update: bump the gh-actions-packages group across 1 directory with 7 updates

dependabot[bot] · web-flow · commit d43bf6891b8f · 2025-02-10T22:05:07.000Z
Bumps the gh-actions-packages group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.3` | `3.28.9` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.3.0` | `5.4.0` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2947.0` | `12.2960.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.9` | `0.18.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.8.0` | `3.9.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.12.0` | `6.13.0` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `5.2.0` | `5.3.0` | Updates `github/codeql-action` from 3.28.3 to 3.28.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@dd196fa...9e8d078) Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) Updates `bridgecrewio/checkov-action` from 12.2947.0 to 12.2960.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@5c5ef32...52d5bd4) Updates `anchore/sbom-action` from 0.17.9 to 0.18.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@df80a98...f325610) Updates `docker/setup-buildx-action` from 3.8.0 to 3.9.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@6524bf6...f7ce87c) Updates `docker/build-push-action` from 6.12.0 to 6.13.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@67a2d40...ca877d9) Updates `mikepenz/action-junit-report` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](mikepenz/action-junit-report@62516aa...ee6b445) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: mikepenz/action-junit-report dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml
@@ -33,7 +33,7 @@ jobs:
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
           publish_results: false  #TODO: reactivate when working again
       - name: Upload
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         with:
           sarif_file: results.sarif
 
diff --git a/.github/workflows/.reusable-docs.yml b/.github/workflows/.reusable-docs.yml
@@ -30,7 +30,7 @@ jobs:
           git config user.name "versioning_user"
           git config user.email "semgr8s@securesystems.de"
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
@@ -48,7 +48,7 @@ jobs:
         run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         with:
           sarif_file: 'bandit-results.sarif'
 
@@ -62,7 +62,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
@@ -99,22 +99,22 @@ jobs:
         shell: bash
       - name: Scan
         if: inputs.output == 'table'
-        uses: bridgecrewio/checkov-action@5c5ef32fa4ed5765cb8f4894203edd314f284f61 # v12.2947.0
+        uses: bridgecrewio/checkov-action@52d5bd4760045c640690bc5f423d50b6fdaa08d5 # v12.2960.0
         with:
           skip_check: CKV_DOCKER_2
           output_format: cli
           soft_fail: false
       - name: Scan
         if: inputs.output == 'sarif'
-        uses: bridgecrewio/checkov-action@5c5ef32fa4ed5765cb8f4894203edd314f284f61 # v12.2947.0
+        uses: bridgecrewio/checkov-action@52d5bd4760045c640690bc5f423d50b6fdaa08d5 # v12.2960.0
         with:
           skip_check: CKV_DOCKER_2
           output_file_path: console,checkov-results.sarif
           output_format: cli,sarif
           soft_fail: true
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         with:
           sarif_file: checkov-results.sarif
 
@@ -131,11 +131,11 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+      uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
       with:
         languages: 'python'
     - name: Analyze
-      uses: github/codeql-action/analyze@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+      uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
 
   hadolint:
     runs-on: ubuntu-latest
@@ -164,7 +164,7 @@ jobs:
           no-fail: true
           output-file: hadolint-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'hadolint-results.sarif'
@@ -197,7 +197,7 @@ jobs:
           format: sarif
           output-file: kubelinter-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'kubelinter-results.sarif'
@@ -211,7 +211,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
@@ -249,7 +249,7 @@ jobs:
         if: inputs.output == 'sarif'
         run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0
       - name: Upload
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
         if: inputs.output == 'sarif'
         with:
           sarif_file: semgrep-results.sarif
diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml
@@ -93,7 +93,7 @@ jobs:
           username: ${{ inputs.repo_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run
-        uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
+        uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
         with:
           image: ${{ inputs.image }}
           format: cyclonedx-json
diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml
@@ -21,9 +21,9 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
       - name: Build test image
-        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           push: false
           load: true
@@ -46,7 +46,7 @@ jobs:
           pytest-coverage-path: tests/pytest-coverage.txt
           junitxml-path: tests/pytest.xml
       - name: Publish Test Report
-        uses: mikepenz/action-junit-report@62516aa379bff6370c95fd5894d5a27fb6619d9b # v5.2.0
+        uses: mikepenz/action-junit-report@ee6b445351cd81e2f73a16a0e52d598aeac2197f # v5.3.0
         if: success() || failure() # always run even if the previous step fails
         with:
           report_paths: 'tests/pytest.xml'
@@ -61,7 +61,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
@@ -90,7 +90,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version-file: '.python-version'
       - name: Install poetry
