From 1890c79569d549cb594ab7c51a0a1e21910f66d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 15:05:17 +0000 Subject: [PATCH] Chore(deps): Bump the action-dependencies group across 1 directory with 4 updates Bumps the action-dependencies group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6.0.0...v6.0.1) Updates `actions/setup-node` from 4.1.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4.1.0...v6.1.0) Updates `aquasecurity/trivy-action` from 0.29.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.33.1) Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-dependencies - dependency-name: actions/setup-node dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-dependencies - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/main.yml | 22 +++++++++++----------- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/vulnerability-scan.yml | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ccc79887..ec67b3ac 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4d4a0592..eff749ff 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,10 +24,10 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Use Node.js 24.9.0 - uses: actions/setup-node@v6.0.0 + uses: actions/setup-node@v6.1.0 with: node-version: 25.2.1 @@ -43,10 +43,10 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Use Node.js 24.9.0 - uses: actions/setup-node@v6.0.0 + uses: actions/setup-node@v6.1.0 with: node-version: 25.2.1 @@ -62,7 +62,7 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Lint `./README.md` uses: avto-dev/markdown-lint@v1.5.0 @@ -82,10 +82,10 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Use Node.js 24.9.0 - uses: actions/setup-node@v6.0.0 + uses: actions/setup-node@v6.1.0 with: node-version: 25.2.1 @@ -101,10 +101,10 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Use Node.js 24.9.0 - uses: actions/setup-node@v4.1.0 + uses: actions/setup-node@v6.1.0 with: node-version: 25.2.1 @@ -126,7 +126,7 @@ jobs: steps: - name: Make checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Set tag var id: vars @@ -136,7 +136,7 @@ jobs: run: docker build . --file Dockerfile --build-arg TARGET=production --tag angular-ngrx-frontend:${{ steps.vars.outputs.DOCKER_TAG }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.29.0 + uses: aquasecurity/trivy-action@0.33.1 with: image-ref: 'angular-ngrx-frontend:${{ steps.vars.outputs.DOCKER_TAG }}' format: 'table' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index dfa2d814..2ceac0d7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -34,7 +34,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 with: persist-credentials: false @@ -61,7 +61,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v5.0.0 + uses: actions/upload-artifact@v6.0.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 3e0f7aef..41122f24 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Build the Docker image run: docker build . --file Dockerfile --tag angular-ngrx-frontend:master