Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #174

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github-actions #174

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 1, 2025

This PR contains the following updates:

Package Type Update Change
actions/setup-dotnet action minor v4.1.0 -> v4.2.0
actions/upload-artifact action minor v4.4.3 -> v4.5.0
bufbuild/buf-setup-action action minor v1.47.2 -> v1.48.0
docker/setup-buildx-action action digest c47758b -> 6524bf6
github/codeql-action action minor v3.27.6 -> v3.28.0
helm/kind-action action minor v1.10.0 -> v1.12.0

Release Notes

actions/setup-dotnet (actions/setup-dotnet)

v4.2.0

Compare Source

What's Changed

Some .NET binaries and installers currently hosted on Azure Content Delivery Network (CDN) domains ending in .azureedge.net will move to new domains as the provider, edg.io, will soon cease operations. There may be downtime or unavailability of .azureedge.net domains in the future as the .NET team is required to migrate to a new CDN and set of domains moving forward.

If your workflows are pinned to specific SHAs or minor tags, please upgrade to a major release tag to avoid service disruptions. Edgio has confirmed their services will be operational until at least January 15, 2025.

For updates, follow https://github.com/dotnet/core/issues/9671.

New Contributors

Full Changelog: actions/setup-dotnet@v4...v4.2.0

actions/upload-artifact (actions/upload-artifact)

v4.5.0

Compare Source

bufbuild/buf-setup-action (bufbuild/buf-setup-action)

v1.48.0

Compare Source

Release v1.48.0

github/codeql-action (github/codeql-action)

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024
  • Bump the minimum CodeQL bundle version to 2.15.5. #​2655
  • Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

helm/kind-action (helm/kind-action)

v1.12.0

Compare Source

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1.11.0...v1.12.0

v1.11.0

Compare Source

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1.10.0...v1.11.0

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

Trivy image scan report

ghcr.io/miracum/vfps:pr-174 (ubuntu 24.04)

5 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 4)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libssl3t64 CVE-2024-6119 MEDIUM 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.4
libssl3t64 CVE-2024-2511 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-4603 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-4741 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2
libssl3t64 CVE-2024-5535 LOW 3.0.13-0ubuntu3.1 3.0.13-0ubuntu3.2

No Misconfigurations found

opt/vfps/Vfps.deps.json

No Vulnerabilities found

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.AspNetCore.App/8.0.7/Microsoft.AspNetCore.App.deps.json

1 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 0 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
Microsoft.AspNetCore.App.Runtime.linux-x64 CVE-2024-38229 HIGH 8.0.7 9.0.0-rc.2.24474.3, 8.0.10

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.7/Microsoft.NETCore.App.deps.json

No Vulnerabilities found

No Misconfigurations found

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 9 0 0.43s
⚠️ CSHARP csharpier 46 1 2.78s
⚠️ CSHARP roslynator 5 2 63.97s
✅ DOCKERFILE hadolint 1 0 0.1s
✅ EDITORCONFIG editorconfig-checker 105 0 0.34s
✅ JSON jsonlint 9 0 0.19s
✅ JSON prettier 9 0 0.53s
✅ MARKDOWN markdownlint 3 0 0.45s
⚠️ MARKDOWN markdown-table-formatter 3 1 0.55s
✅ PROTOBUF protolint 5 0 4.79s
✅ REPOSITORY checkov yes no 20.25s
✅ REPOSITORY dustilock yes no 0.02s
✅ REPOSITORY gitleaks yes no 0.53s
✅ REPOSITORY git_diff yes no 0.04s
✅ REPOSITORY grype yes no 18.53s
✅ REPOSITORY kics yes no 17.78s
✅ REPOSITORY secretlint yes no 0.81s
✅ REPOSITORY syft yes no 3.1s
✅ REPOSITORY trivy yes no 10.55s
✅ REPOSITORY trivy-sbom yes no 0.17s
✅ REPOSITORY trufflehog yes no 4.39s
✅ XML xmllint 1 0 0.01s
✅ YAML prettier 24 0 2.22s
✅ YAML yamllint 24 0 1.63s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 1, 2025
edited
Loading

Code Coverage

Package Line Rate Branch Rate Health
Vfps 94% 60%
Vfps.Tests 99% 100%
Summary 95% (442 / 463) 66% (33 / 50)

Minimum allowed line rate is 50%

ghz run statistics

Summary:
  Count:	5000
  Total:	9.03 s
  Slowest:	461.46 ms
  Fastest:	7.48 ms
  Average:	87.57 ms
  Requests/sec:	553.71

Response time histogram:
  7.485   [1]    |
  52.882  [578]  |∎∎∎∎∎∎∎
  98.280  [3172] |∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎∎
  143.678 [1007] |∎∎∎∎∎∎∎∎∎∎∎∎∎
  189.076 [186]  |∎∎
  234.473 [6]    |
  279.871 [0]    |
  325.269 [1]    |
  370.667 [0]    |
  416.064 [14]   |
  461.462 [35]   |

Latency distribution:
  10 % in 49.13 ms 
  25 % in 71.52 ms 
  50 % in 84.17 ms 
  75 % in 98.22 ms 
  90 % in 113.71 ms 
  95 % in 141.75 ms 
  99 % in 196.77 ms 

Status code distribution:
  [OK]   5000 responses

iter8 report

Experiment summary:
*******************

  Experiment completed: true
  No task failures: true
  Total number of tasks: 6
  Number of completed tasks: 6
  Number of completed loops: 1

Whether or not service level objectives (SLOs) are satisfied:
*************************************************************

  SLO Conditions                  | Satisfied
  --------------                  | ---------
  grpc/error-rate <= 0            | true
  grpc/latency/mean (msec) <= 200 | true
  grpc/latency/p99 (msec) <= 400  | true
  

Latest observed values for metrics:
***********************************

  Metric                   | value
  -------                  | -----
  grpc/error-count         | 0.00
  grpc/error-rate          | 0.00
  grpc/latency/mean (msec) | 124.90
  grpc/latency/p99 (msec)  | 388.00
  grpc/request-count       | 50000.00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants