dependabot[bot]
6e0291cdb9
chore(deps): bump the github-actions group with 5 updates ( #673 )
...
Bumps the github-actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `6.0.0` |
`6.0.2` |
| [coder/coder](https://github.com/coder/coder ) | `2.29.1` | `2.29.2` |
| [crate-ci/typos](https://github.com/crate-ci/typos ) | `1.42.0` |
`1.42.1` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.1.0` |
`6.2.0` |
|
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action )
| `0.3.0` | `0.4.1` |
Updates `actions/checkout` from 6.0.0 to 6.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355 ">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356 ">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2 ">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2 </a></p>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314 ">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327 ">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328 ">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1 ">https://github.com/actions/checkout/compare/v6...v6.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356 ">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327 ">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286 ">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248 ">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301 ">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226 ">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305 ">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss "><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail "><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells "><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044 ">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224 ">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3 "><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941 ">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946 ">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924 ">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome "><code>@lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180 ">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777 ">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872 ">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739 ">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697 ">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774 ">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3 "><code>@jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776 ">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de0fac2e45https://redirect.github.com/actions/checkout/issues/2356 ">#2356</a>)</li>
<li><a
href="064fe7f3318e8c483db8https://redirect.github.com/actions/checkout/issues/2328 ">#2328</a>)</li>
<li><a
href="033fa0dc0bhttps://redirect.github.com/actions/checkout/issues/2327 ">#2327</a>)</li>
<li><a
href="c2d88d3ecchttps://redirect.github.com/actions/checkout/issues/2314 ">#2314</a>)</li>
<li>See full diff in <a
href="1af3b93b68...de0fac2e45https://github.com/coder/coder/releases ">coder/coder's
releases</a>.</em></p>
<blockquote>
<h2>v2.29.2</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest ">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases ">Release Schedule</a>.</p>
</blockquote>
<h3>Features</h3>
<ul>
<li>CLI: Backport <a
href="https://redirect.github.com/coder/coder/issues/21374 ">#21374</a>
to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21561 ">#21561</a>,
2e2d0dde4)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Backport update boundary version to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21290 ">#21290</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21575 ">#21575</a>,
2314e4a94)</li>
<li>Backport migration fixes (<a
href="https://redirect.github.com/coder/coder/issues/21611 ">#21611</a>,
b5360a918)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>Add antigravity to allowed protocols list (<a
href="https://redirect.github.com/coder/coder/issues/20873 ">#20873</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21122 ">#21122</a>,
bd76c602e)</li>
</ul>
<p>Compare: <a
href="https://github.com/coder/coder/compare/v2.29.1...v2.29.2 "><code>v2.29.1...v2.29.2</code></a></p>
<h2>Container image</h2>
<ul>
<li><code>docker pull ghcr.io/coder/coder:v2.29.2</code></li>
</ul>
<h2>Install/upgrade</h2>
<p>Refer to our docs to <a
href="https://coder.com/docs/install ">install</a> or <a
href="https://coder.com/docs/install/upgrade ">upgrade</a> Coder, or use
a release asset below.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b5360a9180https://redirect.github.com/coder/coder/issues/21611 ">#21611</a>)</li>
<li><a
href="2e2d0dde44https://redirect.github.com/coder/coder/issues/21374 ">#21374</a>
to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21561 ">#21561</a>)</li>
<li><a
href="2314e4a94ehttps://redirect.github.com/coder/coder/issues/21290 ">#21290</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21575 ">#21575</a>)</li>
<li><a
href="bd76c602e4https://redirect.github.com/coder/coder/issues/20873 ">#20873</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21122 ">#21122</a>)</li>
<li>See full diff in <a
href="59cdd7e21f...b5360a9180https://github.com/crate-ci/typos/releases ">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.42.1</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md ">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/ ">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/ ">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
<h2>[1.42.0] - 2026-01-07</h2>
<h3>Features</h3>
<ul>
<li>Dictionary updates</li>
</ul>
<h2>[1.41.0] - 2025-12-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1431 ">December
2025</a> changes</li>
</ul>
<h2>[1.40.1] - 2025-12-29</h2>
<h3>Fixes</h3>
<ul>
<li>Treat <code>incrementer</code> and <code>incrementor</code> the same
for now</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct ITerm2</li>
</ul>
<h2>[1.40.0] - 2025-11-26</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1405 ">November
2025</a> changes</li>
</ul>
<h2>[1.39.2] - 2025-11-13</h2>
<h3>Fixes</h3>
<ul>
<li>Don't offer <code>entry</code> as a correction for
<code>entrys</code></li>
</ul>
<h2>[1.39.1] - 2025-11-12</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65120634e72049566b9ccbc66c9a85https://redirect.github.com/crate-ci/typos/issues/1471 ">#1471</a>
from epage/hex</li>
<li><a
href="207157952c7300bb096401955c0f2a5d4cfab7393cee018e3fhttps://redirect.github.com/crate-ci/typos/issues/1468 ">#1468</a>
from Wilfred/patch-1</li>
<li><a
href="a96a636d4e837ad2701bhttps://redirect.github.com/crate-ci/typos/issues/1467 ">#1467</a>
from Wilfred/full_examples_in_reference</li>
<li>Additional commits viewable in <a
href="bb4666ad77...65120634e7https://github.com/actions/setup-go/releases ">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Example for restore-only cache in documentation by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/696 ">actions/setup-go#696</a></li>
<li>Update Node.js version in action.yml by <a
href="https://github.com/ccoVeille "><code>@ccoVeille</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/691 ">actions/setup-go#691</a></li>
<li>Documentation update of actions/checkout by <a
href="https://github.com/deining "><code>@deining</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/683 ">actions/setup-go#683</a></li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/682 ">actions/setup-go#682</a></li>
<li>Upgrade <code>@actions/cache</code> to v5 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/695 ">actions/setup-go#695</a></li>
<li>Upgrade actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/686 ">actions/setup-go#686</a></li>
<li>Upgrade qs from 6.14.0 to 6.14.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/703 ">actions/setup-go#703</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ccoVeille "><code>@ccoVeille</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/691 ">actions/setup-go#691</a></li>
<li><a href="https://github.com/deining "><code>@deining</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/683 ">actions/setup-go#683</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.2.0 ">https://github.com/actions/setup-go/compare/v6...v6.2.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7a3fe6cf4chttps://redirect.github.com/actions/setup-go/issues/703 ">#703</a>)</li>
<li><a
href="b9adafd441https://redirect.github.com/actions/setup-go/issues/686 ">#686</a>)</li>
<li><a
href="d73f6bcfc2https://redirect.github.com/actions/setup-go/issues/683 ">#683</a>)</li>
<li><a
href="ae252ee6fbhttps://redirect.github.com/actions/setup-go/issues/695 ">#695</a>)</li>
<li><a
href="bf7446afafhttps://redirect.github.com/actions/setup-go/issues/682 ">#682</a>)</li>
<li><a
href="02aadfee7fhttps://redirect.github.com/actions/setup-go/issues/691 ">#691</a>)</li>
<li><a
href="4aaadf4266https://redirect.github.com/actions/setup-go/issues/696 ">#696</a>)</li>
<li>See full diff in <a
href="4dc6199c7b...7a3fe6cf4chttps://github.com/zizmorcore/zizmor-action/releases ">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<p>This version fixes an error in the 0.4.0 release that prevented
non-relative use
of the action.</p>
<h2>What's Changed</h2>
<ul>
<li>Fix version file path by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/83 ">zizmorcore/zizmor-action#83</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1 ">https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1 </a></p>
<h2>v0.4.0</h2>
<p>This new version of <code>zizmor-action</code> brings two major
changes:</p>
<ul>
<li>
<p>The new <code>fail-on-no-inputs</code> option can be used to control
whether
<code>zizmor-action</code> fails if no inputs were collected by
<code>zizmor</code>. The default
remains <code>true</code>, reflecting the pre-existing behavior.</p>
</li>
<li>
<p>The action's use of the official <code>zizmor</code> Docker images is
now fully
hash-checked internally, preventing accidental or malicious modification
to the images. This also means that subsequent releases of
<code>zizmor</code>
will induce a release of this action, rather than the action always
picking
up the latest version by default.</p>
</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>docs: extended permissions required for internal repos by <a
href="https://github.com/AntoineSebert "><code>@AntoineSebert</code></a>
in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61 ">zizmorcore/zizmor-action#61</a></li>
<li>docs: clarify description of "token" to indicate it is
only used for online audits by <a
href="https://github.com/rmuir "><code>@rmuir</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63 ">zizmorcore/zizmor-action#63</a></li>
<li>Hash-check zizmor Docker images by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/68 ">zizmorcore/zizmor-action#68</a></li>
<li>Add <code>fail-on-no-inputs</code> option by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/67 ">zizmorcore/zizmor-action#67</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/AntoineSebert "><code>@AntoineSebert</code></a>
made their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61 ">zizmorcore/zizmor-action#61</a></li>
<li><a href="https://github.com/rmuir "><code>@rmuir</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63 ">zizmorcore/zizmor-action#63</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0 ">https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="135698455dhttps://redirect.github.com/zizmorcore/zizmor-action/issues/83 ">#83</a>)</li>
<li><a
href="72469cf6cchttps://redirect.github.com/zizmorcore/zizmor-action/issues/80 ">#80</a>)</li>
<li><a
href="3aa7e2f1adhttps://redirect.github.com/zizmorcore/zizmor-action/issues/79 ">#79</a>)</li>
<li><a
href="92fc377b74https://redirect.github.com/zizmorcore/zizmor-action/issues/78 ">#78</a>)</li>
<li><a
href="5aff8efe9fhttps://redirect.github.com/zizmorcore/zizmor-action/issues/67 ">#67</a>)</li>
<li><a
href="4d497b9cc8https://redirect.github.com/zizmorcore/zizmor-action/issues/75 ">#75</a>)</li>
<li><a
href="5fa0711fa5https://redirect.github.com/zizmorcore/zizmor-action/issues/69 ">#69</a>)</li>
<li><a
href="c823f2c8e6https://redirect.github.com/zizmorcore/zizmor-action/issues/68 ">#68</a>)</li>
<li><a
href="706c51b5bchttps://redirect.github.com/zizmorcore/zizmor-action/issues/66 ">#66</a>)</li>
<li><a
href="cb3d8e846ehttps://redirect.github.com/zizmorcore/zizmor-action/issues/65 ">#65</a>)</li>
<li>Additional commits viewable in <a
href="e639db9933...135698455d
2026-01-28 22:16:41 +00:00
Lukasz
ec57cb5c0f
CI: Pin GitHub Actions and fix zizmor high-severity findings ( #667 )
...
## Description
This PR fixes zizmor --min-severity high findings in our GitHub Actions
workflows by:
- Pinning all uses: references to immutable commit SHAs (replaces
floating tags like @v6 / @main).
- Pinning internal Terraform setup action usage
(coder/coder/.github/actions/setup-tf@main) to a fixed ref/commit.
- Pinning crate-ci/typos to a commit SHA.
- Removing GitHub expression template expansion inside a run: block in
version-bump.yaml (prevents template injection flagged by zizmor).
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [x] Other
## Module Information
N/A
## Template Information
N/A
## Testing & Validation
- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally - zizmor .github/workflows/* --min-severity
high
## Related Issues
- coder/registry#642
- https://github.com/coder/registry/pull/662
2026-01-21 11:42:10 +01:00
dependabot[bot]
faff2be207
chore(deps): bump actions/checkout from 5 to 6 in the github-actions group ( #561 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 07:47:55 +00:00
dependabot[bot]
17734c073a
chore(deps): bump the github-actions group across 1 directory with 5 updates ( #415 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 16:54:57 +05:00
dependabot[bot]
94d938156d
chore(deps): bump google-github-actions/setup-gcloud from 2.2.0 to 3.0.0 ( #379 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-25 14:06:54 +00:00
dependabot[bot]
f08bb30b53
chore(deps): bump actions/checkout from 4 to 5 ( #334 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 12:25:16 +00:00
dependabot[bot]
2646b36cb1
chore(deps): bump google-github-actions/setup-gcloud from 2.1.5 to 2.2.0 ( #319 )
...
Bumps
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud )
from 2.1.5 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/setup-gcloud/releases ">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Introduce an option to skip the tool cache by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/718 ">google-github-actions/setup-gcloud#718</a></li>
<li>Release: v2.2.0 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/719 ">google-github-actions/setup-gcloud#719</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.1.5...v2.2.0 ">https://github.com/google-github-actions/setup-gcloud/compare/v2.1.5...v2.2.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb1e50a993https://redirect.github.com/google-github-actions/setup-gcloud/issues/719 ">#719</a>)</li>
<li><a
href="ef52f8c087https://redirect.github.com/google-github-actions/setup-gcloud/issues/718 ">#718</a>)</li>
<li>See full diff in <a
href="6a7c903a70...cb1e50a993https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/setup-gcloud&package-manager=github_actions&previous-version=2.1.5&new-version=2.2.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
2025-08-11 20:57:05 -05:00
Atif Ali
92a154f54a
chore: deploy registry on changes to contributers information ( #315 )
2025-08-10 00:53:39 +05:00
dependabot[bot]
494dc4b8a1
chore(deps): bump google-github-actions/auth from 2.1.11 to 2.1.12 ( #288 )
...
Bumps
[google-github-actions/auth](https://github.com/google-github-actions/auth )
from 2.1.11 to 2.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases ">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.12</h2>
<h2>What's Changed</h2>
<ul>
<li>Add retries for getIDToken by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/502 ">google-github-actions/auth#502</a></li>
<li>Release: v2.1.12 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/503 ">google-github-actions/auth#503</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.11...v2.1.12 ">https://github.com/google-github-actions/auth/compare/v2.1.11...v2.1.12 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7593ed2efhttps://redirect.github.com/google-github-actions/auth/issues/503 ">#503</a>)</li>
<li><a
href="c1ee334b4fhttps://redirect.github.com/google-github-actions/auth/issues/502 ">#502</a>)</li>
<li>See full diff in <a
href="140bb5113f...b7593ed2efhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/auth&package-manager=github_actions&previous-version=2.1.11&new-version=2.1.12 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-05 21:01:49 -05:00
Atif Ali
e1f077dac3
chore: deploy registry changes nightly ( #264 )
2025-07-30 22:33:25 -04:00
dependabot[bot]
0fe47943aa
chore(deps): bump google-github-actions/auth from 2.1.10 to 2.1.11 ( #255 )
...
Bumps
[google-github-actions/auth](https://github.com/google-github-actions/auth )
from 2.1.10 to 2.1.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases ">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.11</h2>
<h2>What's Changed</h2>
<ul>
<li>Update troubleshooting docs for Python by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/488 ">google-github-actions/auth#488</a></li>
<li>Add linters by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/499 ">google-github-actions/auth#499</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/500 ">google-github-actions/auth#500</a></li>
<li>Release: v2.1.11 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/501 ">google-github-actions/auth#501</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.10...v2.1.11 ">https://github.com/google-github-actions/auth/compare/v2.1.10...v2.1.11 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="140bb5113fhttps://redirect.github.com/google-github-actions/auth/issues/501 ">#501</a>)</li>
<li><a
href="ab3132e2adhttps://redirect.github.com/google-github-actions/auth/issues/500 ">#500</a>)</li>
<li><a
href="25b96bac99https://redirect.github.com/google-github-actions/auth/issues/499 ">#499</a>)</li>
<li><a
href="0920706a19https://redirect.github.com/google-github-actions/auth/issues/488 ">#488</a>)</li>
<li>See full diff in <a
href="ba79af0395...140bb5113fhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/auth&package-manager=github_actions&previous-version=2.1.10&new-version=2.1.11 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-28 18:17:31 -05:00
dependabot[bot]
4f225fd7d3
chore(deps): bump google-github-actions/setup-gcloud from 2.1.4 to 2.1.5 ( #256 )
...
Bumps
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud )
from 2.1.4 to 2.1.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/setup-gcloud/releases ">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.5</h2>
<h2>What's Changed</h2>
<ul>
<li>security: bump undici from 5.28.5 to 5.29.0 in the npm_and_yarn
group by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/711 ">google-github-actions/setup-gcloud#711</a></li>
<li>Update linters by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/715 ">google-github-actions/setup-gcloud#715</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo "><code>@sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/716 ">google-github-actions/setup-gcloud#716</a></li>
<li>Release: v2.1.5 by <a
href="https://github.com/google-github-actions-bot "><code>@google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/717 ">google-github-actions/setup-gcloud#717</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.1.4...v2.1.5 ">https://github.com/google-github-actions/setup-gcloud/compare/v2.1.4...v2.1.5 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6a7c903a70https://redirect.github.com/google-github-actions/setup-gcloud/issues/717 ">#717</a>)</li>
<li><a
href="e838bc6edfhttps://redirect.github.com/google-github-actions/setup-gcloud/issues/716 ">#716</a>)</li>
<li><a
href="98d8f78fcchttps://redirect.github.com/google-github-actions/setup-gcloud/issues/715 ">#715</a>)</li>
<li><a
href="a8b58010a5https://redirect.github.com/google-github-actions/setup-gcloud/issues/711 ">#711</a>)</li>
<li>See full diff in <a
href="77e7a554d4...6a7c903a70https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-github-actions/setup-gcloud&package-manager=github_actions&previous-version=2.1.4&new-version=2.1.5 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-28 18:13:18 -05:00
Atif Ali
e6fdca44f3
chore: deploy registry when the workflow changes ( #186 )
2025-07-07 17:28:54 +05:00
Atif Ali
98f63d375b
chore: redeploy registry when templates are updated ( #185 )
2025-07-07 17:24:43 +05:00
Benjamin Peinhardt
dbd4928706
fix: update release action to match new registry-server dev flow ( #171 )
...
## Description
This PR updates the CI release flow to match the registry-server's new
development flow.
The "dev" registry now deploys directly from the main branch of
registry-server.
The "production" registry now deploys from tagged releases of
registry-server. We have added a "production" tag that will
track the same commit as the latest semver release of the
registry-server.
---
## Type of Change
- [ ] New module
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Related Issues
Fixes https://github.com/coder/registry/pull/170
Closes #
2025-07-02 10:39:21 -05:00
Garrett Delfosse
a1cea027dc
fix: disable production deployments from main ( #170 )
...
Reverts https://github.com/coder/registry/pull/168 which should not have
been merged, and disables production deployments for now until a fix is
in place on the registry-server side.
2025-07-02 10:30:47 -04:00
Hugo Dutka
9aacddef1a
fix: skip deploying to the dev registry ( #168 )
...
The workflow doesn't work currently.
2025-07-02 13:08:54 +02:00
Atif Ali
e9870049bb
chore: deploy only on tag pushes ( #139 )
...
Resolves #68
2025-06-05 07:10:13 +02:00
Michael Smith
ae6cf8c366
fix: add build step for deployment registry ( #110 )
...
## Changes made
- Updated the `deploy-registry` script to include steps for pushing to
the production registry
2025-05-19 12:18:14 -04:00
dependabot[bot]
55c9829a27
chore(deps): bump google-github-actions/auth from 2.1.8 to 2.1.10 ( #109 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 15:51:02 +05:00
Michael Smith
22a8b2614b
chore: add deploy script ( #15 )
...
Helps close out https://github.com/coder/internal/milestone/10
## Changes made
- Added `deploy-registry.yaml` workflow
2025-05-16 10:27:09 -04:00
dependabot[bot]