diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml index d5d51e0441..d1a5f4f6aa 100644 --- a/.github/actions/trivy/action.yaml +++ b/.github/actions/trivy/action.yaml @@ -54,7 +54,7 @@ runs: # Install Trivy as requested. - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }} - uses: aquasecurity/setup-trivy@v0.2.2 + uses: aquasecurity/setup-trivy@v0.2.3 with: cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }} version: ${{ steps.parsed.outputs.version }} diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 639a059edc..e26c08b302 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,15 +2,17 @@ # https://docs.github.com/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates # # See: https://www.github.com/dependabot/dependabot-core/issues/4605 ---- # yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json +--- version: 2 updates: - package-ecosystem: github-actions - directory: / + directories: + - '/' + - '.github/actions/*' schedule: interval: weekly - day: tuesday + day: wednesday groups: all-github-actions: patterns: ['*'] diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5f3670f574..f164e72a43 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-go@v5 with: { go-version: stable } - - uses: golangci/golangci-lint-action@v7 + - uses: golangci/golangci-lint-action@v8 with: version: latest args: --timeout=5m