Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #183

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github-actions #183

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/upload-artifact action minor v4.4.3 -> v4.6.0
github/codeql-action action minor v3.27.0 -> v3.28.1
miracum/.github action minor v1.12.7 -> v1.13.1

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

github/codeql-action (github/codeql-action)

v3.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025
  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
  • Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024
  • Bump the minimum CodeQL bundle version to 2.15.5. #​2655
  • Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024
  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024
  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

miracum/.github (miracum/.github)

v1.13.1

Compare Source

Miscellaneous Chores

v1.13.0

Compare Source

Features
  • support for app-token based releases (91be41c)

v1.12.12

Compare Source

Miscellaneous Chores
  • deps: update oxsecurity/megalinter action to v8.3.0 (#​99) (abfae50)

v1.12.11

Compare Source

Miscellaneous Chores

v1.12.10

Compare Source

Miscellaneous Chores
  • deps: update oxsecurity/megalinter action to v8.2.0 (#​96) (3a6d6e8)

v1.12.9

Compare Source

Miscellaneous Chores

v1.12.8

Compare Source

Miscellaneous Chores

Configuration

📅 Schedule: Branch creation - "* * 1 */3 *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025
edited
Loading

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 4 0 0.08s
✅ BASH bash-exec 1 0 0.01s
✅ BASH shellcheck 1 0 0.09s
⚠️ BASH shfmt 1 1 0.0s
✅ DOCKERFILE hadolint 2 0 0.08s
✅ EDITORCONFIG editorconfig-checker 67 0 0.26s
❌ GROOVY npm-groovy-lint 2 1 11.94s
✅ JAVA checkstyle 19 0 5.66s
✅ JSON jsonlint 5 0 0.19s
✅ JSON prettier 5 0 1.38s
✅ JSON v8r 5 0 3.95s
✅ MARKDOWN markdownlint 2 0 0.49s
✅ PYTHON bandit 1 0 1.45s
✅ PYTHON black 1 0 2.0s
✅ PYTHON flake8 1 0 1.79s
✅ PYTHON isort 1 0 0.88s
✅ PYTHON mypy 1 0 9.51s
✅ PYTHON ruff 1 0 0.03s
✅ REPOSITORY checkov yes no 24.88s
✅ REPOSITORY gitleaks yes no 1.75s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY grype yes no 15.45s
✅ REPOSITORY kics yes no 5.2s
✅ REPOSITORY secretlint yes no 1.09s
✅ REPOSITORY syft yes no 2.43s
✅ REPOSITORY trivy yes no 10.27s
✅ REPOSITORY trivy-sbom yes no 0.13s
✅ REPOSITORY trufflehog yes no 4.56s
✅ XML xmllint 1 0 0.02s
✅ YAML prettier 17 0 1.01s
✅ YAML yamllint 17 0 0.97s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

Code Coverage Report

Overall Project 29.93%

There is no coverage information present for the Files changed

@renovate renovate bot force-pushed the renovate/github-actions branch from 054562f to bda0d8e Compare January 10, 2025 18:56
@renovate renovate bot force-pushed the renovate/github-actions branch from bda0d8e to d83709f Compare January 14, 2025 16:22
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link

Trivy image scan report

ghcr.io/miracum/fhir-gateway:pr-183 (debian 12.7)

No Vulnerabilities found

No Misconfigurations found

Java

9 known vulnerabilities found (CRITICAL: 0 HIGH: 7 MEDIUM: 1 LOW: 1)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-52007 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-52007 HIGH 6.3.23 6.4.0
ch.qos.logback:logback-core CVE-2024-12798 MEDIUM 1.5.11 1.5.13, 1.3.15
ch.qos.logback:logback-core CVE-2024-12801 LOW 1.5.11 1.5.13, 1.3.15
commons-io:commons-io CVE-2024-47554 HIGH 2.11.0 2.14.0
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 HIGH 10.1.31 11.0.2, 10.1.34, 9.0.98
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-56337 HIGH 10.1.31 11.0.2, 10.1.34, 9.0.98

No Misconfigurations found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants