chore(deps): update actions #148

CSRBot · 2026-03-09T21:03:41+01:00

CSRBot commented

2026-03-09 21:03:41 +01:00

This PR contains the following updates:

Package	Type	Update	Change
anchore/syft		patch	`1.42.1` -> `1.42.2`
sigstore/cosign-installer	action	minor	`v4.0.0` -> `v4.1.0`

Release Notes

anchore/syft (anchore/syft)

`v1.42.2`

Compare Source

Bug Fixes

[BUG] Incorrect Maven PURL generation: Automatic-Module-Name should not be used as Maven groupId [#4611 #4642 @xnox]
Checksum is 0 for spdx files [#2307 #4620 @ppalucha]
Support grafana binary various versions [#4559 #4635 @witchcraze]

Additional Changes

migrate fixtures to testdata [#4651 @wagoodman]

(Full Changelog)

sigstore/cosign-installer (sigstore/cosign-installer)

`v4.1.0`

Compare Source

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Bump cosign to 3.0.5 in #220
fix: add retry to curl downloads for transient network failures in #210

Full Changelog: https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [anchore/syft](https://github.com/anchore/syft) | | patch | `1.42.1` -> `1.42.2` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | action | minor | `v4.0.0` -> `v4.1.0` | --- ### Release Notes <details> <summary>anchore/syft (anchore/syft)</summary> ### [`v1.42.2`](https://github.com/anchore/syft/releases/tag/v1.42.2) [Compare Source](https://github.com/anchore/syft/compare/v1.42.1...v1.42.2) ##### Bug Fixes - \[BUG] Incorrect Maven PURL generation: `Automatic-Module-Name` should not be used as Maven groupId \[[#4611](https://github.com/anchore/syft/issues/4611) [#4642](https://github.com/anchore/syft/pull/4642) [@xnox](https://github.com/xnox)] - Checksum is 0 for spdx files \[[#2307](https://github.com/anchore/syft/issues/2307) [#4620](https://github.com/anchore/syft/pull/4620) [@ppalucha](https://github.com/ppalucha)] - Support grafana binary various versions \[[#4559](https://github.com/anchore/syft/issues/4559) [#4635](https://github.com/anchore/syft/pull/4635) [@witchcraze](https://github.com/witchcraze)] ##### Additional Changes - migrate fixtures to testdata \[[#4651](https://github.com/anchore/syft/pull/4651) [@wagoodman](https://github.com/wagoodman)] **[(Full Changelog)](https://github.com/anchore/syft/compare/v1.42.1...v1.42.2)** </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v4.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v4.1.0) [Compare Source](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0) #### What's Changed We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing `with: cosign-release` and strongly discourage using `cosign-release` unless you have a specific reason to use an older version of Cosign. - Bump cosign to 3.0.5 in [#220](https://github.com/sigstore/cosign-installer/pull/220) - fix: add retry to curl downloads for transient network failures in [#210](https://github.com/sigstore/cosign-installer/pull/210) **Full Changelog**: <https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

CSRBot added 1 commit 2026-03-09 21:03:42 +01:00

chore(deps): update actions

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (push) Successful in 16s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-amd64) (pull_request) Successful in 16s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (push) Successful in 7s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-amd64) (pull_request) Successful in 7s

Details

Lint Markdown files / Run markdown linter (pull_request) Successful in 5s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (push) Successful in 45s

Details

Lint Golang files / Run golang CI linter (stable, ubuntu-latest-arm64) (pull_request) Successful in 46s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (push) Successful in 23s

Details

Run Golang tests / Run unit tests (stable, ubuntu-latest-arm64) (pull_request) Successful in 24s

Details

fb24cc65ce

CSRBot scheduled this pull request to auto merge when all checks succeed 2026-03-09 21:03:48 +01:00

CSRBot merged commit ebf50bf5be into master

2026-03-09 21:08:30 +01:00

CSRBot deleted branch renovate/actions

2026-03-09 21:08:31 +01:00

CSRBot referenced this issue from a commit

2026-03-09 21:08:33 +01:00

Merge pull request 'chore(deps): update actions' (#148) from renovate/actions into master

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: volker.raschek/dcmerge#148