compare/v2.1.0...v2.2.0

v2.1.0

• Ensure AWS temp credentials are redacted in workflow logs by @​crazy-max (#275)
• Bump @​actions/core from 1.6.0 to 1.10.0 (#252 #292)
• Bump @​aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)
• Bump @​aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: https://github.com/docker/login-action/compare/v2.0.0...v2.1.0

Commits

• 343f7c4 Merge pull request #599 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• aad0f97 chore: update generated content
• 2e0cd39 build(deps): bump the aws-sdk-dependencies group with 2 updates
• 203bc9c Merge pull request #588 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
• 2199648 chore: update generated content
• b489376 build(deps): bump the proxy-agent-dependencies group with 1 update
• 7c309e7 Merge pull request #598 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 0ccf222 chore: update generated content
• 56d703e Merge pull request #597 from docker/dependabot/github_actions/aws-actions/con...
• 24d3b35 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
• Additional commits viewable in compare view

Updates docker/build-push-action from 4 to 5

Release notes

Sourced from docker/build-push-action's releases.

v5.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/build-push-action#954
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: https://github.com/docker/build-push-action/compare/v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• warn if docker config can't be parsed by @​crazy-max in docker/build-push-action#957

Full Changelog: https://github.com/docker/build-push-action/compare/v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• display proxy configuration by @​crazy-max in docker/build-push-action#872
• chore(deps): Bump @​docker/actions-toolkit from 0.6.0 to 0.8.0 in docker/build-push-action#930
• chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in docker/build-push-action#925
• chore(deps): Bump semver from 6.3.0 to 6.3.1 in docker/build-push-action#902

Full Changelog: https://github.com/docker/build-push-action/compare/v4.1.1...v4.2.0

v4.1.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Bump @​docker/actions-toolkit from 0.3.0 to 0.5.0 by @​crazy-max in docker/build-push-action#880

Full Changelog: https://github.com/docker/build-push-action/compare/v4.1.0...v4.1.1

v4.1.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Switch to actions-toolkit implementation by @​crazy-max in docker/build-push-action#811 docker/build-push-action#838 docker/build-push-action#855 docker/build-push-action#860 docker/build-push-action#875
• e2e: quay.io by @​crazy-max in docker/build-push-action#799 docker/build-push-action#805
• e2e: local harbor and nexus by @​crazy-max in docker/build-push-action#800
• e2e: add artifactory container registry to test against by @​jedevc in docker/build-push-action#804
• e2e: add distribution tests by @​jedevc in docker/build-push-action#814 docker/build-push-action#815

Full Changelog: https://github.com/docker/build-push-action/compare/v4.0.0...v4.1.0

Commits

• 4a13e50 Merge pull request #1006 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 7416668 chore: update generated content
• b4f76a5 chore(deps): Bump @​docker/actions-toolkit from 0.13.0 to 0.14.0
• b7feb76 Merge pull request #1005 from crazy-max/ci-inspect
• fae8018 ci: inspect sbom and provenance
• b625868 Merge pull request #1004 from crazy-max/ci-update-buildx
• 5193ef1 ci: update buildx to latest
• d3afd77 Merge pull request #991 from docker/dependabot/npm_and_yarn/babel/traverse-7....
• 7a786bb Merge pull request #992 from crazy-max/annotations
• c66ae3a chore: update generated content
• Additional commits viewable in compare view

Updates codecov/codecov-action from 2 to 3

Release notes

Sourced from codecov/codecov-action's releases.

v3.0.0

Breaking Changes

• #689 Bump to node16 and small fixes

Features

• #688 Incorporate gcov arguments for the Codecov uploader

Dependencies

• #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
• #603 [Snyk] Upgrade @​actions/core from 1.5.0 to 1.6.0
• #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
• #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
• #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
• #652 build(deps-dev): bump @​vercel/ncc from 0.30.0 to 0.33.3
• #653 build(deps-dev): bump @​types/node from 16.11.21 to 17.0.18
• #659 build(deps-dev): bump @​types/jest from 27.4.0 to 27.4.1
• #667 build(deps): bump actions/checkout from 2 to 3
• #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
• #683 build(deps): bump minimist from 1.2.5 to 1.2.6
• #685 build(deps): bump @​actions/github from 5.0.0 to 5.0.1
• #681 build(deps-dev): bump @​types/node from 17.0.18 to 17.0.23
• #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
• #676 build(deps): bump @​actions/exec from 1.1.0 to 1.1.1
• #675 build(deps): bump openpgp from 5.1.0 to 5.2.1

v2.1.0

2.1.0

Features

• #515 Allow specifying version of Codecov uploader

Dependencies

• #499 build(deps-dev): bump @​vercel/ncc from 0.29.0 to 0.30.0
• #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
• #514 build(deps-dev): bump @​types/node from 16.6.0 to 16.9.0

v2.0.3

2.0.3

Fixes

• #464 Fix wrong link in the readme
• #485 fix: Add override OS and linux default to platform

Dependencies

• #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
• #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
• #465 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
• #466 build(deps-dev): bump @​typescript-eslint/parser from 4.28.4 to 4.29.1
• #468 build(deps-dev): bump @​types/jest from 26.0.24 to 27.0.0
• #470 build(deps-dev): bump @​types/node from 16.4.0 to 16.6.0
• #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
• #473 build(deps-dev): bump @​types/jest from 27.0.0 to 27.0.1

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

• #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

• No current support for aarch64 and alpine architectures.
• Tokenless uploading is unsuported
• Various arguments to the Action have been removed

3.1.4

Fixes

• #967 Fix typo in README.md
• #971 fix: add back in working dir
• #969 fix: CLI option names for uploader

Dependencies

• #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
• #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
• #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

• #960 fix: allow for aarch64 build

Dependencies

• #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
• #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
• #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

• #718 Update README.md
• #851 Remove unsupported path_to_write_report argument
• #898 codeql-analysis.yml
• #901 Update README to contain correct information - inputs and negate feature
• #955 fix: add in all the extra arguments for uploader

Dependencies

• #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
• #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
• #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
• #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
• #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
• #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
• #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
• #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

• eaaf4be release: 3.1.4 (#983)
• c2ab9ab build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4 (#981)
• 49c20db build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2 (#979)
• cf8e3e4 build(deps-dev): bump @​types/node from 18.16.3 to 20.1.0 (#975)
• 1c34415 fix: CLI option names for uploader (#969)
• b4dfea7 fix: add back in working dir (#971)
• 5bf2504 Fix typo in README.md (#967)
• 1dd0ce3 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3 (#970)
• 894ff02 chore(release): bump to 3.1.3 (#961)
• f539f97 fix: allow for aarch64 build (#960)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions