chore(deps): update github actions (minor) by renovate[bot] · Pull Request #69 · cloudoperators/concourse-oci-helm-chart-resource

renovate · 2025-09-25T09:39:17Z

This PR contains the following updates:

Package	Type	Update	Change
aquasecurity/trivy-action	action	minor	`0.32.0` → `v0.36.0`
sigstore/cosign-installer	action	minor	`v3.9.1` → `v3.10.1`

Warnings (1)

Please correct - or verify that you can safely ignore - these warnings before you merge this PR.

aquasecurity/trivy-action: Could not determine new digest for update (github-tags package aquasecurity/trivy-action)

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

aquasecurity/trivy-action (aquasecurity/trivy-action)

`v0.36.0`

Compare Source

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in #546
ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in #552
ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in #550
test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in #555
ci: add dependabot config by @nikpivkin in #556
chore: add zizmor config by @nikpivkin in #557
chore(deps): bump the actions group with 5 updates by @dependabot[bot] in #558
fix: use portable shebang in entrypoint.sh by @Hayao0819 in #545
Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in #547
Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in #548
chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in #561
chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in #559
chore: update action version to v0.36.0 in examples by @nikpivkin in #563

New Contributors

@dependabot[bot] made their first contribution in #558
@Hayao0819 made their first contribution in #545
@patrik-csak made their first contribution in #547
@Aditya09-cse made their first contribution in #548
@Argon-DevOps-Mgt made their first contribution in #559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

`v0.35.0`: Release: v0.35.0

Compare Source

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

`v0.35.0`

Compare Source

What's Changed

chore(deps): Update trivy to v0.69.3 by @aqua-bot in #519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

`v0.34.0`

Compare Source

`v0.33.1`: Release: v0.33.1

Compare Source

What's Changed

Update setup-trivy action to version v0.2.4 by @martincostello in #486

Full Changelog: aquasecurity/trivy-action@v0.33.0...v0.33.1

`v0.33.0`: Release: v0.33.0

Compare Source

What's Changed

Update dependencies in README by @ibakshay in #378
doc: correct sbom fs scan by @yxtay in #458
Pin actions/cache by SHA by @martincostello in #480
chore(ci): Add oras to correctly setup sync jobs by @simar7 in #482
chore(deps): Update trivy to v0.65.0 by @aqua-bot in #481

New Contributors

@ibakshay made their first contribution in #378
@yxtay made their first contribution in #458

Full Changelog: aquasecurity/trivy-action@v0.32.0...v0.33.0

sigstore/cosign-installer (sigstore/cosign-installer)

`v3.10.1`

Compare Source

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

Bump default Cosign to v2.6.1 (#203)

`v3.10.0`

Compare Source

What's Changed

Bump default Cosign to v2.6.0 in #200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

`v3.9.2`

Compare Source

What's Changed

not fail fast and setup permissions in #195
drop old unsupported versions <v2.0.0 in #192
Update default to v2.5.3 in #196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate Bot requested a review from a team as a code owner September 25, 2025 09:39

renovate Bot force-pushed the renovate/github-actions branch from e409e1e to 79a3fa0 Compare September 27, 2025 01:25

renovate Bot changed the title ~~chore(deps): update aquasecurity/trivy-action action to v0.33.1~~ chore(deps): update github actions (minor) Sep 27, 2025

renovate Bot force-pushed the renovate/github-actions branch from 79a3fa0 to ee3855d Compare October 30, 2025 21:04

renovate Bot force-pushed the renovate/github-actions branch from ee3855d to 1b9a85d Compare February 26, 2026 21:10

renovate Bot force-pushed the renovate/github-actions branch from 1b9a85d to 3450d5e Compare March 7, 2026 01:13

renovate Bot force-pushed the renovate/github-actions branch 3 times, most recently from 80b6033 to 60898ed Compare March 20, 2026 10:01

renovate Bot force-pushed the renovate/github-actions branch 2 times, most recently from d1593a0 to 10904cb Compare April 21, 2026 19:49

renovate Bot force-pushed the renovate/github-actions branch from 10904cb to 3cac76f Compare April 28, 2026 19:41

renovate Bot changed the title ~~chore(deps): update github actions (minor)~~ chore(deps): update sigstore/cosign-installer action to v3.10.1 Apr 28, 2026

renovate Bot force-pushed the renovate/github-actions branch from 3cac76f to 71026f7 Compare April 28, 2026 23:13

renovate Bot changed the title ~~chore(deps): update sigstore/cosign-installer action to v3.10.1~~ chore(deps): update github actions (minor) Apr 28, 2026

chore(deps): update github actions

f6d2c2c

Copilot AI review requested due to automatic review settings May 6, 2026 09:34

renovate Bot force-pushed the renovate/github-actions branch from 71026f7 to f6d2c2c Compare May 6, 2026 09:34

renovate Bot review requested due to automatic review settings May 6, 2026 09:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github actions (minor)#69

chore(deps): update github actions (minor)#69
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions

renovate Bot commented Sep 25, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Sep 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Warnings (1)

Release Notes

v0.36.0

What's Changed

New Contributors

v0.35.0: Release: v0.35.0

v0.35.0

What's Changed

v0.34.0

v0.33.1: Release: v0.33.1

What's Changed

v0.33.0: Release: v0.33.0

What's Changed

New Contributors

v3.10.1

What's Changed?

v3.10.0

What's Changed

v3.9.2

What's Changed

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Sep 25, 2025 •

edited

Loading

`v0.36.0`

`v0.35.0`: Release: v0.35.0

`v0.35.0`

`v0.34.0`

`v0.33.1`: Release: v0.33.1

`v0.33.0`: Release: v0.33.0

`v3.10.1`

`v3.10.0`

`v3.9.2`