Bump the actions group with 10 updates

[dependabot]

Bumps the actions group with 10 updates:

Package	From	To
actions/checkout	3	4
actions/setup-go	5.0.1	5.1.0
azure/login	2.1.1	2.2.0
actions/upload-artifact	4.3.3	4.4.3
actions/download-artifact	4.1.7	4.1.8
docker/setup-buildx-action	2.8.0	3.7.1
aquasecurity/trivy-action	0.22.0	0.28.0
mindsers/changelog-reader-action	2.2.2	2.2.3
jandelgado/gcov2lcov-action	1.0.9	1.1.1
coverallsapp/github-action	2.2.1	2.3.4

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
• d632683 Prepare 4.2.0 release (#1878)
• 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
• db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
• b684943 Add Ref and Commit outputs (#1180)
• Additional commits viewable in compare view

Updates actions/setup-go from 5.0.1 to 5.1.0

Release notes

Sourced from actions/setup-go's releases.

v5.1.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/setup-go#500
• Upgrade IA Publish by @​Jcambass in actions/setup-go#502
• Add architecture to cache key by @​Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by @​priyagupta108 in actions/setup-go#510

Bug Fixes

• Revise isGhes logic by @​jww3 in actions/setup-go#511

New Contributors

• @​Zxilly made their first contribution in actions/setup-go#493
• @​Jcambass made their first contribution in actions/setup-go#500
• @​jww3 made their first contribution in actions/setup-go#511
• @​priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

v5.0.2

What's Changed

Bug fixes:

• Fix versions check failure by @​HarithaVattikuti in actions/setup-go#479

Dependency updates:

• Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @​dependabot in actions/setup-go#487

New Contributors

• @​HarithaVattikuti made their first contribution in actions/setup-go#479

Full Changelog: actions/setup-go@v5...v5.0.2

Commits

• 41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
• 9419772 Revise isGhes logic (#511)
• d60b41a Merge pull request #502 from actions/Jcambass-patch-1
• e09f57f Upgrade IA Publish
• df1a117 Merge pull request #500 from actions/Jcambass-patch-1
• 49582f6 Add workflow file for publishing releases to immutable action package
• b26d402 fix: add arch to cache key (#493)
• 0a12ed9 Bump braces from 3.0.2 to 3.0.3 (#487)
• 4ab57d7 Fix versions check failure (#479)
• See full diff in compare view

Updates azure/login from 2.1.1 to 2.2.0

Release notes

Sourced from azure/login's releases.

Azure Login Action v2.2.0

What's Changed

• Replace az --version with az version by @​MoChilia in Azure/login#450
• Update documentation for setting audience when environment is set by @​jcantosz in Azure/login#455
• Fix #459: Errors when registering cloud profile for AzureStack by @​MoChilia in Azure/login#466
• Fix typo by @​KronosTheLate in Azure/login#483
• move pre cleanup to main and add pre-if and post-if by @​YanaXu in Azure/login#484

New Contributors

• @​jcantosz made their first contribution in Azure/login#455
• @​KronosTheLate made their first contribution in Azure/login#483

Full Changelog: Azure/login@v2.1.1...v2.2.0

Commits

• a65d910 prepare release v2.2.0
• a514566 update version to 2.2.0 (#487)
• aa77932 Update Readme to support enable/disable cleanup steps (#485)
• e319965 Add test for docker container (#486)
• 73ceb51 move pre cleanup to main and add pre-if and post-if (#484)
• ffd504a Fix typo (#483)
• 3cf32af enhance telemetry (#478)
• e1a0ade Fix #459: Errors when registering cloud profile for AzureStack (#466)
• 8fb68f4 Remove tests for self-hosted runner (#465)
• 151fd00 Update documentation for setting audience when environment is set (#455)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.3 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add a section about hidden files by @​joshmgross in actions/upload-artifact#607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/upload-artifact#621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in actions/upload-artifact#625

New Contributors

• @​Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

• Exclude hidden files by default by @​joshmgross in actions/upload-artifact#598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

What's Changed

• Revert to @​actions/artifact 2.1.8 by @​robherley in actions/upload-artifact#594

Full Changelog: actions/upload-artifact@v4...v4.3.6

v4.3.5

What's Changed

• Bump @​actions/artifact to v2.1.9 by @​robherley in actions/upload-artifact#588

... (truncated)

Commits

• b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
• 92b01eb Undo indirect dependency updates from #627
• 8448086 Merge pull request #627 from actions/robherley/v4.4.2
• b1d4642 add explicit relative and absolute symlinks to workflow
• d50e660 bump version
• aabe6f8 build with @​actions/artifact v2.1.11
• 604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
• 0150148 paste right core version
• a009b25 update licenses
• 9f6f6f4 update @​actions/core and @​actions/artifact to latest versions
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.1.7 to 4.1.8

Release notes

Sourced from actions/download-artifact's releases.

v4.1.8

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in actions/download-artifact#341

Full Changelog: actions/download-artifact@v4...v4.1.8

Commits

• fa0a91b Merge pull request #341 from actions/robherley/bump-pkgs
• b54d088 Update @​actions/artifact version, bump dependencies
• See full diff in compare view

Updates docker/setup-buildx-action from 2.8.0 to 3.7.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.7.1

• Switch back to uuid package by @​crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

• Always set buildkitd-flags if opt-in by @​crazy-max in docker/setup-buildx-action#363
• Remove uuid package and switch to crypto by @​crazy-max in docker/setup-buildx-action#366
• Bump @​docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

v3.6.1

• Check for malformed docker context by @​crazy-max in docker/setup-buildx-action#347

Full Changelog: docker/setup-buildx-action@v3.6.0...v3.6.1

v3.6.0

• Create temp docker context if default one has TLS data loaded before creating a container builder by @​crazy-max in docker/setup-buildx-action#341

Full Changelog: docker/setup-buildx-action@v3.5.0...v3.6.0

v3.5.0

• Bump @​docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-buildx-action#340 docker/setup-buildx-action#344 docker/setup-buildx-action#345

Full Changelog: docker/setup-buildx-action@v3.4.0...v3.5.0

v3.4.0

• Throw error message instead of exit code by @​crazy-max in docker/setup-buildx-action#315
• Bump @​docker/actions-toolkit from 0.20.0 to 0.31.0 in docker/setup-buildx-action#321 docker/setup-buildx-action#338
• Bump braces from 3.0.2 to 3.0.3 in docker/setup-buildx-action#329
• Bump undici from 5.28.3 to 5.28.4 in docker/setup-buildx-action#312
• Bump uuid from 9.0.1 to 10.0.0 in docker/setup-buildx-action#326

Full Changelog: docker/setup-buildx-action@v3.3.0...v3.4.0

v3.3.0

• Bump @​docker/actions-toolkit from 0.19.0 to 0.20.0 by @​crazy-max in docker/setup-buildx-action#307

Full Changelog: docker/setup-buildx-action@v3.2.0...v3.3.0

v3.2.0

• Rename and align config inputs by @​crazy-max in docker/setup-buildx-action#303
  • config to buildkitd-config
  • config-inline to buildkitd-config-inline
• Bump @​docker/actions-toolkit from 0.17.0 to 0.19.0 in docker/setup-buildx-action#302 docker/setup-buildx-action#306

[!NOTE] config and config-inline input names are deprecated and will be removed in next major release.

... (truncated)

Commits

• c47758b Merge pull request #369 from crazy-max/revert-crypto
• 8fea382 chore: update generated content
• 2874e98 switch back to uuid package
• 8026d2b Merge pull request #362 from docker/dependabot/npm_and_yarn/docker/actions-to...
• e51aab5 chore: update generated content
• fd7390e build(deps): bump @​docker/actions-toolkit from 0.35.0 to 0.39.0
• 910a304 Merge pull request #366 from crazy-max/remove-uuid
• 3623ee4 chore: update generated content
• e0e5ecf remove uuid package and switch to crypto
• 5334dd0 Merge pull request #363 from crazy-max/set-buildkitd-flags-optin
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.22.0 to 0.28.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.28.0

What's Changed

• chore(deps): bump setup-trivy to v0.2.1 by @​DmitriyLewen in aquasecurity/trivy-action#411

Full Changelog: aquasecurity/trivy-action@0.27.0...0.28.0

v0.27.0

What's Changed

• ci: use setup-trivy to install Trivy by @​DmitriyLewen in aquasecurity/trivy-action#406
• chore: update description for scanners and format inputs by @​nikpivkin in aquasecurity/trivy-action#407
• fix: set envs only when passed by @​knqyf263 in aquasecurity/trivy-action#405

Full Changelog: aquasecurity/trivy-action@0.26.0...0.27.0

v0.26.0

What's Changed

• docs: add usage info about action/cache for trivy databases by @​DmitriyLewen in aquasecurity/trivy-action#397
• feat: store artifacts in cache by default by @​knqyf263 in aquasecurity/trivy-action#399

Full Changelog: aquasecurity/trivy-action@0.25.0...0.26.0

v0.25.0

What's Changed

• fix(Makefile): recursive option typo by @​chohner in aquasecurity/trivy-action#371
• chore: use checks bundle snapshot from trivy-action by @​nikpivkin in aquasecurity/trivy-action#388
• Upgrade GitHub actions by @​obounaim in aquasecurity/trivy-action#374
• ci: sync trivy-checks version 1 by @​nikpivkin in aquasecurity/trivy-action#398
• feat(trivy): Bump to support v0.56.1 by @​simar7 in aquasecurity/trivy-action#387

New Contributors

• @​chohner made their first contribution in aquasecurity/trivy-action#371
• @​obounaim made their first contribution in aquasecurity/trivy-action#374

Full Changelog: aquasecurity/trivy-action@0.24.0...0.25.0

v0.24.0

What's Changed

• Upgrade trivy to v0.53.0 by @​Dr-DevOps in aquasecurity/trivy-action#369

Full Changelog: aquasecurity/trivy-action@0.23.0...0.24.0

v0.23.0

What's Changed

• Upgrade trivy to v0.52.2 by @​Dr-DevOps in aquasecurity/trivy-action#367

... (truncated)

Commits

• 915b19b chore(deps): bump setup-trivy to v0.2.1 (#411)
• 5681af8 fix: set envs only when passed (#405)
• 8078967 chore: update description for scanners and format inputs (#407)
• 0fa0cdb ci: use setup-trivy to install Trivy (#406)
• a20de54 feat: store artifacts in cache by default (#399)
• 1b8b83d docs: add usage info about action/cache for trivy databases (#397)
• f781cce feat(trivy): Bump to support v0.56.1 (#387)
• 54f21d8 ci: sync trivy-checks version 1 (#398)
• 89b14e5 Upgrade GitHub actions (#374)
• 97646fe chore: use checks bundle snapshot from trivy-action (#388)
• Additional commits viewable in compare view

Updates mindsers/changelog-reader-action from 2.2.2 to 2.2.3

Release notes

Sourced from mindsers/changelog-reader-action's releases.

v2.2.3

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

Changelog

Sourced from mindsers/changelog-reader-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[2.2.3] - 2024-03-10

Fixed

• Upgrade dependencies to solve deprecation issues.
• Use node v20
• Remove useless empty line between links in the body of a version

[2.2.2] - 2022-11-23

Fixed

• Upgrade dependencies to solve deprecation issues.

[2.2.1] - 2022-11-10

Fixed

• Change node engine for a non-deprecated version.

[2.2.0] - 2022-09-01

Changed

• Allow more section types into prerelease versions. #67

Fixed

• Change the links' syntax to make them correctly recognized by GitHub.

[2.1.1] - 2022-07-03

Fixed

• The action was returning empty data since the last version. Now correctly returns selected entries data.

[2.1.0] - 2022-06-14

Added

• Introduced changelog validation to help keep the release version in line with Semantic Versioning

... (truncated)

Commits

• 32aa5b4 Version bump to 2.2.3
• d80ff88 Rebuild the project
• 3749b1e Fix package command for node v20
• ebbb2a5 Fix tests on addLinks method
• 64ff230 Upgrade deps
• 1d532b4 Merge pull request #81 from mrks115/patch-1
• cc042cc dependencies: bump node to v20
• d8f4048 Merge branch 'develop'
• 3027c3a Merge pull request #76 from mindsers/develop
• See full diff in compare view

Updates jandelgado/gcov2lcov-action from 1.0.9 to 1.1.1

Release notes

Sourced from jandelgado/gcov2lcov-action's releases.

Release 1.1.1

fixes a problem introduced with new gcov2lcov artifact naming scheme

Release 1.1.0

What's Changed

• test with release 1.0.6 by @​jandelgado in jandelgado/gcov2lcov-action#15
• Support new gcov2lcov artefact naming (starting with v1.1.0) by @​jandelgado in jandelgado/gcov2lcov-action#16

Full Changelog: jandelgado/gcov2lcov-action@v1...v1.1.0

Changelog

Sourced from jandelgado/gcov2lcov-action's changelog.

