From 02b7231c91fcf4d686d3c54d7afde34d0a23641d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 17:31:53 +0000 Subject: [PATCH] build(deps): bump the actions group across 1 directory with 6 updates Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `4.3.0` | | [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.4.1` | `2.5.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.2.4` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.7` | `3.29.8` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `5.0.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.2.1` | `4.3.1` | Updates `actions/checkout` from 4.2.2 to 4.3.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08eba0b27e820071cde6df949e0beb9ba4906955) Updates `lycheeverse/lychee-action` from 2.4.1 to 2.5.0 - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](https://github.com/lycheeverse/lychee-action/compare/82202e5e9c2f4ef1a55a3d02563e1cb6041e5332...5c4ee84814c983aa7164eaee476f014e53ff3963) Updates `actions/cache` from 4.2.3 to 4.2.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0400d5f644dc74513175e3cd8d07132dd4860809) Updates `github/codeql-action` from 3.29.7 to 3.29.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed) Updates `actions/download-artifact` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...634f93cb2916e3fdff6788551b99b062d0335ce0) Updates `aws-actions/configure-aws-credentials` from 4.2.1 to 4.3.1 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/b47578312673ae6fa5b5096b330d9fbac3d116df...7474bc4690e29a8392af63c5b98e7449536d5c3a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: lycheeverse/lychee-action dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-version: 3.29.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/download-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 4.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/check-links.yaml | 6 +++--- .github/workflows/ci-collector.yml | 8 ++++---- .github/workflows/ci-java.yml | 2 +- .github/workflows/ci-nodejs.yml | 4 ++-- .github/workflows/ci-python.yml | 2 +- .github/workflows/ci-shellcheck.yml | 2 +- .github/workflows/ci-terraform.yml | 2 +- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/fossa.yml | 2 +- .github/workflows/layer-publish.yml | 4 ++-- .github/workflows/ossf-scorecard.yml | 4 ++-- .github/workflows/publish-layer-collector.yml | 2 +- .github/workflows/release-layer-collector.yml | 4 ++-- .github/workflows/release-layer-java.yml | 4 ++-- .github/workflows/release-layer-nodejs.yml | 4 ++-- .github/workflows/release-layer-python.yml | 4 ++-- .github/workflows/release-layer-ruby.yml | 4 ++-- 17 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index 97b698146a..63a71a27ae 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -20,7 +20,7 @@ jobs: files: ${{ steps.changes.outputs.files }} steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 - name: Get changed files @@ -39,13 +39,13 @@ jobs: if: ${{needs.changedfiles.outputs.files}} steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 + uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 with: args: "--verbose --no-progress ${{needs.changedfiles.outputs.files}} --config .github/lychee.toml" failIfEmpty: false diff --git a/.github/workflows/ci-collector.yml b/.github/workflows/ci-collector.yml index 1a356d0308..9e6bfdf937 100644 --- a/.github/workflows/ci-collector.yml +++ b/.github/workflows/ci-collector.yml @@ -21,11 +21,11 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: collector/go.mod - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -44,11 +44,11 @@ jobs: matrix: architecture: [ amd64, arm64 ] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: collector/go.mod - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/ci-java.yml b/.github/workflows/ci-java.yml index c68edac0b8..4b8d8ff224 100644 --- a/.github/workflows/ci-java.yml +++ b/.github/workflows/ci-java.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: diff --git a/.github/workflows/ci-nodejs.yml b/.github/workflows/ci-nodejs.yml index 018a0f4c16..ffce65c17a 100644 --- a/.github/workflows/ci-nodejs.yml +++ b/.github/workflows/ci-nodejs.yml @@ -21,11 +21,11 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 - - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml index a8e82d80ae..5842e336bc 100644 --- a/.github/workflows/ci-python.yml +++ b/.github/workflows/ci-python.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout this repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Setup Python for OTel Python SDK uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: diff --git a/.github/workflows/ci-shellcheck.yml b/.github/workflows/ci-shellcheck.yml index b2c92c2aa7..a55970e8bd 100644 --- a/.github/workflows/ci-shellcheck.yml +++ b/.github/workflows/ci-shellcheck.yml @@ -9,7 +9,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Install shell check run: sudo apt update && sudo apt install --assume-yes shellcheck diff --git a/.github/workflows/ci-terraform.yml b/.github/workflows/ci-terraform.yml index 80dad61755..e9a42ac353 100644 --- a/.github/workflows/ci-terraform.yml +++ b/.github/workflows/ci-terraform.yml @@ -21,6 +21,6 @@ jobs: check-terraform-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - run: terraform fmt -check -recursive diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a824b9fe1b..fc734208e9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,11 +64,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: languages: ${{ matrix.target.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -82,7 +82,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: working-directory: ${{ matrix.target.directory }} # There are no array literals in GHA that is why we need to use fromJson. @@ -126,6 +126,6 @@ jobs: if: ${{ matrix.target.language == 'csharp' }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: category: "/language:${{matrix.target.language}}" diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 86b1a94e18..e42546dbe0 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -12,7 +12,7 @@ jobs: fossa: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: diff --git a/.github/workflows/layer-publish.yml b/.github/workflows/layer-publish.yml index 79de7d38b7..45c58700f3 100644 --- a/.github/workflows/layer-publish.yml +++ b/.github/workflows/layer-publish.yml @@ -90,11 +90,11 @@ jobs: cat $GITHUB_ENV - name: Download built layer - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ inputs.artifact-name }} - - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 + - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: ${{ inputs.role-arn || secrets.OTEL_LAMBDA_LAYER_PUBLISH_ROLE_ARN || secrets.PROD_LAMBDA_ROLE_ARN }} role-duration-seconds: 1200 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 1dc60307f2..ab53369183 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -19,7 +19,7 @@ jobs: # Needed for GitHub OIDC token if publish_results is true id-token: write steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/publish-layer-collector.yml b/.github/workflows/publish-layer-collector.yml index 29e492076a..7765b6bd12 100644 --- a/.github/workflows/publish-layer-collector.yml +++ b/.github/workflows/publish-layer-collector.yml @@ -74,7 +74,7 @@ jobs: matrix: ${{ fromJSON(needs.prepare-build-jobs.outputs.build_jobs) }} steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Setup Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/release-layer-collector.yml b/.github/workflows/release-layer-collector.yml index 300fa4ca59..b923cb1078 100644 --- a/.github/workflows/release-layer-collector.yml +++ b/.github/workflows/release-layer-collector.yml @@ -15,7 +15,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -33,7 +33,7 @@ jobs: outputs: COLLECTOR_VERSION: ${{ steps.save-collector-version.outputs.COLLECTOR_VERSION }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: collector/go.mod diff --git a/.github/workflows/release-layer-java.yml b/.github/workflows/release-layer-java.yml index 0b142cec7e..9d4b4db7e8 100644 --- a/.github/workflows/release-layer-java.yml +++ b/.github/workflows/release-layer-java.yml @@ -15,7 +15,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -29,7 +29,7 @@ jobs: JAVAAGENT_VERSION: ${{ steps.save-javaagent-version.outputs.JAVAAGENT_VERSION }} JAVAWRAPPER_VERSION: ${{ steps.save-javawrapper-version.outputs.JAVAWRAPPER_VERSION }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: diff --git a/.github/workflows/release-layer-nodejs.yml b/.github/workflows/release-layer-nodejs.yml index b688e6a3a2..34f247b0c8 100644 --- a/.github/workflows/release-layer-nodejs.yml +++ b/.github/workflows/release-layer-nodejs.yml @@ -15,7 +15,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -28,7 +28,7 @@ jobs: outputs: NODEJS_VERSION: ${{ steps.save-node-sdk-version.outputs.SDK_VERSION}} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: diff --git a/.github/workflows/release-layer-python.yml b/.github/workflows/release-layer-python.yml index 9c1387ef29..f47a8b4e6c 100644 --- a/.github/workflows/release-layer-python.yml +++ b/.github/workflows/release-layer-python.yml @@ -15,7 +15,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -28,7 +28,7 @@ jobs: outputs: PYTHON_OPENTELEMETRY_SDK_VERSION: ${{ steps.save-python-opentelemetry-sdk-version.outputs.PYTHON_OPENTELEMETRY_SDK_VERSION}} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: diff --git a/.github/workflows/release-layer-ruby.yml b/.github/workflows/release-layer-ruby.yml index 2eccb916d2..eaac112bf5 100644 --- a/.github/workflows/release-layer-ruby.yml +++ b/.github/workflows/release-layer-ruby.yml @@ -15,7 +15,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -28,7 +28,7 @@ jobs: outputs: RUBY_SDK_VERSION: ${{ steps.save-ruby-sdk-version.outputs.RUBY_SDK_VERSION}} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Build run: |