chore(deps): update workflows (major) (#540)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3.6.0` -> `v4.0.0` | | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3` -> `v4` | | [docker/login-action](https://togithub.com/docker/login-action) | action | major | `v2` -> `v3` | | [docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action) | action | major | `v2` -> `v3` | | [docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action) | action | major | `v2` -> `v3` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | major | `v4.6.0` -> `v5.0.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436) </details> <details> <summary>docker/login-action (docker/login-action)</summary> ### [`v3`](https://togithub.com/docker/login-action/compare/v2...v3) [Compare Source](https://togithub.com/docker/login-action/compare/v2...v3) </details> <details> <summary>docker/setup-buildx-action (docker/setup-buildx-action)</summary> ### [`v3`](https://togithub.com/docker/setup-buildx-action/compare/v2...v3) [Compare Source](https://togithub.com/docker/setup-buildx-action/compare/v2...v3) </details> <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3`](https://togithub.com/docker/setup-qemu-action/compare/v2...v3) [Compare Source](https://togithub.com/docker/setup-qemu-action/compare/v2...v3) </details> <details> <summary>goreleaser/goreleaser-action (goreleaser/goreleaser-action)</summary> ### [`v5.0.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.0.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.6.0...v5.0.0) ##### What's Changed - feat: node 20 as default runtime (requires [Actions Runner v2.308.0](https://togithub.com/actions/runner/releases/tag/v2.308.0) or later) by [@crazy-max](https://togithub.com/crazy-max) in [goreleaser/goreleaser-action#432 - chore(deps): bump [@actions/core](https://togithub.com/actions/core) from 1.10.0 to 1.10.1 in [goreleaser/goreleaser-action#434 **Full Changelog**: goreleaser/goreleaser-action@v4.6.0...v5.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner).
google · Sep 19, 2023 · 0c59a97 · 0c59a97
1 parent b3f6168
commit 0c59a97
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 11 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -21,7 +21,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -33,17 +33,17 @@ jobs:
         uses: ./.github/workflows/test-action
       - name: Run Lints
         uses: ./.github/workflows/lint-action
-      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
-      - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
+      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
+      - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
       - name: ghcr-login
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
           version: latest
           args: release --rm-dist

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
           fetch-depth: 0

diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -21,7 +21,7 @@ jobs:
   scan-pr:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           # Do persist credentials, as we need it for the git checkout later

diff --git a/.github/workflows/osv-scanner-reusable-scheduled.yml b/.github/workflows/osv-scanner-reusable-scheduled.yml
@@ -21,7 +21,7 @@ jobs:
   scan-scheduled:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Run scanner"
         uses: google/osv-scanner/actions/scanner@main
         with:

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
           fetch-depth: 0