From adfd2be2f405a3812d226a0a7f0421fadf11c634 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 08:09:59 -0500 Subject: [PATCH] chore(deps): update all non-major github action dependencies (#417) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/docker-scan/action.yml | 4 ++-- .github/workflows/dependency-review.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/docker-scan/action.yml b/.github/actions/docker-scan/action.yml index b4cbe803..509740f4 100644 --- a/.github/actions/docker-scan/action.yml +++ b/.github/actions/docker-scan/action.yml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Run docker vulnerability scanner - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@f3d98514b056d8c71a3552e8328c225bc7f6f353 with: image-ref: "${{ inputs.docker_image }}" format: "sarif" @@ -33,7 +33,7 @@ runs: shell: bash - name: Upload trivy scan results to github security tab - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 with: sarif_file: "trivy-results.sarif" token: ${{ inputs.token }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 36e25712..96176970 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -13,4 +13,4 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Dependency review - uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4 \ No newline at end of file + uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5 \ No newline at end of file