build(deps): bump the ci group across 1 directory with 7 updates

mirror of synced 2026-02-13 13:06:56 +00:00

Bumps the ci group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [korthout/backport-action](https://github.com/korthout/backport-action) | `3.2.0` | `3.2.1` |
| [fluxcd/pkg](https://github.com/fluxcd/pkg) | `1.17.0` | `1.18.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.28.17` | `3.29.2` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.19.0` | `0.20.1` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.2` | `3.9.1` |



Updates `korthout/backport-action` from 3.2.0 to 3.2.1
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](436145e922...0193454f0c)

Updates `fluxcd/pkg` from 1.17.0 to 1.18.0
- [Commits](7e9c75bbb6...3d6f759b76)

Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](b5ca514318...e468171a9d)

Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](f49aabe0b5...05b42c6244)

Updates `github/codeql-action` from 3.28.17 to 3.29.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](60168efe1c...181d5eefc2)

Updates `anchore/sbom-action` from 0.19.0 to 0.20.1
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](9f73021414...9246b90769)

Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](3454372f43...398d4b0eee)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: fluxcd/pkg
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: github/codeql-action
  dependency-version: 3.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: sigstore/cosign-installer
  dependency-version: 3.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>

This commit is contained in:

dependabot[bot]

2025-07-15 06:30:36 +00:00

committed by

GitHub

parent f79c44ee0a

commit 97937c55bf

8 changed files with 19 additions and 19 deletions

									
										6

.github/workflows/scan.yaml
									
										vendored
									
												View File
												
				@@ -41,13 +41,13 @@ jobs:

				            **/go.sum

				            **/go.mod

				      - name: Initialize CodeQL

				        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17

				        uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2

				        with:

				          languages: go

				          # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs

				          # xref: https://codeql.github.com/codeql-query-help/go/

				          queries: security-and-quality

				      - name: Autobuild

				        uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17

				        uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2

				      - name: Perform CodeQL Analysis

				        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17

				        uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2

build(deps): bump the ci group across 1 directory with 7 updates

6 .github/workflows/scan.yaml vendored Unescape Escape View File

6

.github/workflows/scan.yaml vendored

View File