Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github actions #404

Merged
merged 1 commit into from
Nov 23, 2024
Merged

chore(deps): update github actions #404

merged 1 commit into from
Nov 23, 2024

Conversation

miracum-renovate[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v3.27.4 -> v3.27.5
oxsecurity/megalinter action minor v8.2.0 -> v8.3.0
step-security/harden-runner action patch v2.10.1 -> v2.10.2

Release Notes

github/codeql-action (github/codeql-action)

v3.27.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.5 - 19 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

oxsecurity/megalinter (oxsecurity/megalinter)

v8.3.0

Compare Source

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths

  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow

  • Linter versions upgrades (13)

step-security/harden-runner (step-security/harden-runner)

v2.10.2

Compare Source

What's Changed

  1. Fixes low-severity command injection weaknesses
    The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@github-actions GitHub Actions
Copy link

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 5 0 0.09s
✅ BASH bash-exec 3 0 0.01s
✅ BASH shellcheck 3 0 0.06s
✅ BASH shfmt 3 0 0.0s
✅ EDITORCONFIG editorconfig-checker 213 0 0.37s
✅ JSON jsonlint 1 0 4.93s
✅ JSON prettier 1 0 0.4s
✅ MARKDOWN markdownlint 13 0 2.67s
✅ REPOSITORY checkov yes no 21.57s
✅ REPOSITORY dustilock yes no 0.01s
✅ REPOSITORY gitleaks yes no 5.62s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY grype yes no 12.15s
✅ REPOSITORY secretlint yes no 0.87s
✅ REPOSITORY syft yes no 6.38s
✅ REPOSITORY trivy yes no 11.85s
✅ REPOSITORY trivy-sbom yes no 0.15s
✅ REPOSITORY trufflehog yes no 3.26s
✅ YAML prettier 145 0 3.19s
✅ YAML yamllint 145 0 1.83s

See detailed report in MegaLinter reports

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

MegaLinter is graciously provided by OX Security

@chgl chgl merged commit 639474c into master Nov 23, 2024
6 checks passed
@miracum-renovate miracum-renovate bot deleted the renovate/github-actions branch November 23, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chgl