chore(deps): bump webfactory/ssh-agent from 0.4.1 to 0.9.0

[dependabot[bot]]

trafficstars

Bumps webfactory/ssh-agent from 0.4.1 to 0.9.0.

Release notes

Sourced from webfactory/ssh-agent's releases.

Update to node20

This release updates the action to run on Node.js v20. When you're running on GitHub hosted runners, just go ahead and update. When you're using self-hosted runners, please make sure you have Node.js v20 installed before updating from v0.8.0 to v0.9.0 of this action.

New Contributors

• @​npwolf made their first contribution in webfactory/ssh-agent#196
• @​benzado made their first contribution in webfactory/ssh-agent#206
• @​felix-seifert made their first contribution in webfactory/ssh-agent#199
• @​archen made their first contribution in webfactory/ssh-agent#201

Full Changelog: https://github.com/webfactory/ssh-agent/compare/v0.8.0...v0.9.0

What's Changed

• Update README.md to reflect latest version by @​npwolf in webfactory/ssh-agent#196
• Remove outdated claim from README by @​benzado in webfactory/ssh-agent#206
• chore: update all versions of actions/checkout to v4 by @​felix-seifert in webfactory/ssh-agent#199
• bump to node20 by @​archen in webfactory/ssh-agent#201

New Contributors

• @​npwolf made their first contribution in webfactory/ssh-agent#196
• @​benzado made their first contribution in webfactory/ssh-agent#206
• @​felix-seifert made their first contribution in webfactory/ssh-agent#199
• @​archen made their first contribution in webfactory/ssh-agent#201

Full Changelog: https://github.com/webfactory/ssh-agent/compare/v0.8.0...v0.9.0

SSH host keys no longer managed – read below 👇

Starting with this release, this action no longer writes GitHub's SSH host keys into the known_hosts SSH config file upon start.

GitHub changed their host keys on short notice this morning, see https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. We took this as an opportunity to stop maintaining GH SSH keys in the code shipped with this action (#171).

What you need to do:

• On GitHub hosted runners, nothing. ✔︎ These runners ship with SSH host keys (for github.com) maintained by directly by GitHub.
• On self-hosted runners, review and fix your SSH known_hosts file:
  • First, you'll find it bloated with redundant entries for github.com, as described in #106. Remove these entries.
  • Review https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. You probably removed the old (invalid) SSH key in the previous step.
  • Configure GitHub's current SSH keys as documented on https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
  • As long as versions before v0.8.0 of this action here are run on the self-hosted runner, the old entries will come back. Keep an eye on it, possibly you'll have to rinse & repeat.

Other code changes in this release

• Update to actions/checkout@v3 by @​mpdude in webfactory/ssh-agent#143
• Allow the user to override the commands for git, ssh-agent, and ssh-add by @​DilumAluthge in webfactory/ssh-agent#154

New Contributors

• @​prhiggins made their first contribution in webfactory/ssh-agent#153
• @​kjarkur made their first contribution in webfactory/ssh-agent#147
• @​DilumAluthge made their first contribution in webfactory/ssh-agent#154

Full Changelog: https://github.com/webfactory/ssh-agent/compare/v0.7.0...v0.8.0

... (truncated)

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

v0.7.0 [2022-10-19]

Added

• Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

• Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)
• Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

• Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/).

v0.5.4 [2021-11-21]

Fixed

• Update changed GitHub Host Keys (#102, #101)

Changed

• Various documentation (README) improvements and additions
• Change logging to more precisely state that public keys are being printed

v0.5.3 [2021-06-11]

Fixed

• Fixed cleanup phase to really terminate the ssh-agent (#80)
• Fix termination of ssh-agent also on workflow failure (#79)

Changed

• Various documentation (README) improvements and additions

v0.5.2 [2021-04-07]

... (truncated)

Commits

• dc588b6 Update version numbers in the README examples
• 204eb35 Bump to node20 (#201)
• 9f6f312 chore: update all versions of actions/checkout to v4 (#199)
• 2e59dd7 Remove outdated claim from README (#206)
• fd34b8d Update README.md to reflect latest version (#196)
• d4b9b8f Stop adding GitHub SSH keys (#171)
• ea17a05 Add missing semicolons (#159)
• 9fbc246 Clarify usage for Docker build processes, especially with deployment keys (#145)
• 6f828cc Allow the user to override the commands for git, ssh-agent, and ssh-add...
• 209e2d7 Fix a typo in the README.md (#146)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)