Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #162

Merged
merged 1 commit into from
Nov 8, 2024
Merged

chore(deps): update github-actions #162

merged 1 commit into from
Nov 8, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 1, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v4.2.0 -> v4.2.2
actions/setup-dotnet action minor v4.0.1 -> v4.1.0
actions/upload-artifact action patch v4.4.0 -> v4.4.3
benchmark-action/github-action-benchmark action patch v1.20.3 -> v1.20.4
bufbuild/buf-setup-action action minor v1.44.0 -> v1.46.0
github/codeql-action action minor v3.26.11 -> v3.27.1
miracum/.github action patch v1.12.4 -> v1.12.8

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

actions/setup-dotnet (actions/setup-dotnet)

v4.1.0

Compare Source

What's Changed

Bug fixes :
Dependency updates :

New Contributors

Full Changelog: actions/setup-dotnet@v4...v4.1.0

actions/upload-artifact (actions/upload-artifact)

v4.4.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed
New Contributors

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

benchmark-action/github-action-benchmark (benchmark-action/github-action-benchmark)

v1.20.4

Compare Source

  • feat add typings and validation workflow (#​257)
bufbuild/buf-setup-action (bufbuild/buf-setup-action)

v1.46.0

Compare Source

Release v1.46.0

v1.45.0

Compare Source

Release v1.45.0

github/codeql-action (github/codeql-action)

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024

  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

v3.26.13

Compare Source

v3.26.12

Compare Source

miracum/.github (miracum/.github)

v1.12.8

Compare Source

Miscellaneous Chores

v1.12.7

Compare Source

Miscellaneous Chores
  • deps: trivy version update (fc8f379)

v1.12.6

Compare Source

Bug Fixes
Miscellaneous Chores
  • deps: update gcr.io/distroless/python3-debian12:nonroot docker digest to e575731 (#​85) (26fdadd)

v1.12.5

Compare Source

Miscellaneous Chores
  • deps: updated default java and .net version for codeql (#​88) (1748b6a)

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 9 0 0.19s
⚠️ CSHARP csharpier 46 1 2.53s
⚠️ CSHARP roslynator 5 2 63.66s
✅ DOCKERFILE hadolint 1 0 0.12s
✅ EDITORCONFIG editorconfig-checker 105 0 0.25s
✅ JSON jsonlint 9 0 0.33s
✅ JSON prettier 9 0 0.64s
✅ MARKDOWN markdownlint 3 0 0.51s
⚠️ MARKDOWN markdown-table-formatter 3 1 0.45s
✅ PROTOBUF protolint 5 0 5.32s
✅ REPOSITORY checkov yes no 17.8s
✅ REPOSITORY dustilock yes no 0.01s
✅ REPOSITORY gitleaks yes no 0.63s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY grype yes no 18.29s
✅ REPOSITORY kics yes no 15.65s
✅ REPOSITORY secretlint yes no 0.91s
✅ REPOSITORY syft yes no 0.37s
✅ REPOSITORY trivy yes no 25.47s
✅ REPOSITORY trivy-sbom yes no 0.41s
✅ REPOSITORY trufflehog yes no 3.71s
✅ XML xmllint 1 0 0.34s
✅ YAML prettier 24 0 1.47s
✅ YAML yamllint 24 0 0.76s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/github-actions branch from 2dc7aaa to 4e6ec73 Compare November 8, 2024 16:48
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2024

Trivy image scan report

ghcr.io/miracum/vfps:pr-162 (ubuntu 24.04)

5 known vulnerabilities found (HIGH: 0 MEDIUM: 1 LOW: 4 CRITICAL: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libssl3t64 CVE-2024-6119 MEDIUM 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.4
libssl3t64 CVE-2024-2511 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-4603 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-4741 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-5535 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2

No Misconfigurations found

opt/vfps/Vfps.deps.json

No Vulnerabilities found

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.AspNetCore.App/8.0.7/Microsoft.AspNetCore.App.deps.json

1 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 0 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
Microsoft.AspNetCore.App.Runtime.linux-x64 CVE-2024-38229 HIGH 8.0.7 9.0.0-rc.2.24474.3, 8.0.10

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.7/Microsoft.NETCore.App.deps.json

No Vulnerabilities found

No Misconfigurations found

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2024
edited
Loading

Code Coverage

Package Line Rate Branch Rate Health
Vfps.Tests 99% 100%
Vfps 94% 60%
Summary 95% (442 / 463) 66% (33 / 50)

Minimum allowed line rate is 50%

ghz run statistics

Summary:
  Count:	5000
  Total:	9.22 s
  Slowest:	527.90 ms
  Fastest:	7.10 ms
  Average:	89.36 ms
  Requests/sec:	542.24

Response time histogram:
  7.100   [1]    |
  59.179  [892]  |∎∎∎∎∎∎∎∎∎∎∎
  111.259 [3392] |∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎
  163.339 [504]  |∎∎∎∎∎∎
  215.418 [160]  |∎∎
  267.498 [1]    |
  319.578 [0]    |
  371.657 [0]    |
  423.737 [1]    |
  475.816 [7]    |
  527.896 [42]   |

Latency distribution:
  10 % in 52.01 ms 
  25 % in 63.27 ms 
  50 % in 85.96 ms 
  75 % in 102.30 ms 
  90 % in 123.03 ms 
  95 % in 148.41 ms 
  99 % in 259.34 ms 

Status code distribution:
  [OK]   5000 responses

iter8 report

Experiment summary:
*******************

  Experiment completed: true
  No task failures: true
  Total number of tasks: 6
  Number of completed tasks: 6
  Number of completed loops: 1

Whether or not service level objectives (SLOs) are satisfied:
*************************************************************

  SLO Conditions                  | Satisfied
  --------------                  | ---------
  grpc/error-rate <= 0            | true
  grpc/latency/mean (msec) <= 200 | true
  grpc/latency/p99 (msec) <= 400  | true
  

Latest observed values for metrics:
***********************************

  Metric                   | value
  -------                  | -----
  grpc/error-count         | 0.00
  grpc/error-rate          | 0.00
  grpc/latency/mean (msec) | 132.16
  grpc/latency/p99 (msec)  | 396.00
  grpc/request-count       | 50000.00

@chgl chgl merged commit 462cdd8 into master Nov 8, 2024
19 checks passed
@miracum-bot miracum-bot mentioned this pull request Oct 4, 2024
Open
@renovate renovate bot deleted the renovate/github-actions branch November 8, 2024 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chgl