Bump the actions group across 1 directory with 9 updates

[dependabot]

Bumps the actions group with 9 updates in the / directory:

Package	From	To
actions/checkout	4.1.7	4.2.2
docker/setup-buildx-action	3.6.1	3.8.0
docker/login-action	3.2.0	3.3.0
actions/upload-artifact	4.3.6	4.6.0
actions/dependency-review-action	4.3.4	4.5.0
actions/setup-go	5.0.2	5.2.0
golangci/golangci-lint-action	6.1.1	6.2.0
github/codeql-action	3.26.12	3.28.1
aquasecurity/trivy-action	0.24.0	0.29.0

Updates actions/checkout from 4.1.7 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

• @​yasonk made their first contribution in actions/checkout#1869
• @​lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
• d632683 Prepare 4.2.0 release (#1878)
• 6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
• db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
• b684943 Add Ref and Commit outputs (#1180)
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.6.1 to 3.8.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.8.0

• Make cloud prefix optional to download buildx if driver is cloud by @​crazy-max in docker/setup-buildx-action#390
• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370
• Bump @​docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

v3.7.1

• Switch back to uuid package by @​crazy-max in docker/setup-buildx-action#369

Full Changelog: docker/setup-buildx-action@v3.7.0...v3.7.1

v3.7.0

• Always set buildkitd-flags if opt-in by @​crazy-max in docker/setup-buildx-action#363
• Remove uuid package and switch to crypto by @​crazy-max in docker/setup-buildx-action#366
• Bump @​docker/actions-toolkit from 0.35.0 to 0.39.0 in docker/setup-buildx-action#362
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-buildx-action#354

Full Changelog: docker/setup-buildx-action@v3.6.1...v3.7.0

Commits

• 6524bf6 Merge pull request #390 from crazy-max/buildx-cloud-latest
• 8d5e074 chore: update generated content
• 7199e57 make cloud prefix optional to download buildx if driver is cloud
• db63cee Merge pull request #381 from docker/dependabot/github_actions/codecov/codecov...
• 043ebe1 Merge pull request #389 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 686da90 chore: update generated content
• a3d7487 Merge pull request #382 from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6
• 4dcdbce build(deps): bump @​docker/actions-toolkit from 0.39.0 to 0.48.0
• 1a8ac74 ci: fix deprecated input for codecov-action
• e827ebe build(deps): bump cross-spawn from 7.0.3 to 7.0.6
• Additional commits viewable in compare view

Updates docker/login-action from 3.2.0 to 3.3.0

Release notes

Sourced from docker/login-action's releases.

v3.3.0

• Bump @​docker/actions-toolkit from 0.24.0 to 0.35.0 in docker/login-action#754
• Bump https-proxy-agent from 7.0.4 to 7.0.5 in docker/login-action#741
• Bump braces from 3.0.2 to 3.0.3 in docker/login-action#730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

Commits

• 9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
• 2fa130c chore: update generated content
• 5e87b2a build(deps): bump https-proxy-agent
• e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 9af18aa chore: update generated content
• 668190a switch to Docker exec
• be5150d build(deps): bump @​docker/actions-toolkit from 0.24.0 to 0.35.0
• e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
• 75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
• 793c19c build(deps): bump docker/bake-action from 4 to 5
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.6 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578
• @​bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add a section about hidden files by @​joshmgross in actions/upload-artifact#607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/upload-artifact#621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in actions/upload-artifact#625

New Contributors

• @​Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

... (truncated)

Commits

• 65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
• 0207619 move files back to satisfy licensed ci
• 1ecca81 licensed cache updates
• 9742269 Expose env vars to controll concurrency and timeout
• 6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
• c40c16d add new artifact-digest output
• 735efb4 bump @​actions/artifact from 2.1.11 to 2.2.0
• 184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
• b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
• b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in actions/dependency-review-action#844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in actions/dependency-review-action#847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in actions/dependency-review-action#849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in actions/dependency-review-action#850
• fix: add summary comment on failure when warn-only: true by @​ebickle in actions/dependency-review-action#827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

• @​ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in actions/dependency-review-action#766
• Create pull_request_template.md by @​jonjanego in actions/dependency-review-action#794
• Update CONTRIBUTING.md by @​jonjanego in actions/dependency-review-action#793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in actions/dependency-review-action#815
• Upgrade transitive micromatch library by @​elireisman in actions/dependency-review-action#829
• Do not list changed dependencies in summary by @​hmaurer in actions/dependency-review-action#828
• Update stale.yaml by @​jonjanego in actions/dependency-review-action#832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in actions/dependency-review-action#822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

• @​louis-bompart made their first contribution in actions/dependency-review-action#766
• @​Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

Commits

• 3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
• d6807b6 updating generated code
• c89b41f addressing lint issues
• eee97d8 incrementing project version
• 9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
• 9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
• 2fc8e23 Using cross-spawn safe version
• fb86db2 fix: resolve race conditions in async core.group calls
• 0a198ab fix: replace integer failureCount with boolean
• fc499fc Merge branch 'main' into fix/comment-warn-only
• Additional commits viewable in compare view

Updates actions/setup-go from 5.0.2 to 5.2.0

Release notes

Sourced from actions/setup-go's releases.

v5.2.0

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-go#496

New Contributors

• @​Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/setup-go#500
• Upgrade IA Publish by @​Jcambass in actions/setup-go#502
• Add architecture to cache key by @​Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by @​priyagupta108 in actions/setup-go#510

Bug Fixes

• Revise isGhes logic by @​jww3 in actions/setup-go#511

New Contributors

• @​Zxilly made their first contribution in actions/setup-go#493
• @​Jcambass made their first contribution in actions/setup-go#500
• @​jww3 made their first contribution in actions/setup-go#511
• @​priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

Commits

• 3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
• 41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
• 9419772 Revise isGhes logic (#511)
• d60b41a Merge pull request #502 from actions/Jcambass-patch-1
• e09f57f Upgrade IA Publish
• df1a117 Merge pull request #500 from actions/Jcambass-patch-1
• 49582f6 Add workflow file for publishing releases to immutable action package
• b26d402 fix: add arch to cache key (#493)
• See full diff in compare view

Updates golangci/golangci-lint-action from 6.1.1 to 6.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.2.0

What's Changed

Changes

• chore: use new build tag syntax by @​alexandear in golangci/golangci-lint-action#1133
• feat: support linux arm64 public preview by @​ldez in golangci/golangci-lint-action#1144

Documentation

• docs: update local development instructions by @​dmitris in golangci/golangci-lint-action#1125

Dependencies

• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1112
• build(deps): bump the dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1113
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1114
• build(deps): bump @​types/node from 22.7.4 to 22.7.5 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1115
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1117
• build(deps): bump @​types/node from 22.7.5 to 22.7.7 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1118
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1119
• build(deps): bump @​types/node from 22.7.7 to 22.8.1 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1120
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1122
• build(deps): bump the dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1123
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1126
• build(deps): bump @​types/node from 22.8.7 to 22.9.0 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1127
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1128
• build(deps): bump @​types/node from 22.9.0 to 22.9.3 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1130
• build(deps): bump @​types/node from 22.9.3 to 22.10.1 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1131
• build(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates by @​dependabot in golangci/golangci-lint-action#1132
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1134
• build(deps): bump @​actions/cache from 3.3.0 to 4.0.0 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1135
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1136
• build(deps): bump @​types/node from 22.10.1 to 22.10.2 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1137
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1138
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1139
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot in golangci/golangci-lint-action#1141
• build(deps): bump @​types/node from 22.10.2 to 22.10.5 in the dependencies group by @​dependabot in golangci/golangci-lint-action#1142
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot in golangci/golangci-lint-action#1143

New Contributors

• @​dmitris made their first contribution in golangci/golangci-lint-action#1125
• @​alexandear made their first contribution in golangci/golangci-lint-action#1133

Full Changelog: golangci/golangci-lint-action@v6.1.1...v6.2.0

Commits

• ec5d184 feat: support linux arm64 public preview (#1144)
• a0297a1 build(deps-dev): bump the dev-dependencies group with 3 updates (#1143)
• 58eda26 build(deps): bump @​types/node from 22.10.2 to 22.10.5 in the dependencies gro...
• 44c2434 build(deps-dev): bump the dev-dependencies group with 2 updates (#1141)
• 2f13b80 build(deps-dev): bump the dev-dependencies group with 2 updates (#1139)
• 1ac3686 build(deps-dev): bump the dev-dependencies group with 2 updates (#1138)
• 9937fdf build(deps): bump @​types/node from 22.10.1 to 22.10.2 in the dependencies gro...
• cb60b26 build(deps-dev): bump the dev-dependencies group with 2 updates (#1136)
• 774c35b build(deps): bump @​actions/cache from 3.3.0 to 4.0.0 in the dependencies grou...
• 7ce5487 build(deps-dev): bump the dev-dependencies group with 3 updates (#1134)
• Additional commits viewable in compare view

Updates github/codeql-action from 3.26.12 to 3.28.1

Release notes

Sourced from github/codeql-action's releases.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
• Update default CodeQL bundle version to 2.20.1. #2678

See the full CHANGELOG.md for more information.

v3.28.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #2655
• Don't fail in the unusual case that a file is on the search path. #2660.

See the full CHANGELOG.md for more information.

v3.27.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
• Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #2655
• Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

• Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

• Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

• Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

... (truncated)

Commits

• b6a472f Merge pull request #2681 from github/update-v3.28.1-ea6acbfea
• bb999b4 Update changelog for v3.28.1
• ea6acbf Merge pull request #2677 from github/angelapwen/deprecate-action-v2
• 4df151e Merge branch 'main' into angelapwen/deprecate-action-v2
• a05a7eb Fix PR number in changenote
• 8d2753b Add public changelog blog post link
• e83e0a4 Merge pull request #2673 from github/dependabot/npm_and_yarn/npm-877f465710
• b7ff308 Merge pull request #2678 from github/update-bundle/codeql-bundle-v2.20.1
• 1aa16c2 Merge branch 'main' into update-bundle/codeql-bundle-v2.20.1
• fb65b6c Merge pull request #2672 from github/mbg/start-proxy/include-type-in-urls-output
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.24.0 to 0.29.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.29.0

What's Changed

• feat: Allow skipping setup by @​rvesse in aquasecurity/trivy-action#414
• Fix oras command not found in "Update Trivy Cache" action by @​Tiryoh in aquasecurity/trivy-action#413
• Update README.md by @​simar7 in aquasecurity/trivy-action#420
• feat: add token for setup-trivy by @​DmitriyLewen in aquasecurity/trivy-action...

  Description has been truncated

[dependabot]

The following labels could not be found: area/dependency, release-note-none, ok-to-test.