build(deps): Bump the ci-dependencies group with 10 updates

[dependabot[bot]]

Bumps the ci-dependencies group with 10 updates:

Package	From	To
actions/checkout	3.5.3	4.0.0
sigstore/cosign-installer	3.1.1	3.1.2
docker/setup-buildx-action	2.9.1	3.0.0
docker/login-action	2.2.0	3.0.0
docker/metadata-action	4.6.0	5.0.0
docker/build-push-action	4.1.1	5.0.0
actions/upload-artifact	3.1.2	3.1.3
Swatinem/rust-cache	2.5.1	2.7.0
actions/deploy-pages	2.0.3	2.0.4
actions/cache	3.3.1	3.3.2

Updates actions/checkout from 3.5.3 to 4.0.0

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

... (truncated)

Commits

• 3df4ab1 Release 4.0.0 (#1447)
• 8b5e8b7 Support fetching without the --progress option (#1067)
• 97a652b Update default runtime to node20 (#1436)
• f43a0e5 Release 3.6.0 (#1437)
• 7739b9b Add option to fetch tags even if fetch-depth > 0 (#579)
• 96f5310 Mark test scripts with Bash'isms to be run via Bash (#1377)
• See full diff in compare view

Updates sigstore/cosign-installer from 3.1.1 to 3.1.2

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.1.2

What's Changed

• Fix build and push step Readme missing id by @​hbenali in sigstore/cosign-installer#138
• bump cosign to v2.2.0 by @​cpanato in sigstore/cosign-installer#142

New Contributors

• @​hbenali made their first contribution in sigstore/cosign-installer#138

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v3...v3.1.2

Commits

• 11086d2 bump cosign to v2.2.0 (#142)
• 4a86152 Bump actions/checkout from 3.5.3 to 3.6.0 (#141)
• 37f3871 Bump actions/setup-go from 4.0.1 to 4.1.0 (#139)
• a5d81fb Fix build and push step Readme missing id (#138)
• See full diff in compare view

Updates docker/setup-buildx-action from 2.9.1 to 3.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/setup-buildx-action#264
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/setup-buildx-action#267

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.10.0...v3.0.0

v2.10.0

What's Changed

• Bump @​docker/actions-toolkit from 0.7.1 to 0.10.0 by @​crazy-max in docker/setup-buildx-action#258
• Bump word-wrap from 1.2.3 to 1.2.5 in docker/setup-buildx-action#253

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v2.9.1...v2.10.0

Commits

• f95db51 Merge pull request #267 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 998a87c chore: update generated content
• 28bae59 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
• c215341 Merge pull request #264 from crazy-max/update-node20
• 02e9319 chore: node 20 as default runtime
• 5c9160e chore: update generated content
• 1283140 chore: fix author in package.json
• c6afe06 vendor: bump @​docker/actions-toolkit from 0.10.0 to 0.12.0
• f35e0d5 chore: update dev dependencies
• baeb468 dev: remove unneeded binaries
• Additional commits viewable in compare view

Updates docker/login-action from 2.2.0 to 3.0.0

Release notes

Sourced from docker/login-action's releases.

v3.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/login-action#593
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/login-action#598
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599
• Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556
• Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: https://github.com/docker/login-action/compare/v2.2.0...v3.0.0

Commits

• 343f7c4 Merge pull request #599 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• aad0f97 chore: update generated content
• 2e0cd39 build(deps): bump the aws-sdk-dependencies group with 2 updates
• 203bc9c Merge pull request #588 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
• 2199648 chore: update generated content
• b489376 build(deps): bump the proxy-agent-dependencies group with 1 update
• 7c309e7 Merge pull request #598 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 0ccf222 chore: update generated content
• 56d703e Merge pull request #597 from docker/dependabot/github_actions/aws-actions/con...
• 24d3b35 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
• Additional commits viewable in compare view

Updates docker/metadata-action from 4.6.0 to 5.0.0

Release notes

Sourced from docker/metadata-action's releases.

v5.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/metadata-action#328
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/metadata-action#333
• Bump csv-parse from 5.4.0 to 5.5.0 in docker/metadata-action#320
• Bump semver from 7.5.1 to 7.5.2 in docker/metadata-action#304
• Bump handlebars from 4.7.7 to 4.7.8 in docker/metadata-action#315

Full Changelog: https://github.com/docker/metadata-action/compare/v4.6.0...v5.0.0

Upgrade guide

Sourced from docker/metadata-action's upgrade guide.

