Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump the gh-actions group across 1 directory with 5 updates #281

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2024

Bumps the gh-actions group with 5 updates in the / directory:

Package From To
conda-incubator/setup-miniconda 2 3
webfactory/ssh-agent 0.4.1 0.9.0
JamesIves/github-pages-deploy-action 3.7.1 4.6.8
actions/labeler 4 5
codecov/codecov-action 3 4

Updates conda-incubator/setup-miniconda from 2 to 3

Release notes

Sourced from conda-incubator/setup-miniconda's releases.

Version 3.0.0

Features

  • #308 Update to node20
  • #291 Add conda-solver option (defaults to libmamba)

Fixes

  • #299 Fix condaBasePath when useBundled is false, and there's no pre-existing conda

Documentation

  • #309 Switch to main branch based development
  • #313 Specify team conda-incubator/setup-miniconda as codeowners
  • #318 README: update actions in examples, add security section, similar actions

Tasks and Maintenance

  • #307 Run dependabot against main branch and also update node packages
  • #311 Bump actions/checkout from 2 to 4
  • #310 Bump actions/cache from 1 to 3
  • #314 Strip/update dependencies
  • #315 Split lint into check and build, switch from npm install to npm ci
  • #317 Bump normalize-url from 4.5.1 to 8.0.0
  • #316 Faster workflow response / saving resources via timeout/concurrency policy

#308: conda-incubator/setup-miniconda#308 #291: conda-incubator/setup-miniconda#291 #299: conda-incubator/setup-miniconda#299 #309: conda-incubator/setup-miniconda#309 #313: conda-incubator/setup-miniconda#313 #318: conda-incubator/setup-miniconda#318 #307: conda-incubator/setup-miniconda#307 #311: conda-incubator/setup-miniconda#311 #310: conda-incubator/setup-miniconda#310 #314: conda-incubator/setup-miniconda#314 #315: conda-incubator/setup-miniconda#315 #317: conda-incubator/setup-miniconda#317 #316: conda-incubator/setup-miniconda#316

New Contributors

Full Changelog: conda-incubator/setup-miniconda@v2...v3.0.0

Version 2.3.0

Documentation

  • #263 Update links to GitHub shell docs

... (truncated)

Changelog

Sourced from conda-incubator/setup-miniconda's changelog.

v2.1.1 (2021-03-31)

Features

  • #163 leaves the patched setup-miniconda-patched-{environment.yml} in-place if clean-patched-environment-file: false is given (otherwise cleans up after itself)
  • #163 adds action outputs environment-file, environment-file-content and environment-file-was-patched

Fixes

  • #161 restores proper ordering of channels when environment-file is patched
  • #163 if necessary, writes setup-miniconda-patched-environment.yml to the same location to work with relative paths, e.g. pip: ["-r requirements.txt"]

#161: conda-incubator/setup-miniconda#161 #163: conda-incubator/setup-miniconda#163

v2.1.0 (2021-03-29)

Features

  • #130 installs all extra tools (e.g. conda-build) in a single solve
  • #133, #138, and #140 add first-class support for [Miniforge] (and Mambaforge)
  • #137 allows activate-environment to be a path-like prefix

Documentation

  • #115 adds extra information on default environment activation.

Fixes

  • #120 allows channels to be null
  • #148 allows use of 32-bit installers on Linux

Development

#115: conda-incubator/setup-miniconda#115 #120: conda-incubator/setup-miniconda#120 #123: conda-incubator/setup-miniconda#123 #124: conda-incubator/setup-miniconda#124 #125: conda-incubator/setup-miniconda#125 #126: conda-incubator/setup-miniconda#126

... (truncated)

Commits

Updates webfactory/ssh-agent from 0.4.1 to 0.9.0

Release notes

Sourced from webfactory/ssh-agent's releases.

Update to node20

This release updates the action to run on Node.js v20. When you're running on GitHub hosted runners, just go ahead and update. When you're using self-hosted runners, please make sure you have Node.js v20 installed before updating from v0.8.0 to v0.9.0 of this action.

New Contributors

Full Changelog: webfactory/ssh-agent@v0.8.0...v0.9.0

What's Changed

New Contributors

Full Changelog: webfactory/ssh-agent@v0.8.0...v0.9.0

SSH host keys no longer managed – read below 👇

Starting with this release, this action no longer writes GitHub's SSH host keys into the known_hosts SSH config file upon start.

GitHub changed their host keys on short notice this morning, see https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. We took this as an opportunity to stop maintaining GH SSH keys in the code shipped with this action (#171).

What you need to do:

Other code changes in this release

New Contributors

Full Changelog: webfactory/ssh-agent@v0.7.0...v0.8.0

... (truncated)

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

v0.7.0 [2022-10-19]

Added

  • Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

  • Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)
  • Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

v0.5.4 [2021-11-21]

Fixed

  • Update changed GitHub Host Keys (#102, #101)

Changed

  • Various documentation (README) improvements and additions
  • Change logging to more precisely state that public keys are being printed

v0.5.3 [2021-06-11]

Fixed

  • Fixed cleanup phase to really terminate the ssh-agent (#80)
  • Fix termination of ssh-agent also on workflow failure (#79)

Changed

  • Various documentation (README) improvements and additions

v0.5.2 [2021-04-07]

... (truncated)

Commits
  • dc588b6 Update version numbers in the README examples
  • 204eb35 Bump to node20 (#201)
  • 9f6f312 chore: update all versions of actions/checkout to v4 (#199)
  • 2e59dd7 Remove outdated claim from README (#206)
  • fd34b8d Update README.md to reflect latest version (#196)
  • d4b9b8f Stop adding GitHub SSH keys (#171)
  • ea17a05 Add missing semicolons (#159)
  • 9fbc246 Clarify usage for Docker build processes, especially with deployment keys (#145)
  • 6f828cc Allow the user to override the commands for git, ssh-agent, and ssh-add...
  • 209e2d7 Fix a typo in the README.md (#146)
  • Additional commits viewable in compare view

Updates JamesIves/github-pages-deploy-action from 3.7.1 to 4.6.8

Release notes

Sourced from JamesIves/github-pages-deploy-action's releases.

v4.6.8

What's Changed

Bug Fixes 🐝

  • fix: 🐛 Added the temp deployment directory created by the action to the git safe directory list. This resolves an issue in certain circumstances where the deployment would fail depending on the types of files moved around by the workflow - #1694.
  • fix: Resolved a rare deployment error where the action would complain that origin/${branch_name} is not a commit and a branch cannot be created from it. The action will continue to attempt to track the origin branch, but if this step fails, it will create a new untracked branch to continue the deployment from. - #1689.

Testing 🧪

  • test: 🧪 Improved the integration test suite so it now runs immediately post-release to ensure that any issues do no longer in the major version tag (ie @v4). This was done to combat problems raised by #1697.

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.8

v4.6.7

What's Changed

Bug Fixes 🐝

  • fix: resolved an issue where main.js was not found in the v4 major tag.

v4.6.6

What's Changed

Bug Fixes 🐝

  • revert: reverts a prior change that unsets safe directories to prevent dubious ownership, this change will be re-visited later.

v4.6.5

What's Changed

What's Changed

Bug Fixes 🐝

  • fix: resolved an issue where the full working directory was not properly getting added to the safe directory list, preventing deployments in certain circumstances.

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.5

v4.6.4

What's Changed

What's Changed

Bug Fixes 🐝

  • fix: resolved an issue where the default config was not being applied to the non-action version of the project.

Build 🔧

... (truncated)

Commits
  • 881db53 Merge branch 'dev' into releases/v4
  • 4e28ec4 Update version.yml
  • c14d126 Update integration.yml
  • 91f72e3 Deploy Production Code for Commit 77b5e666121b2aa90cd82b593a978636cd94833d 🚀
  • 77b5e66 Merge branch 'dev' into releases/v4
  • ad7c547 Squashed commit of the following:
  • 0c6bce4 Deploy Production Code for Commit fb1eb73a4857aded8a8a637780df667aa47fc011 🚀
  • fb1eb73 Merge branch 'dev' into releases/v4
  • ff20230 fix: resolve 'origin/gh-pages' is not a commit and a branch cannot be created...
  • b06fcc8 fix: make the temp branch an orphan
  • Additional commits viewable in compare view

Updates actions/labeler from 4 to 5

Release notes

Sourced from actions/labeler's releases.

v5.0.0

What's Changed

This release contains the following breaking changes:

  1. The ability to apply labels based on the names of base and/or head branches was added (#186 and #54). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (#423 and #101). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the action documentation to find out how to adapt your configuration files for use with the new action version.

