Bump the release-tooling group across 1 directory with 3 updates#4
Merged
FlavioCFOliveira merged 1 commit intoMay 6, 2026
Merged
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Owner
|
@dependabot rebase |
Bumps the release-tooling group with 3 updates in the / directory: [anchore/sbom-action](https://github.com/anchore/sbom-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action). Updates `anchore/sbom-action` from 0.9.0 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@f6c3d0f...e22c389) Updates `sigstore/cosign-installer` from f713795cb21599bc4e5c4b58cbad1da852d7eeb9 to 398d4b0eeef1380460a10c8013a76f728fb906ac - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@f713795...398d4b0) Updates `goreleaser/goreleaser-action` from 6.1.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@9ed2f89...1a80836) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: release-tooling - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: release-tooling - dependency-name: sigstore/cosign-installer dependency-version: 398d4b0eeef1380460a10c8013a76f728fb906ac dependency-type: direct:production dependency-group: release-tooling ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/release-tooling-4488fa1517
branch
from
168a752 to
7590ada
Compare
FlavioCFOliveira
deleted the
dependabot/github_actions/release-tooling-4488fa1517
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps the release-tooling group with 3 updates in the / directory: anchore/sbom-action, sigstore/cosign-installer and goreleaser/goreleaser-action.
Updates
anchore/sbom-actionfrom 0.9.0 to 0.24.0Release notes
Sourced from anchore/sbom-action's releases.
... (truncated)
Commits
e22c389chore(deps): update Syft to v1.42.3 (#615)36a5fdechore: update to node 24 + deps (#614)a0a6512chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#608)57aae52chore(deps): update Syft to v1.42.2 (#607)c29e913chore(deps): bump fast-xml-parser and other deps (#604)17ae174chore(deps/test): move to es modules, node:test, single dist file (#595)6d473d3chore(deps): update Syft to v1.42.1 (#599)60619e7fix tests and bump fast-xml-parser (#598)e2bd58achore(deps-dev): bump the dev-dependencies group with 3 updates (#592)d032d7dci(syft auto update): npm ci, not npm install (#597)Updates
sigstore/cosign-installerfrom f713795cb21599bc4e5c4b58cbad1da852d7eeb9 to 398d4b0eeef1380460a10c8013a76f728fb906acCommits
Updates
goreleaser/goreleaser-actionfrom 6.1.0 to 7.2.1Release notes
Sourced from goreleaser/goreleaser-action's releases.
... (truncated)
Commits
1a80836ci(nightly): pass GITHUB_TOKEN to nightly integration joba71152erefactor: drop legacy 'nightly' tag fallback4c6ab56feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)4f96abffeat: addversion-fileinput (#556)15fa2a9test: cover install across release eras (#555)e24998bci: drop pre-cosign-v3 goreleaser versions from tests (#554)be2e8a3docs: document cosign verification in README (#553)5e53f8eci: add release-major-tag workflow (#552)4068afabuild: drop docker-bake in favor of plain npm (#551)213ec80docs: add CONTRIBUTING with pre-commit workflow