Skip to content

Commit

Permalink
chore(deps): bump mikefarah/yq from 4.35.2 to 4.40.5
Browse files Browse the repository at this point in the history 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.35.2 to 4.40.5.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@v4.35.2...v4.40.5)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
  • Loading branch information
@dependabot
dependabot[bot] authored Dec 12, 2023
1 parent 47e5d0b commit 4e1fc1f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ jobs:
run: echo HELM_VERSION=$(cat charts/irs-helm/CHANGELOG.md | sed -n 's/.*\[\([0-9]\+\.[0-9]\+\.[0-9]\+\)\].*/\1/p' | head -n 1) >> $GITHUB_ENV

- name: Update Chart.yaml appVersion
uses: mikefarah/yq@v4.35.2
uses: mikefarah/yq@v4.40.5

Check warning on line 19 in .github/workflows/release.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning

Code scanning / KICS

Unpinned Actions Full Length Commit SHA Warning

Action is not pinned to a full length commit SHA.
with:
cmd: yq -i eval '.appVersion = "${{ github.ref_name }}"' charts/irs-helm/Chart.yaml

- name: Update Chart.yaml version
uses: mikefarah/yq@v4.35.2
uses: mikefarah/yq@v4.40.5

Check warning on line 24 in .github/workflows/release.yaml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Check warning

Code scanning / KICS

Unpinned Actions Full Length Commit SHA Warning

Action is not pinned to a full length commit SHA.
with:
cmd: yq -i eval '.version = "${{ env.HELM_VERSION }}"' charts/irs-helm/Chart.yaml

Expand Down

0 comments on commit 4e1fc1f

Please sign in to comment.