Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the actions-minor group with 3 updates #232

Merged
merged 2 commits into from
Oct 3, 2024
Merged

Bump the actions-minor group with 3 updates #232

merged 2 commits into from
Oct 3, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 19, 2024
edited
Loading

This Pull Request Was Automated by Hamster [bot]

Note

Workflow Trigger: push event .
Details of Run: https://github.com/offensive-vk/UntilEverything/actions/runs/10973260795

  • Author: @TheHamsterBot
  • Branch: master (base) / refs/heads/dependabot/github_actions/actions-minor-e2495e3880 (head)
  • Commit: c4bf8cb
  • Workflow Path: CI / Automated Pull Request
  • Pull Request Number: ||
  • Pusher Details: offensive-vk [email protected]

Thanks.
Sep 21, Saturday 02:20:50 PM
Your Hamster 🐹 PF78VAPPKLZ2

@dependabot
Bump the actions-minor group with 3 updates
b0e8aff 
Bumps the actions-minor group with 3 updates: [docker/login-action](https://github.com/docker/login-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).


Updates `docker/login-action` from 3.0.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v3...v3.3.0)

Updates `sigstore/cosign-installer` from 3.1.1 to 3.6.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@6e04d22...4959ce0)

Updates `docker/setup-buildx-action` from 3.0.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@f95db51...988b5a0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 19, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 19, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/docker/login-action 3.3.0 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 3Found 1/3 approved changesets -- score normalized to 3
Maintained🟢 1011 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/docker/login-action 3b8fed7e4b60203b2aa0ecc6c6d6d91d12c06760 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 3Found 1/3 approved changesets -- score normalized to 3
Maintained🟢 1011 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/docker/setup-buildx-action 988b5a0280414f521da01fcc63a27aeeb4b104db 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 3Found 1/3 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/sigstore/cosign-installer 4959ce089c160fddf62f7b42464195ba1a56d382 🟢 7.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 55 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 10all dependencies are pinned
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

.github/workflows/deploy.yml
.github/workflows/docker-publish.yml

@TheHamsterBot TheHamsterBot added yml Workflow or GH Actions ci/cd Relating to CI/CD. [Imp] labels Sep 21, 2024
@offensive-vk offensive-vk merged commit e0bd32d into master Oct 3, 2024
43 checks passed
@offensive-vk offensive-vk deleted the dependabot/github_actions/actions-minor-e2495e3880 branch October 3, 2024 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offensive-vk offensive-vk offensive-vk approved these changes

Assignees
No one assigned
Labels
ci/cd Relating to CI/CD. [Imp] dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code yml Workflow or GH Actions
Projects
UntilEverything 📝
Status: Sep-Oct-2024
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@offensive-vk @TheHamsterBot