Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): bump anchore/scan-action from 5 to 6 (#129)
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/scan-action/releases">anchore/scan-action's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>New in scan-action v6.0.0</h2> <h3>Major Change Note</h3> <ul> <li>feat: add output-file option, default to random directory output in temp (<a href="https://redirect.github.com/anchore/scan-action/issues/346">#346</a>) [<a href="https://github.com/kzantow">kzantow</a>]</li> </ul> <p>Check the above PR for details on how migrating might affect current configurations and usages</p> <h3>Other Changes</h3> <ul> <li>chore(deps): update Grype to v0.86.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/416">#416</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>feat: add support for cyclonedx and cyclonedx-json output-formats (<a href="https://redirect.github.com/anchore/scan-action/issues/396">#396</a>) [<a href="https://github.com/ps-e">ps-e</a>]</li> <li>chore(deps): bump <code>@actions/cache</code> from 3.3.0 to 4.0.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/412">#412</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps): update Grype to v0.86.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/413">#413</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> <h2>v5.3.0</h2> <h2>New in scan-action v5.3.0</h2> <ul> <li>chore(deps): update Grype to v0.85.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/408">#408</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps-dev): bump <code>@vercel/ncc</code> from 0.38.2 to 0.38.3 (<a href="https://redirect.github.com/anchore/scan-action/issues/406">#406</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps-dev): bump eslint from 9.14.0 to 9.15.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/405">#405</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps-dev): bump husky from 9.1.6 to 9.1.7 (<a href="https://redirect.github.com/anchore/scan-action/issues/407">#407</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v5.2.1</h2> <h2>New in scan-action v5.2.1</h2> <ul> <li>update Grype to v0.84.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/404">#404</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>bump <code>@actions/cache</code> from 3.2.4 to 3.3.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/402">#402</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v5.2.0</h2> <h2>New in scan-action v5.2.0</h2> <ul> <li>chore(deps): update Grype to v0.83.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/398">#398</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/394">#394</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/395">#395</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v5.1.0</h2> <h2>New in scan-action v5.1.0</h2> <ul> <li>chore(deps): update Grype to v0.82.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/393">#393</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>chore(deps-dev): bump eslint from 9.12.0 to 9.13.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/392">#392</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> <li>chore(deps-dev): bump tslib from 2.7.0 to 2.8.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/391">#391</a>) [<a href="https://github.com/dependabot">dependabot</a>]</li> </ul> <h2>v5.0.1</h2> <h2>New in scan-action v5.0.1</h2> <ul> <li>chore(deps): update Grype to v0.82.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/389">#389</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anchore/scan-action/blob/main/CHANGELOG.md">anchore/scan-action's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <h2>Version 2.0.2 - 2020-11-11</h2> <ul> <li>Update <code>actions/core</code> to use version <code>1.2.6</code> [(Issue <a href="https://redirect.github.com/anchore/scan-action/issues/71">#71</a>)](<a href="https://redirect.github.com/anchore/scan-action/issues/71">anchore/scan-action#71</a>)</li> </ul> <h2>Version 2.0.1 - 2020-02-11</h2> <p>Fixes:</p> <ul> <li>Removes unnecessary constraint in deduplication for SARIF reporting</li> <li>Allows defining and referencing the location of the SARIF report file</li> <li>Fixes multiple instances where undefined items in the reporting would break scanning</li> </ul> <h2>Version 2.0.0 - 2020-30-09</h2> <p>2.0.0 is a new major version of scan action based on the new <a href="https://github.com/anchore/grype">Grype</a> tool from Anchore. It is much faster for scanning compared to v1.x of the action and adds some new capabilities, including directory scanning as well as container image scanning, and also has more metadata about the vulnerability matches than previous versions for more transparency on the matching process.</p> <p>Improvements and Changes:</p> <ul> <li>Significantly faster performance for scans</li> <li>New vulnerabilities output format is the JSON output from Grype directly</li> <li>Adds support for scanning directories as well as Docker containers, so you can do the same checks pre-and post-build of the container.</li> <li>Supports Automatic Code Scanning/SARIF for exposing results via your repository's Security tab.</li> <li>Updated the default branch from <code>master</code> to <code>main</code></li> </ul> <p><em>NOTE: This is a breaking change from v1.x, as indicated by the major version change. We strongly recommend using a <a href="https://github.com/v2"><code>@v2</code></a> or specific version instead of <a href="https://github.com/main"><code>@main</code></a></em></p> <p>Breaking Changes for v2:</p> <ul> <li>Inputs: <ul> <li>Changed <code>image-reference</code> to <code>image</code> (required)</li> <li><code>dockerfile-path</code> is no longer supported and not necessary for the vulnerability scans</li> <li><code>custom-policy-path</code> is no longer supported</li> <li><code>include-app-packages</code> is no longer necessary or supported. Application packages are on by default and will receive vulnerability matches.</li> </ul> </li> <li>Outputs: <ul> <li><code>billofmaterials</code> is no longer output. V2 is focused on vulnerability scanning and another action may be introduced for BoM support with its own options/config.</li> <li><code>policycheck</code> is no longer output</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/scan-action/commit/abae793926ec39a78ab18002bc7fc45bbbd94342"><code>abae793</code></a> chore(deps): update Grype to v0.86.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/416">#416</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/f02232ca2fed234639b85296af90024a172f7b0f"><code>f02232c</code></a> chore: exclude dev-deps from release drafter (<a href="https://redirect.github.com/anchore/scan-action/issues/415">#415</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/763018a9a88f3b9162b3b6668d19e858610c40d8"><code>763018a</code></a> feat: add support for cyclonedx and cyclonedx-json output-formats (<a href="https://redirect.github.com/anchore/scan-action/issues/396">#396</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/e37457976f3b0130fe27d4869550137be4f283a9"><code>e374579</code></a> chore(deps-dev): bump lint-staged from 15.2.10 to 15.2.11 (<a href="https://redirect.github.com/anchore/scan-action/issues/414">#414</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/e90bc67ce133aef3a9c48e87c27bc95d201eabbd"><code>e90bc67</code></a> chore(deps): bump <code>@actions/cache</code> from 3.3.0 to 4.0.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/412">#412</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/028cd8fdf9cefce0538c3b1e37839c637ba50546"><code>028cd8f</code></a> feat: add output-file option, default to random directory output in temp (<a href="https://redirect.github.com/anchore/scan-action/issues/346">#346</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/6e00665386d3266ac7d294f013ca9f587cb079db"><code>6e00665</code></a> chore(deps): update Grype to v0.86.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/413">#413</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/15fee386b6e7dc6babbf8b774ae9430c68411ada"><code>15fee38</code></a> chore(deps-dev): bump eslint from 9.15.0 to 9.16.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/410">#410</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/c4c24ec28c6c0c09befe0acf0fafe395c952e22b"><code>c4c24ec</code></a> chore(deps-dev): bump prettier from 3.3.3 to 3.4.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/411">#411</a>)</li> <li>See full diff in <a href="https://github.com/anchore/scan-action/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
2f834fe
commit c93e394