Skip to content

chore(deps): bump the actions group across 1 directory with 8 updates #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the actions group across 1 directory with 8 updates #71

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps the actions group with 8 updates in the / directory:

Package From To
docker/login-action 3.4.0 3.7.0
sigstore/sigstore-conformance 0.0.18 0.0.25
chainguard-dev/actions 1.4.7 1.5.16
cpanato/vault-installer 1.2.0 1.4.0
imjasonh/setup-crane 0.4 0.5
mikefarah/yq 4.47.1 4.52.2
ossf/scorecard-action 2.4.2 2.4.3
codecov/codecov-action 5.4.3 5.5.2

Updates docker/login-action from 3.4.0 to 3.7.0

Release notes

Sourced from docker/login-action's releases.

v3.7.0

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Full Changelog: docker/login-action@v3.4.0...v3.5.0

Commits
  • c94ce9f Merge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.23
  • 8339c95 Merge pull request #912 from docker/scope
  • c83e932 build(deps): bump lodash from 4.17.21 to 4.17.23
  • b268aa5 chore: update generated content
  • a603229 documentation for scope input
  • 7567f92 Add scope input to set scopes for the authentication token
  • 0567fa5 Merge pull request #914 from dphi/add-support-for-amazonaws.eu
  • f6ef577 feat: add support for AWS European Sovereign Cloud ECR registries
  • 916386b Merge pull request #911 from crazy-max/ensure-redact
  • 5b3f94a chore: update generated content
  • Additional commits viewable in compare view

Updates sigstore/sigstore-conformance from 0.0.18 to 0.0.25

Release notes

Sourced from sigstore/sigstore-conformance's releases.

v0.0.25

This release contains a number of new tests and a change to the client-under-test CLI: users need to modify their client wrappers (or add new tests to expected failures).

Changes in client-under-test CLI

  • The expected client CLI now includes --key <FILE> as an alternative to --certificate-identity <IDENTITY> --certificate-oidc-issuer <URL>. Details in ‎cli_protocol.md. Clients that do not support keys as identities can add "test_verify*managed-key-happy-path] test_verify*managed-key-and-trusted-root]" to their expected failure list.

Added tests

  • Bundle validity checks bundle-empty-certificate-chain, bundle-invalid-base64-signature, bundle-malformed-json, bundle-negative-log-index, bundle-unknown-version, inclusion-proof-corrupted-hash
  • message-digest-mismatch: Note that the message digest field in the signature is an unauthenticated hint. The conformance test suite expects a verification failure here only for consistency.
  • Bundle with SCT extensions bundle-with-sct-with-extensions -- this is a requirement for using TesseraCT as Fulcio CT in future
  • Managed key tests managed-key-happy-path ,managed-key-and-trusted-root, managed-key-no-key, managed-key-wrong-key -- these tests require the client-under-test CLI to implement the --key argument

v0.0.24

What's Changed

The release improves the content quality of the Client Conformance Report.

Full Changelog: sigstore/sigstore-conformance@v0.0.23...v0.0.24

v0.0.23

sigstore-conformance GitHub action now publishes test results as GitHub artifacts: The sigstore-conformance project collects these results into a report: https://sigstore.github.io/sigstore-conformance/

Note: Users are requested to schedule a weekly run of sigstore-conformance to ensure that up-to-date results are available for the report. Thanks for the help!

Added

  • Publish conformance test results (#268)

Fixed

  • Fix cache dir lookup on non-linux platforms (#264)

v0.0.22

Changes

The main change fixes installation issue on Python 3.14 (sigstore/sigstore-conformance#269): The action now manages the Python version it uses internally.

Full Changelog: sigstore/sigstore-conformance@v0.0.21...v0.0.22

... (truncated)

Commits
  • eae6eb1 suggest implementation strategy for managed key verify tests (#306)
  • d375b73 Add bundle with SCT with extensions to tests (#319)
  • 468e8b2 add a test for message digest mismatch with artifact hash (#312)
  • 120147f workflows: Add sigstore-rust to client conformance report (#316)
  • ecb8250 add a simple corrupted inclusion proof check (#315)
  • 70c3a2e Bump the actions group with 2 updates (#310)
  • 6c410c9 Bump certifi from 2025.11.12 to 2026.1.4 (#313)
  • 6f2bf82 add some checks for malformed content (#314)
  • c301daf Bump urllib3 from 2.6.2 to 2.6.3 (#311)
  • ef55a33 Bump the python-minor-and-patch-updates group with 2 updates (#308)
  • Additional commits viewable in compare view

Updates chainguard-dev/actions from 1.4.7 to 1.5.16

Release notes

Sourced from chainguard-dev/actions's releases.

v1.5.16

What's Changed

Full Changelog: chainguard-dev/actions@v1.5.15...v1.5.16

v1.5.15

What's Changed

New Contributors

Full Changelog: chainguard-dev/actions@v1.5.14...v1.5.15

v1.5.14

What's Changed

New Contributors

Full Changelog: chainguard-dev/actions@v1.5.13...v1.5.14

v1.5.13

What's Changed

... (truncated)

Commits
  • eba358c Bump chainguard-dev/actions from 1.5.14 to 1.5.15 (#722)
  • 00a50f7 Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in /gofmt (#723)
  • cf602f5 Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in /goimports (#724)
  • 930437d Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in /inky-build-pkg (#725)
  • 1f5ef45 Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in /melange-build (#726)
  • 706776c Bump chainguard-dev/actions from 1.5.14 to 1.5.15 in /wolfi-build-pkg (#727)
  • 3e34466 Bump imjasonh/setup-crane from 0.4 to 0.5 in /setup-registry (#721)
  • 6f74cde Drop build and prerelease types from release workflow (#720)
  • f9aebc4 Add retries to the eksctl downloads (#719)
  • 17095df Bump chainguard-dev/actions from 1.5.13 to 1.5.14 (#713)
  • Additional commits viewable in compare view

Updates cpanato/vault-installer from 1.2.0 to 1.4.0

Release notes

Sourced from cpanato/vault-installer's releases.

v1.4.0

What's Changed

Full Changelog: cpanato/vault-installer@v1.3.0...v1.4.0

v1.3.0

What's Changed

Full Changelog: cpanato/vault-installer@v1.2.0...v1.3.0

Commits

Updates imjasonh/setup-crane from 0.4 to 0.5

Release notes

Sourced from imjasonh/setup-crane's releases.

v0.5

What's Changed

New Contributors

Full Changelog: imjasonh/setup-crane@v0.4...v0.5

Commits

Updates mikefarah/yq from 4.47.1 to 4.52.2

Release notes

Sourced from mikefarah/yq's releases.

v4.52.2

  • Fixed bad instructions file breaking go-install (#2587) Thanks @​theyoprst
  • Fixed TOML table scope after comments (#2588) Thanks @​tomers
  • Multiply uses a readonly context (#2558)
  • Fixed merge globbing wildcards in keys (#2564)
  • Fixing TOML subarray parsing issue (#2581)

v4.52.1 - TOML roundtrip and more!

  • TOML encoder support - you can now roundtrip! #1364

  • Parent now supports negative indices, and added a 'root' command for referencing the top level document

  • Fixed scalar encoding for HCL

  • Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks @​jfenal

  • Add symlink check to file rename util (#2576) Thanks @​Elias-elastisys

  • Powershell fixed default command used for __completeNoDesc alias (#2568) Thanks @​teejaded

  • Unwrap scalars in shell output mode. (#2548) Thanks @​flintwinters

  • Added K8S KYAML output format support (#2560) Thanks @​robbat2

  • Bumped dependencies

  • Special shout out to @​ccoVeille for reviewing my PRs!

Thanks to everyone that contributed ❤️

v4.50.1 - HCL!

  • Added HCL Support - First cut - hopefully it works well! (#1844)
  • Fixing handling of CRLF #2352
  • Bumped dependencies

v4.49.2

v4.49.1 - Security Flags and TOML fixes

  • Added --security flags to disable env and file ops #2515
  • Fixing TOML ArrayTable parsing issues #1758
  • Fixing parsing of escaped characters #2506

v4.48.2

v4.48.1 - First and Parents Operators

  • Added 'parents' operator, to return a list of all the hierarchical parents of a node
  • Added 'first(exp)' operator, to return the first entry matching an expression in an array
  • Fixed xml namespace prefixes #1730 (thanks @​baodrate)
  • Fixed out of range panic in yaml decoder #2460 (thanks @​n471d)
  • Bumped dependencies

... (truncated)

Changelog

Sourced from mikefarah/yq's changelog.

4.52.2:

  • Fixed bad instructions file breaking go-install (#2587) Thanks @​theyoprst
  • Fixed TOML table scope after comments (#2588) Thanks @​tomers
  • Multiply uses a readonly context (#2558)
  • Fixed merge globbing wildcards in keys (#2564)
  • Fixing TOML subarray parsing issue (#2581)

4.52.1:

  • TOML encoder support - you can now roundtrip! #1364

  • Parent now supports negative indices, and added a 'root' command for referencing the top level document

  • Fixed scalar encoding for HCL

  • Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks @​jfenal

  • Add symlink check to file rename util (#2576) Thanks @​Elias-elastisys

  • Powershell fixed default command used for __completeNoDesc alias (#2568) Thanks @​teejaded

  • Unwrap scalars in shell output mode. (#2548) Thanks @​flintwinters

  • Added K8S KYAML output format support (#2560) Thanks @​robbat2

  • Bumped dependencies

  • Special shout out to @​ccoVeille for reviewing my PRs!

4.50.1:

  • Added HCL support!
  • Fixing handling of CRLF #2352
  • Bumped dependencies

4.49.2:

4.49.1:

  • Added --security flags to disable env and file ops #2515
  • Fixing TOML ArrayTable parsing issues #1758
  • Fixing parsing of escaped characters #2506

4.48.2:

4.48.1:

  • Added 'parents' operator, to return a list of all the hierarchical parents of a node
  • Added 'first(exp)' operator, to return the first entry matching an expression in an array
  • Fixed xml namespace prefixes #1730 (thanks @​baodrate)
  • Fixed out of range panic in yaml decoder #2460 (thanks @​n471d)
  • Bumped dependencies

4.47.2:

... (truncated)

Commits
  • 2be0094 Bumping version
  • 3c18d5b Preparing release
  • 2dcc229 Merge branch 'tomers-fix/toml-comments-table-scope-2588'
  • eb4fde4 Pulling out common code
  • 06ea4cf Fixing spelling
  • 37089d2 Merge branch 'fix/toml-comments-table-scope-2588' of github.com:tomers/yq int...
  • 7cf88a0 Add regression test for go install compatibility #2587 (#2591)
  • 41adc1a Fixing wrongly named instructions file
  • b4b96f2 Fix TOML table parsing after standalone comments
  • 2824d66 Multiply uses a readonly context #2558
  • Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.2 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.4.3 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1

v5.5.0

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • `@dependabot ...

Description has been truncated

@dependabot
chore(deps): bump the actions group across 1 directory with 8 updates
d865143 
Bumps the actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.7.0` |
| [sigstore/sigstore-conformance](https://github.com/sigstore/sigstore-conformance) | `0.0.18` | `0.0.25` |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.4.7` | `1.5.16` |
| [cpanato/vault-installer](https://github.com/cpanato/vault-installer) | `1.2.0` | `1.4.0` |
| [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) | `0.4` | `0.5` |
| [mikefarah/yq](https://github.com/mikefarah/yq) | `4.47.1` | `4.52.2` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `5.5.2` |



Updates `docker/login-action` from 3.4.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@74a5d14...c94ce9f)

Updates `sigstore/sigstore-conformance` from 0.0.18 to 0.0.25
- [Release notes](https://github.com/sigstore/sigstore-conformance/releases)
- [Commits](sigstore/sigstore-conformance@fd90e6b...eae6eb1)

Updates `chainguard-dev/actions` from 1.4.7 to 1.5.16
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@708219d...eba358c)

Updates `cpanato/vault-installer` from 1.2.0 to 1.4.0
- [Release notes](https://github.com/cpanato/vault-installer/releases)
- [Commits](cpanato/vault-installer@e7c1d66...fe56817)

Updates `imjasonh/setup-crane` from 0.4 to 0.5
- [Release notes](https://github.com/imjasonh/setup-crane/releases)
- [Commits](imjasonh/setup-crane@31b88ef...6da1ae0)

Updates `mikefarah/yq` from 4.47.1 to 4.52.2
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@f03c9dc...2be0094)

Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@05b42c6...4eaacf0)

Updates `codecov/codecov-action` from 5.4.3 to 5.5.2
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@18283e0...671740a)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sigstore/sigstore-conformance
  dependency-version: 0.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.5.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: cpanato/vault-installer
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: imjasonh/setup-crane
  dependency-version: '0.5'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-version: 4.52.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants