synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-13 21:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: bump the github-actions group with 4 updates (#16966)

Browse Source 
Bumps the github-actions group with 4 updates:
[docker/login-action](https://github.com/docker/login-action),
[tj-actions/changed-files](https://github.com/tj-actions/changed-files),
[nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action)
and
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `docker/login-action` from 3.3.0 to 3.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<ul>
<li>Bump <code>@​actions/core</code> from 1.10.1 to 1.11.1 in <a
href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> to 3.766.0 in <a
href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a>
<a
href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> to 3.758.0 in <a
href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a>
<a
href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a>
<a
href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a>
<a
href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li>
<li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a
href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li>
<li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a
href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li>
<li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a
href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74a5d14239"><code>74a5d14</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/856">#856</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="2f4f00e4c6"><code>2f4f00e</code></a>
chore: update generated content</li>
<li><a
href="67c184546c"><code>67c1845</code></a>
build(deps): bump the aws-sdk-dependencies group across 1 directory with
2 up...</li>
<li><a
href="3d4cc89e85"><code>3d4cc89</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/844">#844</a>
from graysonpike/master</li>
<li><a
href="6cc823a6c4"><code>6cc823a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/823">#823</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="d94e792124"><code>d94e792</code></a>
chore: update generated content</li>
<li><a
href="033db0da30"><code>033db0d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/812">#812</a>
from docker/dependabot/github_actions/codecov/codecov...</li>
<li><a
href="09c2ae9716"><code>09c2ae9</code></a>
build(deps): bump https-proxy-agent</li>
<li><a
href="ba56f006fc"><code>ba56f00</code></a>
ci: update deprecated input for codecov-action</li>
<li><a
href="75bf9a79af"><code>75bf9a7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/858">#858</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li>Additional commits viewable in <a
href="9780b0c442...74a5d14239">compare
view</a></li>
</ul>
</details>
<br />

Updates `tj-actions/changed-files` from
dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to
531f5f7d163941f0c1c04e0ff4d8bb243ac4366f
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.0...v46.0.1">46.0.1</a>
- (2025-03-16)</h1>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2473">#2473</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="2f7c5bfce2">2f7c5bf</a>)
- (github-actions[bot])</p>
<ul>
<li>Sync-release-version.yml to use signed commits (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2472">#2472</a>)
(<a
href="4189ec62c4">4189ec6</a>)
- (Tonye Jack)</li>
</ul>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v45.0.9...v46.0.0">46.0.0</a>
- (2025-03-16)</h1>
<h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2>
<ul>
<li>Update update-readme.yml to sign-commits (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2468">#2468</a>)
(<a
href="0f1ffe6185">0f1ffe6</a>)
- (Tonye Jack)</li>
<li>Update permission in update-readme.yml workflow (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2467">#2467</a>)
(<a
href="ddef03e37c">ddef03e</a>)
- (Tonye Jack)</li>
<li>Update github workflow update-readme.yml (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2466">#2466</a>)
(<a
href="9c2df0d54a">9c2df0d</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted --> Remove</h2>
<ul>
<li>Deleted renovate.json (<a
href="e37e952786">e37e952</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Sync-release-version.yml (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2471">#2471</a>)
(<a
href="4cd184a1dd">4cd184a</a>)
- (Tonye Jack)</li>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2469">#2469</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="5cbf22026d">5cbf220</a>)
- (github-actions[bot])</p>
<h2><!-- raw HTML omitted -->📚 Documentation</h2>
<ul>
<li>Update docs to highlight security issues (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2465">#2465</a>)
(<a
href="65253327cf">6525332</a>)
- (Tonye Jack)</li>
</ul>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v45.0.4...v45.0.9">45.0.9</a>
- (2025-03-15)</h1>
<h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2>
<ul>
<li><strong>deps:</strong> Update dependency <code>@​octokit/rest</code>
to v21.1.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2435">#2435</a>)
(<a
href="fb8dcda5fb">fb8dcda</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency <code>@​octokit/rest</code>
to v21.1.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2394">#2394</a>)
(<a
href="7b72c97d73">7b72c97</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency yaml to v2.7.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2383">#2383</a>)
(<a
href="5f974c28f5">5f974c2</a>)
- (renovate[bot])</li>
</ul>
<h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2>
<ul>
<li><strong>deps:</strong> Lock file maintenance (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2460">#2460</a>)
(<a
href="9200e69727">9200e69</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency <code>@​types/node</code>
to v22.13.10 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2459">#2459</a>)
(<a
href="e650cfdae5">e650cfd</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency eslint-config-prettier to
v10.1.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2458">#2458</a>)
(<a
href="82af21f4a0">82af21f</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency eslint-config-prettier to
v10.1.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2457">#2457</a>)
(<a
href="82fa4a6402">82fa4a6</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update peter-evans/create-pull-request action
to v7.0.8 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2455">#2455</a>)
(<a
href="315505acf4">315505a</a>)
- (renovate[bot])</li>
<li><strong>deps:</strong> Update dependency <code>@​types/node</code>
to v22.13.9 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2454">#2454</a>)
(<a
href="c8e1cdb9ea">c8e1cdb</a>)
- (renovate[bot])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="531f5f7d16"><code>531f5f7</code></a>
Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2479">#2479</a>)</li>
<li><a
href="dccd1949ad"><code>dccd194</code></a>
doc: update README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2478">#2478</a>)</li>
<li><a
href="9237eb7a0f"><code>9237eb7</code></a>
Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2476">#2476</a>)</li>
<li><a
href="d52b942ee0"><code>d52b942</code></a>
add hint to revoke leaked token (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2475">#2475</a>)</li>
<li><a
href="45fb12d7a8"><code>45fb12d</code></a>
Upgraded to v46.0.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2474">#2474</a>)</li>
<li><a
href="2f7c5bfce2"><code>2f7c5bf</code></a>
Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2473">#2473</a>)</li>
<li><a
href="4189ec62c4"><code>4189ec6</code></a>
update: sync-release-version.yml to use signed commits (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2472">#2472</a>)</li>
<li><a
href="4cd184a1dd"><code>4cd184a</code></a>
update: sync-release-version.yml (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2471">#2471</a>)</li>
<li><a
href="5cbf22026d"><code>5cbf220</code></a>
Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2469">#2469</a>)</li>
<li><a
href="0f1ffe6185"><code>0f1ffe6</code></a>
fix: update update-readme.yml to sign-commits (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2468">#2468</a>)</li>
<li>Additional commits viewable in <a
href="dcc7a0cba8...531f5f7d16">compare
view</a></li>
</ul>
</details>
<br />

Updates `nix-community/cache-nix-action` from 6.1.1 to 6.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nix-community/cache-nix-action/releases">nix-community/cache-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.2</h2>
<h2>Fixes</h2>
<ul>
<li>Fix nix store database merging logic (<a
href="https://redirect.github.com/nix-community/cache-nix-action/pull/84">nix-community/cache-nix-action#84</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c448f065ba"><code>c448f06</code></a>
Merge pull request <a
href="https://redirect.github.com/nix-community/cache-nix-action/issues/84">#84</a>
from nix-community/82-bug-v610-and-v611-dont-seem-to-w...</li>
<li><a
href="fc908ede39"><code>fc908ed</code></a>
chore: build the action</li>
<li><a
href="57dad844a9"><code>57dad84</code></a>
chore: build the action</li>
<li><a
href="0d5803d685"><code>0d5803d</code></a>
fix(action): print a message after the check</li>
<li><a
href="db360de0f8"><code>db360de</code></a>
chore: build the action</li>
<li><a
href="07c1e7f98e"><code>07c1e7f</code></a>
fix(action): join on the derivation path, not the output path</li>
<li><a
href="1b9cbefbf8"><code>1b9cbef</code></a>
fix(action): parse gc-max-store-size correctly</li>
<li>See full diff in <a
href="aee88ae5ef...c448f065ba">compare
view</a></li>
</ul>
</details>
<br />

Updates `aquasecurity/trivy-action` from 0.29.0 to 0.30.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.30.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: Update default trivy version in README by <a
href="https://github.com/derrix060"><code>@​derrix060</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/444">aquasecurity/trivy-action#444</a></li>
<li>fix: typo in description of an input for action.yaml by <a
href="https://github.com/yutatokoi"><code>@​yutatokoi</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/452">aquasecurity/trivy-action#452</a></li>
<li>Improve README/SBOM by <a
href="https://github.com/AB-xdev"><code>@​AB-xdev</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/439">aquasecurity/trivy-action#439</a></li>
<li>chore: bump trivy to v0.60.0 by <a
href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/453">aquasecurity/trivy-action#453</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/derrix060"><code>@​derrix060</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/444">aquasecurity/trivy-action#444</a></li>
<li><a href="https://github.com/yutatokoi"><code>@​yutatokoi</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/452">aquasecurity/trivy-action#452</a></li>
<li><a href="https://github.com/AB-xdev"><code>@​AB-xdev</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/439">aquasecurity/trivy-action#439</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.30.0">https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.30.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c175e9c40"><code>6c175e9</code></a>
chore: bump trivy to v0.60.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/453">#453</a>)</li>
<li><a
href="53e8848d3e"><code>53e8848</code></a>
Improve README/SBOM (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/439">#439</a>)</li>
<li><a
href="ef1b561207"><code>ef1b561</code></a>
fix: typo in description of an input for action.yaml (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/452">#452</a>)</li>
<li><a
href="a11da62073"><code>a11da62</code></a>
fix: Update default trivy version in README (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/444">#444</a>)</li>
<li>See full diff in <a
href="18f2510ee3...6c175e9c40">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot]
2025-03-17 11:56:03 +00:00
committed by GitHub
parent c429e0d5f3
commit 27a160d136
7 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci.yaml vendored
View File

@ -1045,7 +1045,7 @@ jobs:
fetch-depth: 0
- name: GHCR Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}

2
.github/workflows/docker-base.yaml vendored
View File

@ -46,7 +46,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Docker login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}

2
.github/workflows/docs-ci.yaml vendored
View File

@ -28,7 +28,7 @@ jobs:
- name: Setup Node
uses: ./.github/actions/setup-node
- uses: tj-actions/changed-files@dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 # v45.0.7
- uses: tj-actions/changed-files@531f5f7d163941f0c1c04e0ff4d8bb243ac4366f # v45.0.7
id: changed-files
with:
files: |

4
.github/workflows/dogfood.yaml vendored
View File

@ -37,7 +37,7 @@ jobs:
- name: Setup Nix
uses: nixbuild/nix-quick-install-action@5bb6a3b3abe66fd09bbf250dce8ada94f856a703 # v30
- uses: nix-community/cache-nix-action@aee88ae5efbbeb38ac5d9862ecbebdb404a19e69 # v6.1.1
- uses: nix-community/cache-nix-action@c448f065ba14308da81de769632ca67a3ce67cf5 # v6.1.2
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
@ -76,7 +76,7 @@ jobs:
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

2
.github/workflows/pr-deploy.yaml vendored
View File

@ -237,7 +237,7 @@ jobs:
uses: ./.github/actions/setup-sqlc
- name: GHCR Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}

2
.github/workflows/release.yaml vendored
View File

@ -208,7 +208,7 @@ jobs:
cat "$CODER_RELEASE_NOTES_FILE"
- name: Docker Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}

2
.github/workflows/security.yaml vendored
View File

@ -136,7 +136,7 @@ jobs:
echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
image-ref: ${{ steps.build.outputs.image }}
format: sarif