  2. The bug related to the sync-labels input was fixed (#112). Now the input value is read correctly.

  3. By default, dot input is set to true. Now, paths starting with a dot (e.g. .github) are matched by default.

  4. Version 5 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

For more information, please read the action documentation.

New Contributors

Full Changelog: actions/labeler@v4...v5.0.0

v5.0.0-beta.1

What's Changed

In scope of this beta release, the structure of the configuration file (.github/labeler.yml) was changed from

LabelName:
- any:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']

to

LabelName:
- any:
  - changed-files: 
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
    - AllGlobsToAllFiles: ['list', 'of', 'globs']
  - base-branch: ['list', 'of', 'regexps']
  - head-branch: ['list', 'of', 'regexps']
- all:
  - changed-files:
    - AnyGlobToAnyFile: ['list', 'of', 'globs']
    - AnyGlobToAllFiles: ['list', 'of', 'globs']
    - AllGlobsToAnyFile: ['list', 'of', 'globs']
</tr></table> 

... (truncated)

Commits
  • 8558fd7 Merge pull request #709 from actions/v5.0.0-beta
  • 000ca75 Merge pull request #700 from MaksimZhukov/apply-suggestions-and-update-docume...
  • cb66c2f Update dist
  • 9181355 Apply suggestions for the beta vesrion and update the documentation
  • efe4c1c Merge pull request #699 from MaksimZhukov/update-node-runtime-and-dependencies
  • c0957ad Run Prettier
  • 8dc8d18 Update Node.js version in reusable workflows
  • d0d0bbe Update documentation
  • 1375c42 5.0.0
  • ab7411e Change version of Node.js runtime to node20
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 3 to 4

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

  • The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.
  • Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.
  • OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page
  • Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits
  • e28ff12 chore(release): bump to 4.5.0 (#1477)
  • 7594baa Use an existing token even if the PR is from a fork (#1471)
  • 81c0a51 feat: add support for tokenless v3 (#1410)
  • f5e203f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 ...
  • 7c48363 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#1475)
  • 69e5d09 build(deps-dev): bump @​typescript-eslint/parser from 7.12.0 to 7.13.0 (#1474)
  • feaf700 fix: handle trailing commas (#1470)
  • 7b6a727 build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1472)
  • ccf7a1f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 ...
  • f03f015 build(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.12.0 (#1467)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gh-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) | `2` | `3` |
| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.4.1` | `0.9.0` |
| [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) | `3.7.1` | `4.6.8` |
| [actions/labeler](https://github.com/actions/labeler) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` |



Updates `conda-incubator/setup-miniconda` from 2 to 3
- [Release notes](https://github.com/conda-incubator/setup-miniconda/releases)
- [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md)
- [Commits](conda-incubator/setup-miniconda@v2...v3)

Updates `webfactory/ssh-agent` from 0.4.1 to 0.9.0
- [Release notes](https://github.com/webfactory/ssh-agent/releases)
- [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md)
- [Commits](webfactory/ssh-agent@v0.4.1...v0.9.0)

Updates `JamesIves/github-pages-deploy-action` from 3.7.1 to 4.6.8
- [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases)
- [Commits](JamesIves/github-pages-deploy-action@3.7.1...v4.6.8)

Updates `actions/labeler` from 4 to 5
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](actions/labeler@v4...v5)

Updates `codecov/codecov-action` from 3 to 4
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v3...v4)

---
updated-dependencies:
- dependency-name: conda-incubator/setup-miniconda
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
- dependency-name: webfactory/ssh-agent
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
- dependency-name: JamesIves/github-pages-deploy-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2024
@dependabot dependabot bot requested a review from frgfm October 1, 2024 04:21
Copy link

codecov bot commented Oct 1, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.27%. Comparing base (4877a04) to head (dbb2543).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #281   +/-   ##
=======================================
  Coverage   97.27%   97.27%           
=======================================
  Files           8        8           
  Lines         441      441           
=======================================
  Hits          429      429           
  Misses         12       12           

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant