Skip to content

ci(deps): bump the github-actions group with 3 updates#17

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-fde36a76e4
Open

ci(deps): bump the github-actions group with 3 updates#17
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-fde36a76e4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps the github-actions group with 3 updates: mozilla-actions/sccache-action, aquasecurity/trivy-action and slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml.

Updates mozilla-actions/sccache-action from 0.0.6 to 0.0.9

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.9

What's Changed

Full Changelog: Mozilla-Actions/sccache-action@v0.0.8...v0.0.9

v0.0.8

What's Changed

Dependencies

Full Changelog: Mozilla-Actions/sccache-action@v0.0.7...v0.0.8

v0.0.7

What's Changed

Dependencies

New Contributors

... (truncated)

Commits
  • 7d986dd Merge pull request #192 from sylvestre/release
  • c3f03b4 prepare release 0.0.9
  • 213d335 Force version v2 of github action.
  • 65101d4 Merge pull request #190 from sylvestre/release
  • 784917c readme: improve the wording
  • 1220c18 npm run build
  • 33f5b94 prepare version 0.0.8
  • 8bd7e91 gha: adjust the variable for deprecation
  • a2b43af Merge pull request #186 from Mozilla-Actions/dependabot/npm_and_yarn/ts-jest-...
  • a675e5f Merge pull request #185 from Mozilla-Actions/dependabot/npm_and_yarn/actions/...
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.30.0 to 0.35.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

Release: 0.35.0

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Release: v0.34.0

Full Changelog: aquasecurity/trivy-action@v0.33.1...v0.34.0

Release: v0.33.1

What's Changed

Full Changelog: aquasecurity/trivy-action@v0.33.0...v0.33.1

Release: v0.33.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.32.0...v0.33.0

Release: v0.32.0

What's Changed

Full Changelog: aquasecurity/trivy-action@v0.31.0...v0.32.0

Release: v0.31.0

What's Changed

... (truncated)

Commits

Updates slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's releases.

v2.1.0

What's Changed

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

  • Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci(deps): bump the github-actions group with 3 updates
00757cc 
Bumps the github-actions group with 3 updates: [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator).


Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.9
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](Mozilla-Actions/sccache-action@v0.0.6...v0.0.9)

Updates `aquasecurity/trivy-action` from 0.30.0 to 0.35.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.30.0...0.35.0)

Updates `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: mozilla-actions/sccache-action
  dependency-version: 0.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Mar 30, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants