Skip to content

chore(ci): bump the github-actions group across 1 directory with 2 updates#350

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-27bf4a0696
Open

chore(ci): bump the github-actions group across 1 directory with 2 updates#350
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-27bf4a0696

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 2 updates in the / directory: actions/attest-build-provenance and actions/setup-go.

Updates actions/attest-build-provenance from 4.1.0 to 4.1.1

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.1

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Full Changelog: actions/attest-build-provenance@v4.1.0...v4.1.1

Commits

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions labels Jun 29, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions labels Jun 29, 2026
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Semgrep Scan Results

Repository: api | Commit: b1cb5c0

Check Status Details
⚠️ Semgrep Warning 1 warning(s), 5 total

Scanned at 2026-07-01 13:07 UTC

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Security Scan Results

Repository: api | Commit: b1cb5c0

Check Status Details
✅ Secret Scan Pass No secrets detected
✅ Dependencies (Trivy) Pass 0 total (no critical/high)
✅ Dependencies (Grype) Pass 0 total (no critical/high)
📦 SBOM Generated 523 components (CycloneDX)

Scanned at 2026-07-01 13:07 UTC

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

📊 Statement coverage

Measured on the documented included set (see docs/TESTING.md → Coverage scope). Observe-only — no regression gate is enforced yet.

Scope This PR main baseline Δ
Included set (Gold-tier denominator) 90.3% 90.3% +0.0 pp
Full set (whole repo, transparency) 27.9% 27.9% +0.0 pp

Baseline: main @ 5e9f06e

…dates

Bumps the github-actions group with 2 updates in the / directory: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f)

Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(ci): bump the github-actions group with 2 updates chore(ci): bump the github-actions group across 1 directory with 2 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-27bf4a0696 branch from c600f02 to 0be2381 Compare July 1, 2026 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants