Skip to content

chore(ci): bump the github-actions group across 1 directory with 2 updates#350

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-27bf4a0696
Closed

chore(ci): bump the github-actions group across 1 directory with 2 updates#350
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-27bf4a0696

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 2 updates in the / directory: actions/attest-build-provenance and actions/setup-go.

Updates actions/attest-build-provenance from 4.1.0 to 4.1.1

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.1

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Full Changelog: actions/attest-build-provenance@v4.1.0...v4.1.1

Commits

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions labels Jun 29, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions labels Jun 29, 2026
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Semgrep Scan Results

Repository: api | Commit: b1cb5c0

Check Status Details
⚠️ Semgrep Warning 1 warning(s), 5 total

Scanned at 2026-07-01 13:07 UTC

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Security Scan Results

Repository: api | Commit: b1cb5c0

Check Status Details
✅ Secret Scan Pass No secrets detected
✅ Dependencies (Trivy) Pass 0 total (no critical/high)
✅ Dependencies (Grype) Pass 0 total (no critical/high)
📦 SBOM Generated 523 components (CycloneDX)

Scanned at 2026-07-01 13:07 UTC

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

📊 Statement coverage

Measured on the documented included set (see docs/TESTING.md → Coverage scope). Observe-only — no regression gate is enforced yet.

Scope This PR main baseline Δ
Included set (Gold-tier denominator) 90.3% 90.3% +0.0 pp
Full set (whole repo, transparency) 27.9% 27.9% +0.0 pp

Baseline: main @ 5e9f06e

…dates

Bumps the github-actions group with 2 updates in the / directory: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f)

Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(ci): bump the github-actions group with 2 updates chore(ci): bump the github-actions group across 1 directory with 2 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-27bf4a0696 branch from c600f02 to 0be2381 Compare July 1, 2026 13:06
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-27bf4a0696 branch July 6, 2026 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants