Skip to content

Commit 7619068

Browse files
dependabot[bot]dependabot[bot]
authored
build(deps): bump anchore/scan-action from 7.2.1 to 7.2.2 (#962)
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 7.2.1 to 7.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/scan-action/releases">anchore/scan-action's releases</a>.</em></p> <blockquote> <h2>v7.2.2</h2> <h2>New in scan-action v7.2.2</h2> <ul> <li>update Grype to v0.104.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/557">#557</a>) [[<a href="https://github.com/apps/anchore-actions-token-generator">anchore-actions-token-generator[bot]</a>](<a href="https://github.com/%5Banchore-actions-token-generator%5Bbot%5D%5D(https://github.com/apps/anchore-actions-token-generator))%5D">https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]</a></li> <li>bump glob from 10.4.5 to 10.5.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/546">#546</a>) [[<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a href="https://github.com/%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot))%5D">https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anchore/scan-action/commit/3c9a191a0fbab285ca6b8530b5de5a642cba332f"><code>3c9a191</code></a> chore(deps): update Grype to v0.104.2 (<a href="https://redirect.github.com/anchore/scan-action/issues/557">#557</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/0a9fbe8211a960db3679b0885ce6754e8554a0b1"><code>0a9fbe8</code></a> chore(deps-dev): bump lint-staged from 16.2.6 to 16.2.7 (<a href="https://redirect.github.com/anchore/scan-action/issues/547">#547</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/5ac7f2aec0382580086343cec94d7b36d369047e"><code>5ac7f2a</code></a> chore(deps-dev): bump prettier from 3.6.2 to 3.7.4 (<a href="https://redirect.github.com/anchore/scan-action/issues/555">#555</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/563e915d07829f21025d3c1821b9d1cc9f10975c"><code>563e915</code></a> chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 (<a href="https://redirect.github.com/anchore/scan-action/issues/556">#556</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/49c6d261d1c975ab62c1eb10993425b7c6cb8ddc"><code>49c6d26</code></a> chore(deps): bump actions/checkout from 5.0.0 to 6.0.1 (<a href="https://redirect.github.com/anchore/scan-action/issues/554">#554</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/77906c36b05b7a0949cf47fadd0d2e3f2cf22d18"><code>77906c3</code></a> chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/553">#553</a>)</li> <li><a href="https://github.com/anchore/scan-action/commit/ed82e81d1725e5ef6b41dbc1b1f3f13b366e417d"><code>ed82e81</code></a> chore(deps): bump glob from 10.4.5 to 10.5.0 (<a href="https://redirect.github.com/anchore/scan-action/issues/546">#546</a>)</li> <li>See full diff in <a href="https://github.com/anchore/scan-action/compare/40a61b52209e9d50e87917c5b901783d546b12d0...3c9a191a0fbab285ca6b8530b5de5a642cba332f">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/scan-action&package-manager=github_actions&previous-version=7.2.1&new-version=7.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 7e278cd commit 7619068

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

.github/workflows/serverless-init-vulnerability-scan.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
runs-on: ubuntu-22.04
3636
steps:
3737
- name: Scan latest serverless-init image with grype
38-
uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
38+
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
3939
with:
4040
image: "datadog/serverless-init:latest"
4141
only-fixed: true
@@ -44,7 +44,7 @@ jobs:
4444
output-format: table
4545

4646
- name: Scan latest-alpine serverless-init image with grype
47-
uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
47+
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
4848
with:
4949
image: "datadog/serverless-init:latest-alpine"
5050
only-fixed: true

.github/workflows/vulnerability-scan.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
runs-on: ubuntu-22.04
3838
steps:
3939
- name: Scan latest release image with grype
40-
uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
40+
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
4141
with:
4242
image: "public.ecr.aws/datadog/lambda-extension:latest"
4343
only-fixed: true
@@ -46,7 +46,7 @@ jobs:
4646
output-format: table
4747

4848
- name: Scan latest-alpine release image with grype
49-
uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
49+
uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
5050
with:
5151
image: "public.ecr.aws/datadog/lambda-extension:latest-alpine"
5252
only-fixed: true

0 commit comments

Comments
 (0)