Upgrade notes

v2 to v3

• Repository has been moved to docker org. Replace crazy-max/ghaction-docker-meta@v2 with docker/metadata-action@v5
• The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

v1 to v2

• inputs
  • tag-sha
  • tag-edge / tag-edge-branch
  • tag-semver
  • tag-match / tag-match-group
  • tag-latest
  • tag-schedule
  • tag-custom / tag-custom-only
  • label-custom
• Basic workflow
• Semver workflow

inputs

New	Unchanged	Removed
tags	images	tag-sha
flavor	sep-tags	tag-edge
labels	sep-labels	tag-edge-branch
		tag-semver
		tag-match
		tag-match-group
		tag-latest
		tag-schedule
		tag-custom
		tag-custom-only
		label-custom

tag-sha

tags: |
  type=sha

tag-edge / tag-edge-branch

tags: |
  # default branch
</tr></table> 

... (truncated)

Commits

• 96383f4 Merge pull request #320 from docker/dependabot/npm_and_yarn/csv-parse-5.5.0
• f138b96 chore: update generated content
• 9cf7015 Bump csv-parse from 5.4.0 to 5.5.0
• 5a8a5ff Merge pull request #315 from docker/dependabot/npm_and_yarn/handlebars-4.7.8
• 2279d9a chore: update generated content
• c659933 Bump handlebars from 4.7.7 to 4.7.8
• 48d23cc Merge pull request #333 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• b83ffb4 chore: update generated content
• 3207f24 Bump @​actions/core from 1.10.0 to 1.10.1
• 63f4a26 Merge pull request #328 from crazy-max/update-node20
• Additional commits viewable in compare view

Updates docker/build-push-action from 4.1.1 to 5.0.0

Release notes

Sourced from docker/build-push-action's releases.

v5.0.0

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in docker/build-push-action#954
• Bump @​actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: https://github.com/docker/build-push-action/compare/v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• warn if docker config can't be parsed by @​crazy-max in docker/build-push-action#957

Full Changelog: https://github.com/docker/build-push-action/compare/v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• display proxy configuration by @​crazy-max in docker/build-push-action#872
• chore(deps): Bump @​docker/actions-toolkit from 0.6.0 to 0.8.0 in docker/build-push-action#930
• chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in docker/build-push-action#925
• chore(deps): Bump semver from 6.3.0 to 6.3.1 in docker/build-push-action#902

Full Changelog: https://github.com/docker/build-push-action/compare/v4.1.1...v4.2.0

Commits

• 0565240 Merge pull request #959 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
• 3ab07f8 chore: update generated content
• b9e7e4d chore(deps): Bump @​actions/core from 1.10.0 to 1.10.1
• 04d1a3b Merge pull request #954 from crazy-max/update-node20
• 1a4d1a1 chore: node 20 as default runtime
• 675965c chore: update generated content
• 58ee34c chore: fix author in package.json
• c97c406 fix ProxyConfig type when checking length
• 47d5369 vendor: bump @​docker/actions-toolkit from 0.8.0 to 0.12.0
• 8895c74 chore: update dev dependencies
• Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.2 to 3.1.3

Release notes

Sourced from actions/upload-artifact's releases.

v3.1.3

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in actions/upload-artifact#313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in actions/upload-artifact#436

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3

Commits

• a8a3f3a Merge pull request #436 from bethanyj28/main
• 7b48769 update dependency cache
• 6663039 update dist/index.js
• 55e76b7 bump @​actions/artifact version
• 65d8626 chore(github): remove trailing whitespaces (#313)
• See full diff in compare view

Updates Swatinem/rust-cache from 2.5.1 to 2.7.0

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.7.0

What's Changed

• Fix save-if documentation in readme by @​rukai in Swatinem/rust-cache#166
• Support for trybuild and similar macro testing tools by @​neysofu in Swatinem/rust-cache#168

New Contributors

• @​rukai made their first contribution in Swatinem/rust-cache#166
• @​neysofu made their first contribution in Swatinem/rust-cache#168

Full Changelog: https://github.com/Swatinem/rust-cache/compare/v2.6.2...v2.7.0

v2.6.2

What's Changed

• dep: Use smol-toml instead of toml by @​NobodyXu in Swatinem/rust-cache#164

Full Changelog: https://github.com/Swatinem/rust-cache/compare/v2...v2.6.2

v2.6.1

• Fix hash contributions of Cargo.lock/Cargo.toml files.

v2.6.0

What's Changed

• Add "buildjet" as a second cache-provider backend @​joroshiba in Swatinem/rust-cache#154
• Clean up sparse registry index.
• Do not clean up src of -sys crates.
• Remove .cargo/credentials.toml before saving.

New Contributors

• @​joroshiba made their first contribution in Swatinem/rust-cache#154

Full Changelog: https://github.com/Swatinem/rust-cache/compare/v2.5.1...v2.6.0

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.7.0

• Properly cache trybuild tests.

2.6.2

• Fix toml parsing.

2.6.1

• Fix hash contributions of Cargo.lock/Cargo.toml files.

2.6.0

• Add "buildjet" as a second cache-provider backend.
• Clean up sparse registry index.
• Do not clean up src of -sys crates.
• Remove .cargo/credentials.toml before saving.

2.5.1

• Fix hash contribution of Cargo.lock.

2.5.0

• feat: Rm workspace crates version before caching.
• feat: Add hash of .cargo/config.toml to key.

2.4.0

• Fix cache key stability.
• Use 8 character hash components to reduce the key length, making it more readable.

2.3.0

• Add cache-all-crates option, which enables caching of crates installed by workflows.
• Add installed packages to cache key, so changes to workflows that install rust tools are detected and cached properly.
• Fix cache restore failures due to upstream bug.
• Fix EISDIR error due to globed directories.
• Update runtime @actions/cache, @actions/io and dev typescript dependencies.
• Update npm run prepare so it creates distribution files with the right line endings.

2.2.1

• Update @actions/cache dependency to fix usage of zstd compression.

2.2.0

... (truncated)

Commits

• a95ba19 2.7.0
• 82c8487 changelog
• 67c46e7 Support for trybuild and similar macro testing tools (#168)
• 44b6087 Fix save-if documentation in readme (#166)
• e207df5 2.6.2
• decb69d Update dependencies and add changelog
• ab6b276 dep: Use smol-toml instead of toml (#164)
• 578b235 2.6.1
• 5113490 prepare 2.6.1
• c0e052c Fix hashing of parsed Cargo.toml (#160)
• Additional commits viewable in compare view

Updates actions/deploy-pages from 2.0.3 to 2.0.4

Release notes

Sourced from actions/deploy-pages's releases.

v2.0.4

Changelog

• Update GHES compatibility table after verifying with 3.9.x @​JamesMGreene (#201)
• Bump @​octokit/request-error from 4.0.1 to 5.0.0 @​dependabot (#194)
• Bump prettier from 2.8.8 to 3.0.0 @​dependabot (#196)
• Bump jest from 29.5.0 to 29.6.1 @​dependabot (#195)
• Bump release-drafter/release-drafter from 5.23.0 to 5.24.0 @​dependabot (#192)
• Bump eslint from 8.42.0 to 8.44.0 @​dependabot (#191)
• Remove circular JSON references for error debugging @​JamesMGreene (#197)

---

See details of all code changes since previous release.

:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

• 9dbe382 Merge pull request #201 from actions/update-compat-table
• 96a5bb9 Fix typo
• 8458d4c Update GHES compatibility table after verifying with 3.9.x
• 0fd60c8 Merge pull request #194 from actions/dependabot/npm_and_yarn/octokit/request-...
• 9f42854 Bump @​octokit/request-error from 4.0.1 to 5.0.0
• 935c3f9 Merge pull request #196 from actions/dependabot/npm_and_yarn/prettier-3.0.0
• 9c31b72 Bump prettier from 2.8.8 to 3.0.0
• 2b0ca4a Merge pull request #195 from actions/dependabot/npm_and_yarn/jest-29.6.1
• f7b0e18 Bump jest from 29.5.0 to 29.6.1
• 8b4e85a Merge pull request #192 from actions/dependabot/github_actions/release-drafte...
• Additional commits viewable in compare view

Updates actions/cache from 3.3.1 to 3.3.2

Release notes

Sourced from actions/cache's releases.

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: https://github.com/actions/cache/compare/v3...v3.3.2

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

• Updated minimum runner version support from node 12 -> node 16

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

3.0.2

• Added support for dynamic cache size cap on GHES.

3.0.3

• Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

• Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

• Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

• Fixed #809 - zstd -d: no such file or directory error
• Fixed #833 - cache doesn't work with github workspace directory

3.0.7

• Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

• Fix zstd not working for windows on gnu tar in issues #888 and #891.
• Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

• Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

... (truncated)

Commits

• 704facf Merge pull request #1236 from actions/bethanyj28/bump-version
• 17e2888 Add to RELEASES.md
• 667d8fd bump action version to 3.3.2
• f7ebb81 Consume latest toolkit and fix dangling promise bug (#1217)
• 67b839e Merge pull request #1187 from jorendorff/jorendorff/rm-add-to-project
• 57f0e3f Remove actions to add new PRs and issues to a project board
• 04f198b Merge pull request #1132 from vorburger/bazel-example
• bd9b49b Merge branch 'main' into bazel-example
• ea05037 Merge pull request #1122 from actions/pdotl-patch-1
• 6a1a45d Merge branch 'main' into pdotl-patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions