Sourced fromactions/setup-go's releases.

v5.1.0

What's Changed

• Add workflow file for publishing releases to immutable action package by@​Jcambass inactions/setup-go#500
• Upgrade IA Publish by@​Jcambass inactions/setup-go#502
• Add architecture to cache key by@​Zxilly inactions/setup-go#493This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by@​priyagupta108 inactions/setup-go#510

Bug Fixes

• ReviseisGhes logic by@​jww3 inactions/setup-go#511

New Contributors

• @​Zxilly made their first contribution inactions/setup-go#493
• @​Jcambass made their first contribution inactions/setup-go#500
• @​jww3 made their first contribution inactions/setup-go#511
• @​priyagupta108 made their first contribution inactions/setup-go#510

Full Changelog:actions/setup-go@v5...v5.1.0

• 41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
• 9419772 ReviseisGhes logic (#511)
• d60b41a Merge pull request#502 from actions/Jcambass-patch-1
• e09f57f Upgrade IA Publish
• df1a117 Merge pull request#500 from actions/Jcambass-patch-1
• 49582f6 Add workflow file for publishing releases to immutable action package
• b26d402 fix: add arch to cache key (#493)
• See full diff incompare view

Sourced fromactions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by@​jww3 inactions/checkout#1941
• Expand unit test coverage forisGhes by@​jww3 inactions/checkout#1946

Full Changelog:actions/checkout@v4.2.1...v4.2.2

Sourced fromactions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by@​jww3 inactions/checkout#1941
• Expand unit test coverage forisGhes by@​jww3 inactions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by@​orhantoy inactions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by@​lucacome inactions/checkout#1180
• Dependency updates by@​dependabot-actions/checkout#1777,actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by@​dependabot inactions/checkout#1739
• Bump actions/checkout from 3 to 4 by@​dependabot inactions/checkout#1697
• Check out other refs/* by commit by@​orhantoy inactions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by@​jww3 inactions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by@​cory-miller inactions/checkout#1732

v4.1.5

• Update NPM dependencies by@​cory-miller inactions/checkout#1703
• Bump github/codeql-action from 2 to 3 by@​dependabot inactions/checkout#1694
• Bump actions/setup-node from 1 to 4 by@​dependabot inactions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by@​dependabot inactions/checkout#1695
• README: Suggestuser.email to be41898282+github-actions[bot]@users.noreply.github.com by@​cory-miller inactions/checkout#1707

v4.1.4

• Disableextensions.worktreeConfig when disablingsparse-checkout by@​jww3 inactions/checkout#1692
• Add dependabot config by@​cory-miller inactions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by@​dependabot inactions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by@​dependabot inactions/checkout#1643

v4.1.3

• Check git version before attempting to disablesparse-checkout by@​jww3 inactions/checkout#1656
• Add SSH user parameter by@​cory-miller inactions/checkout#1685
• Updateactions/checkout version inupdate-main-version.yml by@​jww3 inactions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout wheneversparse-checkout option is not present@​dscho inactions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by@​peterbe inactions/checkout#1511
• Link to release page from what's new section by@​cory-miller inactions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217durl-helper.ts now leverages well-known environment variables. (#1941)
• See full diff incompare view

Sourced fromactions/cache's releases.

v4.1.2

What's Changed

• Add Bun example by@​idleberg inactions/cache#1456
• ReviseisGhes logic by@​jww3 inactions/cache#1474
• Bump braces from 3.0.2 to 3.0.3 by@​dependabot inactions/cache#1475
• Add dependabot.yml to enable automatic dependency upgrades by@​Link- inactions/cache#1476
• Bump actions/checkout from 3 to 4 by@​dependabot inactions/cache#1478
• Bump actions/stale from 3 to 9 by@​dependabot inactions/cache#1479
• Bump github/codeql-action from 2 to 3 by@​dependabot inactions/cache#1483
• Bump actions/setup-node from 3 to 4 by@​dependabot inactions/cache#1481
• Prepare4.1.2 release by@​Link- inactions/cache#1477

New Contributors

• @​idleberg made their first contribution inactions/cache#1456
• @​jww3 made their first contribution inactions/cache#1474
• @​Link- made their first contribution inactions/cache#1476

Full Changelog:actions/cache@v4...v4.1.2

Sourced fromactions/cache's changelog.

Releases

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices -#1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 -#1475

4.1.1

• Restore original behavior ofcache-hit output -#1467

4.1.0

• Ensurecache-hit output is set when a cache is missed -#1404
• Deprecatesave-always input -#1452

4.0.2

• Fixed restorefail-on-cache-miss not working.

4.0.1

• UpdatedisGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates@​actions/cache to v3.2.3 to fix accidental mutated path arguments togetCacheVersionactions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

... (truncated)

• 6849a64 Release 4.1.2#1477
• 5a1720c Merge branch 'Link-/prep-4.1.2' ofhttps://github.com/actions/cache into Link...
• d9fef48 Merge branch 'main' into Link-/prep-4.1.2
• a50e8d0 Merge branch 'main' into Link-/prep-4.1.2
• acc9ae5 Merge pull request#1481 from actions/dependabot/github_actions/actions/setup...
• 1ea5f18 Merge branch 'main' into Link-/prep-4.1.2
• cc679ff Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
• 366d43d Merge pull request#1483 from actions/dependabot/github_actions/github/codeql...
• 02bf319 Bump github/codeql-action from 2 to 3
• 6f6220b Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
• Additional commits viewable incompare view

Sourced fromgithub/codeql-action's releases.

v3.27.0

CodeQL Action Changelog

See thereleases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference betweenv2 andv3 of the CodeQL Action is the node version they support, withv3 running on node 20 while we continue to releasev2 to support running on node 16. For example3.22.11 was the firstv3 release and is functionally identical to2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024

• Bump the minimum CodeQL bundle version to 2.14.6.#2549
• Fix an issue where theupload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by theupload-sarif Action.#2557
• Update default CodeQL bundle version to 2.19.2.#2552

See the fullCHANGELOG.md for more information.

Sourced fromgithub/codeql-action's changelog.

CodeQL Action Changelog

See thereleases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference betweenv2 andv3 of the CodeQL Action is the node version they support, withv3 running on node 20 while we continue to releasev2 to support running on node 16. For example3.22.11 was the firstv3 release and is functionally identical to2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.27.0 - 22 Oct 2024

• Bump the minimum CodeQL bundle version to 2.14.6.#2549
• Fix an issue where theupload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by theupload-sarif Action.#2557
• Update default CodeQL bundle version to 2.19.2.#2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later.#2520

  • If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.

  • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replacegithub/codeql-action/*@v3 bygithub/codeql-action/*@v3.26.11 andgithub/codeql-action/*@v2 bygithub/codeql-action/*@v2.26.11 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.26.11 - 03 Oct 2024

• Upcoming breaking change: Add support for usingactions/download-artifact@v4 to programmatically consume CodeQL Action debug artifacts.

  Starting November 30, 2024, GitHub.com customers willno longer be able to useactions/download-artifact@v3. Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set theCODEQL_ACTION_ARTIFACT_V4_UPGRADE environment variable totrue and bumpactions/download-artifact@v3 toactions/download-artifact@v4 in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped toactions/download-artifact@v3 toactions/download-artifact@v4 will begin failing then.

  This change is currently unavailable for GitHub Enterprise Server customers, asactions/upload-artifact@v4 andactions/download-artifact@v4 are not yet compatible with GHES.

• Update default CodeQL bundle version to 2.19.1.#2519

3.26.10 - 30 Sep 2024

• We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed withZstandard. Our aim is to improve the performance of setting up CodeQL.#2502

3.26.9 - 24 Sep 2024

No user facing changes.

3.26.8 - 19 Sep 2024

• Update default CodeQL bundle version to 2.19.0.#2483

3.26.7 - 13 Sep 2024

... (truncated)

• 6624720 Merge pull request#2561 from github/update-v3.27.0-b35b023d9
• ce7c2b5 Update changelog for v3.27.0
• b35b023 Merge pull request#2552 from github/update-bundle/codeql-bundle-v2.19.2
• dafc762 Merge pull request#2560 from github/aeisenberg/fix-required-checks
• 0d1eb88 Remove ESLint from required checks
• 0a30541 Merge pull request#2558 from github/dependabot/npm_and_yarn/npm-6515e6e328
• 2a6a6ad Update checked-in dependencies
• 26c18c2 Bump the npm group with 3 updates
• 7080a68 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.2
• 63eb7bb Merge pull request#2551 from github/cklin/diff-informed-queries-feature
• Additional commits viewable incompare view

Sourced fromanchore/sbom-action's releases.

v0.17.5

Changes in v0.17.5

• chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

• 1ca97d9 chore(deps): update Syft to v1.14.2 (#503)
• See full diff incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions