Bump the ci-dependencies group with 3 updates #170

dependabot · 2024-02-18T07:09:05Z

Bumps the ci-dependencies group with 3 updates: actions/checkout, actions/dependency-review-action and getsentry/action-release.

Updates actions/checkout from 4.1.0 to 4.1.1

Release notes

Sourced from actions/checkout's releases.

v4.1.1

What's Changed

Update CODEOWNERS to Launch team by @joshmgross in actions/checkout#1510

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

New Contributors

@joshmgross made their first contribution in actions/checkout#1510

@peterbe made their first contribution in actions/checkout#1511

Full Changelog: actions/checkout@v4.1.0...v4.1.1

Commits

b4ffde6 Link to release page from what's new section (#1514)
8530928 Correct link to GitHub Docs (#1511)
7cdaf2f Update CODEOWNERS to Launch team (#1510)
See full diff in compare view

Updates actions/dependency-review-action from 3.1.0 to 4.1.0

Release notes

Sourced from actions/dependency-review-action's releases.

4.1.0

What's Changed

Add warn-only by @tgrall in actions/dependency-review-action#432

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

Create stale.yaml by @jonjanego in actions/dependency-review-action#671

Use manual codeql config by @juxtin in actions/dependency-review-action#678

Multiple dependency updates (see the changelog below for more information)

New Contributors

@jonjanego made their first contribution in actions/dependency-review-action#671

@tgrall made their first contribution in actions/dependency-review-action#432

Full Changelog: actions/dependency-review-action@v4...v4.1.0

v4.0.0

Update action to Node 20 by @takost in actions/dependency-review-action#639

Dependabot updates, see the full changelog for more details.

New Contributors

@takost made their first contribution in actions/dependency-review-action#639

Full Changelog: actions/dependency-review-action@v3.1.5...v4.0.0

3.1.5

What's Changed

Smaller per_page when requesting diff by @hmaurer in actions/dependency-review-action#649

Update dependencies:

Bump @typescript-eslint/parser from 6.10.0 to 6.13.1 by @dependabot in actions/dependency-review-action#630

Bump prettier from 3.0.3 to 3.1.0 by @dependabot in actions/dependency-review-action#629

Bump @types/jest from 29.5.8 to 29.5.11 by @dependabot in actions/dependency-review-action#637

Bump nodemon from 3.0.1 to 3.0.2 by @dependabot in actions/dependency-review-action#636

Replace pip -> pypi in PURL examples by @febuiles in actions/dependency-review-action#638

Bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.15.0 by @dependabot in actions/dependency-review-action#644

Bump eslint from 8.53.0 to 8.56.0 by @dependabot in actions/dependency-review-action#640

Bump @typescript-eslint/parser from 6.13.1 to 6.16.0 by @dependabot in actions/dependency-review-action#645

Bump prettier from 3.1.0 to 3.1.1 by @dependabot in actions/dependency-review-action#646

Full Changelog: actions/dependency-review-action@v3.1.4...v3.1.5

3.1.4

What's Changed

Fixed a bug with severity filtering when using the allow_ghsas option: actions/dependency-review-action#623.

Updates dependencies:

Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in actions/dependency-review-action#619 action/pull/620

Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in actions/dependency-review-action#625

... (truncated)

Commits

80f10bf Bump to 4.1.0.
17728c8 Merge pull request #689 from actions/dependabot/npm_and_yarn/typescript-eslin...
0ac4f80 Bump @typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0
1ebcf14 Merge pull request #690 from actions/dependabot/npm_and_yarn/types/node-20.11.17
5777ce6 Merge pull request #688 from actions/dependabot/npm_and_yarn/typescript-eslin...
37dd5f9 Merge pull request #687 from actions/dependabot/npm_and_yarn/ts-jest-29.1.2
6c2af06 Bump @types/node from 20.11.10 to 20.11.17
58d70bd Bump @typescript-eslint/parser from 6.20.0 to 6.21.0
972c2b3 Bump ts-jest from 29.1.1 to 29.1.2
60f93ef Merge pull request #432 from tgrall/issue-431-fail-on-severity-none
Additional commits viewable in compare view

Updates getsentry/action-release from 1.4.1 to 1.7.0

Release notes

Sourced from getsentry/action-release's releases.

v1.7.0

Updates Sentry CLI to the latest 2.24.1 version

v1.6.0

Reverts the PR attempting to update the CLI to v2.x

Commits

e769183 feat: update cli version (#186)
c1b57ce Revert "feat: trying to update sentry cli (#178)" (#184)
3b41b36 feat: trying to update sentry cli (#178)
d6dcd72 feat: update base docker image from node 12 to node 18 (#172)
2b33edc docs: Update integration creation instructions (#175)
7d9c3a8 fix(ci): Allow create default set of commits (#155)
53693f4 fix(test): Add timezone to timestamp (#157)
3bdd61f ci: End to end testing (#153)
5170344 ref: Remove codeowners and update docs (#154)
23045bc Fix test title
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [getsentry/action-release](https://github.com/getsentry/action-release). Updates `actions/checkout` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8ade135...b4ffde6) Updates `actions/dependency-review-action` from 3.1.0 to 4.1.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@6c5ccda...80f10bf) Updates `getsentry/action-release` from 1.4.1 to 1.7.0 - [Release notes](https://github.com/getsentry/action-release/releases) - [Commits](getsentry/action-release@4744f6a...e769183) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci-dependencies - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: getsentry/action-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner February 18, 2024 07:09

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 18, 2024

shenanigansd approved these changes Feb 18, 2024

View reviewed changes

shenanigansd merged commit 64834b2 into main Feb 18, 2024
9 of 10 checks passed

shenanigansd deleted the dependabot/github_actions/ci-dependencies-015f85a676 branch February 18, 2024 07:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the ci-dependencies group with 3 updates #170

Bump the ci-dependencies group with 3 updates #170

dependabot bot commented on behalf of github Feb 18, 2024

Bump the ci-dependencies group with 3 updates #170

Bump the ci-dependencies group with 3 updates #170

Conversation

dependabot bot commented on behalf of github Feb 18, 2024

v4.1.1

What's Changed

New Contributors

4.1.0

What's Changed

New Contributors

v4.0.0

New Contributors

3.1.5

What's Changed

3.1.4

What's Changed

v1.7.0

v1.6.0