From 8c338515b7f5bbb63530567ad2d049261afdea65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Mar 2026 09:05:04 +0000 Subject: [PATCH] ci(deps): bump the github-actions group with 8 updates Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml](https://github.com/google/osv-scanner-action) | `2.3.3` | `2.3.5` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.0.0` | | [anomalyco/opencode](https://github.com/anomalyco/opencode) | `1.2.27` | `1.3.3` | | [google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml](https://github.com/google/osv-scanner-action) | `2.3.3` | `2.3.5` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4.3.1...v6.0.2) Updates `google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml` from 2.3.3 to 2.3.5 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](https://github.com/google/osv-scanner-action/compare/c5996e0193a3df57d695c1b8a1dec2a4c62e8730...c51854704019a247608d928f370c98740469d4b5) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/21025c705c08248db411dc16f3619e6b5f9ea21a...ffa630c65fa7e0ecfa0625b5ceda64399aea1b36) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2) Updates `docker/build-push-action` from 6.19.2 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...d08e5c354a6adb9ed34480a06d141179aa583294) Updates `anomalyco/opencode` from 1.2.27 to 1.3.3 - [Release notes](https://github.com/anomalyco/opencode/releases) - [Commits](https://github.com/anomalyco/opencode/compare/4ee426ba549131c4903a71dfb6259200467aca81...54443bfb7e090ec3130dc972e689a3e5cc55a7f9) Updates `google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml` from 2.3.3 to 2.3.5 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](https://github.com/google/osv-scanner-action/compare/c5996e0193a3df57d695c1b8a1dec2a4c62e8730...c51854704019a247608d928f370c98740469d4b5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml dependency-version: 2.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: anomalyco/opencode dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml dependency-version: 2.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/contributors.yml | 2 +- .github/workflows/dependabot-automerge.yml | 4 ++-- .github/workflows/docker-sync.yml | 8 ++++---- .github/workflows/flake-test.yml | 2 +- .github/workflows/issue-validation.yml | 8 ++++---- .github/workflows/lint-js.yml | 2 +- .github/workflows/lint-rs.yml | 2 +- .github/workflows/osv.yml | 4 ++-- .github/workflows/pr-checks.yml | 2 +- .github/workflows/release-notes-generator.yml | 2 +- .github/workflows/release.yml | 10 +++++----- .github/workflows/rolling-release.yml | 6 +++--- .github/workflows/spellcheck.yml | 2 +- .github/workflows/sync-e2e.yml | 4 ++-- 15 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 86b3436..bed7cc3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,7 +31,7 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up pnpm package manager uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 7292fb1..90a365a 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -22,7 +22,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Contribute List uses: akhilmhdh/contributors-readme-action@83ea0b4f1ac928fbfe88b9e8460a932a528eb79f #v2.3.11 env: diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index a2f8383..7952ab8 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -13,7 +13,7 @@ jobs: security-scan: name: Security Vulnerability Scan if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]' - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r @@ -69,7 +69,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a #v2.5.0 + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 #v3.0.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Enable auto-merge for minor and patch updates diff --git a/.github/workflows/docker-sync.yml b/.github/workflows/docker-sync.yml index cdc3098..7eb8206 100644 --- a/.github/workflows/docker-sync.yml +++ b/.github/workflows/docker-sync.yml @@ -30,13 +30,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f #v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #v4.0.0 - name: Log in to Docker Hub - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 #v3 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -62,7 +62,7 @@ jobs: echo "Tags: ${TAGS}" - name: Build and push Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 #v6 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 #v7.0.0 with: context: . file: ./donut-sync/Dockerfile diff --git a/.github/workflows/flake-test.yml b/.github/workflows/flake-test.yml index 67a3a5b..cb62128 100644 --- a/.github/workflows/flake-test.yml +++ b/.github/workflows/flake-test.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Install Nix uses: cachix/install-nix-action@a6f7623b2e2401f485f1eead77ced45bd99b09b0 #v31 diff --git a/.github/workflows/issue-validation.yml b/.github/workflows/issue-validation.yml index 89c54db..a3479cf 100644 --- a/.github/workflows/issue-validation.yml +++ b/.github/workflows/issue-validation.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Check if first-time contributor id: check-first-time @@ -181,7 +181,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Check if first-time contributor id: check-first-time @@ -324,10 +324,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Run opencode - uses: anomalyco/opencode/github@4ee426ba549131c4903a71dfb6259200467aca81 #v1.2.27 + uses: anomalyco/opencode/github@54443bfb7e090ec3130dc972e689a3e5cc55a7f9 #v1.3.3 env: ZHIPU_API_KEY: ${{ secrets.ZHIPU_API_KEY }} TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-js.yml b/.github/workflows/lint-js.yml index 9ba243c..5404f7d 100644 --- a/.github/workflows/lint-js.yml +++ b/.github/workflows/lint-js.yml @@ -34,7 +34,7 @@ jobs: run: git config --global core.autocrlf false - name: Checkout repository code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up pnpm package manager uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 diff --git a/.github/workflows/lint-rs.yml b/.github/workflows/lint-rs.yml index f288b46..5f9bedb 100644 --- a/.github/workflows/lint-rs.yml +++ b/.github/workflows/lint-rs.yml @@ -41,7 +41,7 @@ jobs: run: git config --global core.autocrlf false - name: Checkout repository code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up pnpm package manager uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 diff --git a/.github/workflows/osv.yml b/.github/workflows/osv.yml index eaa478c..d9e9711 100644 --- a/.github/workflows/osv.yml +++ b/.github/workflows/osv.yml @@ -46,7 +46,7 @@ jobs: scan-scheduled: name: Scheduled Security Scan if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r @@ -58,7 +58,7 @@ jobs: scan-pr: name: PR Security Scan if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 06e2f34..a025696 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -29,7 +29,7 @@ jobs: security-scan: name: Security Vulnerability Scan if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r diff --git a/.github/workflows/release-notes-generator.yml b/.github/workflows/release-notes-generator.yml index 271e75f..5e8083b 100644 --- a/.github/workflows/release-notes-generator.yml +++ b/.github/workflows/release-notes-generator.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0065f15..7e7a650 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: security-scan: if: github.repository == 'zhom/donutbrowser' name: Security Vulnerability Scan - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r @@ -105,7 +105,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 @@ -239,7 +239,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: main fetch-depth: 0 @@ -405,7 +405,7 @@ jobs: needs: [release, changelog] runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: main fetch-depth: 0 @@ -503,7 +503,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: main diff --git a/.github/workflows/rolling-release.yml b/.github/workflows/rolling-release.yml index be4812e..db552d6 100644 --- a/.github/workflows/rolling-release.yml +++ b/.github/workflows/rolling-release.yml @@ -19,7 +19,7 @@ jobs: security-scan: if: github.repository == 'zhom/donutbrowser' name: Security Vulnerability Scan - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c51854704019a247608d928f370c98740469d4b5" # v2.3.5 with: scan-args: |- -r @@ -104,7 +104,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 @@ -248,7 +248,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Generate nightly tag id: tag diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index 1cf08b7..c57cc36 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -21,6 +21,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Actions Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Spell Check Repo uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d #v1.44.0 diff --git a/.github/workflows/sync-e2e.yml b/.github/workflows/sync-e2e.yml index 6d21b8e..6bfecd5 100644 --- a/.github/workflows/sync-e2e.yml +++ b/.github/workflows/sync-e2e.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Install pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 #v4.4.0 @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.2 - name: Start MinIO run: |