Merge pull request #830 from zalando-incubator/update-jwt

Update vulnerable dep
Merge pull request #829 from zalando-incubator/dependabot/github_actions/github-actions-0b8926a304
2026-03-09 17:54:22 +00:00 · 2025-09-12 14:32:52 +02:00 · 2025-09-12 14:32:45 +02:00 · 2025-09-12 11:44:27 +02:00 · 2025-09-12 08:08:36 +00:00
4 changed files with 16 additions and 16 deletions
@@ -10,8 +10,8 @@ jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-go@v5
+    - uses: actions/checkout@v5
+    - uses: actions/setup-go@v6.0.0
      with:
        go-version: '^1.25'
    - run: go version
@@ -38,12 +38,12 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5

    - name: setup go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@v6.0.0
      with:
-        go-version: '1.22'
+        go-version: '1.25'

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
@@ -25,15 +25,15 @@ jobs:
      packages: write # to push packages
    steps:
      - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493

-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00
        with:
          # https://www.npmjs.com/package/semver#caret-ranges-123-025-004
          go-version: '^1.25'

      - name: Login to Github Container Registry
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -47,21 +47,21 @@ jobs:
          make build.linux.amd64 build.linux.arm64

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435

      - name: Login to GitHub Container Registry
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker meta
-        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
        id: meta
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@@ -70,7 +70,7 @@ jobs:
            type=semver,pattern=v{{major}}.{{minor}}

      - name: Build and push
-        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
        with:
          context: .
          build-args: BASE_IMAGE=gcr.io/distroless/static-debian12
@@ -81,7 +81,7 @@ jobs:

      # Build and push latest tag
      - name: Build and push latest
-        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
        with:
          context: .
          build-args: BASE_IMAGE=gcr.io/distroless/static-debian12
@@ -10,7 +10,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0

@@ -20,7 +20,7 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.4.0
+        uses: helm/chart-releaser-action@v1.7.0
        with:
          charts_dir: docs
        env:
Author	SHA1	Message	Date
Katyanna Moura	32bda8016a	Merge pull request #830 from zalando-incubator/update-jwt Update vulnerable dep	2025-09-12 14:32:52 +02:00
Katyanna Moura	42abde30f9	Merge pull request #829 from zalando-incubator/dependabot/github_actions/github-actions-0b8926a304 Bump the github-actions group with 8 updates	2025-09-12 14:32:45 +02:00
Mikkel Oscar Lyderik Larsen	5124f33c5d	Use Go 1.25 for codeql Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>	2025-09-12 11:44:27 +02:00
dependabot[bot]	1e042c124c	Bump the github-actions group with 8 updates Bumps the github-actions group with 8 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [actions/checkout](https://github.com/actions/checkout) \| `2` \| `5` \| \| [actions/setup-go](https://github.com/actions/setup-go) \| `4.0.1` \| `6.0.0` \| \| [docker/login-action](https://github.com/docker/login-action) \| `2.2.0` \| `3.5.0` \| \| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) \| `2.2.0` \| `3.6.0` \| \| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) \| `2.9.1` \| `3.11.1` \| \| [docker/metadata-action](https://github.com/docker/metadata-action) \| `4.6.0` \| `5.8.0` \| \| [docker/build-push-action](https://github.com/docker/build-push-action) \| `4.1.1` \| `6.18.0` \| \| [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) \| `1.4.0` \| `1.7.0` \| Updates `actions/checkout` from 2 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v2...v5) Updates `actions/setup-go` from 4.0.1 to 6.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4.0.1...v6) Updates `docker/login-action` from 2.2.0 to 3.5.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/465a07811f14bebb1938fbed4728c6a1ff8901fc...184bdaa0721073962dff0199f1fb9940f07167d1) Updates `docker/setup-qemu-action` from 2.2.0 to 3.6.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/2b82ce82d56a2a04d2637cd93a637ae1b359c0a7...29109295f81e9208d7d86ff1c6c12d2833863392) Updates `docker/setup-buildx-action` from 2.9.1 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4c0219f9ac95b02789c1075625400b2acbff50b1...e468171a9de216ec08956ac3ada2f0791b6bd435) Updates `docker/metadata-action` from 4.6.0 to 5.8.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/818d4b7b91585d195f67373fd9cb0332e31a7175...c1e51972afc2121e065aed6d45c65596fe445f3f) Updates `docker/build-push-action` from 4.1.1 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/2eb1c1961a95fc15694676618e422e8ba1d63825...263435318d21b8e681c14492fe198d362a7d2c83) Updates `helm/chart-releaser-action` from 1.4.0 to 1.7.0 - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.0...v1.7.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: helm/chart-releaser-action dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-12 08:08:36 +00:00