Changelog for gcov2lcov-action

1.1.0, 1.1.1 [2024-10-10]

• prepare for new gcov2lcov version 1.1.0, which will change artifact names

1.0.9 [2022-05-23]

• fix: always set GOROOT before invoking gcov2lcov (#13)

1.0.8 [2020-11-05]

• fix: use correct download link when specific version of gcov2lcov is set (#11)

1.0.5 [2020-10-15]

• without docker runtime

1.0.4 [2020-10-13]

• bump to gcov2lcov 1.0.4
• use precompiled binary

1.0.3 [2020-09-11]

• bump to gcov2lcov 1.0.3

1.0.2 [2020-04-25]

• bump to gcov2lcov 1.0.2 to address coverage calculation problem (jandelgado/gcov2lcov-action#2)

1.0.0 [2019-10-07]

• initial release

Commits

• 4e19897 support new artifact naming (#18)
• 69ef3d5 Support new gcov2lcov artefact naming (starting with v1.1.0) (#16)
• 9a62e29 test with release 1.0.6 (#15)
• See full diff in compare view

Updates coverallsapp/github-action from 2.2.1 to 2.3.4

Release notes

Sourced from coverallsapp/github-action's releases.

v2.3.4

What's Changed

• Add coverage-reporter-platform input option by @​afinetooth in coverallsapp/github-action#233
  • Since we have added support for coverage-reporter on aarch64, we need to provide users of our github-action the ability to select this architecture-specific version of coverage-reporter when they're using an aarch64 / arm64 runner in CI.

Full Changelog: coverallsapp/github-action@v2...v2.3.4

v2.3.3

What's Changed

• Make sure the major version tag always points to the latest release (fixes #222) by @​afinetooth in coverallsapp/github-action#230

Full Changelog: coverallsapp/github-action@v2...v2.3.3

v2.3.2

What's Changed

• Verify that coverage-reporter-version option is recognized by @​afinetooth in coverallsapp/github-action#229
• Add build-number to supported inputs options by @​afinetooth and @​brianatgather in coverallsapp/github-action#228
• Change sha256sum command flag to be compatible with alpine linux distros by @​afinetooth and @​jdebbink in coverallsapp/github-action#227
• Docs: Fix the action version in usage example by @​Jeff-Tian in coverallsapp/github-action#210

New Contributors

• @​brianatgather made their first contribution in coverallsapp/github-action#228 / coverallsapp/github-action#199
• @​jdebbink made their first contribution in coverallsapp/github-action#227 / coverallsapp/github-action#198
• @​Jeff-Tian made their first contribution in coverallsapp/github-action#210

Full Changelog: coverallsapp/github-action@v2.3.1...v2.3.2

v2.3.1

What's Changed

Extend behavior of fail-on-error option to setup failures by @​afinetooth in coverallsapp/github-action#226

• Technically an enhancement, these changes make the action behave as many customers already expect by ignoring any and all failures when the fail-on-error input is set to false.

• Adds logic to handle any failures in "setup" tasks, including downloading the coverage-reporter binary, verifying the binary, and finding the binary by its expected name after extraction.

• The new logic checks these actions and exits with code 1 on failure, except if fail-on-error is set to true, in which case it returns exit code 0.

• Adds a matrix workflow that tests the action for each os and the two key binary commands (coveralls report and coevralls done). Each of these scenarios implicitly tests our setup tasks since they run first in each scenario.

• Also extends the behavior of debug: true to flip the shell-specific debug flag for each os including set -x for linux and macos and Set-PSDebug -Trace 1 for windows.

Full Changelog: coverallsapp/github-action@v2.3.0...v2.3.1

v2.3.0

What's Changed

• Set default values as strings per GH Action requirements by @​littleforest in coverallsapp/github-action#204

... (truncated)

Commits

• cfd0633 Add coverage-reporter-platform input option (#233)
• 0db2c3c Update README.md
• 29d7fa2 Add two more helpful steps to update-major-version-tag workflow (#231)
• 4cdef0b Always point the major version tag to the latest release (#230)
• 43f11c4 Verify that coverage-reporter-version option is recognized (#229)
• c258231 Add build number to supported inputs options (#228)
• 0ae2400 Change command to to be compatible with alpine distros. (#227)
• f795697 Update README.md
• 38d584d Update README.md
• 9a6b4a8 docs: fix the action version (#210)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #313.