1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-03-17 20:47:50 +02:00

chore(deps): bump anchore/scan-action from 3 to 4 (#4985)

Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from
3 to 4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/scan-action/releases">anchore/scan-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<h2>New in scan-action v4.0.0</h2>
<ul>
<li>Update Grype to v0.79.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/338">#338</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Download Grype on Windows (<a
href="https://redirect.github.com/anchore/scan-action/issues/336">#336</a>)
[<a href="https://github.com/willmurphyscode">willmurphyscode</a>] (<a
href="https://redirect.github.com/anchore/scan-action/issues/315">#315</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
<li>Bump Node to v20 (<a
href="https://redirect.github.com/anchore/scan-action/issues/295">#295</a>)
[<a
href="https://github.com/ViacheslavKudinov">ViacheslavKudinov</a>]</li>
</ul>
<h2>v3.6.4</h2>
<h2>New in scan-action v3.6.4</h2>
<ul>
<li>Update Grype to v0.74.4 (<a
href="https://redirect.github.com/anchore/scan-action/issues/279">#279</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
<h2>v3.6.3</h2>
<h2>New in scan-action v3.6.3</h2>
<ul>
<li>chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x
(<a
href="https://redirect.github.com/anchore/scan-action/issues/278">#278</a>)
[<a href="https://github.com/spiffcs">spiffcs</a>]</li>
</ul>
<h2>v3.6.2</h2>
<h2>New in scan-action v3.6.2</h2>
<ul>
<li>chore(deps): update Grype to v0.74.3 (<a
href="https://redirect.github.com/anchore/scan-action/issues/275">#275</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
<h2>v3.6.1</h2>
<h2>New in scan-action v3.6.1</h2>
<ul>
<li>chore(deps): update Grype to v0.74.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/272">#272</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>chore(deps-dev): bump prettier from 3.2.2 to 3.2.4 (<a
href="https://redirect.github.com/anchore/scan-action/issues/270">#270</a>)
[<a href="https://github.com/dependabot">dependabot</a>]</li>
</ul>
<h2>v3.6.0</h2>
<h2>New in scan-action v3.6.0</h2>
<ul>
<li>chore(deps): update Grype to v0.74.1 (<a
href="https://redirect.github.com/anchore/scan-action/issues/271">#271</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>chore(deps-dev): bump prettier from 3.1.1 to 3.2.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/268">#268</a>)
[<a href="https://github.com/dependabot">dependabot</a>]</li>
</ul>
<h2>v3.5.0</h2>
<h2>New in scan-action v3.5.0</h2>
<ul>
<li>chore(deps): update Grype to v0.74.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/267">#267</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>chore(deps): bump <code>@​actions/core</code> from 1.10.0 to 1.10.1
(<a
href="https://redirect.github.com/anchore/scan-action/issues/262">#262</a>)
[<a href="https://github.com/dependabot">dependabot</a>]</li>
</ul>
<h2>v3.4.0</h2>
<h2>New in scan-action v3.4.0</h2>
<ul>
<li>chore(deps-dev): bump tslib from 2.5.0 to 2.6.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/258">#258</a>)
[<a href="https://github.com/dependabot">dependabot</a>]</li>
<li>chore(deps-dev): bump <code>@​vercel/ncc</code> from 0.36.1 to
0.38.1 (<a
href="https://redirect.github.com/anchore/scan-action/issues/261">#261</a>)
[<a href="https://github.com/dependabot">dependabot</a>]</li>
<li>chore(deps): update Grype to v0.73.5 (<a
href="https://redirect.github.com/anchore/scan-action/issues/264">#264</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Add support for the <code>--vex</code> flag (<a
href="https://redirect.github.com/anchore/scan-action/issues/254">#254</a>)
[<a href="https://github.com/ferozsalam">ferozsalam</a>]</li>
</ul>
<h2>v3.3.8</h2>
<h2>New in scan-action v3.3.8</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/scan-action/blob/main/CHANGELOG.md">anchore/scan-action's
changelog</a>.</em></p>
<blockquote>
<h1>Release Notes</h1>
<h2>Version 2.0.2 - 2020-11-11</h2>
<ul>
<li>Update <code>actions/core</code> to use version <code>1.2.6</code>
[(Issue <a
href="https://redirect.github.com/anchore/scan-action/issues/71">#71</a>)](<a
href="https://redirect.github.com/anchore/scan-action/issues/71">anchore/scan-action#71</a>)</li>
</ul>
<h2>Version 2.0.1 - 2020-02-11</h2>
<p>Fixes:</p>
<ul>
<li>Removes unnecessary constraint in deduplication for SARIF
reporting</li>
<li>Allows defining and referencing the location of the SARIF report
file</li>
<li>Fixes multiple instances where undefined items in the reporting
would break scanning</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04b73ec0bb"><code>04b73ec</code></a>
chore(deps): update Grype to v0.79.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/338">#338</a>)</li>
<li><a
href="69a534f9ca"><code>69a534f</code></a>
fix: download Grype directly on Windows (<a
href="https://redirect.github.com/anchore/scan-action/issues/336">#336</a>)</li>
<li><a
href="d09e278f43"><code>d09e278</code></a>
chore(deps-dev): bump prettier from 3.2.5 to 3.3.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/323">#323</a>)</li>
<li><a
href="51f3c1c4fd"><code>51f3c1c</code></a>
chore(deps): update Grype to v0.78.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/322">#322</a>)</li>
<li><a
href="63b2dc4ace"><code>63b2dc4</code></a>
chore(deps): update Grype to v0.77.4 (<a
href="https://redirect.github.com/anchore/scan-action/issues/317">#317</a>)</li>
<li><a
href="b4a72478f4"><code>b4a7247</code></a>
fix: Windows runners (<a
href="https://redirect.github.com/anchore/scan-action/issues/315">#315</a>)</li>
<li><a
href="30b718a1a5"><code>30b718a</code></a>
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (<a
href="https://redirect.github.com/anchore/scan-action/issues/314">#314</a>)</li>
<li><a
href="04171b1968"><code>04171b1</code></a>
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (<a
href="https://redirect.github.com/anchore/scan-action/issues/310">#310</a>)</li>
<li><a
href="666b3dc232"><code>666b3dc</code></a>
chore(deps): update Grype to v0.77.3 (<a
href="https://redirect.github.com/anchore/scan-action/issues/311">#311</a>)</li>
<li><a
href="8c83d2caf0"><code>8c83d2c</code></a>
chore(deps): update Grype to v0.77.2 (<a
href="https://redirect.github.com/anchore/scan-action/issues/290">#290</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/anchore/scan-action/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/scan-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2024-07-11 11:27:57 -03:00 committed by GitHub
parent 6548d4b74f
commit d25edd591b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -18,7 +18,7 @@ jobs:
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: anchore/scan-action@v3
- uses: anchore/scan-action@v4
with:
path: "."
fail-build: true