Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 #249

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 22, 2024

Bumps docker/setup-buildx-action from 3.4.0 to 3.5.0.

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.5.0

Full Changelog: docker/setup-buildx-action@v3.4.0...v3.5.0

Commits
  • aa33708 Merge pull request #345 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 2d99e34 chore: update generated content
  • 4dab436 build(deps): bump @​docker/actions-toolkit from 0.34.0 to 0.35.0
  • 49a04d6 Merge pull request #344 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • a6ade2e chore: update generated content
  • 2f2694b switch to Docker exec
  • 0a4bab6 build(deps): bump @​docker/actions-toolkit from 0.32.0 to 0.34.0
  • 2ad1852 Merge pull request #340 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 560ac46 chore: update generated content
  • b3a3417 build(deps): bump @​docker/actions-toolkit from 0.31.0 to 0.32.0
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @tylertitsworth.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from tylertitsworth as a code owner July 22, 2024 13:28
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 22, 2024
@dependabot dependabot bot requested a review from sharvil10 as a code owner July 22, 2024 13:28
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Jul 22, 2024
@dependabot dependabot bot requested a review from jitendra42 as a code owner July 22, 2024 13:28
Copy link

github-actions bot commented Jul 22, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/docker/setup-buildx-action aa33708b10e362ff993539393ff100fa93ed6a27 🟢 5.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/3 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/test-runner-ci.yaml

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4fd8129...aa33708)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/docker/setup-buildx-action-3.5.0 branch from 264fa99 to ad0a0a2 Compare July 22, 2024 15:46
Copy link
Contributor

@tylertitsworth tylertitsworth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot merged commit 8b764d7 into main Jul 22, 2024
21 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/docker/setup-buildx-action-3.5.0 branch July 22, 2024 15:57
jitendra42 pushed a commit to jitendra42/ai-containers that referenced this pull request Oct 23, 2024
* parent c752c2f
author tylertitsworth <[email protected]> 1712602592 -0700
committer tylertitsworth <[email protected]> 1714496445 -0700

Add Dependency Review Action

* Refactor Actions for Public

* PR Integration Tests Customization (intel#238)

* test file-based customization

* fix label setup in test-containers

* Updates Base Container Tests

* python requirements txt (intel#243)

* add python requirements txt

* add workdir

---------

Co-authored-by: Tyler Titsworth <[email protected]>

* Update Test Actions

* TF add requirements.txt (intel#240)

* incorporate tf requirements

* add requirements

* change for papermill test

* restore pytorch changes

* restore pytorch changes

* keep on tf changes in dependabot

* remove classical ml files

* remove classical ml files

* remove python files

* add workdir

* single quotes

* single quotes

* add no-check

* create classical ML requirements txt (intel#242)

* add tf classical ml requirements

* add workdir before copy

* add workdir

* Update Test Actions

* add pyt requirements txt files (intel#241)

* add pyt requirements txt files

* add workdir

* add single quotes

* add no-check-certificate

---------

Co-authored-by: Tyler Titsworth <[email protected]>

* Add/Update Templates

* Test Runner Code Coverage (intel#246)

* add tox and coverage

* stringify python versions

* collect valid coverage report

* loosen file grabbing

* diversify artifact names

* fix coverage to just report

* download all artifacts

* add working dir

* add more test coverage

* update codecov to 91%

* add python setup

* add buildx setup step

* add buildx setup step

* switch test images

* remove builder context

* remove internal tests

* return buildx

* use k8s driver

* use k8s driver

* load into docker driver

* add buildx to unit tests

* move test suite to root dir

* update docs

* add badge for coverage

* add color output

* comment out badge update for internal

* Update tox.ini

* add all docker envs

* update coverage step

* use buildx v3

* update job python reqs

* fix req

* merge artifacts

* put summary in markdown

* escape characters

* move status check to watcher

* Add Exception for unset Env Vars in Test Runner (intel#248)

add unset value handling and docs

* Fix Status Check (intel#249)

* fix serving tests

* use quotes for spacing

* get last parent path

* return root dir handling

* remove double bash

* return status check

* Add Python Tests (intel#247)

add python tests

* Group Python Updates (intel#259)

add groups to all python deps

* Bump github/codeql-action from 3.24.10 to 3.25.3 (intel#262)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3.24.10...v3.25.3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tyler Titsworth <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Srikanth Ramakrishna <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant