lifecycle
lifecycle copied to clipboard
Published
20 hours ago •
buildpacks
buildpacks
Bump anchore/scan-action from 3 to 5
Bumps anchore/scan-action from 3 to 5.
Release notes
Sourced from anchore/scan-action's releases.
v5.0.0
New in scan-action v5.0.0
- chore(deps): update Grype to v0.82.0 (#383) [anchore-actions-token-generator]
🚀 Features
- feat: short-lived grype-db cache (#348) [kzantow] Note: with this release grype is no longer installed on
$PATH. We suspect the changes here could break a number of users of the action who have learned to expect Grype be installed on$PATH.v4.1.2
New in scan-action v4.1.2
- Update Grype to v0.80.0 (#358) [anchore-actions-token-generator]
v4.1.1
New in scan-action v4.1.1
- chore(deps): update Grype to v0.79.6 (#352) [anchore-actions-token-generator]
- Document grype-version parameter (#319) [vprivat-ads]
v4.1.0
New in scan-action v4.1.0
- chore(deps): update Grype to v0.79.3 (#341) [anchore-actions-token-generator]
v4.0.0
New in scan-action v4.0.0
- Update Grype to v0.79.2 (#338) [anchore-actions-token-generator]
- Download Grype on Windows (#336) [willmurphyscode] (#315) [kzantow]
- Bump Node to v20 (#295) [ViacheslavKudinov]
v3.6.4
New in scan-action v3.6.4
- Update Grype to v0.74.4 (#279) [anchore-actions-token-generator]
v3.6.3
New in scan-action v3.6.3
v3.6.2
New in scan-action v3.6.2
- chore(deps): update Grype to v0.74.3 (#275) [anchore-actions-token-generator]
v3.6.1
New in scan-action v3.6.1
... (truncated)
Changelog
Sourced from anchore/scan-action's changelog.
Release Notes
Version 2.0.2 - 2020-11-11
- Update
actions/coreto use version1.2.6[(Issue #71)](anchore/scan-action#71)Version 2.0.1 - 2020-02-11
Fixes:
- Removes unnecessary constraint in deduplication for SARIF reporting
- Allows defining and referencing the location of the SARIF report file
- Fixes multiple instances where undefined items in the reporting would break scanning
Commits
4e08a16chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#386)a18ff2dadd release docs (#388)c6c022echore: add changelog ignore (#387)6595369chore: remove blocking workflow (#385)1123747chore(deps-dev): bump eslint from 9.11.1 to 9.12.0 (#381)99311bechore: update sha to correct pin for workflow actions (#384)2491ad6chore(deps): update Grype to v0.82.0 (#383)2a3918echore: optionally cache grype-db in actions cache (#348)a957c8dfeat: update versions for actions (#380)54efbc6chore(deps-dev): bump tslib from 2.6.3 to 2.7.0 (#359)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}