From 05508e3fddcd321f679853f11dae98313b5e45d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 22:09:28 +0000 Subject: [PATCH] build(deps): bump the github-actions group across 2 directories with 4 updates Bumps the github-actions group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform). Bumps the github-actions group with 1 update in the /.github/actions/bootstrap directory: [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) Updates `actions/attest-build-provenance` from 3 to 4 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/v3...v4) Updates `hashicorp/setup-terraform` from 3.1.2 to 4.0.0 - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/b9cd54a3c349d3f38e8881555d616ced269862dd...5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85) Updates `anchore/sbom-action` from 0.22.2 to 0.23.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/28d71544de8eaf1b958d335707167c5f783590ad...17ae1740179002c89186b61233e0f892c3118b11) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: hashicorp/setup-terraform dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-version: 0.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/actions/bootstrap/action.yml | 2 +- .github/workflows/release.yml | 8 ++++---- .github/workflows/smoke-tests.yml | 2 +- .github/workflows/test.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml index 20daafa5..6fef58b0 100644 --- a/.github/actions/bootstrap/action.yml +++ b/.github/actions/bootstrap/action.yml @@ -28,4 +28,4 @@ runs: # See https://goreleaser.com/blog/supply-chain-security/ - name: installs syft for generating the SBOM with goreleaser if: "${{ inputs.goreleaser == 'true' }}" - uses: anchore/sbom-action/download-syft@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 + uses: anchore/sbom-action/download-syft@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a0ece99d..3fd78e98 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,7 +57,7 @@ jobs: run: make release # Store artifacts to help with troubleshooting - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 if: always() with: name: release @@ -65,7 +65,7 @@ jobs: retention-days: 5 # Store artifacts to help with troubleshooting - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 if: always() with: name: aws @@ -73,12 +73,12 @@ jobs: retention-days: 5 - name: generate build provenance (binaries) - uses: actions/attest-build-provenance@v3 + uses: actions/attest-build-provenance@v4 with: subject-checksums: ./dist/checksums.txt - name: generate build provenance (docker images) - uses: actions/attest-build-provenance@v3 + uses: actions/attest-build-provenance@v4 with: subject-checksums: ./dist/digests.txt diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index cbdefd9c..01f36360 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -39,7 +39,7 @@ jobs: uses: ./.github/actions/bootstrap with: goreleaser: 'true' - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.2.3 - uses: elastic/oblt-actions/aws/auth@v1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 19585924..63434d1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -58,7 +58,7 @@ jobs: - name: Build run: make build dist - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 if: always() with: name: snapshots @@ -69,7 +69,7 @@ jobs: # but only for binaries - name: generate build provenance (binaries) if: github.event.pull_request.head.repo.full_name == github.repository - uses: actions/attest-build-provenance@v3 + uses: actions/attest-build-provenance@v4 with: subject-checksums: ./dist/checksums.txt